Report - ae.continuetoplay.com/9csm9

Report Overview

Submitted URL
ae.continuetoplay.com/9csm9
IP
54.230.111.64
ASN
#16509 AMAZON-02
Submitted
2023-02-09 04:14:26
Access
Website Title
Final URL
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
4
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	First Seen	Last Seen	Sent	Received	IP
contile.services.mozilla.com	1114	2021-05-27T20:32:35Z	2023-03-13T05:09:13Z	333 B	391 B	34.117.237.239
track.fkg.tv	unknown	2016-10-05T16:44:06Z	2023-03-13T05:12:47Z	5.2 kB	12 kB	80.74.141.5
push.services.mozilla.com	2140	2014-10-24T10:27:06Z	2023-03-13T05:09:14Z	606 B	127 B	52.88.143.102
www.googleoptimize.com	1604	2019-07-16T12:17:19Z	2023-03-13T07:14:58Z	389 B	45 kB	142.250.74.78
www.googletagmanager.com	75	2013-05-22T04:07:37Z	2023-03-13T08:28:24Z	386 B	62 kB	216.58.207.200
ocsp.pki.goog	175	2018-07-01T08:43:07Z	2023-03-13T05:09:47Z	2.7 kB	5.6 kB	142.250.74.163
stats.g.doubleclick.net	96	2013-06-10T22:21:11Z	2023-03-13T08:02:41Z	533 B	451 B	64.233.165.157
lookup.tpay.me	161678	2017-01-29T12:17:51Z	2023-03-12T13:36:33Z	647 B	595 B	41.178.51.21
basebonecdn.com	unknown	2018-05-03T19:05:33Z	2023-03-13T00:03:59Z	1.0 kB	57 kB	104.21.10.184
www.google.no	25607	2016-04-05T21:50:59Z	2023-03-13T06:26:15Z	526 B	578 B	142.250.74.163
my.rtmark.net	9054	2015-02-04T10:54:57Z	2023-03-13T05:11:40Z	1.4 kB	2.4 kB	139.45.195.8
api.basebone.com	756673	2013-04-18T14:15:14Z	2023-03-13T00:03:48Z	408 B	296 B	80.74.141.5
region1.analytics.google.com	unknown	2022-03-17T12:26:33Z	2023-03-13T05:11:52Z	1.3 kB	451 B	216.239.32.36
r3.o.lencr.org	344	2020-12-02T09:52:13Z	2023-03-13T05:09:07Z	2.7 kB	7.1 kB	23.36.76.226
firefox.settings.services.mozilla.com	867	2020-06-04T22:08:41Z	2023-03-13T05:09:10Z	782 B	2.4 kB	35.241.9.150
content-signature-2.cdn.mozilla.net	1152	2020-11-03T13:26:46Z	2023-03-13T05:09:35Z	413 B	5.8 kB	34.160.144.191
ae.continuetoplay.com	unknown	2022-06-04T10:02:38Z	2023-02-09T08:06:13Z	2.7 kB	34 kB	54.230.111.64
img-getpocket.cdn.mozilla.net	1631	2018-06-22T01:36:00Z	2023-03-13T05:09:16Z	3.8 kB	52 kB	34.120.237.76

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-02-09 04:15:11	low	80.74.141.5	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
2023-02-09 04:15:11	low	80.74.141.5	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
2023-02-09 04:15:11	low	80.74.141.5	Client IP	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3
2023-02-09 04:15:11	high	Client IP	80.74.141.5	ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted

Threat Detection Systems

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9	2.1 kB	2023-03-13	2023-03-13
Pretty URL track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9 IP 80.74.141.5 ASN #21069 METANET AG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:11:11 Last Seen2023-03-13 20:11:11 Times Seen1 Hash 1bb80b832ab30140c182faf4350ff008 5921b063eb8dd1dd8cf2c2980522ba264a8186d4 63dacb614b63fde7238368de0ba21d1c735b2077aefb6f0e845ff911cd8c9d28 Loading...

	track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9	1.3 kB	2023-03-13	2023-03-13
Pretty URL track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9 IP 80.74.141.5 ASN #21069 METANET AG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:11:11 Last Seen2023-03-13 20:11:11 Times Seen1 Hash 6b8bcc72e57622c0528126ce72f4fb6d d7aa46beacfbdf32843fa527dd3e8049a6851002 e39ee73f7be79124cc82ab30d6e25d61e3e7c43dc59a5ec7581038723483d7a3 Loading...

	ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323	8.3 kB	2023-03-13	2023-03-13
Pretty URL ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323 IP 54.230.111.64 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:11:11 Last Seen2023-03-13 20:11:11 Times Seen1 Hash cf43b5a21e90d6aac9a2ff3809345502 301c20d4aec494027490cc6ccba8d92fc2e607ec bf07f3eaf167e5a0d0c82d7f8fffd95af07365b49d33436143c9e4abebe3fd14 Loading...

	www.googleoptimize.com/optimize.js?id=OPT-WTX2SLW	113 kB	2023-03-13	2023-03-13
Pretty URL www.googleoptimize.com/optimize.js?id=OPT-WTX2SLW IP 142.250.74.78 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:11:11 Last Seen2023-03-13 20:11:11 Times Seen1 Hash fa4c5f7d1a00c51c89d1af49d768f81c 4e868ea541962f72053df0ef2e78c75490f2e17f 5768804d08ff2ea487b3edb37ec8608e26f7c9bbc778b1923571567b879e0d4c Loading...

	www.googletagmanager.com/gtag/destination?id=G-LF1R1KY13H&l=dataLayer&cx=c	221 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/destination?id=G-LF1R1KY13H&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:11:11 Last Seen2023-03-13 20:11:11 Times Seen1 Hash 7647363efbc03c4ba4f6171f730c8247 440f31aa6e6c06383a0a70414efb182030faf947 51e8f41e595391fd6a4f716f9d660722b21e1c613280327346a9725408af2008 Loading...

	www.googletagmanager.com/gtag/js?id=G-LF1R1KY13H	221 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-LF1R1KY13H IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:11:11 Last Seen2023-03-13 20:11:11 Times Seen1 Hash 9e8171ff7317260a8bef1a6815b71ccc f8fe357b16ddedeaacc55c0a0671066ae978426a 30dc3dc33554283e0149d3cbeef2905486c16bf949151da0e06ece66df7cdb91 Loading...

	ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323	14 kB	2023-03-13	2023-03-13
Pretty URL ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323 IP 54.230.111.64 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:11:11 Last Seen2023-03-13 20:11:11 Times Seen1 Hash 921a410296a144fa4b006f3d2a782fe6 cab33f6967012cca086d66bab5c532fb3f68ec97 0091b0c1ddab3921da653324bd65ecf07f6a652c3685eb4ac4fd14e327aca5e8 Loading...

	ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323	601 B	2023-03-13	2023-03-13
Pretty URL ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323 IP 54.230.111.64 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:11:11 Last Seen2023-03-13 20:11:11 Times Seen1 Hash 3f1ac6c876ea2d6e53a95b6984732abb 9abe5230801b1666683398c9bb21ace0542d1d14 700391f10873cbb69feb6dfd4be8e4bb026564c476b34dbf4d807493adc24bbc Loading...

	track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9	23 kB	2023-03-12	2023-04-05
Pretty URL track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9 IP 80.74.141.5 ASN #21069 METANET AG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 23:24:47 Last Seen2023-04-05 02:02:28 Times Seen5 Hash 86760093e4da2e8e65cbd9f8c0164cf3 79ab19d69477cb1a4707052892da91b682501b36 5a474840c2bf82727f649e7e047eba0b50b0d03671445a74abd6e1fc88837ed4 Loading...

	www.googletagmanager.com/gtm.js?id=GTM-MF387SN	198 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtm.js?id=GTM-MF387SN IP 216.58.207.200 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:11:11 Last Seen2023-03-13 20:11:11 Times Seen1 Hash b023a5d4b16acce6fa5acf5a0baee9e6 afc55e841c0c83ff9feee5b0daef75b77a707a35 d3353c62afabe64bc01713bc300449d106bd3d251ee1df8bcb837335fdc82264 Loading...

	ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323	49 B	2023-03-08	2023-08-27
Pretty URL ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323 IP 54.230.111.64 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:58:21 Last Seen2023-08-27 23:38:32 Times Seen46 Hash a7e996682c93b4ec672497e5ab58f19e e735feeb2126261122fe38efd9e27286aebcf195 460a77a747e0fc9bbfbc8e338c44a2e50a81a5f099c0904ef8b6de6ba455350f Loading...

	ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323	38 kB	2023-03-12	2023-03-14
Pretty URL ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323 IP 54.230.111.64 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-12 15:19:27 Last Seen2023-03-14 19:51:27 Times Seen1 Hash 0a86f0747b981f6e99f3fc82b414225e 00929cb38c1157d90ecc488d4849fd15f079a1e8 e8700eee0f13a8f08451e00e720b382152722dbf405c99cb066189db9bc45164 Loading...

	ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323	770 B	2023-03-13	2023-03-13
Pretty URL ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323 IP 54.230.111.64 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 12:30:54 Last Seen2023-03-13 20:11:11 Times Seen1 Hash 88147278bf2eb949c9a0c21c238828de 9dca357268c747435bec95f4026af3467353ed65 043a76ff3875847600313e1540e0e5c94719dd0f39abbf26d21a654a7c52f0d2 Loading...

	www.googletagmanager.com/gtag/js?id=G-LF1R1KY13H&l=dataLayer&cx=c	221 kB	2023-03-13	2023-03-13
Pretty URL www.googletagmanager.com/gtag/js?id=G-LF1R1KY13H&l=dataLayer&cx=c IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:11:11 Last Seen2023-03-13 20:11:11 Times Seen1 Hash c38284b5d93eeff605367b3c11c0bc26 8269612e855ba058dd5e8074b211df626a98ffd4 70989a5e4610936a9baa417f566fed3b854fd4b49baa13e88020891d13b603e6 Loading...

	track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9	89 B	2023-03-08	2023-04-05
Pretty URL track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9 IP 80.74.141.5 ASN #21069 METANET AG Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 01:58:21 Last Seen2023-04-05 02:02:28 Times Seen5 Hash 138b7256b1fd0427304ea55dd510203e e00bcb9ea8ab35d276f12d123728fd6d973203ab d61908d60930cfa2bb5eae44e4a28de0c26375a3427fd48d6da3148d53dbd390 Loading...

	ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323	1.3 kB	2023-03-13	2023-03-13
Pretty URL ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323 IP 54.230.111.64 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-13 20:11:11 Last Seen2023-03-13 20:11:11 Times Seen1 Hash 1ea2ef6bf9abf7b5f31d1c6462bb28c0 76405ceccfec5dc6c1ef84e3ad3d9903888cfe55 7ca6bc11d75d66f451c24af86d07c994a0085d20a0a7ac7401d061d659562212 Loading...

	my.rtmark.net/p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155	697 B	2023-03-08	2023-08-11
Pretty URL my.rtmark.net/p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155 IP 139.45.195.8 ASN #9002 RETN Limited Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-08 08:09:58 Last Seen2023-08-11 04:20:15 Times Seen16 Hash a6d255f2eb0b2c7d64159cef20667aec 14c29b6145a612e72bd1dc59bb0ccb55415c530b 910c9a08dbacc4603c934adbc5b6f057c2c37833d1e0bc5bee5465eee94bfea9 Loading...

	ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323	675 B	2023-03-09	2023-06-09
Pretty URL ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323 IP 54.230.111.64 ASN #16509 AMAZON-02 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-09 04:07:36 Last Seen2023-06-09 15:19:48 Times Seen5 Hash a19c771dadf81b8480c7631e183bc477 23caf0421fdcf77ca0873e3a7ca760643a0e77e9 abd8a13ededd82c15dc89544fec43f10b3e5f28e6ab201e1b80526678175615e Loading...

HTTP Transactions (55)

URL IP Response Size

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
b7407cc102d62a5acd5e61f8a79bed36
c2f4890a62454e514962b55b7fc14228339c8e90
be282de92da261128a7c8471f3067466aa9930fd0ab2a2cdda8cd2d6ce2bbd74

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE282DE92DA261128A7C8471F3067466AA9930FD0AB2A2CDDA8CD2D6CE2BBD74"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15536
Expires: Thu, 09 Feb 2023 08:33:09 GMT
Date: Thu, 09 Feb 2023 04:14:13 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4165
Expires: Thu, 09 Feb 2023 05:23:38 GMT
Date: Thu, 09 Feb 2023 04:14:13 GMT
Connection: keep-alive

firefox.settings.services.mozilla.com/v1/

35.241.9.150

200 OK

939 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size
939 B (939 bytes)
Hash
ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba

HTTP Headers

GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 03:34:15 GMT
content-type: application/json
age: 2398
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11954
Expires: Thu, 09 Feb 2023 07:33:27 GMT
Date: Thu, 09 Feb 2023 04:14:13 GMT
Connection: keep-alive

content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain

34.160.144.191

200 OK

5.3 kB

URL HTTP/2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP
34.160.144.191:0
ASN
#15169 GOOGLE

File type
PEM certificate\012- , ASCII text
Size
5.3 kB (5348 bytes)
Hash
e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6

HTTP Headers

GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
x-amz-id-2: 6lBAVMmzNUqFOGDKG/32p/2ic2KcL1KDP+FW8U/Q+F6vErpYqSVLTpXFp+YuiwNwfUPcWEmunBM=
x-amz-request-id: EAZNV75AB19PRH43
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 03:36:12 GMT
age: 2281
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2

ae.continuetoplay.com/9csm9

54.230.111.64

302 Found

0 B

URL HTTP/1.1
ae.continuetoplay.com/9csm9
IP
54.230.111.64:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /9csm9 HTTP/1.1
Host: ae.continuetoplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Date: Thu, 09 Feb 2023 04:14:13 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: default-src 'self' 'unsafe-inline'
Permissions-Policy: accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=*, midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, window-placement=*, vertical-scroll=*
Location: http://track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
Set-Cookie: router_id=bcf67eed1b4c751; expires=Thu, 16-Feb-2023 04:14:13 GMT; Max-Age=604800; path=/
LPSID=CB4; path=/
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: WUIb3qChn9Eua7UHGpiUz40goaIB2rUFSnpNzTnPmgA2pRkbjzD-7Q==

contile.services.mozilla.com/v1/tiles

34.117.237.239

200 OK

12 B

URL HTTP/2
contile.services.mozilla.com/v1/tiles
IP
34.117.237.239:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with no line terminators
Size
12 B (12 bytes)
Hash
23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3

HTTP Headers

GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 04:14:13 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2

track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9

80.74.141.5

200 OK

7.3 kB

URL HTTP/1.1
track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (23109)
Size
7.3 kB (7317 bytes)
Hash
feb6c887236a71d0b8d833e62b0ce254
11ab76d310f4cec369f8fe72016fcabb300e0039
172b274769cc13b9fdc2bd069bc6d6c5e6c61d7a8227a117fae97f205539725b

Detections

NIDS	Severity	Alert
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M1
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M2
suricata	low	ET HUNTING [TW] Likely Javascript-Obfuscator Usage Observed M3

HTTP Headers

GET /ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9 HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 04:14:13 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: default-src 'self' 'unsafe-inline'
Permissions-Policy: accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=*, midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, window-placement=*, vertical-scroll=*
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7317
Content-Type: text/html; charset=UTF-8
Set-Cookie: router_id=bcf67eed1b4c751; expires=Thu, 16-Feb-2023 04:14:13 GMT; Max-Age=604800; path=/
LPSID=CB5; path=/
Cache-control: private

track.fkg.tv/ui/etag

80.74.141.5

200 OK

0 B

URL HTTP/1.1
track.fkg.tv/ui/etag
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ui/etag HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
Connection: keep-alive
Cookie: router_id=bcf67eed1b4c751; LPSID=CB5

HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 04:14:13 GMT
Server: Apache
Set-Cookie: router_id=bcf67eed1b4c751; expires=Thu, 16-Feb-2023 04:14:13 GMT; Max-Age=604800; path=/
Content-Length: 0
Content-Type: text/html; charset=UTF-8

track.fkg.tv/ui/cache

80.74.141.5

200 OK

0 B

URL HTTP/1.1
track.fkg.tv/ui/cache
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /ui/cache HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
Connection: keep-alive
Cookie: router_id=bcf67eed1b4c751; LPSID=CB5

HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 04:14:13 GMT
Server: Apache
Set-Cookie: router_id=bcf67eed1b4c751; expires=Thu, 16-Feb-2023 04:14:13 GMT; Max-Age=604800; path=/
Content-Length: 0
Content-Type: text/html; charset=UTF-8

track.fkg.tv/ui/auth

80.74.141.5

200 OK

0 B

URL HTTP/1.1
track.fkg.tv/ui/auth
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted

HTTP Headers

GET /ui/auth HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
Connection: keep-alive
Cookie: router_id=bcf67eed1b4c751; LPSID=CB5

HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 04:14:13 GMT
Server: Apache
Set-Cookie: router_id=bcf67eed1b4c751; expires=Thu, 16-Feb-2023 04:14:13 GMT; Max-Age=604800; path=/
Content-Length: 0
Content-Type: text/html; charset=UTF-8

track.fkg.tv/favicon.ico

80.74.141.5

200 OK

1.4 kB

URL HTTP/1.1
track.fkg.tv/favicon.ico
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type
MS Windows icon resource - 1 icon, 16x16\012- data
Size
1.4 kB (1406 bytes)
Hash
011201ab56695ce86ea2f190bce2670b
bb8fad6accf293e619360935047c23f00da3c769
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
Connection: keep-alive
Cookie: router_id=bcf67eed1b4c751; LPSID=CB5

HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 04:14:13 GMT
Server: Apache
Last-Modified: Thu, 16 Aug 2018 15:03:11 GMT
ETag: "57e-5738ebde28d6e"
Accept-Ranges: bytes
Content-Length: 1406
Content-Type: image/vnd.microsoft.icon

firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US

35.241.9.150

200 OK

329 B

URL HTTP/2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP
35.241.9.150:0
ASN
#15169 GOOGLE

File type
JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size
329 B (329 bytes)
Hash
0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300

HTTP Headers

GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Last-Modified, Content-Type, Pragma, ETag, Retry-After, Backoff, Expires, Alert, Cache-Control, Content-Length
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 03:14:53 GMT
age: 3560
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2

track.fkg.tv/ui/auth

80.74.141.5

200 OK

52 B

URL HTTP/1.1
track.fkg.tv/ui/auth
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type
ASCII text, with no line terminators
Size
52 B (52 bytes)
Hash
3d9639550c349f8b55c3e3c834978579
99ecd9cc121296c7e6da43025a2d05232a65e644
8c77655daa171c94d0c2767e6fe6f77d84d73b89e0d81b5a5c899a8e16a23a2f

Detections

NIDS	Severity	Alert
suricata	high	ET POLICY Outgoing Basic Auth Base64 HTTP Password detected unencrypted

HTTP Headers

GET /ui/auth HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
Authorization: Basic NDAzOWQ0MDU2Y2Q0NjExOGQ0OTU4NzBkMDA0YTVjN2Q6bm9wYXNz
Connection: keep-alive
Cookie: router_id=bcf67eed1b4c751; LPSID=CB5; I=4039d4056cd46118d495870d004a5c7d

HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 04:14:13 GMT
Server: Apache
Set-Cookie: router_id=bcf67eed1b4c751; expires=Thu, 16-Feb-2023 04:14:13 GMT; Max-Age=604800; path=/
WWW-Authenticate: Basic realm="My Realm"
Last-Modified: Wed, 30 Jun 2010 21:36:48 GMT
Expires: Tue, 31 Dec 2030 23:30:45 GMT
Cache-Control: public, max-age=630720000
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip

track.fkg.tv/ui/etag

80.74.141.5

200 OK

52 B

URL HTTP/1.1
track.fkg.tv/ui/etag
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type
ASCII text, with no line terminators
Size
52 B (52 bytes)
Hash
3d9639550c349f8b55c3e3c834978579
99ecd9cc121296c7e6da43025a2d05232a65e644
8c77655daa171c94d0c2767e6fe6f77d84d73b89e0d81b5a5c899a8e16a23a2f

HTTP Headers

GET /ui/etag HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
X-BXP-CID: 4039d4056cd46118d495870d004a5c7d
Connection: keep-alive
Cookie: router_id=bcf67eed1b4c751; LPSID=CB5; I=4039d4056cd46118d495870d004a5c7d

HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 04:14:13 GMT
Server: Apache
Set-Cookie: router_id=bcf67eed1b4c751; expires=Thu, 16-Feb-2023 04:14:13 GMT; Max-Age=604800; path=/
ETag: "4039d4056cd46118d495870d004a5c7d"
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip

track.fkg.tv/ui/cache

80.74.141.5

200 OK

52 B

URL HTTP/1.1
track.fkg.tv/ui/cache
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type
ASCII text, with no line terminators
Size
52 B (52 bytes)
Hash
3d9639550c349f8b55c3e3c834978579
99ecd9cc121296c7e6da43025a2d05232a65e644
8c77655daa171c94d0c2767e6fe6f77d84d73b89e0d81b5a5c899a8e16a23a2f

HTTP Headers

GET /ui/cache HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
X-BXP-CID: 4039d4056cd46118d495870d004a5c7d
Connection: keep-alive
Cookie: router_id=bcf67eed1b4c751; LPSID=CB5; I=4039d4056cd46118d495870d004a5c7d

HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 04:14:13 GMT
Server: Apache
Set-Cookie: router_id=bcf67eed1b4c751; expires=Thu, 16-Feb-2023 04:14:13 GMT; Max-Age=604800; path=/
Last-Modified: Wed, 30 Jun 2010 21:36:48 GMT
Expires: Tue, 31 Dec 2030 23:30:45 GMT
Cache-Control: public, max-age=630720000
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip

track.fkg.tv/ui/rcx

80.74.141.5

200 OK

0 B

URL HTTP/1.1
track.fkg.tv/ui/rcx
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /ui/rcx HTTP/1.1
Host: track.fkg.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/ui/inject?router_id=bcf67eed1b4c751&_lurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3Fa%3D9csm9%26w%3D2182323%26router_id%3Dbcf67eed1b4c751%26__ref%3Dhttp%253A%252F%252Fae.continuetoplay.com%252F9csm9
Content-Type: application/json
Content-Length: 77
Origin: http://track.fkg.tv
Connection: keep-alive
Cookie: router_id=bcf67eed1b4c751; LPSID=CB5; I=4039d4056cd46118d495870d004a5c7d

HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 04:14:13 GMT
Server: Apache
Set-Cookie: router_id=bcf67eed1b4c751; expires=Thu, 16-Feb-2023 04:14:13 GMT; Max-Age=604800; path=/
Content-Length: 0
Content-Type: text/html; charset=UTF-8

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
248ce16379b12f11927ecc3142aec450
fa5b189f2d9182479170cb61cc1723571e437bd2
a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10202
Expires: Thu, 09 Feb 2023 07:04:16 GMT
Date: Thu, 09 Feb 2023 04:14:14 GMT
Connection: keep-alive

push.services.mozilla.com/

52.88.143.102

101 Switching Protocols

0 B

URL HTTP/1.1
push.services.mozilla.com/
IP
52.88.143.102:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LxA/C68Z4brbMuPPINveNA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pXgn7gKfwd/s1JyT4X1mAYVKo4E=

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18760
Expires: Thu, 09 Feb 2023 09:26:55 GMT
Date: Thu, 09 Feb 2023 04:14:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18760
Expires: Thu, 09 Feb 2023 09:26:55 GMT
Date: Thu, 09 Feb 2023 04:14:15 GMT
Connection: keep-alive

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
68273225f74fbf7493f395610d7a73fc
5a8779ef5656aeeba23b365aad60b7901c5dd7fc
c83f285a1f3df0f7ac758a68ee95cc3d2671f80264c2e143cc0561cc574e3f19

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C83F285A1F3DF0F7AC758A68EE95CC3D2671F80264C2E143CC0561CC574E3F19"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18760
Expires: Thu, 09 Feb 2023 09:26:55 GMT
Date: Thu, 09 Feb 2023 04:14:15 GMT
Connection: keep-alive

img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F049f3f10-52dc-41ec-990c-719ee36485c7.jpeg

34.120.237.76

200 OK

3.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F049f3f10-52dc-41ec-990c-719ee36485c7.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.6 kB (3599 bytes)
Hash
10fd2f55fa0cfb8616ded6ddc2bb511a
996ed68f1b9770a19a97f6c8d359e338b8c8b3ca
e552d31a5e531386b9830bb58486f09bfcb3400676f726f93fdbea08336a09da

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F049f3f10-52dc-41ec-990c-719ee36485c7.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3599
x-amzn-requestid: 658f8678-b67d-4f98-b728-cf9cbad3aa86
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ABI38GUpIAMFY0Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e38832-2ab19d0f2345fc7515775298;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 11:32:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: oBM94J-bP0KLv3VUKHBQcndevBxzLc1rQ27Mc4Z_C-CGOyCH_FlKDw==
via: 1.1 0005a84c2971ff4f5bbb79e7ebc622a8.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:14:59 GMT
age: 30692
etag: "996ed68f1b9770a19a97f6c8d359e338b8c8b3ca"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

11 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
11 kB (11036 bytes)
Hash
b11f9f70f5e8af4de6d9fc5b9f50ccbe
753cb08c3f8c7c0750d113253790a08db01986bc
d4b77ba995ea274fd169fc9bc66919b23e72a8edb88d6184bf3d7f3ab398c645

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 11036
x-amzn-requestid: 4bd4976c-9500-4d6d-a447-dd2873987d13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fswexHCYIAMFzag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db612b-61d430202cbbf52823f38c49;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 07:07:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 3U29-_iFXSAoG74d9-pJmmWfVbO6f2Y91lLvi7nXxgNYWKNvbFTRyQ==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 08:48:54 GMT
age: 69921
etag: "753cb08c3f8c7c0750d113253790a08db01986bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

3.0 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F718f24db-3c28-422f-953f-730a3ae78cb5.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
3.0 kB (3014 bytes)
Hash
28ae39b238f62d6c0aee7bb16ff863d5
3c2247e40747c3ca72dd7877facee9a9fecf0f59
c530ba92455ea45e14410f497d2df04cc1321e2937cc7e81aa75f4fc14206a7c

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F718f24db-3c28-422f-953f-730a3ae78cb5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 3014
x-amzn-requestid: bec40915-584b-48fc-94c2-293e96567474
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKGrGoAMFelg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-2250ff00772341353151dd34;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lmJxNCnPKUD5O4HCWIjqeVaanXL50KZ60Xu1iOC6bisRBDJNkVXvww==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 a847181d425b7fc57e81eb3c800bfdf2.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:42:38 GMT
etag: "3c2247e40747c3ca72dd7877facee9a9fecf0f59"
content-type: image/jpeg
age: 23497
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.2 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.2 kB (8150 bytes)
Hash
764b732e88dd1e9c1824529b24b3dffc
2ba954a51c2972b267ae0536e343e608aa9aa7f4
a1efdf03b14bb05cf8e407b92476592c35fa2d27c5e66705322abdb4c6412a06

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8150
x-amzn-requestid: 3834493a-4162-4cc9-b67c-541cc9be895b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fwD8IH0TIAMFWqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dcb380-3746ff7b0a6894366efa848e;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 07:10:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: HNuUU4SaVvuPbW0clgJa6UZ-0zefgWJWfIJEsz_yCfKiCrx2wsu6vA==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 e4d3d5aafc7d7d582423c073065ab562.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 09:58:24 GMT
age: 65751
etag: "2ba954a51c2972b267ae0536e343e608aa9aa7f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

8.6 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb92005b3-7a69-411c-9afb-60b86ab8c5da.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
8.6 kB (8637 bytes)
Hash
b0c5e12696e3ee13041d043084828210
c48927fb23f59e0949d388086c197699c8f19d1b
47838e958555ff6799d4d1d3994913943726daba5294cd89afe9036628ef6fdb

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fb92005b3-7a69-411c-9afb-60b86ab8c5da.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 8637
x-amzn-requestid: fa797448-32c3-4438-a192-5291c48b1d85
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKFq9oAMFgog=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-46ff32923a2763b45a5194f4;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 2olwTLHKbCas7GcQiRz22bk_I646VcTxN3Yv_ObBVgeGC0l73GNh8A==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 e66162aafd55b64ba1478ff7105150fa.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:42:27 GMT
age: 23508
etag: "c48927fb23f59e0949d388086c197699c8f19d1b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

34.120.237.76

200 OK

4.3 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
4.3 kB (4308 bytes)
Hash
113363afa7cfd484dbc115a9f44c1723
2f9dfb845aa919a51a0b5fa9a824ac4845f669be
a91a045600ef2fdebd582ce453a85f7ce0c9f8be7258baf311d0d940de027c20

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F90107713-2512-413b-bb6c-0156521b403c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
content-length: 4308
x-amzn-requestid: 2d4ce596-9a69-4394-8e10-cd5c54687a06
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzKZ0F2DoAMF6nA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63ddf10b-6c4fabe01360b8781bdd8e06;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 05:45:47 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: R_VDTHUaRhwthD0THsWg42L1OF7lZAX3ENsTfV0U7kkn9o0x-mQ_9g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 13:53:53 GMT
age: 51622
etag: "2f9dfb845aa919a51a0b5fa9a824ac4845f669be"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

ae.continuetoplay.com/t/17844/?a=9csm9&w=2182323&router_id=bcf67eed1b4c751&__ref=http%3A%2F%2Fae.continuetoplay.com%2F9csm9&_bxpc_rtype=js_timeout

54.230.111.64

302 Found

0 B

URL HTTP/1.1
ae.continuetoplay.com/t/17844/?a=9csm9&w=2182323&router_id=bcf67eed1b4c751&__ref=http%3A%2F%2Fae.continuetoplay.com%2F9csm9&_bxpc_rtype=js_timeout
IP
54.230.111.64:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /t/17844/?a=9csm9&w=2182323&router_id=bcf67eed1b4c751&__ref=http%3A%2F%2Fae.continuetoplay.com%2F9csm9&_bxpc_rtype=js_timeout HTTP/1.1
Host: ae.continuetoplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://track.fkg.tv/
Cookie: router_id=bcf67eed1b4c751; LPSID=CB4
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Date: Thu, 09 Feb 2023 04:14:16 GMT
Server: Apache
Set-Cookie: __ref=http%3A%2F%2Fae.continuetoplay.com%2F9csm9
router_id=bcf67eed1b4c751; expires=Thu, 16-Feb-2023 04:14:16 GMT; Max-Age=604800; path=/
SES=4810906849; expires=Fri, 10-Feb-2023 04:14:16 GMT; Max-Age=86400; path=/t/17844/
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: default-src 'self' 'unsafe-inline'
Permissions-Policy: accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=*, midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, window-placement=*, vertical-scroll=*
Location: http://lookup.tpay.me/idxml.ashx/getmsisdn?date=2023-02-09+04%3A14%3A16Z&redirectUrl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4810906849%26a%3D9csm9%26w%3D2182323%26p%3Dcallback&signature=e4TBMUzPKk9gBfSg9b8j%3Ae292579257bd8d6a995161713a80c5518fe5c5f0cfceaa1bc1fb1e00450bcea9
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: x_c6g9M5D3UeL6iTrBwWVxSKegf25PqaYpqonNtOH3gmPLNa6aCoNw==

lookup.tpay.me/idxml.ashx/getmsisdn?date=2023-02-09+04%3A14%3A16Z&redirectUrl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4810906849%26a%3D9csm9%26w%3D2182323%26p%3Dcallback&signature=e4TBMUzPKk9gBfSg9b8j%3Ae292579257bd8d6a995161713a80c5518fe5c5f0cfceaa1bc1fb1e00450bcea9

41.178.51.21

302 Found

0 B

URL HTTP/1.1
lookup.tpay.me/idxml.ashx/getmsisdn?date=2023-02-09+04%3A14%3A16Z&redirectUrl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4810906849%26a%3D9csm9%26w%3D2182323%26p%3Dcallback&signature=e4TBMUzPKk9gBfSg9b8j%3Ae292579257bd8d6a995161713a80c5518fe5c5f0cfceaa1bc1fb1e00450bcea9
IP
41.178.51.21:0
ASN
#24863 LINKdotNET

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /idxml.ashx/getmsisdn?date=2023-02-09+04%3A14%3A16Z&redirectUrl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4810906849%26a%3D9csm9%26w%3D2182323%26p%3Dcallback&signature=e4TBMUzPKk9gBfSg9b8j%3Ae292579257bd8d6a995161713a80c5518fe5c5f0cfceaa1bc1fb1e00450bcea9 HTTP/1.1
Host: lookup.tpay.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://track.fkg.tv/
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache
Location: http://ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323&p=callback&Status=Error&Msisdn=&OperatorCode=&OrderId=&Details=Failed+To+Get+MSISDN&Signature=e4TBMUzPKk9gBfSg9b8j%3a870f49bcf390e07b1de123d2292d8c8a337e7a6e2bc0d0799e6e972966a0ac73&PlainSessionId=
Server: Kestrel
Access-Control-Allow-Origin: http://track.fkg.tv
Access-Control-Expose-Headers: _tkn
Request-Context: appId=cid-v1:fa05ee09-d179-496d-9c47-4e844b3db080
X-Powered-By: ASP.NET, ASP.NET
Date: Thu, 09 Feb 2023 04:01:08 GMT
Content-Length: 0

ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323&p=callback&Status=Error&Msisdn=&OperatorCode=&OrderId=&Details=Failed+To+Get+MSISDN&Signature=e4TBMUzPKk9gBfSg9b8j%3a870f49bcf390e07b1de123d2292d8c8a337e7a6e2bc0d0799e6e972966a0ac73&PlainSessionId=

54.230.111.64

302 Found

0 B

URL HTTP/1.1
ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323&p=callback&Status=Error&Msisdn=&OperatorCode=&OrderId=&Details=Failed+To+Get+MSISDN&Signature=e4TBMUzPKk9gBfSg9b8j%3a870f49bcf390e07b1de123d2292d8c8a337e7a6e2bc0d0799e6e972966a0ac73&PlainSessionId=
IP
54.230.111.64:0
ASN
#16509 AMAZON-02

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /t/17844/?SES=4810906849&a=9csm9&w=2182323&p=callback&Status=Error&Msisdn=&OperatorCode=&OrderId=&Details=Failed+To+Get+MSISDN&Signature=e4TBMUzPKk9gBfSg9b8j%3a870f49bcf390e07b1de123d2292d8c8a337e7a6e2bc0d0799e6e972966a0ac73&PlainSessionId= HTTP/1.1
Host: ae.continuetoplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://track.fkg.tv/
Connection: keep-alive
Cookie: SES=4810906849; __ref=http%3A%2F%2Fae.continuetoplay.com%2F9csm9; router_id=bcf67eed1b4c751; LPSID=CB4
Upgrade-Insecure-Requests: 1

HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Date: Thu, 09 Feb 2023 04:14:17 GMT
Server: Apache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: frame-ancestors 'none'
Permissions-Policy: accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=*, midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, window-placement=*, vertical-scroll=*
Set-Cookie: router_id=bcf67eed1b4c751; expires=Thu, 16-Feb-2023 04:14:17 GMT; Max-Age=604800; path=/
SES=4810906849; expires=Fri, 10-Feb-2023 04:14:17 GMT; Max-Age=86400; path=/t/17844/
uv=1; path=/
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, no-transform
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Location: http://ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: X8vACvIGMRvrPBcPobfCd0CaTmq808AtoUbbdNIgXcAN-v4LZKSHBw==

ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323

54.230.111.64

200 OK

26 kB

URL HTTP/1.1
ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323
IP
54.230.111.64:0
ASN
#16509 AMAZON-02

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (29697), with CRLF, LF line terminators
Size
26 kB (25573 bytes)
Hash
d17abed94e7ddb8e807dc45e5f0dc32f
81a85da6737a74fc519c6db0bc90fa9a70c2a78f
e45dfd2edab4385d3659aeaa35b83a922fa1fb248a10c52fa222365cfd9e949a

HTTP Headers

GET /t/17844/?SES=4810906849&a=9csm9&w=2182323 HTTP/1.1
Host: ae.continuetoplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://track.fkg.tv/
Cookie: SES=4810906849; __ref=http%3A%2F%2Fae.continuetoplay.com%2F9csm9; router_id=bcf67eed1b4c751; LPSID=CB4; uv=1
Upgrade-Insecure-Requests: 1

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: 25573
Connection: keep-alive
Date: Thu, 09 Feb 2023 04:14:17 GMT
Server: Apache
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Referrer-Policy: origin-when-cross-origin
Content-Security-Policy: frame-ancestors 'none'
Permissions-Policy: accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=*, gyroscope=*, keyboard-map=*, magnetometer=*, microphone=*, midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, window-placement=*, vertical-scroll=*
Set-Cookie: router_id=bcf67eed1b4c751; expires=Thu, 16-Feb-2023 04:14:17 GMT; Max-Age=604800; path=/
SES=4810906849; expires=Fri, 10-Feb-2023 04:14:17 GMT; Max-Age=86400; path=/t/17844/
token=212b76da45f2dfd8503dab49c983dcf38e2c1130cb69326fd59b3b68e444365c; expires=Thu, 09-Feb-2023 05:14:18 GMT; Max-Age=3600; path=/
Expires: Sat, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, no-transform
X-XSS-Protection: 1; mode=block
X-Permitted-Cross-Domain-Policies: none
Vary: Accept-Encoding
Content-Encoding: gzip
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: ULcm3a25pfMoy7QOvUEO-rdGiG3wx5CnLPXflngIh0ZHSbHglAooMw==

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 04:14:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 04:14:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

my.rtmark.net/p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155

139.45.195.8

302 Moved Temporarily

138 B

URL HTTP/1.1
my.rtmark.net/p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size
138 B (138 bytes)
Hash
aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0

HTTP Headers

GET /p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ae.continuetoplay.com/

HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Thu, 09 Feb 2023 04:14:18 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: https://my.rtmark.net/p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
Timing-Allow-Origin: *

www.googleoptimize.com/optimize.js?id=OPT-WTX2SLW

142.250.74.78

200 OK

44 kB

URL HTTP/2
www.googleoptimize.com/optimize.js?id=OPT-WTX2SLW
IP
142.250.74.78:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (1759)
Size
44 kB (44489 bytes)
Hash
dd8de549c5ef4c2ef509cee8bb2d25d3
67e43002fe97c17d44d81b69174b2affe6226081
7c1aa1df52d0e93c39f07878089edf25b302e255786052e96fdcdfb0b12326de

HTTP Headers

GET /optimize.js?id=OPT-WTX2SLW HTTP/1.1
Host: www.googleoptimize.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ae.continuetoplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 Feb 2023 04:14:18 GMT
expires: Thu, 09 Feb 2023 04:14:18 GMT
cache-control: private, max-age=900
last-modified: Thu, 09 Feb 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44489
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtm.js?id=GTM-MF387SN

216.58.207.200

200 OK

61 kB

URL HTTP/2
www.googletagmanager.com/gtm.js?id=GTM-MF387SN
IP
216.58.207.200:0
ASN
#15169 GOOGLE

File type
ASCII text, with very long lines (40004)
Size
61 kB (61289 bytes)
Hash
88d7e3dba6b29378e64f339eadeb2580
aa52a81da478f765ca7dd49b760a1d349a91a499
f8080a8b8e54ea89eae6c7f8dc2c014243f1ef58a06ddd6326fc009960aa10f0

HTTP Headers

GET /gtm.js?id=GTM-MF387SN HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ae.continuetoplay.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 Feb 2023 04:14:18 GMT
expires: Thu, 09 Feb 2023 04:14:18 GMT
cache-control: private, max-age=900
last-modified: Thu, 09 Feb 2023 03:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 61289
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

basebonecdn.com/media/images/antivirus/antivirus_lp_za_26.jpg

104.21.10.184

200 OK

48 kB

URL HTTP/1.1
basebonecdn.com/media/images/antivirus/antivirus_lp_za_26.jpg
IP
104.21.10.184:0
ASN
#13335 CLOUDFLARENET

File type
JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 480x317, components 3\012- data
Size
48 kB (47883 bytes)
Hash
1a8414abd9e7991ed9cdaf2a65266162
f7c475d3bc6a28f2e93fea88b7142586915b0e4b
39e05d3bc5426bbb8bf22aef88e1eb5b16d4e51f26035da25058823343e2fc47

HTTP Headers

GET /media/images/antivirus/antivirus_lp_za_26.jpg HTTP/1.1
Host: basebonecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ae.continuetoplay.com/

HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 04:14:18 GMT
Content-Type: image/jpeg
Content-Length: 47883
Connection: keep-alive
Last-Modified: Thu, 08 Oct 2020 09:01:53 GMT
x-amz-version-id: 46LHVJpFrKp3z61HEhiKHz6wgouOP.E8
ETag: "1a8414abd9e7991ed9cdaf2a65266162"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: 6YVWFwLQpjfJzEwDUOVCImIC1o7E7lCgeLrvjV_hDHRHuyoEjMidlA==
Cache-Control: max-age=86400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K4ahnZVigHZb7wsrBaaGClSJvr%2FneoNkrEsUDEoom7msXSEeMmhJc7B9xo4247GAbj0U3fScUC9%2Bml7xv%2BVKevFYjeH52VRYbIoi5EaxQTgpGxUw7IsjMlFVmTmgcDRLBmg%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7969c7044942b4f1-OSL
alt-svc: h2=":443"; ma=60

r3.o.lencr.org/

23.36.76.226

200 OK

503 B

URL HTTP/1.1
r3.o.lencr.org/
IP
23.36.76.226:0
ASN
#20940 Akamai International B.V.

File type
data
Size
503 B (503 bytes)
Hash
c870022f76a19ae661adbbe5ebac68c1
91479e99e109e7cf5b2506f90aac6e89c4bf60d3
fd061980d6e4498c5c5529702297f81194ac5ce7a13bd04fd51d38e56a202177

HTTP Headers

POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD061980D6E4498C5C5529702297F81194AC5CE7A13BD04FD51D38E56A202177"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12474
Expires: Thu, 09 Feb 2023 07:42:12 GMT
Date: Thu, 09 Feb 2023 04:14:18 GMT
Connection: keep-alive

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 04:14:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

basebonecdn.com/media/images/download/download_pinlock_3.png

104.21.10.184

200 OK

3.2 kB

URL HTTP/1.1
basebonecdn.com/media/images/download/download_pinlock_3.png
IP
104.21.10.184:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 109 x 106, 8-bit/color RGBA, non-interlaced\012- data
Size
3.2 kB (3189 bytes)
Hash
5d1ee9008bce301ddd6fa74571b3e17c
9b621b76e35b4911655794eb47740a925acb3ed9
dcd1d8d9427dcf544e5cf3a6fa44018f7cda51f34074316cb9bd0e2572cb8426

HTTP Headers

GET /media/images/download/download_pinlock_3.png HTTP/1.1
Host: basebonecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ae.continuetoplay.com/

HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 04:14:18 GMT
Content-Type: image/png
Content-Length: 3189
Connection: keep-alive
Last-Modified: Wed, 01 Jun 2022 07:34:32 GMT
x-amz-version-id: .tWJTcT0wSu34VKPzFpcHLVSfG.ygeJt
ETag: "5d1ee9008bce301ddd6fa74571b3e17c"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: uKEhvlKmStqfFY5kHKieoNEoU8oymW6qf2I7D1fw-vhKVvtrOm1yUA==
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FxutGYXCZnRIGg61li3m2gj4UpT4FC1w2GcJLLv0tRCt2hPiBSMNANcQEU%2BluV0VxXSaz%2BQPHUsWa30896SwLu9ZWmOVZ0OctqP6651IqDUYdiKWvbkbVzxx7lp3tMc9TdI%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7969c7044ba5b4eb-OSL
alt-svc: h2=":443"; ma=60

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

472 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
472 B (472 bytes)
Hash
c99599d6628f41d54430edaa40f5c533
4bbd35fd1097784ae5e1e046ba35595eb49ac57f
3cb4e5c0f89f5e97bd7b4a11c25b6bae84bb5a1d55982c44719b76b3f852035e

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 04:14:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

basebonecdn.com/media/images/logos/2022/games.baseplay.co_logo_white.svg

104.21.10.184

200 OK

3.3 kB

URL HTTP/1.1
basebonecdn.com/media/images/logos/2022/games.baseplay.co_logo_white.svg
IP
104.21.10.184:0
ASN
#13335 CLOUDFLARENET

File type
SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (7221), with no line terminators
Size
3.3 kB (3282 bytes)
Hash
f7f3046b1d2b3a613fa3665cca511d17
5a46738f82faae852045cd6b76b87bfab95049ad
b11a797775add50160154ce389dee8ef2c5cf63e6b27934540299676c7a79466

HTTP Headers

GET /media/images/logos/2022/games.baseplay.co_logo_white.svg HTTP/1.1
Host: basebonecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://ae.continuetoplay.com/

HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 04:14:18 GMT
Content-Type: image/svg+xml
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Tue, 03 May 2022 06:55:44 GMT
x-amz-version-id: ugN9qMzqnDLrUO3WWb5eWYaX1SM9HzLN
Content-Encoding: gzip
ETag: W/"4acf5bbac675a722da47d4d2150eeced"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: s4-eT694s9Osi65pHWi7UqGmXDFo8itbkdaYqOR0stFLy0wU6B6JHQ==
Cache-Control: max-age=86400
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qL95nxsDVSVYP7q15YkLsqI1TrW9F0%2F%2F704YTAS3al70UnOjokP8pbjzbTGKsBleeU%2BYvPQLyGdnQqY1NWthJEPCiIXCY2knB7SW4Ha%2BVp%2FQoFYc39OYIN2NsKPlWd7Dc84%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7969c70448e1b503-OSL
alt-svc: h2=":443"; ma=60

my.rtmark.net/p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155

139.45.195.8

200 OK

697 B

URL HTTP/2
my.rtmark.net/p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
ASCII text
Size
697 B (697 bytes)
Hash
a6d255f2eb0b2c7d64159cef20667aec
14c29b6145a612e72bd1dc59bb0ccb55415c530b
910c9a08dbacc4603c934adbc5b6f057c2c37833d1e0bc5bee5465eee94bfea9

HTTP Headers

GET /p.js?f=sync&lr=1&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ae.continuetoplay.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 04:14:18 GMT
content-type: text/javascript
content-length: 697
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

ae.continuetoplay.com/favicon.ico

54.230.111.64

200 OK

1.4 kB

URL HTTP/1.1
ae.continuetoplay.com/favicon.ico
IP
54.230.111.64:0
ASN
#16509 AMAZON-02

File type
MS Windows icon resource - 1 icon, 16x16\012- data
Size
1.4 kB (1406 bytes)
Hash
011201ab56695ce86ea2f190bce2670b
bb8fad6accf293e619360935047c23f00da3c769
a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ae.continuetoplay.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ae.continuetoplay.com/t/17844/?SES=4810906849&a=9csm9&w=2182323
Connection: keep-alive
Cookie: router_id=bcf67eed1b4c751; LPSID=CB4; uv=1; token=212b76da45f2dfd8503dab49c983dcf38e2c1130cb69326fd59b3b68e444365c

HTTP/1.1 200 OK
Content-Type: image/vnd.microsoft.icon
Content-Length: 1406
Connection: keep-alive
Date: Thu, 09 Feb 2023 04:14:18 GMT
Server: Apache
Last-Modified: Tue, 13 Dec 2022 16:15:06 GMT
ETag: "57e-5efb7ec4cd30e"
Accept-Ranges: bytes
X-Cache: Miss from cloudfront
Via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: O-ihRlB-cnXEzwEvIALyUW7XJjSYpuhRSRDA46ZramshFGqD82uIPw==

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
72226fa2f9513f894889fa652cb2a8bf
8a1b4f108db687c34b334a94e6d931544fd7508e
a70034db82d42d5deb58f551cb4de47a5cf6b226dbc9aa98892adb62c2f73289

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 04:14:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-LF1R1KY13H&cid=1878963386.1675916116&gtm=45je3280&aip=1&uid=4039d4056cd46118d495870d004a5c7d&z=2032950533

142.250.74.163

200 OK

42 B

URL HTTP/2
www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-LF1R1KY13H&cid=1878963386.1675916116&gtm=45je3280&aip=1&uid=4039d4056cd46118d495870d004a5c7d&z=2032950533
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
GIF image data, version 89a, 1 x 1\012- data
Size
42 B (42 bytes)
Hash
d89746888da2d9510b64a9f031eaecd5
d5fceb6532643d0d84ffe09c40c481ecdf59e15a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

HTTP Headers

GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-LF1R1KY13H&cid=1878963386.1675916116&gtm=45je3280&aip=1&uid=4039d4056cd46118d495870d004a5c7d&z=2032950533 HTTP/1.1
Host: www.google.no
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ae.continuetoplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
date: Thu, 09 Feb 2023 04:14:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
x-content-type-options: nosniff
server: cafe
content-length: 42
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
72226fa2f9513f894889fa652cb2a8bf
8a1b4f108db687c34b334a94e6d931544fd7508e
a70034db82d42d5deb58f551cb4de47a5cf6b226dbc9aa98892adb62c2f73289

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 04:14:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

api.basebone.com/frontend/google/ga4.php

80.74.141.5

200 OK

27 B

URL HTTP/1.1
api.basebone.com/frontend/google/ga4.php
IP
80.74.141.5:0
ASN
#21069 METANET AG

File type
ASCII text, with no line terminators
Size
27 B (27 bytes)
Hash
399089a5a4aa675f2de0020c0d2dfe56
4bb635c9d4d04ad3937179af9084cbe3b4a01a0a
4f4cc2c452d815cfc35c7cbaa804b74337b980231bc0a0dd1405ac93f80d82bf

HTTP Headers

POST /frontend/google/ga4.php HTTP/1.1
Host: api.basebone.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 126
Origin: http://ae.continuetoplay.com
Connection: keep-alive
Referer: http://ae.continuetoplay.com/

HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 04:14:18 GMT
Server: Apache
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Content-Type
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Content-Encoding: gzip
Set-Cookie: LPSID=CB6; path=/

my.rtmark.net/img.gif?f=sync&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155&ttl=&rurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4810906849%26a%3D9csm9%26w%3D2182323

139.45.195.8

200 OK

43 B

URL HTTP/2
my.rtmark.net/img.gif?f=sync&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155&ttl=&rurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4810906849%26a%3D9csm9%26w%3D2182323
IP
139.45.195.8:0
ASN
#9002 RETN Limited

File type
GIF image data, version 89a, 1 x 1\012- data
Size
43 B (43 bytes)
Hash
b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

HTTP Headers

GET /img.gif?f=sync&partner=e4433d196201dabb3d3131ccb7cd09dc39b5898761466ff24d75e42ccade3155&ttl=&rurl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4810906849%26a%3D9csm9%26w%3D2182323 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://ae.continuetoplay.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 04:14:19 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=d4fb856ee4c741b19dee21491c31819b; expires=Fri, 09 Feb 2024 04:14:19 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2

region1.analytics.google.com/g/collect?v=2&tid=G-LF1R1KY13H&gtm=45je3280&_p=967750846&_gaz=1&cid=1878963386.1675916116&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675916116&sct=1&seg=0&dl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4810906849%26a%3D9csm9%26w%3D2182323&dr=http%3A%2F%2Ftrack.fkg.tv%2F&dt=New%20Antivirus&uid=4039d4056cd46118d495870d004a5c7d&en=virtual_page_view&_fv=1&_nsi=1&_ss=1&ep.page_type=visit_landing&epn.context_id=4810906849&ep.alias=9csm9&ep.advertising_campaign_id=109836&ep.webad=2182323&ep.flow_page=index&ep.messaging_platform_id=88&ep.product_id=11&ep.publisher_id=20223&ep.sub_affiliate_id=not_set&ep.monetization_channel=network&ep.traffic_source=ad_networks&ep.template_id=17844&ep.monetization_type=internal&ep.page_path=%2Ft%2F17844%2F&upn.country_id=220&up.country_iso=AE&upn.network_id=103&up.network_name=internet

216.239.32.36

204 No Content

0 B

URL HTTP/2
region1.analytics.google.com/g/collect?v=2&tid=G-LF1R1KY13H&gtm=45je3280&_p=967750846&_gaz=1&cid=1878963386.1675916116&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675916116&sct=1&seg=0&dl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4810906849%26a%3D9csm9%26w%3D2182323&dr=http%3A%2F%2Ftrack.fkg.tv%2F&dt=New%20Antivirus&uid=4039d4056cd46118d495870d004a5c7d&en=virtual_page_view&_fv=1&_nsi=1&_ss=1&ep.page_type=visit_landing&epn.context_id=4810906849&ep.alias=9csm9&ep.advertising_campaign_id=109836&ep.webad=2182323&ep.flow_page=index&ep.messaging_platform_id=88&ep.product_id=11&ep.publisher_id=20223&ep.sub_affiliate_id=not_set&ep.monetization_channel=network&ep.traffic_source=ad_networks&ep.template_id=17844&ep.monetization_type=internal&ep.page_path=%2Ft%2F17844%2F&upn.country_id=220&up.country_iso=AE&upn.network_id=103&up.network_name=internet
IP
216.239.32.36:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-LF1R1KY13H&gtm=45je3280&_p=967750846&_gaz=1&cid=1878963386.1675916116&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675916116&sct=1&seg=0&dl=http%3A%2F%2Fae.continuetoplay.com%2Ft%2F17844%2F%3FSES%3D4810906849%26a%3D9csm9%26w%3D2182323&dr=http%3A%2F%2Ftrack.fkg.tv%2F&dt=New%20Antivirus&uid=4039d4056cd46118d495870d004a5c7d&en=virtual_page_view&_fv=1&_nsi=1&_ss=1&ep.page_type=visit_landing&epn.context_id=4810906849&ep.alias=9csm9&ep.advertising_campaign_id=109836&ep.webad=2182323&ep.flow_page=index&ep.messaging_platform_id=88&ep.product_id=11&ep.publisher_id=20223&ep.sub_affiliate_id=not_set&ep.monetization_channel=network&ep.traffic_source=ad_networks&ep.template_id=17844&ep.monetization_type=internal&ep.page_path=%2Ft%2F17844%2F&upn.country_id=220&up.country_iso=AE&upn.network_id=103&up.network_name=internet HTTP/1.1
Host: region1.analytics.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ae.continuetoplay.com
Connection: keep-alive
Referer: http://ae.continuetoplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: http://ae.continuetoplay.com
date: Thu, 09 Feb 2023 04:14:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a746d459d4fbc7da99072462ed09b456
6ca7c899101b7ddcc1228f148cdcf16113a805f7
cbed8854f94d225ec82298e5039b9c163f58f9fede0db72510d22867003cb4a6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 04:14:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

stats.g.doubleclick.net/g/collect?v=2&tid=G-LF1R1KY13H&cid=1878963386.1675916116&gtm=45je3280&aip=1&uid=4039d4056cd46118d495870d004a5c7d

64.233.165.157

204 No Content

0 B

URL HTTP/2
stats.g.doubleclick.net/g/collect?v=2&tid=G-LF1R1KY13H&cid=1878963386.1675916116&gtm=45je3280&aip=1&uid=4039d4056cd46118d495870d004a5c7d
IP
64.233.165.157:0
ASN
#15169 GOOGLE

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

POST /g/collect?v=2&tid=G-LF1R1KY13H&cid=1878963386.1675916116&gtm=45je3280&aip=1&uid=4039d4056cd46118d495870d004a5c7d HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://ae.continuetoplay.com
Connection: keep-alive
Referer: http://ae.continuetoplay.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0

HTTP/2 204 No Content
access-control-allow-origin: http://ae.continuetoplay.com
date: Thu, 09 Feb 2023 04:14:19 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.163

200 OK

471 B

URL HTTP/1.1
ocsp.pki.goog/gts1c3
IP
142.250.74.163:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
a746d459d4fbc7da99072462ed09b456
6ca7c899101b7ddcc1228f148cdcf16113a805f7
cbed8854f94d225ec82298e5039b9c163f58f9fede0db72510d22867003cb4a6

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 04:14:19 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

34.120.237.76

200 OK

5.9 kB

URL HTTP/2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5cee0a4c-d2ba-4c9d-8ba5-2b4c94c98035.png
IP
34.120.237.76:0
ASN
#15169 GOOGLE

File type
JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size
5.9 kB (5878 bytes)
Hash
b5d772db4ded57c20c60afa587324afe
caaf5472af022dfc83c5cc7d0b304083f72b9a93
30b95ed40ca5da3155a6d25132d69956fb7be65aa001d993e581efc0a9044b7d

HTTP Headers

GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5cee0a4c-d2ba-4c9d-8ba5-2b4c94c98035.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

HTTP/2 200 OK
server: nginx
content-length: 5878
x-amzn-requestid: a1edb6b2-0c7f-4f40-8eef-df9dbf08d568
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fwCqJG3jIAMFqtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dcb173-20d3fbb92ec206647c246811;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 07:02:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: eOZ5iNdAnB7j0uVon7VG7FcOw1V8MjDbecd6_2trxcVN-id_hLZ84Q==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:12:24 GMT
age: 21718
etag: "caaf5472af022dfc83c5cc7d0b304083f72b9a93"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML