getmygift.xyz/1/prizewheel/iphone11/cam/index.html?domain=continuetosite.com&brand&bemobdata=c=45cb03b7-8416-4bb3-af26-6dee81b1ccf9..l=1a933674-5c75-4b39-931b-8235f05f5fe2..a=0..b=0..r=continuetosite.com
69.175.103.184 162 B URL getmygift.xyz/1/prizewheel/iphone11/cam/index.html?domain=continuetosite.com&brand&bemobdata=c=45cb03b7-8416-4bb3-af26-6dee81b1ccf9..l=1a933674-5c75-4b39-931b-8235f05f5fe2..a=0..b=0..r=continuetosite.com
IP 69.175.103.184:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /1/prizewheel/iphone11/cam/index.html?domain=continuetosite.com&brand&bemobdata=c=45cb03b7-8416-4bb3-af26-6dee81b1ccf9..l=1a933674-5c75-4b39-931b-8235f05f5fe2..a=0..b=0..r=continuetosite.com HTTP/1.1
Host: getmygift.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Wed, 03 May 2023 11:37:57 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://getmygift.xyz/1/prizewheel/iphone11/cam/index.html?domain=continuetosite.com&brand&bemobdata=c=45cb03b7-8416-4bb3-af26-6dee81b1ccf9..l=1a933674-5c75-4b39-931b-8235f05f5fe2..a=0..b=0..r=continuetosite.com
getmygift.xyz/favicon.ico
69.175.103.184 1.2 kB URL getmygift.xyz/favicon.ico
IP 69.175.103.184:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 91abe01116ab422c598e9c8af72cf4da
0f2815fe8e067d48537ad168225ab4674271fa27
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
GET /favicon.ico HTTP/1.1
Host: getmygift.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getmygift.xyz/?utm_term=7228919057175543860&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
Cookie: u=74537f1cbf30216ac579c2e433bfb845
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:37:58 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Wed, 31 Jul 2019 07:48:51 GMT
etag: "5d4147e3-47e"
expires: Thu, 04 May 2023 11:37:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains
accept-ranges: bytes
X-Firefox-Spdy: h2
getmygift.xyz/sw.js?v=1683113885619
69.175.103.184 776 B URL getmygift.xyz/sw.js?v=1683113885619
IP 69.175.103.184:0
Hash 200b680044776234a193b6ea3fcab9e6
19ba53c8c2b75eefe7bc9bed6c7aab3828a80e0b
c53c2f36055f0dd3c15231552ff5071ab389b3598d0b7721c0616e5c81913b70
Analyzer Verdict Alert fortinet Malware
GET /sw.js?v=1683113885619 HTTP/1.1
Host: getmygift.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: u=74537f1cbf30216ac579c2e433bfb845
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:37:58 GMT
content-type: application/javascript
content-length: 776
last-modified: Mon, 10 Apr 2023 09:19:34 GMT
vary: Accept-Encoding
etag: "6433d4a6-308"
content-encoding: gzip
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2
getmygift.xyz/favicon.ico
69.175.103.184 1.2 kB URL getmygift.xyz/favicon.ico
IP 69.175.103.184:0
File type MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel\012- data
Hash 91abe01116ab422c598e9c8af72cf4da
0f2815fe8e067d48537ad168225ab4674271fa27
b1d7aef06456fe7431124129a28f0138bb5fccfa4f4161e3087de23c005e5edc
GET /favicon.ico HTTP/1.1
Host: getmygift.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getmygift.xyz/proc.php?3b6d98f95a0d1d80d52a90a3d50b8be5b23a766c
Cookie: u=74537f1cbf30216ac579c2e433bfb845
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:37:58 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Wed, 31 Jul 2019 07:48:51 GMT
etag: "5d4147e3-47e"
expires: Thu, 04 May 2023 11:37:58 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains
accept-ranges: bytes
X-Firefox-Spdy: h2
www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7228919057175543860&website=13371-4431c34a&placement=13371&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
51.68.81.31 5.2 kB URL www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7228919057175543860&website=13371-4431c34a&placement=13371&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
IP 51.68.81.31:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3756)
Hash 3cb54184c61ddb7640c117c62f74c5e2
b945283b7457123902cb50dda3cb32e45d181242
f53d4b8651c28b13e4770345fc74f7f02760008d9435533e2620d0069cd91ba5
GET /?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7228919057175543860&website=13371-4431c34a&placement=13371&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70 HTTP/1.1
Host: www.turbotrck.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getmygift.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:37:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
Accept-CH: Sec-CH-UA-Platform-Version
www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7228919057175543860&website=13371-4431c34a&placement=13371&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=b66c6d98eb8ab7c507743e4c7c91f5cc&eyer=0.07310842242096305&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=getmygift.xyz
51.68.81.31 0 B URL www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7228919057175543860&website=13371-4431c34a&placement=13371&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=b66c6d98eb8ab7c507743e4c7c91f5cc&eyer=0.07310842242096305&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=getmygift.xyz
IP 51.68.81.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7228919057175543860&website=13371-4431c34a&placement=13371&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=b66c6d98eb8ab7c507743e4c7c91f5cc&eyer=0.07310842242096305&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=getmygift.xyz HTTP/1.1
Host: www.turbotrck.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Wed, 03 May 2023 11:37:59 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7228919057175543860&website=13371-4431c34a&placement=13371&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=3&eyer=0.07310842242096305&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=getmygift.xyz
www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7228919057175543860&website=13371-4431c34a&placement=13371&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=3&eyer=0.07310842242096305&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=getmygift.xyz
51.68.81.31 0 B URL www.turbotrck.art/?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7228919057175543860&website=13371-4431c34a&placement=13371&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=3&eyer=0.07310842242096305&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=getmygift.xyz
IP 51.68.81.31:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?sl=5564921-b2be6&data1=Track1&data2=Track2&tag=M7228919057175543860&website=13371-4431c34a&placement=13371&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70&eyeg=3&eyer=0.07310842242096305&eyei=0&eyew=1280&eyeh=1024&eyetd=220&eyef=getmygift.xyz HTTP/1.1
Host: www.turbotrck.art
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Date: Wed, 03 May 2023 11:37:59 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000fe50078ec69f1e448c96256092cb909b0503-202305-flb*5564921-b2be6*M7228919057175543860*sl_5564921-b2be6*ce19d19a133cec947e0ca24c32baa31f1cf02a17*13371-4431c34a*13371
getmygift.xyz/?utm_term=7228919057175543860&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
69.175.103.184 3.1 kB URL getmygift.xyz/?utm_term=7228919057175543860&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70
IP 69.175.103.184:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4702)
Hash 0452af76930bbf542b81e470589f7156
d74e02f50d0a7786671ac3a11c2d3eeddeaef146
2836a15c7963d97b7723fb731c7b2f53d346b07157a05387ac845f2b6221b5f7
GET /?utm_term=7228919057175543860&ver=4viyaptcjo&utm_content=e6c2c6dcd68fd49594fc9695a6a79597828bb8888e8d88bd87b3c5b1c3b7b484b8b3b889bfbfbeb982b380b086b5b4b4a2aaa8a9afafacada2a3a091a7979495868a868d9d8c8d9d87ce90938f8a859783fbc9f9fecdc8fdc0c7f0f1f6919599b9aec8c9ffcffdfffaf3c0f0f6f5f0c5dadbd8d9e9e9e8e9e5e6e3e5efefe0ed1e12101c70 HTTP/1.1
Host: getmygift.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://getmygift.xyz/?utm_medium=23f82f6ae527e3c7f9f4479c8c5ff969df03afa7&utm_campaign=parkeddomains&1=getmygift.xyz
Cookie: u=74537f1cbf30216ac579c2e433bfb845
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:37:57 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/8.2.0
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubdomains
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.23 1.8 kB IP 192.124.249.23:0
Hash 739138ae7af06cf67ba12ac7b0adf3b1
f472031de8f5b62fde4f06b7b85e450604955ab6
dbcaf8086a0936c02a630f881407453e9aa97eec3e8ea83859d7eacb3abbf62c
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 76
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 03 May 2023 11:37:59 GMT
Content-Type: application/ocsp-response
Content-Length: 1778
Connection: keep-alive
X-Sucuri-ID: 19023
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 02 May 2023 17:46:03 GMT
Expires: Wed, 03 May 2023 17:46:03 GMT
ETag: "f472031de8f5b62fde4f06b7b85e450604955ab6"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000fe50078ec69f1e448c96256092cb909b0503-202305-flb*5564921-b2be6*M7228919057175543860*sl_5564921-b2be6*ce19d19a133cec947e0ca24c32baa31f1cf02a17*13371-4431c34a*13371
34.91.27.112 0 B URL admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000fe50078ec69f1e448c96256092cb909b0503-202305-flb*5564921-b2be6*M7228919057175543860*sl_5564921-b2be6*ce19d19a133cec947e0ca24c32baa31f1cf02a17*13371-4431c34a*13371
IP 34.91.27.112:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000fe50078ec69f1e448c96256092cb909b0503-202305-flb*5564921-b2be6*M7228919057175543860*sl_5564921-b2be6*ce19d19a133cec947e0ca24c32baa31f1cf02a17*13371-4431c34a*13371 HTTP/1.1
Host: admoustache.media-412.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Wed, 03 May 2023 11:37:59 GMT
content-length: 0
location: https://yeah.achelous.mobi/rc/a91581ead4?affclick=645247975c0b770001af6a19&pubid=503
x-adjust-use-original-forwarded-for: 1
referer:
referrer-policy: no-referrer
set-cookie: afclick=645247975c0b770001af6a19; expires=Thu, 02 May 2024 11:37:59 GMT; secure; SameSite=None
access-control-allow-origin: *
X-Firefox-Spdy: h2
getmygift.xyz/sw.js?v=1683113885619
69.175.103.184 0 B URL getmygift.xyz/sw.js?v=1683113885619
IP 69.175.103.184:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /sw.js?v=1683113885619 HTTP/1.1
Host: getmygift.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Cookie: u=74537f1cbf30216ac579c2e433bfb845
Sec-Fetch-Dest: serviceworker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
If-Modified-Since: Mon, 10 Apr 2023 09:19:34 GMT
If-None-Match: "6433d4a6-308"
Cache-Control: max-age=0
TE: trailers
HTTP/2 304 Not Modified
server: nginx
date: Wed, 03 May 2023 11:37:59 GMT
last-modified: Mon, 10 Apr 2023 09:19:34 GMT
vary: Accept-Encoding
etag: "6433d4a6-308"
content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline';
X-Firefox-Spdy: h2
yeah.achelous.mobi/cdn-cgi/rum?
188.114.97.1 0 B URL yeah.achelous.mobi/cdn-cgi/rum?
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: yeah.achelous.mobi
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1110
Origin: https://yeah.achelous.mobi
Alt-Used: yeah.achelous.mobi
Connection: keep-alive
Referer: https://yeah.achelous.mobi/rc/a91581ead4?affclick=645247975c0b770001af6a19&pubid=503
Cookie: AWSALB=iZuswcUvx4D7A4mPU7azjBw0nO0elId6KkfvZI6G/26PpgFN4zCMD+TqvFnykJzJejfR3M4Qbpmyn/L0l+Z6m+N6lqWRgXp8TB/YGp/7VeXNnx71VexVyRwFCrl+
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
date: Wed, 03 May 2023 11:38:00 GMT
access-control-allow-origin: https://yeah.achelous.mobi
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7c1837174ceeb50f-OSL
x-frame-options: DENY
x-content-type-options: nosniff
e1.o.lencr.org/
23.36.77.32 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 905779bea5549635f86970ae3d26c927
a0a3f95d3c6c097b7584917eaf75fd339342ccb0
7702940abecfb95fc75d7a300bcaa6b826807791115c944ea803d3cc095bb8d1
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "7702940ABECFB95FC75D7A300BCAA6B826807791115C944EA803D3CC095BB8D1"
Last-Modified: Tue, 02 May 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5652
Expires: Wed, 03 May 2023 13:12:12 GMT
Date: Wed, 03 May 2023 11:38:00 GMT
Connection: keep-alive
c.adups.app/36399?click=pub6417bb05fcc64301b0b4c50872621506&pubid=cde43947
174.138.122.163 250 B URL c.adups.app/36399?click=pub6417bb05fcc64301b0b4c50872621506&pubid=cde43947
IP 174.138.122.163:0
ASN #14061 DIGITALOCEAN-ASN
File type HTML document, ASCII text, with no line terminators
Hash 7f51e33d84db20695c43eefda5fadf19
aeb45120f7f84e922eb30b894855562323dfd240
f7926a4601207525bfeaacb8c6b77e44044971f054a2a61860edffc472e7087c
GET /36399?click=pub6417bb05fcc64301b0b4c50872621506&pubid=cde43947 HTTP/1.1
Host: c.adups.app
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yeah.achelous.mobi/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
x-powered-by: Express
surrogate-control: no-store
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate
pragma: no-cache
expires: 0
location: https://792a9db8.linkbooster.click/rc/736006a179?affclick=23E03170801A036399028631vazIi&pubid=e5a36
vary: Accept, Accept-Encoding
content-type: text/html; charset=utf-8
content-length: 250
date: Wed, 03 May 2023 11:38:01 GMT
cdn.addlnk.com/redirect.css
104.21.74.141 396 B URL cdn.addlnk.com/redirect.css
IP 104.21.74.141:0
File type ASCII text, with very long lines (1242), with no line terminators
Hash adddaefaa5efc8ac15363150de851f02
dcfdf8df6ea224e43c18e557565383f8caa7b6e4
916536ed4f9d870cf2eb9e4ef362ecf26d8818ce9b8628fa864a7eb10873c199
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://yeah.achelous.mobi/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:00 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: hoKGF2DENF0Fxpfk9aX2Txj0orTMbszygnDmGFSC4SoL/4C3WQsM9k4Y5ZmrshXNgXN64qzAUMY=
x-amz-request-id: 9NDC432NBG524RW1
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OK7bZU3ciUVxiwHY86S%2Ftw3IP21Gdd69DrsIpgEikVwHe3nvLqPC0zbNnHqrjQAWr8fLQdtk8qgrUcObYyVxWv6fXhoTzSINwoU5BjXIn9wwRmY3bZwd7W1SfWKaNoYNEw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837159c53fab8-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188 471 B IP 172.64.155.188:0
Hash 90ffb96f4aa8b384df3da6a144fb32fc
5d45524aa17d2477706524acf44ad812934e4bea
0707c9474920ed778658511b1e9eead5df4bc2a90ce1842ad147e7952452fe67
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:01 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 03 May 2023 03:34:05 GMT
Expires: Wed, 10 May 2023 03:34:04 GMT
Etag: "5d45524aa17d2477706524acf44ad812934e4bea"
Cache-Control: max-age=575162,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c1837209b62b505-OSL
cdn.addlnk.com/redirect.css
172.67.158.251 16 kB URL cdn.addlnk.com/redirect.css
IP 172.67.158.251:0
File type ASCII text, with very long lines (1242), with no line terminators
Hash ad9ca1a094ff9f4735c1a98606226a88
8a1887ec22ec578b1907f293fc3cb17de3809467
49661484f44e76777ad184ed6f6690999af7d55f6637a4dbdbafb16501e2abe2
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://792a9db8.linkbooster.click/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:01 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: hoKGF2DENF0Fxpfk9aX2Txj0orTMbszygnDmGFSC4SoL/4C3WQsM9k4Y5ZmrshXNgXN64qzAUMY=
x-amz-request-id: 9NDC432NBG524RW1
cf-cache-status: HIT
age: 1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gOSasOVtV%2By%2BMObao4SzsJ0FoqWY5le4YmwjxPMigBeHLuUvYpTwaDBhmFIfssZ3H5Zxm3JqVizCpbhsqaCpTyOsxD6YfWQdSiT2KPXzo4u4mDZvzfF5aLbSKmdRKgN0yw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18371ede05fac4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
irugu.cogliatu.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
188.114.96.1 3.1 kB URL irugu.cogliatu.com/cdn-cgi/challenge-platform/h/g/scripts/pica.js
IP 188.114.96.1:0
File type ASCII text, with very long lines (5746), with no line terminators
Hash 4a54740daa58851a6d717809c48d89eb
05cc7a92e1a32ceecdaf33bd2bd2d415b27b3349
73e9d941927f7f087ac18ff4d8a1cf90453ce9778f7efa9b66870757fc4f2c85
GET /cdn-cgi/challenge-platform/h/g/scripts/pica.js HTTP/1.1
Host: irugu.cogliatu.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: irugu.cogliatu.com
Connection: keep-alive
Referer: https://irugu.cogliatu.com/rc/19aff8b744?affclick=64524799c9e11100013bb233&pubid=930_9b1479cf_e5a36
Cookie: AWSALB=dQ8sK2WUI6P4BgV+4rXW9utE8ueO1tS/jYkdLvQx7Y9j08Ii1PT8YAWaE1NLjk+CEy6v5ccgwsaaj2x3i4jfZ1Y4GvEA9WXCM2Qak0MkSHTx0YwfXnd9wrf6fVVV
Sec-Fetch-Dest: worker
Sec-Fetch-Mode: same-origin
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:02 GMT
content-type: application/javascript; charset=UTF-8
vary: accept-encoding
cache-control: max-age=14400, public
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HaoRTHUCpqpG2VOVhfHGBfqoD%2BOnHrfq4T0dHwf%2F9llfKNxt32OZQgQ8adGZggy9A3Jxrmz8KinH3TP9FAVnYNPV0%2B17gjOzVmoOW511jFt%2Bo62SZPMLyhpVs%2F6Ug%2Fg1pCThgA4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837257af70b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
go.savethereef.xyz/redirect?feed=491426&url=t3.hightid.com&subid=custom_11w034tpnx.no.linux.firefox&query=039ae99a&pub_clickid=6452479aa814d76ce4638e04&default_url=https%3A%2F%2Ft4.lowtid.com%2Fn.php%3Fp%3Dc%3A1ighcaypoihz05u69%26d%3D61e943f4a56e02198e0b0501%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D
198.134.116.30 0 B URL go.savethereef.xyz/redirect?feed=491426&url=t3.hightid.com&subid=custom_11w034tpnx.no.linux.firefox&query=039ae99a&pub_clickid=6452479aa814d76ce4638e04&default_url=https%3A%2F%2Ft4.lowtid.com%2Fn.php%3Fp%3Dc%3A1ighcaypoihz05u69%26d%3D61e943f4a56e02198e0b0501%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D
IP 198.134.116.30:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=491426&url=t3.hightid.com&subid=custom_11w034tpnx.no.linux.firefox&query=039ae99a&pub_clickid=6452479aa814d76ce4638e04&default_url=https%3A%2F%2Ft4.lowtid.com%2Fn.php%3Fp%3Dc%3A1ighcaypoihz05u69%26d%3D61e943f4a56e02198e0b0501%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D HTTP/1.1
Host: go.savethereef.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://irugu.cogliatu.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:04 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://www.yofaurls.com/webroot/bts/index.html
Pragma: no-cache
www.yofaurls.com/webroot/bts/index.html
51.89.87.113 1.3 kB URL www.yofaurls.com/webroot/bts/index.html
IP 51.89.87.113:0
File type HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash 3fd7cbd3b25f0ad404dfd488dc9ac733
faa260cbe5301998485682e54f5c60ad1ec636e9
19c3423e433799897557b51f07a8c30b1151e2827a1d291dd13692d049a25b0b
Analyzer Verdict Alert fortinet Phishing
GET /webroot/bts/index.html HTTP/1.1
Host: www.yofaurls.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://irugu.cogliatu.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
x-frame-options: SAMEORIGIN
last-modified: Thu, 27 Apr 2023 10:58:45 GMT
accept-ranges: bytes
cache-control: max-age=600
expires: Wed, 03 May 2023 11:48:04 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-length: 1274
content-type: text/html
date: Wed, 03 May 2023 11:38:04 GMT
server: Apache
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/HhYLTyBsm5M
142.250.74.3 471 B URL ocsp.pki.goog/s/gts1p5/HhYLTyBsm5M
IP 142.250.74.3:0
Hash c43bb95646236bc505a75a3cfcad9be3
bcfc468b1dbc82041ba5c31355f21889f8cbf959
dd9997eedc586eeb399e22c613531a74f82cab4a8415723eb45a7e473d0d67c8
POST /s/gts1p5/HhYLTyBsm5M HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 11:38:04 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
admediatex.net/serve/ads.js
104.26.9.229 945 B URL admediatex.net/serve/ads.js
IP 104.26.9.229:0
File type ASCII text, with very long lines (587)
Hash 8b0091bd4ea0610fe73060dd251f5e26
5f31fbfbec1d925800d4dcaebae464f0174d49d7
297550b94351b48773415f19f55efd190a4f7c2aae8adbd973e1d0ef392a84d7
GET /serve/ads.js HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:04 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
etag: W/"63693aa8-449"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 07 Nov 2022 17:04:40 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 47538
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3hp7bQVubTgJ2qrIWxUjKNrRHfoJmWLOZPXNhNvFyGKNDUMhnAcf1R1%2BPafdW1YRnhBt3pCdXYdY9KhQEikumiQ%2FQzt0QixHw60cORwsjbtBVgddWZ%2BxRAs5iNQAHwig"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837345c5b0b4d-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.eurosptp.com/banniere.js?size=468x60&id=16760
213.186.33.19 164 B URL www.eurosptp.com/banniere.js?size=468x60&id=16760
IP 213.186.33.19:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 813f9846b49c0ada805648edf1b2fdbd
caa24890460f73e6a72bb49426351e67e83b053d
8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
GET /banniere.js?size=468x60&id=16760 HTTP/1.1
Host: www.eurosptp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 307 Temporary Redirect
server: nginx
date: Wed, 03 May 2023 11:38:04 GMT
content-type: text/html
content-length: 164
location: https://www.eurosptp.com/banniere.js?__r=1.ce0952d265aa5075cc53996e076837b7&size=468x60&id=16760
X-Firefox-Spdy: h2
www.eurosptp.com/banniere.js?size=728x90&id=16760
213.186.33.19 164 B URL www.eurosptp.com/banniere.js?size=728x90&id=16760
IP 213.186.33.19:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 813f9846b49c0ada805648edf1b2fdbd
caa24890460f73e6a72bb49426351e67e83b053d
8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
GET /banniere.js?size=728x90&id=16760 HTTP/1.1
Host: www.eurosptp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 307 Temporary Redirect
server: nginx
date: Wed, 03 May 2023 11:38:04 GMT
content-type: text/html
content-length: 164
location: https://www.eurosptp.com/banniere.js?__r=1.ce0952d265aa5075cc53996e076837b7&size=728x90&id=16760
X-Firefox-Spdy: h2
www.eurosptp.com/banniere.js?__r=1.ce0952d265aa5075cc53996e076837b7&size=468x60&id=16760
213.186.33.19 164 B URL www.eurosptp.com/banniere.js?__r=1.ce0952d265aa5075cc53996e076837b7&size=468x60&id=16760
IP 213.186.33.19:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 813f9846b49c0ada805648edf1b2fdbd
caa24890460f73e6a72bb49426351e67e83b053d
8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
GET /banniere.js?__r=1.ce0952d265aa5075cc53996e076837b7&size=468x60&id=16760 HTTP/1.1
Host: www.eurosptp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.yofaurls.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Wed, 03 May 2023 11:38:04 GMT
content-type: text/html
content-length: 164
location: https://www.eurosptp.com/banniere.js?size=468x60&id=16760
set-cookie: __r=1.ce0952d265aa5075cc53996e076837b7; path=/; Max-Age=60; SameSite=None; Secure
X-Firefox-Spdy: h2
www.eurosptp.com/banniere.js?__r=1.ce0952d265aa5075cc53996e076837b7&size=728x90&id=16760
213.186.33.19 164 B URL www.eurosptp.com/banniere.js?__r=1.ce0952d265aa5075cc53996e076837b7&size=728x90&id=16760
IP 213.186.33.19:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 813f9846b49c0ada805648edf1b2fdbd
caa24890460f73e6a72bb49426351e67e83b053d
8f03491247cbfa8a2e60e0f7ec62d63b5070659f60383a1c81abeb2b20221be3
GET /banniere.js?__r=1.ce0952d265aa5075cc53996e076837b7&size=728x90&id=16760 HTTP/1.1
Host: www.eurosptp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.yofaurls.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 307 Temporary Redirect
server: nginx
date: Wed, 03 May 2023 11:38:04 GMT
content-type: text/html
content-length: 164
location: https://www.eurosptp.com/banniere.js?size=728x90&id=16760
set-cookie: __r=1.ce0952d265aa5075cc53996e076837b7; path=/; Max-Age=60; SameSite=None; Secure
X-Firefox-Spdy: h2
cpm.media/serve/ads.js
172.67.198.162 1.3 kB IP 172.67.198.162:0
File type ASCII text, with very long lines (3014), with no line terminators
Hash 460e667816f2d4c4ce615a47188216e0
b209967e34e0c2445dad87a9c76a7e0e54824bb7
1ad3c6df8f78fe050b53c5e54292b6dd459d71193cb169b6fd71db5fdf103fa1
GET /serve/ads.js HTTP/1.1
Host: cpm.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:04 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=3040
etag: W/"62e9db88-be0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 03 Aug 2022 02:20:56 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 23532118
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fz1MlrGVmiR8o5pH6ilKM5x8h6wyBeG8%2FBCqHE68EXSZMoLZbsfTXOED0BeWmpW5a3SMrXP1bdOb31ho7%2BFIjAFrp1VZ52KPvC8nagtNLrnvRWn63KLsV3GMTH0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183733fd011c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.eurosptp.com/banniere.js?size=728x90&id=16760
213.186.33.19 525 B URL www.eurosptp.com/banniere.js?size=728x90&id=16760
IP 213.186.33.19:0
File type ASCII text, with CRLF line terminators
Hash 755df8976061fef898e44fe00047affd
0e6e0bb4774479b0b93da998cee8f0ba63dc3f13
5e068d983fbb748b15a02ff31a4f00f96229578c9281eff2da03d347d8462c2a
GET /banniere.js?size=728x90&id=16760 HTTP/1.1
Host: www.eurosptp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.yofaurls.com/
Connection: keep-alive
Cookie: __r=1.ce0952d265aa5075cc53996e076837b7
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:05 GMT
content-type: application/javascript
content-length: 525
server: Apache
last-modified: Fri, 15 Apr 2022 10:11:38 GMT
accept-ranges: bytes
cache-control: max-age=900
expires: Wed, 03 May 2023 11:53:05 GMT
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.jsdelivr.net/jquery/3.0.0-rc1/jquery.min.js
151.101.65.229200 OK 32 kB URL GET HTTP/3 cdn.jsdelivr.net/jquery/3.0.0-rc1/jquery.min.js
IP 151.101.65.229:443
Requested by https://www.yofaurls.com/webroot/bts/index.html
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint88:D1:D3:FA:BE:69:45:71:5A:74:78:14:1A:E8:F3:5A:88:69:9C:7F
ValidityFri, 23 Dec 2022 10:55:14 GMT - Wed, 24 Jan 2024 10:55:13 GMT
File type ASCII text, with very long lines (32003)
Hash c42632326a8a732ef927feecd5d9096f
f9d345f6945248e8d618f233d0c0a092258d91dd
bed7d721231e5ec4aa41f093dce1e2affb074b4b10fc423eb2794521e4f5a58d
GET /jquery/3.0.0-rc1/jquery.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"1511e-iX3qQTkE9uH1SwOLGxDGVnnk1pk"
content-encoding: br
accept-ranges: bytes
date: Wed, 03 May 2023 11:38:05 GMT
age: 1677707
x-served-by: cache-fra-eddf8230042-FRA, cache-bma1658-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 31895
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
104.18.20.226 1.5 kB URL ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q4
IP 104.18.20.226:0
Hash c040539d08a708055c60973e1efeb23a
cf852a8fcebfbcb999c593a3f527f667a23f0291
804c3afb81228b5370aa35a432311e93aa8d2b49653af67b5f69d470f7c7988d
POST /ca/gsatlasr3dvtlsca2022q4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:05 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "EB9303A1A7E4054BCB301DDCC6B9BFCD08E1E66A"
Expires: Wed, 03 May 2023 22:00:00 GMT
Last-Modified: Wed, 03 May 2023 10:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2888
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c1837382889b50c-OSL
cdn.jsdelivr.net/jquery/3.0.0-rc1/jquery.min.js
151.101.65.229200 OK 32 kB URL GET HTTP/3 cdn.jsdelivr.net/jquery/3.0.0-rc1/jquery.min.js
IP 151.101.65.229:443
Requested by https://www.yofaurls.com/webroot/bts/index.html
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint88:D1:D3:FA:BE:69:45:71:5A:74:78:14:1A:E8:F3:5A:88:69:9C:7F
ValidityFri, 23 Dec 2022 10:55:14 GMT - Wed, 24 Jan 2024 10:55:13 GMT
File type ASCII text, with very long lines (32003)
Hash c42632326a8a732ef927feecd5d9096f
f9d345f6945248e8d618f233d0c0a092258d91dd
bed7d721231e5ec4aa41f093dce1e2affb074b4b10fc423eb2794521e4f5a58d
GET /jquery/3.0.0-rc1/jquery.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.jsdelivr.net
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-length: 31895
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"1511e-iX3qQTkE9uH1SwOLGxDGVnnk1pk"
content-encoding: br
accept-ranges: bytes
date: Wed, 03 May 2023 11:38:05 GMT
age: 1677708
x-served-by: cache-fra-eddf8230042-FRA, cache-bma1661-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
ad2bitcoin.com/ad.php?ref=younnesa&width=728
23.95.12.219 1.3 kB URL ad2bitcoin.com/ad.php?ref=younnesa&width=728
IP 23.95.12.219:0
ASN #36352 AS-COLOCROSSING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash ebbe01f51a1b30ea9ed622c5ae178d2b
feba3be45e0753ebb0cc63a408fbb54de727acb7
c714c770b161b8cb6cacd984081c368f811b0da056e17d50a072cad7ce870932
GET /ad.php?ref=younnesa&width=728 HTTP/1.1
Host: ad2bitcoin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:05 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
cdn.jsdelivr.net/jquery/3.0.0-rc1/jquery.min.js
151.101.65.229200 OK 32 kB URL GET HTTP/3 cdn.jsdelivr.net/jquery/3.0.0-rc1/jquery.min.js
IP 151.101.65.229:443
Requested by https://www.yofaurls.com/webroot/bts/index.html
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint88:D1:D3:FA:BE:69:45:71:5A:74:78:14:1A:E8:F3:5A:88:69:9C:7F
ValidityFri, 23 Dec 2022 10:55:14 GMT - Wed, 24 Jan 2024 10:55:13 GMT
File type ASCII text, with very long lines (32003)
Hash c42632326a8a732ef927feecd5d9096f
f9d345f6945248e8d618f233d0c0a092258d91dd
bed7d721231e5ec4aa41f093dce1e2affb074b4b10fc423eb2794521e4f5a58d
GET /jquery/3.0.0-rc1/jquery.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.jsdelivr.net
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-length: 31895
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"1511e-iX3qQTkE9uH1SwOLGxDGVnnk1pk"
content-encoding: br
accept-ranges: bytes
date: Wed, 03 May 2023 11:38:05 GMT
age: 1677708
x-served-by: cache-fra-eddf8230042-FRA, cache-bma1661-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
mediacpm.pl/serve/ads.php?a=28957&b=728x90&random=90100305&referr=https%3A%2F%2Firugu.cogliatu.com%2F
104.21.234.95 44 kB URL mediacpm.pl/serve/ads.php?a=28957&b=728x90&random=90100305&referr=https%3A%2F%2Firugu.cogliatu.com%2F
IP 104.21.234.95:0
File type ASCII text, with very long lines (734), with CRLF line terminators
Hash c3301fe00e8c6ed691e84543b6bf124f
a534e24d0c4eae1259aa8c8c46001f61b26f3f07
78a917f73cfad99e18e2d784fd2d709df04da446ec49ae6b7a4a0ea39079d945
GET /serve/ads.php?a=28957&b=728x90&random=90100305&referr=https%3A%2F%2Firugu.cogliatu.com%2F HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:05 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ROieIVt19C46YXHWYFs%2FNaE3caFAvEVLrXkcqdfCXDrhbkE8deiZ0u5Hf9SvVmTTpBUMd7gyrp1104XzX6Z0sl5ZDC5wx4x78pAvMC8vOjIX1u1fvgv%2FA9%2BF1AB92w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837398f6d00a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
i.imgur.com/QxSJlPb.png
151.101.244.193 696 B IP 151.101.244.193:0
File type PNG image data, 23 x 17, 8-bit/color RGBA, non-interlaced\012- data
Hash c09343eeb0db68cd6c27d2c616d0e151
a55f65ed2d9df4179c0445c1b98acba21ef89d92
a555114e8e035c5f9ae196ed575249b11cdee99b10b419bd5772183b26396845
GET /QxSJlPb.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad2bitcoin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
last-modified: Tue, 02 May 2023 10:43:21 GMT
etag: "c09343eeb0db68cd6c27d2c616d0e151"
x-amz-server-side-encryption: AES256
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Wed, 03 May 2023 11:38:05 GMT
age: 89684
x-served-by: cache-iad-kiad7000145-IAD, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 23, 3854
x-timer: S1683113886.925940,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 696
X-Firefox-Spdy: h2
admediatex.net/ads/images/728x90_4587878411545.gif
104.26.9.229 14 kB URL admediatex.net/ads/images/728x90_4587878411545.gif
IP 104.26.9.229:0
File type GIF image data, version 89a, 728 x 90\012- data
Hash 86636de1a7652569e7a91853d795313f
b548fdea74a0ff3658442f83a11f18f22a537eaf
43a37f9a123bfdbdb6332124e666fd336b860a9806ff1b8ac8da598535d10146
GET /ads/images/728x90_4587878411545.gif HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://admediatex.net/ads/728x90.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: image/gif
content-length: 13630
cache-control: max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=51119
etag: "63693aee-c7af"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 07 Nov 2022 17:05:50 GMT
cf-cache-status: HIT
age: 42259
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2eJcDw5uJLSi4fXP91%2FNMlpZDSDRcQQu%2FPDnk%2F8QSAmRzE63DLcms9%2BGj9LF4vqHL1pdYF8cxdUjV030rnZuEIGpfk4J%2Bla7Zx3O4O%2BcPYPVot6mfQjA%2FRbZwNx4Um%2FV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18373b8c3f0b4d-OSL
X-Firefox-Spdy: h2
ad2bitcoin.com/adqlt.php?ref=younnesa&keycode=6462
23.95.12.219 748 B URL ad2bitcoin.com/adqlt.php?ref=younnesa&keycode=6462
IP 23.95.12.219:0
ASN #36352 AS-COLOCROSSING
File type ASCII text, with very long lines (747)
Hash 73baed5a7331bdc45e951d2fcff1c37f
6cc28195919dfa7a4d9620160a39cc4677985014
d3019b909399e12c1054777134fa20fc155b98ec009ea4a8dc1b11b47cee5866
GET /adqlt.php?ref=younnesa&keycode=6462 HTTP/1.1
Host: ad2bitcoin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad2bitcoin.com/ad.php?ref=younnesa&width=728
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:05 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
mediacpm.pl/panel/logo.png
104.21.234.95 8.9 kB URL mediacpm.pl/panel/logo.png
IP 104.21.234.95:0
File type PNG image data, 346 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 78430378a19de3f739dee4a1a54334fe
48aa28d770c903b61db0ee222db98617f8120d59
c187fa399a92ecf069a6a590b41a3030b928d51076ecbe82df6c2b832e63d717
GET /panel/logo.png HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: image/png
content-length: 8917
last-modified: Thu, 11 Aug 2022 11:15:27 GMT
etag: "62f4e4cf-22d5"
cache-control: max-age=86400
cf-cache-status: HIT
age: 3275
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=paUExvKclxmss7cSh9LROiQ1PdaLXcJtT0CshEH%2BDZiC2gHi%2BJQ%2FE8J8kVrbfkmoM5nfzlTMV1YSf%2Bou0DGQZyFCCqkHWJcwdI4HtPPzFnF5htyyUJNnT4sr5QeCQg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18373d9d6900a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/css/bootstrap.min.css
104.21.234.95200 OK 36 kB URL GET HTTP/3 mediacpm.pl/landing/css/bootstrap.min.css
IP 104.21.234.95:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint87:94:78:81:9C:FA:BC:35:56:B7:0B:8D:A4:33:01:E2:C9:2D:F6:7F
ValidityTue, 07 Jun 2022 00:00:00 GMT - Tue, 06 Jun 2023 23:59:59 GMT
File type ASCII text, with very long lines (65319), with CRLF line terminators
Hash f8f7a23b0a7a3308fc041e53847a3962
84e60d1f256b086e486f3b62482719f881506180
6d0ee08d3e6083132193ef849879739b550773a2ef058e0246229c39e1b6c923
GET /landing/css/bootstrap.min.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: text/css
last-modified: Thu, 11 Aug 2022 11:16:11 GMT
vary: Accept-Encoding
etag: W/"62f4e4fb-26f21"
cache-control: max-age=86400
cf-cache-status: HIT
age: 6230
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jtNUa3r7OZfjrNcCNzX0tnNkEDOP2vv1UKOg3FTcqNsVyuxdR8fn2TLd%2FZY2p0Ypf9XAcJlZ1quANn3A3Gu9sGGxKJi5a9pJw%2F4R%2B0Z4AQVI28uLLAsj1HvlBbAkNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373c6b9d00a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/js/particles.app.js
104.21.234.95 152 kB URL mediacpm.pl/landing/js/particles.app.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (1278), with no line terminators
Size 152 kB (152301 bytes)
Hash 8bcc500533474b8422c0dc7a84ac15a7
0a03eb8064857a2c22cfd8fb2c007096c73e84a8
b27f441c36f210c3e2da31633b7645e031e03152436e8d25948b2d22f23d6134
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/particles.app.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=2945
etag: W/"62f4e50b-b81"
last-modified: Thu, 11 Aug 2022 11:16:27 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 1903
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BJ2465xLAeWCbBAZNkv%2BWodByKALfCn3ET7v%2FNdd5KXcBosUdoRv3lFOM6L3TN2exxMthG03jTqvJTXqrpgUmhOvQv%2FNBDPPE6%2BKp3wxMeLx%2B7jNEEZ4BY2t812Kyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373dad8f00a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/css/owl.carousel.css
104.21.234.95 805 B URL mediacpm.pl/landing/css/owl.carousel.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (1134), with no line terminators
Hash 6d31b96d47d1a73e3603c2ca1c0b9943
7c26c5b51080954d14df70c08442dad7eea6eb0e
a5bb9674e7a47678499ece710e79bd2ffc19612cb6d93e60968e1257cec4a596
GET /landing/css/owl.carousel.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1464
etag: W/"62f4e4fe-5b8"
last-modified: Thu, 11 Aug 2022 11:16:14 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 864
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mwlECspKAiiVVdsJmg1dsBoA3%2F53OzKW5dCYqyRHKL9d2zZMsdhsPfBOxwyyP7PFwT6JccfPSD5gc8T%2FzkATcC5eqxPveI%2FTNuD2i0W0lNJKC9k970owKwydPAGLvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373d1cbc00a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/js/jquery.magnific-popup.min.js
104.21.234.95 20 kB URL mediacpm.pl/landing/js/jquery.magnific-popup.min.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (20818), with CRLF line terminators
Hash e85f473ae2d534304240d6ac08874c54
ada1f0e1270c628e7625e56376e7ce015f850635
ae78144ce797d2e139866fe83cf50314f95d31f21e7e97813e19c1a1ef0ccb7e
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/jquery.magnific-popup.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:30 GMT
vary: Accept-Encoding
etag: W/"62f4e50e-51d6"
cache-control: max-age=86400
cf-cache-status: HIT
age: 1903
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U1koLdfAjoli8dLautkaA7gGrIT9G4DXgytXuJXWh0GBpDG2EioZly9wmEbT77s0l2HAT9%2BVzSgFW5LrBeyP3ko8sbTS7VA9y0s7lcRT%2FXT0cpadzRFBzTAuNLLdMA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373dad9100a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/css/pe-icon-7.css
104.21.234.95 2.4 kB URL mediacpm.pl/landing/css/pe-icon-7.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (9717)
Hash 62c2fea539672c197c0c3c127b6a74e8
01b7aac4349b13da67936e2d38b6eea3b312a47e
a4400adb329d0b64cebd0cda6f0f7f015eaa4cc37bbc2350eaa38723c72d188e
GET /landing/css/pe-icon-7.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=14067
etag: W/"62f4e501-36f3"
last-modified: Thu, 11 Aug 2022 11:16:17 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 5926
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u9wb6%2FFx%2Bohg9C9rN7Wu3BsVczcnzUjcfOFgRn5wPbnZouwwMwQNH8YR4W34ABKLDnGakBm8wF6QczSGPpuExD7QKrbQYzOTfwffMO9HoWSTba8zvMJn%2B0ikZHAAnQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373d1cba00a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.cryptobrowser.store/media/pb/884/1ced5bab17b84f07a4252de25da120b7.png
188.114.97.1 13 kB URL cdn.cryptobrowser.store/media/pb/884/1ced5bab17b84f07a4252de25da120b7.png
IP 188.114.97.1:0
File type PNG image data, 728 x 90, 8-bit colormap, non-interlaced\012- data
Hash 5a6cd00e51f2d09455302fe1361d8f9e
80cc72f902299a6c3bf4b57568e97113c412e0e3
2436842c49c4a0cb1723fa0019683a9e8dd911277750f8836dac34de671c47ee
GET /media/pb/884/1ced5bab17b84f07a4252de25da120b7.png HTTP/1.1
Host: cdn.cryptobrowser.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://cryptotabbrowser.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: image/png
content-length: 12729
etag: "5f1b01b5-31b9"
last-modified: Fri, 24 Jul 2020 15:43:49 GMT
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9UzjyjegpzAhVeARvEA%2B3F2K9QBcTBcF2eyMB1oLjHHll9OHBijTRRQq6x6FFoVRKp%2FymY4dd4Ppdx9oSGXCTWKuJFsOXMWvhZC%2BPIUcrG8riwcpTsJK1e6lmUYdc9avdw9Lrf4C2uEn2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18373f5d6cb4f7-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cryptotabbrowser.com/pb/6/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
104.26.11.230 12 kB URL cryptotabbrowser.com/pb/6/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
IP 104.26.11.230:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (64876)
Hash 5cc9dfbbbd885964f3f066124b2fca96
a503e133a248ec6e93f7fa5cbcacfef510651d3d
7548f47b2acd82fe585b5af524aeb78186f060b1d296669eeed7237dc1d6b38a
GET /pb/6/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en HTTP/1.1
Host: cryptotabbrowser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.yofaurls.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: text/html; charset=utf-8
content-language: en
vary: Accept-Language, Cookie, Accept-Encoding
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: HIT
age: 3248
last-modified: Wed, 03 May 2023 10:43:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=StStsv7QnFvluw3sMKSHIqWWufq5IQw1Xg7fO8Z3Z9ol%2F%2B%2FXkAiNXrqMq6SOJtT3GO090%2BRuBug%2B852tqVMmksHhH7bDexwr%2Bk2HapX2nfHEI9jj0UN7jk2durzIeGbIP6rcqc24"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373c2f650b49-OSL
content-encoding: br
X-Firefox-Spdy: h2
adhitzads.com/1037129
188.114.96.1 22 kB IP 188.114.96.1:0
File type ASCII text, with very long lines (603)
Hash 07fd2d8e93d1bf30431baa851533bd9a
69301bdcfd5715284a16ec5f130ec77fc394d8f2
e76dff2401ebe38c79ce72b7b6102ec7e7bf6b2d4576828c4768549455f24a47
GET /1037129 HTTP/1.1
Host: adhitzads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x%2BRjqW%2BkAVv0jqu3bCbT2xRAC%2FcYRAzSWtqmukOJqpEg5cqmVWhQelVb28105fhI3y2ZJ40qN0SsaqRZVjKrIDgeml0FWyNgB6EcB44C1aJQNIacTbzNy758Sry03YQJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373b7fa3b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tr.cryptobrowser.site/api/v2/an/bn/
185.173.160.143 0 B URL tr.cryptobrowser.site/api/v2/an/bn/
IP 185.173.160.143:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/an/bn/ HTTP/1.1
Host: tr.cryptobrowser.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=UTF-8
Content-Length: 86
Origin: https://cryptotabbrowser.com
Connection: keep-alive
Referer: https://cryptotabbrowser.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:06 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://cryptotabbrowser.com
vary: Origin, Accept-Encoding
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
tr.cryptobrowser.site/api/v2/an/bn/
185.173.160.143 0 B URL tr.cryptobrowser.site/api/v2/an/bn/
IP 185.173.160.143:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/an/bn/ HTTP/1.1
Host: tr.cryptobrowser.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=UTF-8
Content-Length: 91
Origin: https://cryptotabbrowser.com
Connection: keep-alive
Referer: https://cryptotabbrowser.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:06 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://cryptotabbrowser.com
vary: Origin, Accept-Encoding
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mediacpm.pl/
104.21.234.95 1.4 MB IP 104.21.234.95:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (646)
Size 1.4 MB (1442845 bytes)
Hash efed397543e3ec9a927fd22e32ee4293
2832bd0f1355c23d1a7dac912fe7842b775b045c
8f31276c0e68d158d25a24b2aacd76330ee45512f08ad7cabd22c5d3c3118ebc
Analyzer Verdict Alert fortinet Phishing
GET / HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/serve/show.php?a=28957&b=728x90
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
set-cookie: PHPSESSID=jabqifuppnggs8ghcd4dc7nb42; path=/
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bdIF8%2BCrpenp6x1AKZ%2B2zWe%2B3f%2BHRVvcz17awRVhx8M729W3lmfnfi%2BKwxxNe0OyL8exui%2F0U6%2BduqTBin1ChE%2BRKWYpBb%2Bops%2Fv3ugCATzUcGg4Tmngu6ecHR1uPA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373ebf7200a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.pki.goog/gts1c3
142.250.74.3 471 B IP 142.250.74.3:0
Hash 2ce978767c05692aa24c6454c05de9fc
2daae46f8a6cc154414210a7fa409479f51991e6
2f804b51a4f9a047a1d9de696906484b648e1f6e052a1fc85f3e29a8f0309e2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 11:38:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
mediacpm.pl/landing/js/scrollspy.min.js
104.21.234.95 1.1 kB URL mediacpm.pl/landing/js/scrollspy.min.js
IP 104.21.234.95:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (1310), with no line terminators
Hash 9773486a14d8390c9bed7f692878e5ab
e386184ba4e1e7690e6093411253a3054f59d213
27e99ae5822734dd63ec5bc2f557a523d7497d979d8e06dd148c938c3681619f
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/scrollspy.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:27 GMT
vary: Accept-Encoding
etag: W/"62f4e50b-521"
cache-control: max-age=86400
cf-cache-status: HIT
age: 1943
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vEkzOXFNW6rgH7NZyZK7ZaVq4hnwlAUw3M7yv1HMiO2h1zEW1QBcrulHgy9mKz2y96%2Fj60iVlrnvwccYOb2pb0NAqw2LTppHlC5iHdvQmhvXtKJAdjsWYjpZsV908A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373d9d7b00a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
104.16.57.101 7.9 kB URL static.cloudflareinsights.com/beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816
IP 104.16.57.101:0
Hash 0c9e82f1d714a240256673348e62b6fa
db5a7e8e223641e4a74a34bb7e15d96ed1305b5d
e474485d6cb603f3bbeb406a66d2df4b3fa6de44b0aca9bfc5e3c8a249477d84
GET /beacon.min.js/v52afc6f149f6479b8c77fa569edb01181681764108816 HTTP/1.1
Host: static.cloudflareinsights.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://cryptotabbrowser.com
Connection: keep-alive
Referer: https://cryptotabbrowser.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
etag: W/2023.4.2
last-modified: Mon, 17 Apr 2023 20:41:48 GMT
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18373f2aa50b45-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
mediacpm.pl/landing/js/contact.js
104.21.234.95200 OK 562 B URL GET HTTP/3 mediacpm.pl/landing/js/contact.js
IP 104.21.234.95:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint87:94:78:81:9C:FA:BC:35:56:B7:0B:8D:A4:33:01:E2:C9:2D:F6:7F
ValidityTue, 07 Jun 2022 00:00:00 GMT - Tue, 06 Jun 2023 23:59:59 GMT
File type ASCII text, with very long lines (593), with no line terminators
Hash 60398251d6089b3d3fc87a71215033db
e747e355c831b82d440a0a3601ceb5cc4eee9569
2bb3ccb67599dba6cc36b9385a55f629d39faef8a077c6348dd5e27f010fceda
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/contact.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=965
etag: W/"62f4e509-3c5"
last-modified: Thu, 11 Aug 2022 11:16:25 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 5428
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DHq9Jt6nOKpzyJP%2BRwrAeaLLBJ6epgTSG%2Fc%2F%2BlaRV7AR%2Bsw3tKxF1X8TtY7alV6JpO%2FfIlfvvzzhdZWJD5QJWP59q8YFIgmGwSvUfxA%2FKGBIsjx1ito5r1TBSnp8zA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373dad8200a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
zerofaucet.com/728x90.php
104.168.58.149 271 B URL zerofaucet.com/728x90.php
IP 104.168.58.149:0
ASN #36352 AS-COLOCROSSING
File type HTML document, ASCII text
Hash b23e7c2df2c6abadcbaa691e9dd1ce9a
a60b7548cc598bd7db9a1836ebdc5c4d064b55bb
c6dca15c01e374ab9913be90f1bd2337f353a0fc2c1b7ca531301db92c32ec5b
GET /728x90.php HTTP/1.1
Host: zerofaucet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad2bitcoin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:06 GMT
Server: Apache
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
fonts.gstatic.com/s/notosans/v28/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
216.58.207.227 14 kB URL fonts.gstatic.com/s/notosans/v28/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 14256, version 1.0\012- data
Hash 0f7d9a10be7f1a2f1a2add4dded5dae5
03184a1d29b1199670b159f72db9f134def99cb7
5fc4c95920416b0ef0b5aee93a90984989183a6d29f712e725a3383309806a54
GET /s/notosans/v28/o-0IIpQlx3QUlC5A4PNr5TRA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mediacpm.pl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14256
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 27 Apr 2023 14:25:42 GMT
expires: Fri, 26 Apr 2024 14:25:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 27 Apr 2023 00:19:00 GMT
content-type: font/woff2
age: 508345
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
mediapalmtree.com/pu-script.js?t=1666895495
188.114.96.1 52 kB URL mediapalmtree.com/pu-script.js?t=1666895495
IP 188.114.96.1:0
File type Unicode text, UTF-8 text, with very long lines (63725), with no line terminators
Hash 01e446d5b96f72b9273e77f323bd8b12
074cdc37d8ae5fb269acf996d52af47055627004
b0d162afeac9875b7b1c4b0a97fa90860893f9df0cd90244206d41982f912e68
GET /pu-script.js?t=1666895495 HTTP/1.1
Host: mediapalmtree.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: application/javascript
last-modified: Mon, 10 Apr 2023 13:13:04 GMT
vary: Accept-Encoding
etag: W/"64340b60-f8ee"
access-control-allow-origin: *
cache-control: max-age=31536000
cf-cache-status: HIT
age: 6178
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QJFOZcUvc7z%2FVcF5sF4uIZpbvyOpBUa8jh0j%2FAl9zz05MRndgZD9RSZshSOFiPeKRrIrhInIbE5QiqJzrEpeZm3xNiBq5jEovv9Im8WMxXpKig2eyTIkGFDd9hLRruk4QC4o2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373ca861b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2
216.58.207.227200 OK 34 kB URL GET HTTP/2 fonts.gstatic.com/s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2
IP 216.58.207.227:443
File type Web Open Font Format (Version 2), TrueType, length 33868, version 1.0\012- data
Hash a55fefd02b25a2cb141efe2d17776d60
ba132269410be55bbd81032011d5904ceb33bc64
e5b4655e2fac9e5887dfc63e54a5ea312f8779ad2a4316765a690c5177ef1acc
GET /s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mediacpm.pl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33868
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 29 Apr 2023 07:44:30 GMT
expires: Sun, 28 Apr 2024 07:44:30 GMT
cache-control: public, max-age=31536000
age: 359617
last-modified: Wed, 08 Mar 2023 21:37:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
mediacpm.pl/landing/js/particles.js
104.21.234.95 6.8 kB URL GET mediacpm.pl/landing/js/particles.js
IP 104.21.234.95:0
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint87:94:78:81:9C:FA:BC:35:56:B7:0B:8D:A4:33:01:E2:C9:2D:F6:7F
ValidityTue, 07 Jun 2022 00:00:00 GMT - Tue, 06 Jun 2023 23:59:59 GMT
File type ASCII text, with very long lines (2352)
Hash f24928c9108ae0a14bdca86e708fc35c
29e3d403cb04da5aa4927745563955c849f1e6ed
989116298ed799ad0b6649b9066d8503e9c7f1ca71cf8d4f1eae515ed72cc715
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/particles.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=44621
etag: W/"62f4e50b-ae4d"
last-modified: Thu, 11 Aug 2022 11:16:27 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 6229
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iWlZZS0Ewh70iY3ZysLwJvnfV8KJ5C8de7crB1dkt0XiVKzzNMYshNevrhT8PkzKjDu7kJKsnUi7RhrkvmVR4tIZ6AnF%2FEYWOVBR3dyrVlq2%2FHGY50WwLhy4tRL8YA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373dad8400a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cryptotabbrowser.com/cdn-cgi/rum?
104.26.11.230 0 B URL cryptotabbrowser.com/cdn-cgi/rum?
IP 104.26.11.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: cryptotabbrowser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1580
Origin: https://cryptotabbrowser.com
Connection: keep-alive
Referer: https://cryptotabbrowser.com/pb/6/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Wed, 03 May 2023 11:38:07 GMT
access-control-allow-origin: https://cryptotabbrowser.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7c1837439f8c0b49-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2
mediacpm.pl/landing/js/jquery.min.js
104.21.234.95 32 kB URL mediacpm.pl/landing/js/jquery.min.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (65450), with CRLF line terminators
Hash c32b41f47e6e70d8f50cbe767fabb92e
7cc75a76fba93a1d85fedc270a591575ac34d269
18bc17048dbe1403091c851ecf2d5fe9ac8117a5f6f65409e493d5bff4ed5830
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/jquery.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:26 GMT
vary: Accept-Encoding
etag: W/"62f4e50a-15853"
cache-control: max-age=86400
cf-cache-status: HIT
age: 1903
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=viAbWvCq1b6bE4JOaCAsKQeX4Q41kADcBCXf0unXuq8eeT8EdEMQDLWZgzDCnfccSl5%2Fgu97Fkt0C5%2F9PUMwDhCDHe7qPaYcY5WP2lnjKeEPSSZ8ffZ6TL%2B7zcP07g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837416c3200a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/css/magnific-popup.css
104.21.234.95 2.1 kB URL mediacpm.pl/landing/css/magnific-popup.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (5927), with no line terminators
Hash 50b0c144128a7b0a80313ac5e1508c38
cb7f813da1de752a2b9372321c55b5e00e3789ee
f8d3d3096fd5a9671ab79bf4b4a00b8a6296e4e5af914f63514924bcb882aeef
GET /landing/css/magnific-popup.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=8150
etag: W/"62f4e4fc-1fd6"
last-modified: Thu, 11 Aug 2022 11:16:12 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 6230
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DRayHAJxQqVyxzmA%2Bol0zSMRKVogHMS9gK5Rzt5p1wTPgbLH3s4Io3BetsBEhwZ8IQqkXRslR3FbOI8mZBY2sazEkxl5IuZYFyBsPqthiahkp0DzSfBLVpJnh2MA2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837415c1d00a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/js/jquery.easing.min.js
104.21.234.95 1.4 kB URL mediacpm.pl/landing/js/jquery.easing.min.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (2532), with no line terminators
Hash 80b0f35c01f453e62292182492a2d29f
af3bd8753b5ddc46e86aadae534b21398517e9ec
9a98c01346c0decb4f551d93f95d937bc1191d9f8ac01cb841d35ff43e5865f1
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/jquery.easing.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:29 GMT
vary: Accept-Encoding
etag: W/"62f4e50d-9e4"
cache-control: max-age=86400
cf-cache-status: HIT
age: 4732
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nTuXpCAKuGSmYjY69R3vscDRrqKycNQ17l0rEfhLLiFlE947%2Bah4aV6TzKEcGNm9eo%2FI%2FCnl3GCJ5aBabosuGIO%2FzcDGot31Of2j4bPVOSP83jt5oZwBC30HUMKP8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837416c3500a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/js/scrollspy.min.js
104.21.234.95 1.1 kB URL mediacpm.pl/landing/js/scrollspy.min.js
IP 104.21.234.95:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (1310), with no line terminators
Hash 9773486a14d8390c9bed7f692878e5ab
e386184ba4e1e7690e6093411253a3054f59d213
27e99ae5822734dd63ec5bc2f557a523d7497d979d8e06dd148c938c3681619f
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/scrollspy.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:27 GMT
vary: Accept-Encoding
etag: W/"62f4e50b-521"
cache-control: max-age=86400
cf-cache-status: HIT
age: 1943
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eJkcN8om7bbFtI8zg7EnG1Uy%2B4eEK6Em6d4bjqH1XWhZrjQbfgr6NmphzWM7%2B4InO6rofx7DAhjqw3Tq2UgrTFOcBqJZylaKGRgW5Hd9j%2FKhGlNvZOv01piO%2FD1t0Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837416c3700a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cryptotabbrowser.com/cdn-cgi/rum?
104.26.11.230 0 B URL cryptotabbrowser.com/cdn-cgi/rum?
IP 104.26.11.230:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /cdn-cgi/rum? HTTP/1.1
Host: cryptotabbrowser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 1780
Origin: https://cryptotabbrowser.com
Connection: keep-alive
Referer: https://cryptotabbrowser.com/pb/6/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
date: Wed, 03 May 2023 11:38:07 GMT
access-control-allow-origin: https://cryptotabbrowser.com
access-control-allow-methods: POST,OPTIONS
access-control-max-age: 86400
vary: Origin
access-control-allow-credentials: true
server: cloudflare
cf-ray: 7c183744f8d90b49-OSL
x-frame-options: DENY
x-content-type-options: nosniff
X-Firefox-Spdy: h2
admediatex.net/js/asdshef.js
104.26.9.229 102 kB URL admediatex.net/js/asdshef.js
IP 104.26.9.229:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size 102 kB (101664 bytes)
Hash 7cb48c380c9af841cd1231cacfae6b0c
4bfa44a1b7f3b27b22080aa5526fc51f3b7b6619
0fe4078827d0e54185086a936a6a8df6dbd23b6fb25813eff0755345e22019e6
GET /js/asdshef.js HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://admediatex.net/ads/728x90.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:05 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
etag: W/"63693a97-16d0a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 07 Nov 2022 17:04:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 47539
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2KthScmHcm6TBXpCw6gYWaou9XnlVMY59KiTGDEpNcmaX5o3ozzWqU4tf0kxy7DpyaKcsp1e1Xr8x20ns9WsLDDPaqijXmWsE6tf7nLm0Xm1v5SnSqz1SqBQziD3BjD5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373afb9e0b4d-OSL
content-encoding: br
X-Firefox-Spdy: h2
mediacpm.pl/panel/logo.png
104.21.234.95 8.9 kB URL mediacpm.pl/panel/logo.png
IP 104.21.234.95:0
File type PNG image data, 346 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 78430378a19de3f739dee4a1a54334fe
48aa28d770c903b61db0ee222db98617f8120d59
c187fa399a92ecf069a6a590b41a3030b928d51076ecbe82df6c2b832e63d717
GET /panel/logo.png HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:07 GMT
content-type: image/png
content-length: 8917
last-modified: Thu, 11 Aug 2022 11:15:27 GMT
etag: "62f4e4cf-22d5"
cache-control: max-age=86400
cf-cache-status: HIT
age: 3276
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xo%2F9TCFpcOgp%2B%2FZaSMV5YTOeKfRewp9Zu2n4RY0T5Q4hjqX56ZGJ36IHRfrD60nBpRsvlF26h9Js9QyJNGBaVO%2BKok4I79eoOlnGTe0uYsiTCuufKFbQ5YGftKwliA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c183744fa5200a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/panel/logo-dark.png
104.21.234.95 11 kB URL mediacpm.pl/panel/logo-dark.png
IP 104.21.234.95:0
File type PNG image data, 346 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash cff99a03355eaabe593d0eb156f32bfd
53cffe413da353ffe37d6da227c3bc9ecd2652ab
73ada3130e5eb7e05247e6b7b7085672097241f7bc81b5d531663f82c9203967
GET /panel/logo-dark.png HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:07 GMT
content-type: image/png
content-length: 11250
last-modified: Thu, 11 Aug 2022 11:15:24 GMT
etag: "62f4e4cc-2bf2"
cache-control: max-age=86400
cf-cache-status: HIT
age: 1904
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=29frQ0ut4MpBlA9pRQ8NbumR8VPTQ4L8DjwVkuDetsW%2F59pttu95dYWT1L5bFE2VtpKbHNAs6Kd6aydX7P1mb%2B%2FMBGKN%2BsZ2KyTSmf0T39TmyGsxQei40AqkJrd7Ew%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837450a5500a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.cpm.media/728x90/728x90_4587878411545.gif
172.67.198.162 51 kB URL cdn.cpm.media/728x90/728x90_4587878411545.gif
IP 172.67.198.162:0
File type GIF image data, version 89a, 728 x 90\012- data
Hash fa3f86061e9393f3fa804c5ae6ed7119
4fd0a678e9036e298ce371daeaa106d938aeb380
a8f9b65f3f053e9b2a7c1a9e0fa2b47df8bbeed6b861586752004270d4a640e2
GET /728x90/728x90_4587878411545.gif HTTP/1.1
Host: cdn.cpm.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cpm.media
Connection: keep-alive
Referer: https://cdn.cpm.media/728x90/728x90.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:07 GMT
content-type: image/gif
content-length: 51119
cache-control: public, max-age=604800
expires: Sat, 06 May 2023 19:31:37 GMT
last-modified: Fri, 30 Dec 2022 10:23:56 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 317190
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n3eGiD%2F9zSEKh2CajbHaeEJ9t%2BXLtWSKOSd923AJ5%2BTqws10cGgAl3O%2BnKcrjgNlJIUXWxFgPMINUSp13ml2tmPUyg7HKRXted0kFnCqvZLiWNDYaNxDnE1Z09gPLL1w"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c183745a8a2fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml.adxfactory.com/redirect?feed=528946&auth=VUApWY
173.239.53.17 0 B URL xml.adxfactory.com/redirect?feed=528946&auth=VUApWY
IP 173.239.53.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=528946&auth=VUApWY HTTP/1.1
Host: xml.adxfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:07 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://thale-gds.com/zcvisitor/f95f2ac7-e9a6-11ed-95e0-0a0e902585a3/642f5ef0-ecd7-11e8-9250-0a15cb739170?campaignid=b9792a50-4807-11ed-8e2b-128084d1ce51
Pragma: no-cache
cpm.media/serve/valid.php?a=844&b=728x90&referr=https%3A%2F%2Firugu.cogliatu.com%2F&t=1683113886&c=younnesa&doma=0&dcat=40&h=adeacfbdbcaa
172.67.198.162 1.1 kB URL cpm.media/serve/valid.php?a=844&b=728x90&referr=https%3A%2F%2Firugu.cogliatu.com%2F&t=1683113886&c=younnesa&doma=0&dcat=40&h=adeacfbdbcaa
IP 172.67.198.162:0
File type ASCII text, with very long lines (3244)
Hash eace5b720f146d67fba112739dcd358b
9f4079ebc1f84c79f4da566a872bbe100642b866
a38d52058b19ea040e5c552005536cd918d04115157e52d6fb866157e2243822
GET /serve/valid.php?a=844&b=728x90&referr=https%3A%2F%2Firugu.cogliatu.com%2F&t=1683113886&c=younnesa&doma=0&dcat=40&h=adeacfbdbcaa HTTP/1.1
Host: cpm.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cpm.media
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FJ2kHnJy2c0QgLm0UCR6Wy3nKo6q0L57qqXU21Nle2BS9WXRHjRFizyOww7M3VeZJ8Vm5TwD23zrP1oO5X9%2Bs%2FTZuy44t3CLQnln1b6LhuxVlETpuzpeHHV2JaA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373ec9effab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/css/materialdesignicons.min.css
104.21.234.95 28 kB URL mediacpm.pl/landing/css/materialdesignicons.min.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash b324c69782fceaef0bf33484ed8a87fc
ea2537c11cca063b7b448b7ef9ae0ffa8b6a424c
ef82cbf895e0ad28573b0d1dac65b06b4b276ac946c5dd175a3471e559bc2041
GET /landing/css/materialdesignicons.min.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: text/css
last-modified: Thu, 11 Aug 2022 11:16:13 GMT
vary: Accept-Encoding
etag: W/"62f4e4fd-1e13f"
cache-control: max-age=86400
cf-cache-status: HIT
age: 149
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eeovxmQ8RMqFlulBpYlm9S706lrBsl%2FZB6FYLbgbLPuJJq944Wy2WT5X0l%2FJW8hiPMf4dEokV8JI92rKXNM9azkFp0J6hcU7neqQDs7YrxgrFlxICUGonoXu4txshg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837415c1900a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pp.mndsrv.com/v1/0f073406-80f6-4681-a81e-233fa21e0d63
199.241.100.27 0 B URL pp.mndsrv.com/v1/0f073406-80f6-4681-a81e-233fa21e0d63
IP 199.241.100.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /v1/0f073406-80f6-4681-a81e-233fa21e0d63 HTTP/1.1
Host: pp.mndsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 67
Origin: https://www.yofaurls.com
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Wed, 03 May 2023 11:38:08 GMT
Connection: keep-alive
Access-Control-Allow-Origin: *
mellowads.com/view/30AE1D77F910
104.20.50.216 27 B URL mellowads.com/view/30AE1D77F910
IP 104.20.50.216:0
File type ASCII text, with no line terminators
Hash 435b48c70aca2dc80f8b34b5fdeb2789
ffe2c8567607568f939fa1a6f9888639b98b400c
6468ac9f9bca964f3910fc967b80781c1c8634300e36f95ae49056d91a2734bf
GET /view/30AE1D77F910 HTTP/1.1
Host: mellowads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mellow.traffic2bitcoin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 503 Service Unavailable
Date: Wed, 03 May 2023 11:38:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c183746eb7db51b-OSL
ocsp.sectigo.com/
172.64.155.188 281 B IP 172.64.155.188:0
Hash 1bf64c39666d24d6174beef687af464a
9115948198aa5cdf6c1b529c4f37620bf40898d4
7715f8a962024a22003441806dbe5182c115a844e8382bb09755fcde7b044108
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:08 GMT
Content-Type: application/ocsp-response
Content-Length: 281
Connection: keep-alive
Last-Modified: Sun, 30 Apr 2023 16:43:16 GMT
Expires: Sun, 07 May 2023 16:43:15 GMT
Etag: "9115948198aa5cdf6c1b529c4f37620bf40898d4"
Cache-Control: max-age=363306,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c1837487936b505-OSL
mediacpm.pl/landing/css/owl.theme.css
104.21.234.95 17 kB URL mediacpm.pl/landing/css/owl.theme.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (1152), with no line terminators
Hash fef58e17da060ebdea76be2a369afb52
d401d72b41ef0cd2e4835170fd20df77564051d2
975aaa4ea45ff141a07f35ea8499efdbe7d25e8e070402daa493d202304d3ba0
GET /landing/css/owl.theme.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:07 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1743
etag: W/"62f4e4ff-6cf"
last-modified: Thu, 11 Aug 2022 11:16:15 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 592
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SNSpVg2CehXYmPb8t1XSeEYr9fkW4%2FTnDHXXzwhkJA8srpVYTZLrcGA8evvAqbe0jraRfxzDIxU0dNy%2BaJRnGg3bwVrFEEquurJ%2FEAU8JCJWBbz4Wh%2BRRlshPs3Ggw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183747aee500a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/js/contact.js
104.21.234.95200 OK 2.9 kB URL GET HTTP/3 mediacpm.pl/landing/js/contact.js
IP 104.21.234.95:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint87:94:78:81:9C:FA:BC:35:56:B7:0B:8D:A4:33:01:E2:C9:2D:F6:7F
ValidityTue, 07 Jun 2022 00:00:00 GMT - Tue, 06 Jun 2023 23:59:59 GMT
File type ASCII text, with very long lines (593), with no line terminators
Hash c8de4bab63f770292ad8e48034c0f48d
b9d3055d65c26469e2bf1196c0927df86985ce61
3ceabce18fcb3da4ade12986038d3254a8e10e0d702d5e67fe64ec6c81a0dc37
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/contact.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:07 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=965
etag: W/"62f4e509-3c5"
last-modified: Thu, 11 Aug 2022 11:16:25 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 5429
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=78y8%2BAuHAs3V%2BuQ8DurvK8NWVamfxuiqP%2FKeU89Ur3HQrpFsY1o7HZuRoprDCq76%2FDrbr9qg0QR8OOYw721ES1SiqcEodFUPFDMHibWWYdAzTEzjknp%2BJAAj5rrbdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183747bf1800a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/js/bootstrap.min.js
104.21.234.95 28 kB URL mediacpm.pl/landing/js/bootstrap.min.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (59729), with CRLF line terminators
Hash 54089eb0bd8a088aa8b8cf6afaa5a5d3
54ee1c33f14b306270dde3d0391da59fb2a6ad1a
afe6c63c1cd5cbd5fa89a2f3da59c970ce0be791c8b3ab89e711263e70ba7456
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/bootstrap.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:24 GMT
vary: Accept-Encoding
etag: W/"62f4e508-ea70"
cache-control: max-age=86400
cf-cache-status: HIT
age: 4517
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gs%2B7Rmo7lfhBgJq8kstskjMHfXHR3uymQJK4%2FeWhYn4GyaLea2KA6p9pjz385TuTRdl7eC%2Fum1ZDvaJC8BZgL1Qy1sTpWGMmSfFoOf4H5j0x9KXNnSLYP9WvHbBvXg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373d9d7900a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.21.234.95200 OK 10 kB URL GET HTTP/3 mediacpm.pl/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 104.21.234.95:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint87:94:78:81:9C:FA:BC:35:56:B7:0B:8D:A4:33:01:E2:C9:2D:F6:7F
ValidityTue, 07 Jun 2022 00:00:00 GMT - Tue, 06 Jun 2023 23:59:59 GMT
Hash e922147452a707b40d2b98df86f8e804
cfeefc33d61edede88f96c2cce6446d1ae3061bf
18ebff4f8cbc94e177234f1845855053d0ae05db985da1b706e4add4f71777ce
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: application/javascript
last-modified: Tue, 25 Apr 2023 11:29:10 GMT
etag: W/"6447b986-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UXcxxRTbEpDcJrb0rxPn3itomK0iQFj0z4mSVP3BWDPWKF7YwRltkFYzFbE%2Bi%2Fzx4N5ZFQ%2BEa4rgHpto4fj7MSFEIppGwZtyvhSONJn2cdpW%2BCrekdWwfe41rVQViQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18373d9d7100a7-LHR
x-frame-options: DENY
x-content-type-options: nosniff
expires: Fri, 05 May 2023 11:38:06 GMT
cache-control: max-age=172800, public
content-encoding: gzip
mediacpm.pl/landing/fonts/materialdesignicons-webfont.woff2?v=2.8.94
104.21.234.95 152 kB URL mediacpm.pl/landing/fonts/materialdesignicons-webfont.woff2?v=2.8.94
IP 104.21.234.95:0
File type Web Open Font Format (Version 2), TrueType, length 151728, version 1.0\012- data
Size 152 kB (151728 bytes)
Hash 459118748df2a5fcd7f684546cc8591b
d0b91e63e65d704a200e54001ad7240d17ac3351
ecd85a27200bb46ec4568a4bb1fb0e28a6cee361217d63f46a0c5a2b8db15018
GET /landing/fonts/materialdesignicons-webfont.woff2?v=2.8.94 HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/landing/css/materialdesignicons.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:08 GMT
content-type: font/woff2
content-length: 151728
last-modified: Thu, 11 Aug 2022 11:16:18 GMT
etag: "62f4e502-250b0"
cache-control: max-age=86400
cf-cache-status: HIT
age: 6512
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rrnuC8kv%2FT2SLYzhsR%2BY9nYxtmOh9iHaLkGV8tF84lZPYadanB2yuo4JVZSLNwkI58E12R18hWbWGb%2F9zLFZ4PcT2aakg7sH2tywE1VC8EQUA%2Fa5JAxXB%2FTAwm%2BpZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18374cffbb00a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.pki.goog/gts1c3
142.250.74.3 471 B IP 142.250.74.3:0
Hash 688d12c162ade7415f978f8eaedae65a
4516e443ce9dfe9a79a0a38187c9953e461c67f1
ebe27f8a5e8e8b6bd0b6425435bcc35646743daf090d2b38465373381a7f7b30
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 11:38:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.cryptobrowser.store/media/pb/634/f7a69306e676490684e005c1b4163999.gif
188.114.97.1 196 kB URL cdn.cryptobrowser.store/media/pb/634/f7a69306e676490684e005c1b4163999.gif
IP 188.114.97.1:0
File type GIF image data, version 89a, 300 x 250\012- data
Size 196 kB (196033 bytes)
Hash 63ea9201d795fb67bdec93c2ac0d2ec5
4f9048c79f14f7fe91e090b12a4613321219d445
dd0c1c2fd13406f7b50220149cca46a504ff9a4b76b5d638c6a58009ada59fbf
GET /media/pb/634/f7a69306e676490684e005c1b4163999.gif HTTP/1.1
Host: cdn.cryptobrowser.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cryptobrowser.store
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:08 GMT
content-type: image/gif
content-length: 196033
etag: "5dd7f05a-2fdc1"
last-modified: Fri, 22 Nov 2019 14:27:38 GMT
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: HIT
age: 3751
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ntiu1TN8jU0RLUY4zdAVbxoHLbA3H4AO8xHrvkgfE87226MhQQZOZHQlb1Lwes9omE56kjrLDLhCoRyt0BB%2FD67%2BqUqTl3CnSQtttE8UjpiNk9pzdpZp0MCqj9mtBTci2cH5vtuVDC8I5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18374d99d00afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
acceptable.a-ads.com/1699190?size=728x90
148.251.192.72 5.8 kB URL acceptable.a-ads.com/1699190?size=728x90
IP 148.251.192.72:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (6851)
Hash b5bf16c3619c7b266aa340bcba5b9695
ebeef22cd7ba7f509585820a0001414fc1a79ab0
cf7971dc50582f81abd103340ede1a550bd01a68983e0a8354dd3d2f574d69aa
GET /1699190?size=728x90 HTTP/1.1
Host: acceptable.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://file2btc.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:08 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://file2btc.com/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
mediacpm.pl/landing/css/style.css
104.21.234.95 51 kB URL mediacpm.pl/landing/css/style.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (16215), with no line terminators
Hash b602c9ed4ab95af6bd671cb4ffaccd42
b4a781a34172c38f384bd80f7f9adfd1a24068da
51f3d4060c1a17f778d4c564b15631afe63a9fe117952ecee9ecebca8720c1d1
GET /landing/css/style.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:07 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=24602
etag: W/"62f4e501-601a"
last-modified: Thu, 11 Aug 2022 11:16:17 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 4018
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0DAMhzoDtukvhK9tQlzE0EeweUN8KKy2ov5L37U09VCbDGP7uIc%2BpzNq3ldofM65WgmSlv35SPmIBQv1gen7Ugdz%2BuGrF%2BQqB8FhQJlop2%2F8Gwv9nLYS2Plkr3Tsuw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183747aef100a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/serve/valid.php?a=28957&b=300x250&referr=https%3A%2F%2Firugu.cogliatu.com%2F&t=1683113886&c=younnesa&e=2&f=1&h=ffcdfcaedfcbdcdfb
104.21.234.95 1.3 kB URL mediacpm.pl/serve/valid.php?a=28957&b=300x250&referr=https%3A%2F%2Firugu.cogliatu.com%2F&t=1683113886&c=younnesa&e=2&f=1&h=ffcdfcaedfcbdcdfb
IP 104.21.234.95:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 300d5c8e789ba666938d0cfaed8c735e
9ec18cbf0e375d52c6a12fd30755c959760fd6de
845159cd6188bd7be83ee57bd2f6cc7fa864be26f10fdac059df0fe70b55cc6b
GET /serve/valid.php?a=28957&b=300x250&referr=https%3A%2F%2Firugu.cogliatu.com%2F&t=1683113886&c=younnesa&e=2&f=1&h=ffcdfcaedfcbdcdfb HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:07 GMT
content-type: image/gif
x-powered-by: PHP/5.6.40
set-cookie: mc_300x250=1683113887; expires=Fri, 05-May-2023 11:38:07 GMT; Max-Age=172800; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qOgnl%2BNPNSWzCEdKyTO0Ao1cLcDV%2BrTIYHUUrED4KqAxhnJShgYjg0Z80NzJpSZYsqJ9jCKb4%2FHbvohTrQIbbu2n8ebhGy0vAcf1oWsAttTxjR6BYuzO7PkZPamBdA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183744fa4200a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cryptocoinsad.com/ads/show/img/icon.png
172.67.213.243 3.3 kB URL cryptocoinsad.com/ads/show/img/icon.png
IP 172.67.213.243:0
File type PNG image data, 435 x 435, 8-bit/color RGBA, non-interlaced\012- data
Hash 865296d690eff9da3a1bb21590faa79b
50fd13c32e6f6f0b5aa444c921c6241fcb41b5b3
b14ef09e5d084f7cb785998d54d37e486619c9b9527e72776a7c9d2b7e85c828
GET /ads/show/img/icon.png HTTP/1.1
Host: cryptocoinsad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cryptocoinsad.com
Connection: keep-alive
Referer: https://cryptocoinsad.com/ads/show.php?a=252986&b=393634
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: image/png
content-length: 3309
last-modified: Sat, 29 Jan 2022 11:54:52 GMT
etag: "61f52b0c-ced"
cache-control: max-age=10800
cf-cache-status: HIT
age: 6685
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=owUpFXrBPcDGWRR%2FgGmO5pdhW3cfrrnObLQvPXTnlE2myl9esGqjfGSYeBGzHMdIzsNsS5FpO5p%2B5Oa6M6GyAEMU4kRimkrLNjE63VvrHZKwqTXu%2FwARt9%2B2y8IOzkDtWC1Fsg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18374ed9d90b65-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
tr.cryptobrowser.site/api/v2/an/bn/
185.173.160.143 0 B URL tr.cryptobrowser.site/api/v2/an/bn/
IP 185.173.160.143:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/an/bn/ HTTP/1.1
Host: tr.cryptobrowser.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=UTF-8
Content-Length: 88
Origin: https://get.cryptobrowser.site
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:09 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://get.cryptobrowser.site
vary: Origin, Accept-Encoding
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227 471 B URL ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 87e0209236be6c942fd764eeeabeb217
667051af462203bd4f9883594fc5f6a5d598d27c
fa30cc70ee36130f97f81e3c9a8fb90b400e6e3b25ddb069c29966f814285166
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=100186
Date: Wed, 03 May 2023 11:38:09 GMT
Etag: "645122de-1d7"
Expires: Thu, 04 May 2023 15:27:55 GMT
Last-Modified: Tue, 02 May 2023 14:49:02 GMT
Server: ECAcc (nya/7975)
X-Cache: Miss from cloudfront
Via: 1.1 4c07121ca6e32bcda85cc9091b92050e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: Hg-45x1HUBYbGB1dsF-4KzlqeiaiUc1iqdrbJWPsbBn1JEdSN7rU2g==
Age: 2333
adhitzads.com/1037129
188.114.96.1 995 B IP 188.114.96.1:0
File type ASCII text, with very long lines (603)
Hash 06fcb943f9fb72978463cc21acec74ea
60a4d6ec6001702f5121b8f0e77d9da6601e8ce7
07e57307b271e76ab34e32705be8815b2ef5c12d00d94a5bebdbc5c7f5f36cd4
GET /1037129 HTTP/1.1
Host: adhitzads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: adhitzads.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=78wD5y7dGcUMo2vC5%2F5UJ%2FW6sMmwjPM81%2FnabE1ZflgPmJE7vCU211OxnQ1GzxemxqDkKaEmN7n0wCQ9YRpJ5FUdx7kypYkFRoxSUU%2BxB7E1BBMldcAA6VGSdYCt0JDs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18374e280fb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
s10.histats.com/js15_as.js
46.105.201.240 4.4 kB URL s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww0.eurosptp.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:35:49 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 531138408
content-type: text/javascript
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
thale-gds.com/zcvisitor/f95f2ac7-e9a6-11ed-95e0-0a0e902585a3/642f5ef0-ecd7-11e8-9250-0a15cb739170?campaignid=b9792a50-4807-11ed-8e2b-128084d1ce51
34.238.227.119 0 B URL thale-gds.com/zcvisitor/f95f2ac7-e9a6-11ed-95e0-0a0e902585a3/642f5ef0-ecd7-11e8-9250-0a15cb739170?campaignid=b9792a50-4807-11ed-8e2b-128084d1ce51
IP 34.238.227.119:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zcvisitor/f95f2ac7-e9a6-11ed-95e0-0a0e902585a3/642f5ef0-ecd7-11e8-9250-0a15cb739170?campaignid=b9792a50-4807-11ed-8e2b-128084d1ce51 HTTP/1.1
Host: thale-gds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.yofaurls.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 03 May 2023 11:38:09 GMT
content-length: 0
location: https://shopde.pricedeals.shop/go.php?market=no&zrf95f2ac7e9a611ed95e00a0e902585a3c2184870337e46c78bb45d7acdade8a2073067916ac0097ac4
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
server: hiDURwhR
X-Firefox-Spdy: h2
tr.cryptobrowser.site/api/v2/an/bn/
185.173.160.143 0 B URL tr.cryptobrowser.site/api/v2/an/bn/
IP 185.173.160.143:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/an/bn/ HTTP/1.1
Host: tr.cryptobrowser.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=UTF-8
Content-Length: 83
Origin: https://get.cryptobrowser.site
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:09 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://get.cryptobrowser.site
vary: Origin, Accept-Encoding
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cdn.cryptobrowser.store/media/pb/632/c6b9be68834f4e3386e3ca5710d3868e.gif
188.114.97.1 336 kB URL cdn.cryptobrowser.store/media/pb/632/c6b9be68834f4e3386e3ca5710d3868e.gif
IP 188.114.97.1:0
File type GIF image data, version 89a, 728 x 90\012- data
Size 336 kB (335927 bytes)
Hash fc98832ed05da499d50af5e92dbfde1d
4c024d7efc17c697f7507711fcc3771ecdafdc46
0f5a2990a518aad988209b2b6bf4ead7e402f7e8d9436ed2139e5584a42c8316
GET /media/pb/632/c6b9be68834f4e3386e3ca5710d3868e.gif HTTP/1.1
Host: cdn.cryptobrowser.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cryptobrowser.store
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: image/gif
content-length: 335927
etag: "5dd7f05a-52037"
last-modified: Fri, 22 Nov 2019 14:27:38 GMT
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: HIT
age: 5979
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BRYg0jAHGXa8%2FlpFAVAyqHqMIQioTFYLjoyXh90kxyisNMJxcDMd6N6b5Cf5j%2FZn%2B4H89QgGDA1VQZBfnD9o9v4Yt%2Bqq2xFAUTffSp9ZV%2FTbJXrZfLkfX4wupIF%2F3pxDOtYOo1B7%2FgMU9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837524de40afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ww1.good-trading.com/images/logo.png
104.21.77.114 7.8 kB URL ww1.good-trading.com/images/logo.png
IP 104.21.77.114:0
File type PNG image data, 228 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash 9c908bdd523d99b87f5c78a0f967558b
fc5553e0bdfaefcbf074920f27f2021fcc660eab
9ed55d1c02a973f42b56ee7bea32394cdf62984179b4e2b7b86ab2fdfe9e669f
GET /images/logo.png HTTP/1.1
Host: ww1.good-trading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww1.good-trading.com/
Alt-Used: ww1.good-trading.com
Connection: keep-alive
Cookie: goodtrading=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: image/png
content-length: 7752
last-modified: Fri, 25 Jun 2021 05:57:26 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:51:34 GMT
cf-cache-status: HIT
age: 95
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GG%2F4b4wZL1BKYQYinmeSaLxjJ6LsHahDB6C92E2ASrgfv6sjk%2FuikPB1GWUb%2BwUrxNetWyIIpbOQX%2F%2FW6zKxT4Qtsy3AVeAryME9gz9SBmn4nvEzrAOM9sBanAq0uk6kV8St%2FtIZwg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837527846b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ww0.eurosptp.com/advert.php?cval=5093431
213.186.33.19 196 kB URL ww0.eurosptp.com/advert.php?cval=5093431
IP 213.186.33.19:0
Size 196 kB (196058 bytes)
Hash 0ac22af0d56a0205764d2f99354e3447
037d0186131f6863f5df10105f9b7d57c729addc
75edc6388b02344058455e6ccd94f61b7551eff4f9b2769dc5e5b080ef2cb9a1
GET /advert.php?cval=5093431 HTTP/1.1
Host: ww0.eurosptp.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww0.eurosptp.com/
Connection: keep-alive
Cookie: visbl=1; visite24=1; PROMOTION=f6e6b7cee674ae4c3916adf13bd6381e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: text/html; charset=iso-8859-1
server: Apache
x-powered-by: PHP/5.4
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
last-modified: Wed, 03 May 2023 11:38:09 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
tr.cryptobrowser.site/api/v2/an/bn/
185.173.160.143 0 B URL tr.cryptobrowser.site/api/v2/an/bn/
IP 185.173.160.143:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/an/bn/ HTTP/1.1
Host: tr.cryptobrowser.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=UTF-8
Content-Length: 83
Origin: https://get.cryptobrowser.site
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:09 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://get.cryptobrowser.site
vary: Origin, Accept-Encoding
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mediacpm.pl/landing/js/isotope.js
104.21.234.95 131 kB URL mediacpm.pl/landing/js/isotope.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (35525)
Size 131 kB (131141 bytes)
Hash 9d63ea505254008ef82e5c08fc77b445
2390ff310fb65f103861b1a5caf1fda0135b1fe1
f2d01da73b141f0e5f76b21a55f8337b33e519f430745dd1ba83af6e72a4f5f5
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/isotope.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=35631
etag: W/"62f4e50b-8b2f"
last-modified: Thu, 11 Aug 2022 11:16:27 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 4735
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mq%2FFy%2B%2FqzYiYhJsdz6wQdGJtz8IRnJO3wZrBFTc1Ev%2FcCYtxzU7Jc5hfVPFdtoXk%2B3jAFzrl4JMhy%2F8XBkW5EhR4WIs3KsCFWtPJur9ByFlYbs66hj%2BifpCHF9SKSA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18374e5a5600a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/panel/logo.png
104.21.234.95 8.9 kB URL mediacpm.pl/panel/logo.png
IP 104.21.234.95:0
File type PNG image data, 346 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 78430378a19de3f739dee4a1a54334fe
48aa28d770c903b61db0ee222db98617f8120d59
c187fa399a92ecf069a6a590b41a3030b928d51076ecbe82df6c2b832e63d717
GET /panel/logo.png HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: image/png
content-length: 8917
last-modified: Thu, 11 Aug 2022 11:15:27 GMT
etag: "62f4e4cf-22d5"
cache-control: max-age=86400
cf-cache-status: HIT
age: 3278
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KbZNlmcp3qgI7Y8kiW01sSJyD4CgYe5el0eQeZClnQSntvk1s0wPVkLctKwx3zDB6flCqLcngEs14T1aw33vsrAsym8IvytfAjH4svkfigKJ1ucV8uib3oiaZ0IiLg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837533a3700a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/panel/logo-dark.png
104.21.234.95 11 kB URL mediacpm.pl/panel/logo-dark.png
IP 104.21.234.95:0
File type PNG image data, 346 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash cff99a03355eaabe593d0eb156f32bfd
53cffe413da353ffe37d6da227c3bc9ecd2652ab
73ada3130e5eb7e05247e6b7b7085672097241f7bc81b5d531663f82c9203967
GET /panel/logo-dark.png HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: image/png
content-length: 11250
last-modified: Thu, 11 Aug 2022 11:15:24 GMT
etag: "62f4e4cc-2bf2"
cache-control: max-age=86400
cf-cache-status: HIT
age: 1906
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CZCCycSGGSJtCaoPKLinsPX4QNfWJckmZ%2BoCx%2FUuPRWVNEtx2d8t%2BKTkaTzWk9NiyeF%2Fu7zIzSFL0tuJLG0VXqJVtFI5ME3vOzMu9B7WWzz4%2BWyyzJblm7jdUqCGtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837533a3900a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
get.cryptobrowser.site/pb/4/16224264/634/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
104.26.6.17 368 kB URL get.cryptobrowser.site/pb/4/16224264/634/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
IP 104.26.6.17:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size 368 kB (367778 bytes)
Hash 681d2db24fc470af1d5da025f838111c
8e3ea0ad91ca21335368479757bda0a5b2881bd1
ba6f793f3489f5e45323fc7e521e4a0550d2cdcc2852837cf88a20f07dafc616
GET /pb/4/16224264/634/?t=simple%2Ctext%2Cpro%2Cmobile&l=en HTTP/1.1
Host: get.cryptobrowser.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://mediacpm.pl/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:08 GMT
content-type: text/html; charset=utf-8
content-language: en
vary: Accept-Language, Cookie, Accept-Encoding
strict-transport-security: max-age=15768000
cache-control: max-age=3600
cf-cache-status: HIT
age: 2971
last-modified: Wed, 03 May 2023 10:48:37 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mOutJ5VCqdFuAN5EirNc7zDjPNtJmpyCOkNLcw6B3OGv7SUxoi%2B9c0j2sbijdbTMZSz2pJrCEQM7oJPV6QPpzWITbsC2yH%2FQddpSl3WY%2BDhe2%2BwmagiU4AgjbzBP1sgu9XROXoTD15w%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18374d5a0cb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
ss.mndsrv.com/static/0f073406-80f6-4681-a81e-233fa21e0d63.js
199.241.100.27 60 kB URL ss.mndsrv.com/static/0f073406-80f6-4681-a81e-233fa21e0d63.js
IP 199.241.100.27:0
File type ASCII text, with very long lines (60329)
Hash 8d82527000e3c4e49127d1eb77034363
53b6cffdcc73a21ad051998278a1c40614ebc661
188efb3210377ba8f48b43637e08a2f703a0dc95fca0aed4c5b6f4f3dd324151
GET /static/0f073406-80f6-4681-a81e-233fa21e0d63.js HTTP/1.1
Host: ss.mndsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 03 May 2023 11:38:09 GMT
Content-Type: application/javascript
Content-Length: 60330
Last-Modified: Tue, 25 Apr 2023 14:57:01 GMT
Connection: keep-alive
ETag: "6447ea3d-ebaa"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
xml.adxfactory.com/redirect?feed=528946&auth=VUApWY
173.239.53.17 0 B URL xml.adxfactory.com/redirect?feed=528946&auth=VUApWY
IP 173.239.53.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=528946&auth=VUApWY HTTP/1.1
Host: xml.adxfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:09 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.adxfactory.com/redirect?feed=528948&auth=lxe5mN
173.239.53.17 0 B URL xml.adxfactory.com/redirect?feed=528948&auth=lxe5mN
IP 173.239.53.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=528948&auth=lxe5mN HTTP/1.1
Host: xml.adxfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:09 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: http://p.jwalf.com/ad/ad?p=198473&w=646286&d=229dd153ac5b5e5561f0-1643366430646286&s=502097.528948
Pragma: no-cache
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
142.250.74.130 47 kB URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (3605)
Hash 90a9ea72fdd4f0fadf065de4af0b7456
b7b6f94a3922c8179cb35b76e36f04fda8bca08b
64ce915cf670c7af6502ec5322aa6666fe2166ed6f7f94778c414980ab806308
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 03 May 2023 11:38:10 GMT
expires: Wed, 03 May 2023 11:38:10 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 7934550232708788245
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 47068
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/notosans/v28/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
216.58.207.227 14 kB URL fonts.gstatic.com/s/notosans/v28/o-0IIpQlx3QUlC5A4PNr5TRA.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 14256, version 1.0\012- data
Hash 0f7d9a10be7f1a2f1a2add4dded5dae5
03184a1d29b1199670b159f72db9f134def99cb7
5fc4c95920416b0ef0b5aee93a90984989183a6d29f712e725a3383309806a54
GET /s/notosans/v28/o-0IIpQlx3QUlC5A4PNr5TRA.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mediacpm.pl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 14256
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 27 Apr 2023 14:25:42 GMT
expires: Fri, 26 Apr 2024 14:25:42 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 27 Apr 2023 00:19:00 GMT
content-type: font/woff2
age: 508349
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2
216.58.207.227200 OK 34 kB URL GET HTTP/2 fonts.gstatic.com/s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2
IP 216.58.207.227:443
File type Web Open Font Format (Version 2), TrueType, length 33868, version 1.0\012- data
Hash a55fefd02b25a2cb141efe2d17776d60
ba132269410be55bbd81032011d5904ceb33bc64
e5b4655e2fac9e5887dfc63e54a5ea312f8779ad2a4316765a690c5177ef1acc
GET /s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mediacpm.pl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33868
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 29 Apr 2023 07:44:30 GMT
expires: Sun, 28 Apr 2024 07:44:30 GMT
cache-control: public, max-age=31536000
age: 359621
last-modified: Wed, 08 Mar 2023 21:37:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2
216.58.207.227200 OK 34 kB URL GET HTTP/2 fonts.gstatic.com/s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2
IP 216.58.207.227:443
File type Web Open Font Format (Version 2), TrueType, length 33868, version 1.0\012- data
Hash a55fefd02b25a2cb141efe2d17776d60
ba132269410be55bbd81032011d5904ceb33bc64
e5b4655e2fac9e5887dfc63e54a5ea312f8779ad2a4316765a690c5177ef1acc
GET /s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mediacpm.pl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33868
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 29 Apr 2023 07:44:30 GMT
expires: Sun, 28 Apr 2024 07:44:30 GMT
cache-control: public, max-age=31536000
age: 359621
last-modified: Wed, 08 Mar 2023 21:37:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
mediacpm.pl/landing/images/home-bg3.jpg
104.21.234.95 1.4 MB URL mediacpm.pl/landing/images/home-bg3.jpg
IP 104.21.234.95:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 4608x3456, components 3\012- data
Size 1.4 MB (1437696 bytes)
Hash 2f8605e7a26bb79798b2e16aab8d4de1
7b938edbffec24b5e4bd8ca7f1f3f5cfd96e0cc1
9bc69612734b77eca08e9b6e3956c2fd0fe06e63a02b737265b28a389abef275
GET /landing/images/home-bg3.jpg HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/landing/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:11 GMT
content-type: image/jpeg
content-length: 1437696
last-modified: Thu, 11 Aug 2022 11:16:24 GMT
etag: "62f4e508-15f000"
cache-control: max-age=86400
cf-cache-status: HIT
age: 5473
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OuoJt6Uxe0HU6XuD5Ox%2ByO9fRMxWGxYaSM84dNUISqy9IRjDOqcKbnAkvUbEr3dm%2ByjjCcdXlsJUvXiI0VUrxki%2BsDUP9WvXvHuj1xDRsfW%2FVBlOdUEoAVboDMqNkw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18375bd92c00a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/js/jquery.magnific-popup.min.js
104.21.234.95 7.8 kB URL mediacpm.pl/landing/js/jquery.magnific-popup.min.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (20818), with CRLF line terminators
Hash 07e63736f3f982eb3fc4d8209a504134
d112b1914b316e19a61a17f02d47229c6c181a8e
5c2389d67c56766353c88ec240bd2f99112f409e1e7781f6d65f3e56f7648ac1
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/jquery.magnific-popup.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:07 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:30 GMT
vary: Accept-Encoding
etag: W/"62f4e50e-51d6"
cache-control: max-age=86400
cf-cache-status: HIT
age: 1904
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G39lJVYF5H7n2gQX1Q2E81VFEbnlmvZO%2FXeuS23DF2HV3ZYgc9Mh%2B04OTOZMQBXHrmcaiaRk9LxPy7CsGAFBR2Xsf8H9O%2F1nFqm3IkFgylcEkmCCqrYgErw7IM0kQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183747bf1b00a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
adhitzads.com/1037129
188.114.96.1 590 B IP 188.114.96.1:0
File type ASCII text, with very long lines (603)
Hash c9ca7aa5795ab970beaf9edac1b03ba0
7d91a531f170450116e824fd3498b9aa162c0e5b
88099d5acb56c97da8351a7b71b89fa07642f224f1e16b6ed4c143a84ddd6ae9
GET /1037129 HTTP/1.1
Host: adhitzads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: adhitzads.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:10 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oWfzmD6UQam%2FcMFBZFtPCcTjGS5Bizgg3x7KWLsx0qrFxfcdn9yPQH1bXbt3w6SC8xNycTL04WpHUgsy5xpD6YfOS8eVU7oVPoLLAmF7doFKoApqiASaQJsUDYEhRvxg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183755ba49b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
api.adhitz.com/adjs.php?zoneid=27592&block=1&c=1&l=https%3A//mediacpm.pl/&r=https%3A//www.yofaurls.com/&s=&p=3812148540&cb=43571775747&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//www.yofaurls.com/
172.67.166.40 924 B URL api.adhitz.com/adjs.php?zoneid=27592&block=1&c=1&l=https%3A//mediacpm.pl/&r=https%3A//www.yofaurls.com/&s=&p=3812148540&cb=43571775747&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//www.yofaurls.com/
IP 172.67.166.40:0
Hash c525167e5d56761fd1f3789211e64069
afb6a03172981c413811a6f088021276bd282e44
dc8c9fb10fcced67696a69dc89ad7040e87d48e62205df5388e4740ecdd76a94
GET /adjs.php?zoneid=27592&block=1&c=1&l=https%3A//mediacpm.pl/&r=https%3A//www.yofaurls.com/&s=&p=3812148540&cb=43571775747&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//www.yofaurls.com/ HTTP/1.1
Host: api.adhitz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: api.adhitz.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: text/html; charset=UTF-8
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ajN%2F8P9TA%2BFChAp29iWjt%2FhEqJvKs%2BV13%2FYWgh%2Bu38%2BRfFbQBTjtrchwQS9RCexgniMZkVOxZNfSxQn7msvPB1RRuF%2FRVEeyTjxgF69aaTq%2F1zT86bYtmgEewA68xpVg9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18374edc9a0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.addlnk.com/redirect.css
104.21.74.141 49 kB URL cdn.addlnk.com/redirect.css
IP 104.21.74.141:0
File type ASCII text, with very long lines (1242), with no line terminators
Hash e6400ab0f3420433bff8a4529f86cbb3
f53e6a2f6568bb3da763d1d0e0020e2afad46357
80ac93e9a8e97b394e778163080cae93a8f316b424176de1c3d9e0cef4848d6d
GET /redirect.css HTTP/1.1
Host: cdn.addlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://irugu.cogliatu.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:02 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1680
etag: W/"3ae56d32551602b41f9046c14d1cfde2"
last-modified: Wed, 13 Mar 2019 00:03:12 GMT
x-amz-id-2: hoKGF2DENF0Fxpfk9aX2Txj0orTMbszygnDmGFSC4SoL/4C3WQsM9k4Y5ZmrshXNgXN64qzAUMY=
x-amz-request-id: 9NDC432NBG524RW1
cf-cache-status: HIT
age: 2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BwwcF8mqenltXI2Aak7u5236DooSgktFyZOS37J2KIDMNumnUK0d6aW6obA5evMtPy03xDQNrZKyYOCU901rfFgyplDCl1RVB3%2F6%2BUeKUCfJTRJpSso2gseTuG%2FUtjPNeA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c183724cb7db4fd-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl
142.250.74.130 122 kB URL pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl
IP 142.250.74.130:0
File type ASCII text, with very long lines (4452)
Size 122 kB (122082 bytes)
Hash ed4f5d4000d5d9fb63f279ca8ef4dc5a
25a83d8d3a40c89add9076ff4114a6c5a8785cf9
45966697fb4d73c8948d7bceaa7af81fc4d12550dec03e7c6de4be0d9e59fc69
GET /pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 03 May 2023 11:38:12 GMT
expires: Wed, 03 May 2023 11:38:12 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 4491545733187331926
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 122082
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
shopde.pricedeals.shop/go.php?market=no&zrf95f2ac7e9a611ed95e00a0e902585a3c2184870337e46c78bb45d7acdade8a2073067916ac0097ac4
135.181.6.240 563 B URL shopde.pricedeals.shop/go.php?market=no&zrf95f2ac7e9a611ed95e00a0e902585a3c2184870337e46c78bb45d7acdade8a2073067916ac0097ac4
IP 135.181.6.240:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (441)
Hash 4380d29fe44ec1e05113e69c126e6a3f
ba4244a68622078e94c061ffdad9a5b98460db64
78ab7aaec8ffd835803571537ebd9b8d6dfe4c45679e49cc64328f96cdf216ac
GET /go.php?market=no&zrf95f2ac7e9a611ed95e00a0e902585a3c2184870337e46c78bb45d7acdade8a2073067916ac0097ac4 HTTP/1.1
Host: shopde.pricedeals.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.yofaurls.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:12 GMT
Server: Apache/2.4.56 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 563
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
142.250.74.130 47 kB URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (3605)
Hash e490235b6c9ef3b5577b1c391ddb878a
b48bba112e30b984ddf70a479b5d3e33636d87f0
eb8efa0b3d4590db35515c7e9d78b52f5aa2e999f1bee6a5fea6c77a184855c8
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 03 May 2023 11:38:12 GMT
expires: Wed, 03 May 2023 11:38:12 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 16203461067932506581
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 47064
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ww1.good-trading.com/assets/css/images/bg01.png
104.21.77.114 3.5 kB URL ww1.good-trading.com/assets/css/images/bg01.png
IP 104.21.77.114:0
File type PNG image data, 128 x 128, 2-bit colormap, non-interlaced\012- data
Hash a622aae59a4078c30afdd4730cc6e9e7
52307ece5c66507f43e0476873062f8237f98234
d5bd22cb3c4050e97252bc32883b1a8fa2fb3ef5de82a38a3004e99df8fdaa2d
GET /assets/css/images/bg01.png HTTP/1.1
Host: ww1.good-trading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: ww1.good-trading.com
Connection: keep-alive
Referer: https://ww1.good-trading.com/assets/css/main.css
Cookie: goodtrading=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:12 GMT
content-type: image/png
content-length: 3535
last-modified: Fri, 25 Jun 2021 05:57:19 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:51:35 GMT
cf-cache-status: HIT
age: 97
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KYuvRxfhhnJfQlc0e5qXkkT8tn0RvKDGeWa%2BFMEAKu%2BLij97DycwOAKTXJI2FHQvJwkfpz5DqNfCvSw9NTDAQtOcrG4e88udrPIKum%2B4MII%2BTYqvldKudrtCjGUK7MEHrD9ZohWI%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837635fb9b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/js/jquery.easing.min.js
104.21.234.95 50 kB URL mediacpm.pl/landing/js/jquery.easing.min.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (2532), with no line terminators
Hash 485374c267c1658799d4c8f3a1aa0bf6
f82f13598667fc2c026285bd34c4349b6d7f907d
8602b5344538f74e646110de9c44c0932b2f94a3d6e214469ba969e7a0c90826
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/jquery.easing.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:07 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:29 GMT
vary: Accept-Encoding
etag: W/"62f4e50d-9e4"
cache-control: max-age=86400
cf-cache-status: HIT
age: 4733
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FO%2B9aCtwNtXn%2Fj30KrwmeyPnsYQB1TbwgNDtGPGPl1mLpoUk30rnaimpVimaRuvMgqPzQGXU%2BDQUjW67z8r53KvR8AErgd3IZKAUCPVjAVRu4b%2Bqa7qUm6fTXQ85wQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183747af0400a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml.adxfactory.com/redirect?feed=470044&auth=01aQpq&subid=adxa&query=adxa&url=adxfactory.com
173.239.53.17 0 B URL xml.adxfactory.com/redirect?feed=470044&auth=01aQpq&subid=adxa&query=adxa&url=adxfactory.com
IP 173.239.53.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=470044&auth=01aQpq&subid=adxa&query=adxa&url=adxfactory.com HTTP/1.1
Host: xml.adxfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:12 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl
142.250.74.130 122 kB URL pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl
IP 142.250.74.130:0
File type ASCII text, with very long lines (4452)
Size 122 kB (122071 bytes)
Hash ab9e5e52655b75e24f19cb6441ad17e0
f5061d71cebfdd9f7f3e06f0130ec0080e840197
31e44fea1cfa2e01d67866925738b664968b36723d6f88dedf1065eea276cc55
GET /pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 03 May 2023 11:38:12 GMT
expires: Wed, 03 May 2023 11:38:12 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 18011474606129197790
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 122071
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
news24.media/ressources/img/australia.png
172.67.213.79 6.7 kB URL news24.media/ressources/img/australia.png
IP 172.67.213.79:0
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash 8c52db34739491046cbf513122cb77fd
68214564f393223a70b70d4e1abccd752f1d627a
7b6166c1be3c420bb7016de6582416bee83fa4c8b29a4f6a97b1399a9b8f8ef8
GET /ressources/img/australia.png HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Alt-Used: news24.media
Connection: keep-alive
Cookie: __r=1.529cbbdf98e5848fe8883e1b80b99b4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:12 GMT
content-type: image/png
content-length: 6725
last-modified: Sat, 28 Aug 2021 22:22:03 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:45:34 GMT
cf-cache-status: HIT
age: 458
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jkHxKSImf%2Ffdm9sw9TkFFoQmjE5ZyBITfF1w4HWxgsgM8vi%2FLjxv8IersMFFoOw%2BUNHFKIJILFZfCFuy4obI5j33rfloXTtTGjUaKNTFlyj5QEt0tNEj5wapbqaj1s0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837666e40b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
news24.media/ressources/img/united_states.png
172.67.213.79 8.8 kB URL news24.media/ressources/img/united_states.png
IP 172.67.213.79:0
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash d7be2083b0822d5c046fc4b8568d1131
6d81cba00546836b083e0ab83e5ea494baecff10
5c733dd3d6aba174e0722e735916dbbc34d0dbbf26b8f471b6fb2949c90acb36
GET /ressources/img/united_states.png HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Alt-Used: news24.media
Connection: keep-alive
Cookie: __r=1.529cbbdf98e5848fe8883e1b80b99b4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:12 GMT
content-type: image/png
content-length: 8769
last-modified: Sat, 28 Aug 2021 22:22:04 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:43:45 GMT
cf-cache-status: HIT
age: 567
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PvY5CSLG6ugw2gbqZBoSzVJXqd6mTORPmWQ3Hxg6xNo8C%2BRWO9SFiqQQIDosQX6asa2dwdOxiOKqqSJQ2bHlQ%2BfjLJchiZfG5VLLh%2BD111W8HSP7Vco0ls0SLfpzB0Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837666e41b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
get.cryptobrowser.site/pb/6/16224264/632/?t=simple,text,pro,mobile
104.26.6.17 7.8 kB URL get.cryptobrowser.site/pb/6/16224264/632/?t=simple,text,pro,mobile
IP 104.26.6.17:0
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash 8896fbe5e15614860f1d0708927703f5
5e8bf1fcaeac0bcca65d31487602bd9ba5cfde92
3f186a6aeaf86993e8e80bfafd8ee3021035b7fe669b7eac587326cca75a18f4
GET /pb/6/16224264/632/?t=simple,text,pro,mobile HTTP/1.1
Host: get.cryptobrowser.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Wed, 03 May 2023 11:38:11 GMT
content-type: text/html; charset=utf-8
location: ?t=simple%2Ctext%2Cpro%2Cmobile&l=en
cache-control: max-age=3600, s-maxage=0
content-language: en
vary: Accept-Language, Cookie, Accept-Encoding
strict-transport-security: max-age=15768000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ar2VYEI8tvTaV4fJFi2NGtRekr6WwTFNh4MsbTud9jdoLoUUZFpReat9sXJLhWnAeOggSt9tzDkUeA45WqYX4muP8pwVcl4ihhlHwPt39LgNuNzN%2Belo5A%2FtxH5EQY6UALKRw1y9cXk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18375d58bcb4f3-OSL
X-Firefox-Spdy: h2
news24.media/ressources/img/france.png
172.67.213.79 4.5 kB URL news24.media/ressources/img/france.png
IP 172.67.213.79:0
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash 314c36d7220b163b0670df31484929ef
040f7b278b8b8c6c43ce3f47b75440bac5783841
4c4c4c027acddc232583e36e6a803ba9b9d4bb13ebfc361d908fe7d7e235045b
GET /ressources/img/france.png HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Alt-Used: news24.media
Connection: keep-alive
Cookie: __r=1.529cbbdf98e5848fe8883e1b80b99b4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:12 GMT
content-type: image/png
content-length: 4450
last-modified: Sat, 28 Aug 2021 22:22:03 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:43:45 GMT
cf-cache-status: HIT
age: 567
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y7ChoExYZ4pS2zILfZ%2BfTuio1SpfkEXdViCI0vk3v4d7YWhlQVLxkw4YQ9J2Rnb0vnxKNQfO%2BA1mW73UaJB7msHSbGvm6%2Fa7GbU5dVAaaGB%2BtYFEtRonphCxxJk5CkU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837666e3db4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
news24.media/ressources/img/germany.png
172.67.213.79 3.2 kB URL news24.media/ressources/img/germany.png
IP 172.67.213.79:0
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash f1e39baf9515b06aa284e32fc5f0daed
43b8ddf0006a77f5f8872538f367c2e5ccfb3f81
680305d537ce0979b34786aa4c4b51737f8219d656bfef3df90b4284ecc5e1ae
GET /ressources/img/germany.png HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Alt-Used: news24.media
Connection: keep-alive
Cookie: __r=1.529cbbdf98e5848fe8883e1b80b99b4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:12 GMT
content-type: image/png
content-length: 3161
last-modified: Sat, 28 Aug 2021 22:22:03 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:45:34 GMT
cf-cache-status: HIT
age: 458
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CCXpQV9%2F%2BMrSXghEiEfUsntc6jfoVzrZF7nPBENTlp5sgyPKO1E%2BIFsfyhvHQvHoT%2F%2FhozuvHSSF6Nx7K9AGIISx5jPLKJs8%2Ba7Uhvqb%2B7QsZnt9EHwxltxplEcFk3s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837666e46b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
news24.media/ressources/img/italy.png
172.67.213.79 4.6 kB URL news24.media/ressources/img/italy.png
IP 172.67.213.79:0
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash fac5965697d7019a99e13c1b8c040991
c785480d3cfa56793dc352811a8ff2c3f71945cd
84eafd9ce88bec5f163103eb2bea0448caa805c212f8f7018a9746b665147f6a
GET /ressources/img/italy.png HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Alt-Used: news24.media
Connection: keep-alive
Cookie: __r=1.529cbbdf98e5848fe8883e1b80b99b4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:12 GMT
content-type: image/png
content-length: 4556
last-modified: Sat, 28 Aug 2021 22:22:03 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:45:34 GMT
cf-cache-status: HIT
age: 458
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ekB6ipU8hChc91G2y5Bgsp5SKXlvAzd8SPGmZlPCuT0Sx7%2B%2FTl%2FDtG8XHvU2aG%2Fnq1BLOYxHUUWDUKHEqszv7KkJqYIy4mCz4VlurXATg8AI53CHDkNCjqkJG6eyItE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837666e42b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
news24.media/ressources/img/spain.png
172.67.213.79 7.4 kB URL news24.media/ressources/img/spain.png
IP 172.67.213.79:0
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash 72ea937d0b128810cf9c4002de2d774f
d418bd34278034921bf461475058e414fa933850
99f65a451d25c952257bdc379d70301b4b5427a30f2de7214a23b4b54902cd2e
GET /ressources/img/spain.png HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Alt-Used: news24.media
Connection: keep-alive
Cookie: __r=1.529cbbdf98e5848fe8883e1b80b99b4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:12 GMT
content-type: image/png
content-length: 7392
last-modified: Sat, 28 Aug 2021 22:22:03 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:48:20 GMT
cf-cache-status: HIT
age: 292
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PBu8S5B3Q73Y4p3VUehexA%2BS52V4%2BHkemaiN67nOQBGjQaMG%2Fy1oUr%2FTH%2BDNwDDKSzSXqslvNKNHumpd0izeY1I9ZW1Bu3jcT1icfUR7g02pdetmr8iU2UhgDBjTubE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837666e44b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
s10.histats.com/js15_as.js
46.105.201.240 4.4 kB URL s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww1.good-trading.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:35:49 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 531138408
content-type: text/javascript
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?idzone=3981938
95.211.229.245 2.6 kB URL syndication.realsrv.com/splash.php?idzone=3981938
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1558)
Hash 4e1abcc42ffa448395d481299d682349
f0a98f3618475eca13ed59d17fa45100b415b1ba
b52db8cccf97cd4232d59bb1db5a089c0c40c6a79d5a2d8a2a484bc57ff03563
GET /splash.php?idzone=3981938 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww1.good-trading.com/
Origin: https://ww1.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:12 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22645247a4dd66b6.52373935125392002%22%3B%7D; expires=Fri, 02 May 2025 11:38:12 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C3981938%7C81873074%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cww1.good-trading.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 04 May 2023 11:38:12 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://ww1.good-trading.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227 48 kB URL fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 48412, version 1.0\012- data
Hash 31a8297826cdcea344698ff952694a7f
4fa1ee4c471d1c05e9141855eec5ee09b898d594
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ww1.good-trading.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 02 May 2023 17:29:43 GMT
expires: Wed, 01 May 2024 17:29:43 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:08:53 GMT
content-type: font/woff2
age: 65309
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ss.mndsrv.com/static/0f073406-80f6-4681-a81e-233fa21e0d63.js
199.241.100.27 60 kB URL ss.mndsrv.com/static/0f073406-80f6-4681-a81e-233fa21e0d63.js
IP 199.241.100.27:0
File type ASCII text, with very long lines (60329)
Hash 8d82527000e3c4e49127d1eb77034363
53b6cffdcc73a21ad051998278a1c40614ebc661
188efb3210377ba8f48b43637e08a2f703a0dc95fca0aed4c5b6f4f3dd324151
GET /static/0f073406-80f6-4681-a81e-233fa21e0d63.js HTTP/1.1
Host: ss.mndsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Wed, 03 May 2023 11:38:12 GMT
Content-Type: application/javascript
Content-Length: 60330
Last-Modified: Tue, 25 Apr 2023 14:57:01 GMT
Connection: keep-alive
ETag: "6447ea3d-ebaa"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
ww1.good-trading.com/assets/webfonts/fa-solid-900.woff2
104.21.77.114 75 kB URL ww1.good-trading.com/assets/webfonts/fa-solid-900.woff2
IP 104.21.77.114:0
File type Web Open Font Format (Version 2), TrueType, length 75440, version 329.-1049\012- data
Hash b5cf8ae26748570d8fb95a47f46b69e1
07bed153d47f9129a944ee54dd72952deed074c8
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0
Analyzer Verdict Alert fortinet Phishing
GET /assets/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: ww1.good-trading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Alt-Used: ww1.good-trading.com
Connection: keep-alive
Referer: https://ww1.good-trading.com/assets/css/fontawesome-all.min.css
Cookie: goodtrading=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:12 GMT
content-length: 75440
last-modified: Fri, 25 Jun 2021 05:57:20 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 3472
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vS%2B0OMIrh7KeYL9Rfar78Hdt3Iosbc58%2FuZOoBpS0XqusihI1ndTNRjwT8QZewg%2BjgzntrgryzNuMa1IeNwfG50V%2FqjC5uW1jYMWbAZE7pkMWCxiBBTUdWC3AMpiTEtARlGVYTeebA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c183766edc4b52d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.globalsign.com/alphasslcasha256g4
104.18.20.226 1.4 kB URL ocsp.globalsign.com/alphasslcasha256g4
IP 104.18.20.226:0
Hash 3d02b0168a8333771b0584264bfb24e7
55bb3e158146cc7901c17bf10e75f83f9bb312ce
98507fea7943fdbb5729c10d8de7d64a41ff4b4bd733f64d76b25f9de6254283
POST /alphasslcasha256g4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:12 GMT
Content-Type: application/ocsp-response
Content-Length: 1437
Connection: keep-alive
Expires: Sun, 07 May 2023 08:44:03 GMT
ETag: "55bb3e158146cc7901c17bf10e75f83f9bb312ce"
Last-Modified: Wed, 03 May 2023 08:44:04 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c183766e8dcb50c-OSL
ocsp.globalsign.com/alphasslcasha256g4
104.18.21.226 1.4 kB URL ocsp.globalsign.com/alphasslcasha256g4
IP 104.18.21.226:0
Hash 12af2a77369678d314035220849b91ab
0d158f4ecba321819e207bbab1d471dbc9802f4d
fdf1a5477420960905f33137497e6ff1cea316375d388a0fae6aa2bdf16d6f90
POST /alphasslcasha256g4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:12 GMT
Content-Type: application/ocsp-response
Content-Length: 1437
Connection: keep-alive
Expires: Sun, 07 May 2023 10:08:40 GMT
ETag: "0d158f4ecba321819e207bbab1d471dbc9802f4d"
Last-Modified: Wed, 03 May 2023 10:08:41 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 849
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c183767290d0afa-OSL
ocsp.globalsign.com/alphasslcasha256g4
104.18.20.226 1.4 kB URL ocsp.globalsign.com/alphasslcasha256g4
IP 104.18.20.226:0
Hash 12af2a77369678d314035220849b91ab
0d158f4ecba321819e207bbab1d471dbc9802f4d
fdf1a5477420960905f33137497e6ff1cea316375d388a0fae6aa2bdf16d6f90
POST /alphasslcasha256g4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:12 GMT
Content-Type: application/ocsp-response
Content-Length: 1437
Connection: keep-alive
Expires: Sun, 07 May 2023 10:08:40 GMT
ETag: "0d158f4ecba321819e207bbab1d471dbc9802f4d"
Last-Modified: Wed, 03 May 2023 10:08:41 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 849
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c183767194bb50c-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226 1.4 kB URL ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 50eb7c69a0782dcf0c8edcdc66689608
fd3ca2ad6179423245157432271b43f901ea2869
58f569b971922687dd52350d67afeb6429b83eae072f25a93912cbab05ca8dda
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 07 May 2023 09:05:14 GMT
ETag: "fd3ca2ad6179423245157432271b43f901ea2869"
Last-Modified: Wed, 03 May 2023 09:05:15 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c1837672ef60b39-OSL
syndication.realsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx648tdlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hfprgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fNrzy8eeHPv17tcuTvFtt3l0a4ePHLlz7MeW9cEk9LlVUE0q9VbFdlWfHXBJPS5VVBNKvBLaxHA2vS4xVNLnw10uOuUuUr1QVuLvzVVysSOZ3Xcdz00ze2ulhuCV7c1NJrYbZjmaiz4a4G5nXXKc.GuBuNiVuCV5edh5zPhrcvcasrgmlXrgkcz4buHHXA22xWw05LW5Tny1wNtMU0wOUr1TWUtOZ8Ncs1TVME9efDXBK1M9LBXMvJM25nw11uVVryTNuZ8NdLj0E0q7zk0rEji8DefPj058unLXPTNfgvVWxXZVnt464G52Ka5XKc.GtqCvBd5yaViRxeBvPnx6c.XTprlcrYasgrwXnpmvwXrwncz1yuVsNWQV4Lz0zX4LtuVNUwT1wTS562G2Y5mol7XKc9cEk9LlVUE0q7Eca8EtrEcDa9LjFU0tWfDXVYzyz4a6rGeefDXU1TBPWvXhO5nrqapgnrXlYkcz11NUwT1r2uU562aZrqnKV7XKc.Gu2nPhrglrcplYjz4a5Zl3bJW6s.GuBulyqeaWqC1xeNjCayvPhrgbksjrgxmlcz4a7KnKV2mJ54JXs.OuypyldpieeCV5d2lyixyVrDPj06cNbkjEEa8FU.fDXU1TBPWu25WxBHn211NUwT1r2uU1QTS58dbNlMeeu2yyBvPj28c.PHn488uPTz08cO3nv17dOvLp3Y6Nu8enHXXBI5VWxJPnx7eOfHjz8eeWtqaaKBxqaWpyWvPjA
95.211.229.246 20 B URL syndication.realsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx648tdlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hfprgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fNrzy8eeHPv17tcuTvFtt3l0a4ePHLlz7MeW9cEk9LlVUE0q9VbFdlWfHXBJPS5VVBNKvBLaxHA2vS4xVNLnw10uOuUuUr1QVuLvzVVysSOZ3Xcdz00ze2ulhuCV7c1NJrYbZjmaiz4a4G5nXXKc.GuBuNiVuCV5edh5zPhrcvcasrgmlXrgkcz4buHHXA22xWw05LW5Tny1wNtMU0wOUr1TWUtOZ8Ncs1TVME9efDXBK1M9LBXMvJM25nw11uVVryTNuZ8NdLj0E0q7zk0rEji8DefPj058unLXPTNfgvVWxXZVnt464G52Ka5XKc.GtqCvBd5yaViRxeBvPnx6c.XTprlcrYasgrwXnpmvwXrwncz1yuVsNWQV4Lz0zX4LtuVNUwT1wTS562G2Y5mol7XKc9cEk9LlVUE0q7Eca8EtrEcDa9LjFU0tWfDXVYzyz4a6rGeefDXU1TBPWvXhO5nrqapgnrXlYkcz11NUwT1r2uU562aZrqnKV7XKc.Gu2nPhrglrcplYjz4a5Zl3bJW6s.GuBulyqeaWqC1xeNjCayvPhrgbksjrgxmlcz4a7KnKV2mJ54JXs.OuypyldpieeCV5d2lyixyVrDPj06cNbkjEEa8FU.fDXU1TBPWu25WxBHn211NUwT1r2uU1QTS58dbNlMeeu2yyBvPj28c.PHn488uPTz08cO3nv17dOvLp3Y6Nu8enHXXBI5VWxJPnx7eOfHjz8eeWtqaaKBxqaWpyWvPjA
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx648tdlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hfprgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fNrzy8eeHPv17tcuTvFtt3l0a4ePHLlz7MeW9cEk9LlVUE0q9VbFdlWfHXBJPS5VVBNKvBLaxHA2vS4xVNLnw10uOuUuUr1QVuLvzVVysSOZ3Xcdz00ze2ulhuCV7c1NJrYbZjmaiz4a4G5nXXKc.GuBuNiVuCV5edh5zPhrcvcasrgmlXrgkcz4buHHXA22xWw05LW5Tny1wNtMU0wOUr1TWUtOZ8Ncs1TVME9efDXBK1M9LBXMvJM25nw11uVVryTNuZ8NdLj0E0q7zk0rEji8DefPj058unLXPTNfgvVWxXZVnt464G52Ka5XKc.GtqCvBd5yaViRxeBvPnx6c.XTprlcrYasgrwXnpmvwXrwncz1yuVsNWQV4Lz0zX4LtuVNUwT1wTS562G2Y5mol7XKc9cEk9LlVUE0q7Eca8EtrEcDa9LjFU0tWfDXVYzyz4a6rGeefDXU1TBPWvXhO5nrqapgnrXlYkcz11NUwT1r2uU562aZrqnKV7XKc.Gu2nPhrglrcplYjz4a5Zl3bJW6s.GuBulyqeaWqC1xeNjCayvPhrgbksjrgxmlcz4a7KnKV2mJ54JXs.OuypyldpieeCV5d2lyixyVrDPj06cNbkjEEa8FU.fDXU1TBPWu25WxBHn211NUwT1r2uU1QTS58dbNlMeeu2yyBvPj28c.PHn488uPTz08cO3nv17dOvLp3Y6Nu8enHXXBI5VWxJPnx7eOfHjz8eeWtqaaKBxqaWpyWvPjA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww1.good-trading.com/
Connection: keep-alive
Cookie: impressions=bxaoccxansgxabseomrcbgxcceibxclolxcnxgxabseomrcbgxcceimrxccoscnogxabseobsbagxcceimrxccosenogxabseobsbmgxcceibxscllmanxgxabsessbregxcceibxscllacnxgxabsecxobsgxcceibxscllbcnxgxabsecreeegxcceibxscllrbnxgxabsecrxecgxcceibxscllbenxgxabserelmmgxcceimrmaobxansgxabseroxrmgxcceimaxecocbnxgxabserorscgxcceimxeemlebnxgxabserlrlagxcceibxscllmenxgxabseaellrgxcceimocbmmacnxgxabseambxegxcceisooloabsnxgxabseambxegxcceibxxxcslenxgxabseabamagxcceibxeslaocnxgxabseabamagxcceimbbcemoanxgxabsxelmocgxcceixaoosscrnxgxabsxxexbmgxcceimeelaclonxgxabsxxexbmgxcceimxeemleonxgxabsxxexbmgxcceixaoossalnxgxabsxxexbmgxcceibeoabmsanxgxabsxxexbmgxcceibxbmsebonxgxabsxxsbblgxcce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin:
Access-Control-Allow-Credentials: true
Set-Cookie: impressions=bxaoccxansgxabseomrcbgxcceibxclolxcnxgxabseomrcbgxcceimrxccoscnogxabseobsbagxcceimrxccosenogxabseobsbmgxcceibxscllmanxgxabsessbregxcceibxscllacnxgxabsecxobsgxcceibxscllbcnxgxabsecreeegxcceibxscllrbnxgxabsecrxecgxcceibxscllbenxgxabserelmmgxcceimrmaobxansgxabseroxrmgxcceimaxecocbnxgxabserorscgxcceimxeemlebnxgxabserlrlagxcceibxscllmenxgxabseaellrgxcceimocbmmacnxgxabseambxegxcceisooloabsnxgxabseambxegxcceibxxxcslenxgxabseabamagxcceibxeslaocnxgxabseabamagxcceimbbcemoanxgxabsxelmocgxcceixaoosscrnxgxabsxxexbmgxcceimeelaclonxgxabsxxexbmgxcceimxeemleonxgxabsxxexbmgxcceixaoossalnxgxabsxxexbmgxcceibeoabmsanxgxabsxxexbmgxcceibxbmsebonxgxabsxxsbblgxcceibxbmsemcnxgxabsxxsblsgxcce; expires=Thu, 04 May 2023 11:38:13 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ocsp2.globalsign.com/gsalphasha2g2
104.18.21.226 1.4 kB URL ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.21.226:0
Hash 7fcce914924ebc653d812207e68b3b32
1e47f8eba75488bbe9e4c7b0e99b3f2ce5b45e22
9ba558b9c37fa375de737f42430a2fdf0fcf15c20e3eef29f6eefe022a6b54e8
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 07 May 2023 10:51:40 GMT
ETag: "1e47f8eba75488bbe9e4c7b0e99b3f2ce5b45e22"
Last-Modified: Wed, 03 May 2023 10:51:41 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c1837680fc70b39-OSL
ocsp.globalsign.com/alphasslcasha256g4
104.18.21.226 1.4 kB URL ocsp.globalsign.com/alphasslcasha256g4
IP 104.18.21.226:0
Hash b465056afa1612092f040582b059ec87
53f9582bd0c55dd3b436e7e5b07fd16f6916e1cb
74221f51b5b32575333f159e4ba74884a168c93c93ef374ab95f4dea68240851
POST /alphasslcasha256g4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1437
Connection: keep-alive
Expires: Sun, 07 May 2023 08:26:41 GMT
ETag: "53f9582bd0c55dd3b436e7e5b07fd16f6916e1cb"
Last-Modified: Wed, 03 May 2023 08:26:42 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c1837680a9f0afa-OSL
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226 1.4 kB URL ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 7fcce914924ebc653d812207e68b3b32
1e47f8eba75488bbe9e4c7b0e99b3f2ce5b45e22
9ba558b9c37fa375de737f42430a2fdf0fcf15c20e3eef29f6eefe022a6b54e8
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 07 May 2023 10:51:40 GMT
ETag: "1e47f8eba75488bbe9e4c7b0e99b3f2ce5b45e22"
Last-Modified: Wed, 03 May 2023 10:51:41 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c18376809a31c16-OSL
cdn.cryptobrowser.store/media/pb/632/c6b9be68834f4e3386e3ca5710d3868e.gif
188.114.97.1 336 kB URL cdn.cryptobrowser.store/media/pb/632/c6b9be68834f4e3386e3ca5710d3868e.gif
IP 188.114.97.1:0
File type GIF image data, version 89a, 728 x 90\012- data
Size 336 kB (335927 bytes)
Hash fc98832ed05da499d50af5e92dbfde1d
4c024d7efc17c697f7507711fcc3771ecdafdc46
0f5a2990a518aad988209b2b6bf4ead7e402f7e8d9436ed2139e5584a42c8316
GET /media/pb/632/c6b9be68834f4e3386e3ca5710d3868e.gif HTTP/1.1
Host: cdn.cryptobrowser.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cryptobrowser.store
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:13 GMT
content-type: image/gif
content-length: 335927
etag: "5dd7f05a-52037"
last-modified: Fri, 22 Nov 2019 14:27:38 GMT
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: HIT
age: 5983
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L292FhSa0UWyfATWEGSWrF%2BocVYUW8eyVE%2FU3qYzYAvVUuBGRnQy3avJXG5xo6iukWrbNvkpKCUWIV5BXMqXiuIj0Q1%2FLF%2BXvwzO6wxsbDykZkjc%2BMJwL39j1%2FM3HeqNeW2o9XJXCbq9tw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837681a1c0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226 1.4 kB URL ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 7fcce914924ebc653d812207e68b3b32
1e47f8eba75488bbe9e4c7b0e99b3f2ce5b45e22
9ba558b9c37fa375de737f42430a2fdf0fcf15c20e3eef29f6eefe022a6b54e8
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 07 May 2023 10:51:40 GMT
ETag: "1e47f8eba75488bbe9e4c7b0e99b3f2ce5b45e22"
Last-Modified: Wed, 03 May 2023 10:51:41 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c183768184db529-OSL
ocsp.globalsign.com/alphasslcasha256g4
104.18.20.226 1.4 kB URL ocsp.globalsign.com/alphasslcasha256g4
IP 104.18.20.226:0
Hash b465056afa1612092f040582b059ec87
53f9582bd0c55dd3b436e7e5b07fd16f6916e1cb
74221f51b5b32575333f159e4ba74884a168c93c93ef374ab95f4dea68240851
POST /alphasslcasha256g4 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Type: application/ocsp-response
Content-Length: 1437
Connection: keep-alive
Expires: Sun, 07 May 2023 08:26:41 GMT
ETag: "53f9582bd0c55dd3b436e7e5b07fd16f6916e1cb"
Last-Modified: Wed, 03 May 2023 08:26:42 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7c1837680a89b50c-OSL
tr.cryptobrowser.site/api/v2/an/bn/
185.173.160.143 0 B URL tr.cryptobrowser.site/api/v2/an/bn/
IP 185.173.160.143:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/an/bn/ HTTP/1.1
Host: tr.cryptobrowser.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=UTF-8
Content-Length: 83
Origin: https://get.cryptobrowser.site
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:13 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://get.cryptobrowser.site
vary: Origin, Accept-Encoding
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
cdn.cpm.media/160x600/160x600_4545152155554.gif
172.67.198.162 339 kB URL cdn.cpm.media/160x600/160x600_4545152155554.gif
IP 172.67.198.162:0
File type GIF image data, version 89a, 160 x 600\012- data
Size 339 kB (338639 bytes)
Hash 2e887f1fbf83493e6a02570c935e6087
7b83d7812fcccc017b69e25709e6d617bcbb6612
5bbd3c3e63837410b24e36b1b8765f806c1281bca55e0c1a291bda76f39b7a67
GET /160x600/160x600_4545152155554.gif HTTP/1.1
Host: cdn.cpm.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cpm.media
Connection: keep-alive
Referer: https://cdn.cpm.media/160x600/160x600.php
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:13 GMT
content-type: image/gif
content-length: 338639
cache-control: public, max-age=604800
expires: Fri, 05 May 2023 21:46:44 GMT
last-modified: Fri, 30 Dec 2022 10:22:42 GMT
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 395489
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yz6uj7UopHg%2FEDyMRUls6uSzIQSpnPbjEsRDjbkAlJ8j5w7OD69toaKpS%2FhUkyR2N5sDlQtY%2B3Wc1ki8bDyAUj8olCW%2F3W0Q0sr8G84Tx40qAJX3PlmFqXNoXeINOWAn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837684963fab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
us.news24.media/ressources/img/logo.png
188.114.96.1 21 kB URL us.news24.media/ressources/img/logo.png
IP 188.114.96.1:0
File type PNG image data, 340 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 3ebd0122f01adeb5ec83a7f88c92f776
290db3b64ce41ddb7515d374d795a4ced1141ce9
4804ff69e63373337c2aa87dc38ae135b3d0fb2884b2ed091143e85171e69d43
GET /ressources/img/logo.png HTTP/1.1
Host: us.news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:13 GMT
content-type: image/png
content-length: 21319
last-modified: Mon, 23 Jan 2023 17:10:29 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:43:45 GMT
cf-cache-status: HIT
age: 568
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BGRo5L3%2B82amId0wnp%2FeeqoFNBKxnweSNB7k2shGIpSyFGl6rEfT8pcIzXKiq%2FpQhIPbr5MgN%2F7boeckoBjILL7TRDihR7VbfyWyjjxtoRNHoCPqfcxYSiFHqk9v7EUBXuI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c183768fb5db509-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
mediacpm.pl/landing/images/bg-cta-img.jpg
104.21.234.95 892 kB URL mediacpm.pl/landing/images/bg-cta-img.jpg
IP 104.21.234.95:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1920x1440, components 3\012- data
Size 892 kB (891932 bytes)
Hash d992935f2f5240a649ef642bcadb53e1
98a1768b9d4358444d2d6b420d8bcfb3d89f4c9b
4069c5a1213cf3e3da8a4c59a1c996690882f3756a18bb679a8e909e5380a973
GET /landing/images/bg-cta-img.jpg HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/landing/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:13 GMT
content-type: image/jpeg
content-length: 891932
last-modified: Thu, 11 Aug 2022 11:16:23 GMT
etag: "62f4e507-d9c1c"
cache-control: max-age=86400
cf-cache-status: HIT
age: 3797
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7p0c85IMFgG9ShoOULTtt3sTlqEGeqc%2BHovtFXMz%2BRDWXVIg3z80Q6SEyZc0DreB1%2BfCPYoMrY5baMkh1zVptPLchdaxz%2BqQcF1RYKa%2BiIOAkazLcclvIyPhWVK4vg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c183767ddea00a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml.flurryad.com/redirect?feed=437634&auth=bmMqba&subid=flurry&query=flurry&url=flurryad.com
174.137.133.16 0 B URL xml.flurryad.com/redirect?feed=437634&auth=bmMqba&subid=flurry&query=flurry&url=flurryad.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=437634&auth=bmMqba&subid=flurry&query=flurry&url=flurryad.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cadrctlnk.com/in/p/?spot_id=299730&cat=25&sub_id=88
Pragma: no-cache
xml.adxfactory.com/redirect?feed=528948&auth=lxe5mN
173.239.53.17 0 B URL xml.adxfactory.com/redirect?feed=528948&auth=lxe5mN
IP 173.239.53.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=528948&auth=lxe5mN HTTP/1.1
Host: xml.adxfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
votreimc.com/adu.html
104.21.85.141 672 B IP 104.21.85.141:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 603dfee65bef9a4632fef3353268be71
c6a6da128221f02b620bfc767224f5336088f818
3617d69529c0e0278a3e98f5ebdc96decfda2d58dad064f4778794eb3b465e20
GET /adu.html HTTP/1.1
Host: votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 1498
last-modified: Wed, 03 May 2023 11:13:11 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ht1GlzqwcWhydz8FaM9wej7d1a3HhkC%2Fam99YuI5Fo7G3Z6sDPXOMQ4iX0SkkIEV0nkWwCK8EQUPqRhzsEh78Sc1sP2FSg6akT85skSxkw4k8%2FWdw5Rnjfu79%2BWpgTs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837541f2e0b02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.votreimc.com/adzgame.html
172.67.206.113 163 B URL www.votreimc.com/adzgame.html
IP 172.67.206.113:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 44c1c4ec9dfbf4b4ab001c2c08ba26f7
3cd8401faada2f487bbd026869b939045f1b3e9d
9c5353db96c9f1540bae18d62d6a980b436d51e402e4417a1111c15370b99e9c
GET /adzgame.html HTTP/1.1
Host: www.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 3537
last-modified: Wed, 03 May 2023 10:39:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Wce8tfF054QIcV5pWXYlKTSV7d8BExLYYl%2FjHwEYA5CBjEjmGZT8izDOD7HJxbWYGdjoYHbfQTjSZjF%2By8LHQn7hbp%2BqXdoQnAwdWuDS20ltpZ0Dwj7eDuGehUkgc3TMypj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183753f9a9b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.adflyer.media/redirect?feed=474231&auth=YyannI&subid=adf&query=adf&url=adflyer.media
174.137.133.17 0 B URL xml.adflyer.media/redirect?feed=474231&auth=YyannI&subid=adf&query=adf&url=adflyer.media
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=474231&auth=YyannI&subid=adf&query=adf&url=adflyer.media HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cadrctlnk.com/in/p/?spot_id=328702&cat=25&sub_id=149296894
Pragma: no-cache
mediacpm.pl/landing/css/owl.transitions.css
104.21.234.95 4.9 kB URL mediacpm.pl/landing/css/owl.transitions.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (3699), with no line terminators
Hash 7816567092e2d9dd9f6d5670d48c6332
6073e618cfcd0ba7b5fb2c4b653a198952ac8297
6620748adbe27e0f4656286b2e4a06e1d837ce49b795c89b7d445a0e15e54304
GET /landing/css/owl.transitions.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:07 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=4638
etag: W/"62f4e500-121e"
last-modified: Thu, 11 Aug 2022 11:16:16 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 592
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vtLsXsbshb%2Bzo8SpUqws0vtSBfAqjHUiDZBuSHUHqSvZo0wIFqKV0kocr9B87j06UsxHrgEq4pd4JsUE2Ho%2BdHCoaLwcgFjdTdAZTbKFaS9tKuWBOnnk8mko6jRd0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183747aee900a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml.adflyer.media/redirect?feed=542697&auth=HDsoD3&subid=adf1&query=adf1&url=adflyer.media
174.137.133.17 0 B URL xml.adflyer.media/redirect?feed=542697&auth=HDsoD3&subid=adf1&query=adf1&url=adflyer.media
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=542697&auth=HDsoD3&subid=adf1&query=adf1&url=adflyer.media HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://yosafurls.com/go/adsbnrs/
Pragma: no-cache
api.adhitz.com/adjs.php?zoneid=27592&block=1&c=2&l=https%3A//mediacpm.pl/&r=https%3A//www.yofaurls.com/&s=&p=3812148540&cb=6138702525&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//www.yofaurls.com/
172.67.166.40 832 B URL api.adhitz.com/adjs.php?zoneid=27592&block=1&c=2&l=https%3A//mediacpm.pl/&r=https%3A//www.yofaurls.com/&s=&p=3812148540&cb=6138702525&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//www.yofaurls.com/
IP 172.67.166.40:0
Hash bdc5db7e23a89473b7d05109209f1f28
997ae86c0835f5e46579f42e6c982be0689c6ea8
1bea1ed434b08cdb0b9d581a2c05f4a190cdfc2bca38d52a63c82f82ad4b4ce5
GET /adjs.php?zoneid=27592&block=1&c=2&l=https%3A//mediacpm.pl/&r=https%3A//www.yofaurls.com/&s=&p=3812148540&cb=6138702525&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//www.yofaurls.com/ HTTP/1.1
Host: api.adhitz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: api.adhitz.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:12 GMT
content-type: text/html; charset=UTF-8
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MQuTt%2FBDMs9qrRaU3KLbt26KWC5yE3Nff9zKi7Bi1VkonIUmvEGAqxp9Up5EDHoPkLt45EVawNDroVQWA860gz0rBU5R7FEOqRWUPZPTG1uoKKbeEUvqmbmJQeRCr7wyNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183765cd1b0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ajfnee.com/p/waWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsInNyYyI6Mn0=eyJ.js
104.21.32.174 33 kB URL ajfnee.com/p/waWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsInNyYyI6Mn0=eyJ.js
IP 104.21.32.174:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash d619bc2ec86d843ae5d3b0d3d983a658
e46a5c2ad224f8a3ce60f8f05389abac534abfee
c2748150993a1714c6985b0843a758878e302593ffe13fd7f8b5a51d0ebd285e
GET /p/waWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsInNyYyI6Mn0=eyJ.js HTTP/1.1
Host: ajfnee.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:13 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://news24.media
e-tag: e01998f93cb3ba2384f64a5b5090ac47
cache-control: max-age=14400
cf-cache-status: HIT
age: 4177
last-modified: Wed, 03 May 2023 10:28:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YVTnXJFKjsoslyoExQ2V4%2BRoyTftL1gYfIiTAGJIBlk%2BgGbGfQflHLpL8IvL%2FjXYZz7oyV8mBWZednakXYtRcwd1KvbRn%2FDEMU4h28yA7VxZk8VKP6IgiwuXVTAR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183768ed621c12-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3 472 B IP 142.250.74.3:0
Hash 23b244110c9e48121c6f9e0188310d28
1f93e8aad3e8f335181bde10a961b9b6a09e9e11
fec1cb52107775931e77fec5b69d23ce494337e239bd08c9d995aa22c59cb7f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 11:38:13 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xml.adflyer.media/redirect?feed=542700&auth=QqtgIx&subid=adfa1&query=adfa1&url=adflyer.media
174.137.133.17 0 B URL xml.adflyer.media/redirect?feed=542700&auth=QqtgIx&subid=adfa1&query=adfa1&url=adflyer.media
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=542700&auth=QqtgIx&subid=adfa1&query=adfa1&url=adflyer.media HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cadrctlnk.com/in/p/?spot_id=299730&cat=25&sub_id=88
Pragma: no-cache
api.adhitz.com/adjs.php?zoneid=22848&block=1&c=4&l=https%3A//mediacpm.pl/&r=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D728x90&s=&p=2587624432&cb=81206593569&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D728x90
172.67.166.40 725 B URL api.adhitz.com/adjs.php?zoneid=22848&block=1&c=4&l=https%3A//mediacpm.pl/&r=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D728x90&s=&p=2587624432&cb=81206593569&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D728x90
IP 172.67.166.40:0
Hash b0cc652779c267af48c243e77525b121
5b343fc3631ebd55111b168a89cfd54c1a12bb86
d0ba261bcc0c0da679d504f1832af8cefd50b513e31a9960ba2873e1c5995d3f
GET /adjs.php?zoneid=22848&block=1&c=4&l=https%3A//mediacpm.pl/&r=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D728x90&s=&p=2587624432&cb=81206593569&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D728x90 HTTP/1.1
Host: api.adhitz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: api.adhitz.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:13 GMT
content-type: text/html; charset=UTF-8
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BrXy1D%2BN6IPoA0wGE1%2Fwm0qopPwGBRjIQxqtJj%2BaovsQX3KBuTc3xY%2BNnLNAvZbZNsmX7f29vuCtB8JL4VTwUXZSvQxCGKqO9ThP3KH4YDLY6UwK55HGh%2Ft6Ubds3JZXNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183768a8800b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
www.ad-good.com/infinitym.html
188.114.97.1 181 B URL www.ad-good.com/infinitym.html
IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 2a3f4a347c60feacf16e60e9c2a8e4a7
38d6897ce032b56d850699af051dc536ce4c731b
7ef01610a399eccdcc0b3b7cbbeb6f97c1130b8b6014e8dd4a5f11a909d04d0e
GET /infinitym.html HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:10 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2490
last-modified: Wed, 03 May 2023 10:56:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UnxYG6H4VnGffcMV8CjF0Vk9Z2o2kloltWHjPQje5MWANptEE7XyFO8fpP723XWGO5HSZkzAjalAeI%2FTNNsfJv42MjHhjVpF7iCKU9hK0%2F1Ahs3UNejPr%2B%2Fer%2BRwmkbq2cQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183754cd27b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
rexsrv.com/getjs?r=0.4418486588737578
216.172.60.167 7.1 kB URL rexsrv.com/getjs?r=0.4418486588737578
IP 216.172.60.167:0
Hash 98bb3d3cc62e68e4032b4d93aec0c9a5
3ccf9d8adf1fa49725c5d13c2b0148a892c924ba
7abff3759042ae83e8ec418daab9cb88935b60ee707377d094d4524d0b997acb
GET /getjs?r=0.4418486588737578 HTTP/1.1
Host: rexsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Cookie: _rrtb_u_g8484173973bd=0e6c623ebbeeff497b34a034a8a710a4
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:12 GMT
content-type: application/javascript
X-Firefox-Spdy: h2
mediacpm.pl/landing/fonts/Pe-icon-7-stroke.woff?d7yf1v
104.21.234.95 59 kB URL mediacpm.pl/landing/fonts/Pe-icon-7-stroke.woff?d7yf1v
IP 104.21.234.95:0
File type Web Open Font Format, TrueType, length 58556, version 1.0\012- data
Hash b38ef310874bdd008ac14ef3db939032
7e544bb11b7655998db6f324c612f7ffbf0ab66e
6fb4217048f333e23e0fd0ba2ab05e05fd7500f86a5a80a7cf04a2f94b257bec
GET /landing/fonts/Pe-icon-7-stroke.woff?d7yf1v HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/landing/css/pe-icon-7.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:13 GMT
content-type: font/woff
content-length: 58556
last-modified: Thu, 11 Aug 2022 11:16:21 GMT
etag: "62f4e505-e4bc"
cache-control: max-age=86400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TkiLay4foxlcvqYWhMNhd5u8EBvty1A%2BKrSXbeFL6zQT4O%2BuLXba2JYZov%2FaMLP6CALyTAO9rcnY614f8u9MEJ9S9hXus16Pz6JG22M97H0fc%2BrqI7j2PFTOelCfhg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c183767ddf900a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml.infinity-info.com/redirect?feed=441159&auth=kCy2hF&subid=infinityad&query=best+deals&url=infinity-info.com
174.137.133.16 0 B URL xml.infinity-info.com/redirect?feed=441159&auth=kCy2hF&subid=infinityad&query=best+deals&url=infinity-info.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441159&auth=kCy2hF&subid=infinityad&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cadrctlnk.com/in/p/?spot_id=328702&cat=25&sub_id=149296894
Pragma: no-cache
adservice.google.com/adsid/integrator.js?domain=mediacpm.pl
142.250.74.34 100 B URL adservice.google.com/adsid/integrator.js?domain=mediacpm.pl
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=mediacpm.pl HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 03 May 2023 11:38:13 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=mediacpm.pl
172.217.21.162 100 B URL adservice.google.no/adsid/integrator.js?domain=mediacpm.pl
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=mediacpm.pl HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 03 May 2023 11:38:13 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
redirect3.online/rtbm.html
104.21.92.126 154 B URL redirect3.online/rtbm.html
IP 104.21.92.126:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash fb79ad78d97818315b236f1d844092de
dc24d88f09419233eb8cf577d159ba2a523d0f75
4075d2185f626437b6dc864921f8377a82b2e8ec6469a5c7d8b5e0c08913dbb8
GET /rtbm.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1721
last-modified: Wed, 03 May 2023 11:09:28 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fsb4PrjUeupx8pQhpYzrSX1QOz3yh1syIH2vC5A209WUJpitGvOxE6yzsCmOvgjtHviQGqusGPF7G2vHxK9FcQM%2FW%2FTF2mH%2F%2FZtLa0COuXeY5ou9k80mQ3dWIdAbOlhAe4JI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183752ce5b0afe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=mediacpm.pl
142.250.74.34 100 B URL adservice.google.com/adsid/integrator.js?domain=mediacpm.pl
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=mediacpm.pl HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 03 May 2023 11:38:13 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=mediacpm.pl
172.217.21.162 100 B URL adservice.google.no/adsid/integrator.js?domain=mediacpm.pl
IP 172.217.21.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=mediacpm.pl HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 03 May 2023 11:38:13 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
adhitzads.com/1037129
188.114.96.1 524 B IP 188.114.96.1:0
File type ASCII text, with very long lines (603)
Hash f5acd7065aecc29ae57507e996c53054
1fe8f42450d04014d56e8d484bd69a965efb1ceb
748ddd9d997fab94211b25f33522f89f0410046f1740f3dcee0c68837c1a6988
GET /1037129 HTTP/1.1
Host: adhitzads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: adhitzads.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:11 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hl%2BY4fTn9POsbfzH3ZiP5GwEkqs%2BIvZ8ywr9IFooPZ6BTKFLPSKJL%2FTKLD8C75jns712mhYyDnDKPtZrWYMKDdboNcj5gKTJLW489Rs4NMGYgPssdjaNP8Kwfg7%2Bd6y7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18375d0cabb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml.infinity-info.com/redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com
174.137.133.16 0 B URL xml.infinity-info.com/redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cadrctlnk.com/in/p/?spot_id=299730&cat=25&sub_id=88
Pragma: no-cache
xml.adxfactory.com/redirect?feed=528946&auth=VUApWY
173.239.53.17 0 B URL xml.adxfactory.com/redirect?feed=528946&auth=VUApWY
IP 173.239.53.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=528946&auth=VUApWY HTTP/1.1
Host: xml.adxfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cadrctlnk.com/in/p/?spot_id=328702&cat=25&sub_id=149296894
Pragma: no-cache
xml.infinity-info.com/redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com
174.137.133.16 0 B URL xml.infinity-info.com/redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cadrctlnk.com/in/p/?spot_id=299730&cat=25&sub_id=88
Pragma: no-cache
thenetwork18.net/adf.html
188.114.96.1 163 B URL thenetwork18.net/adf.html
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 7f51a3c9e188292497777f341f9fc6c5
706b245746d32ddbb0622c399ca61b8862835c96
898d74bb64cd69dfb9f5dfdfefc17fd3abeed0fdbae88fb805e78a08bc98af45
GET /adf.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww1.good-trading.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: text/html
vary: Accept-Encoding
x-iplb-request-id: A29EDE89:8982_D5BA2113:0050_64523E71_12690:2D62B
x-iplb-instance: 30841
cache-control: max-age=14400
cf-cache-status: HIT
age: 2352
last-modified: Wed, 03 May 2023 10:58:57 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UphSFh9m6rK%2FyVwkGsVG%2Feidgs%2BbnBZsIwXTlUE%2FiiEkcoRAWSee5b9%2Bkme5LEvhDgM%2Fh%2BgsFmJJuA8uwDeq0bweQ0Wy%2Bw1pHFL5YFpBJPMhkhstsGuSCaMaWInQyYJmil0I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18375338beb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.eximdigital.com/redirect?feed=445008&auth=AK9QGh&subid=eximdigital&query=eximdigital&url=eximdigital.com
173.239.53.22 0 B URL xml.eximdigital.com/redirect?feed=445008&auth=AK9QGh&subid=eximdigital&query=eximdigital&url=eximdigital.com
IP 173.239.53.22:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=445008&auth=AK9QGh&subid=eximdigital&query=eximdigital&url=eximdigital.com HTTP/1.1
Host: xml.eximdigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
mediacpm.pl/landing/js/jquery.easing.min.js
104.21.234.95 850 B URL mediacpm.pl/landing/js/jquery.easing.min.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (2532), with no line terminators
Hash e35520eee24e914c103d79de8dde9911
c2c1be97b809ee7b554418fef3b75a687ccaa3e4
13c9d1b74c56d0ca895deb18b002b31692f4564ce65fda4e8677fbb572557030
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/jquery.easing.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:29 GMT
vary: Accept-Encoding
etag: W/"62f4e50d-9e4"
cache-control: max-age=86400
cf-cache-status: HIT
age: 4732
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QJcJx8wYhdfyoKDIb80Kk%2FJvkedqgEKHnxyr1baFnU%2BmbQITOkwUonqT168gP4Kso1MMDZpVovQgk9X0dbzPUsjR0L8FN7PyyVIznxBQZ8X%2F8moJ1UqnrcO3sgrHcQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373d9d7a00a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml.clixvista.com/redirect?feed=536493&auth=cZSlEi&subid=clixvistaa&query=best+hot&url=clixvista.com
198.134.116.28 0 B URL xml.clixvista.com/redirect?feed=536493&auth=cZSlEi&subid=clixvistaa&query=best+hot&url=clixvista.com
IP 198.134.116.28:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=536493&auth=cZSlEi&subid=clixvistaa&query=best+hot&url=clixvista.com HTTP/1.1
Host: xml.clixvista.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
mediacpm.pl/serve/valid.php?a=28957&b=300x250&referr=&t=1683113887&c=younnesa&e=2&f=1&h=afbddebfbcdeba
104.21.234.95 3.6 kB URL mediacpm.pl/serve/valid.php?a=28957&b=300x250&referr=&t=1683113887&c=younnesa&e=2&f=1&h=afbddebfbcdeba
IP 104.21.234.95:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash ae6b4c267b2c89c8b1c622c17c86ffa0
b173b700e35e779c98e1d788e912e0aa97546b57
b3eccdad58b3b341a083c43f38a6bd7a570ac4071768fa7c50784b8a05c4ca24
GET /serve/valid.php?a=28957&b=300x250&referr=&t=1683113887&c=younnesa&e=2&f=1&h=afbddebfbcdeba HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/serve/show.php?a=28957&b=300x250
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:08 GMT
content-type: image/gif
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tw3vaPS9BVAYu3woFNJm6b392WIgGuzxXsR3D%2B9wbimBRahQR0k%2FgoRx%2FmQQtGTc95G6n3wlb%2FHL36IdG16aemcC2aZIDt1PG9dpL3PMSM7rnQ7sFh1IAtdbdH30aQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183749696000a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml.adzgame.com/redirect?feed=436085&auth=r2BL6s&subid=adzgame&query=adzgame&url=adzgame.com
173.239.53.18 0 B URL xml.adzgame.com/redirect?feed=436085&auth=r2BL6s&subid=adzgame&query=adzgame&url=adzgame.com
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=436085&auth=r2BL6s&subid=adzgame&query=adzgame&url=adzgame.com HTTP/1.1
Host: xml.adzgame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:13 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://topicology.co/tech-gadgets/5-best-laptop-accessories-to-purchase-this-year-2022/
Pragma: no-cache
mediacpm.pl/landing/js/contact.js
104.21.234.95200 OK 458 B URL GET HTTP/3 mediacpm.pl/landing/js/contact.js
IP 104.21.234.95:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint87:94:78:81:9C:FA:BC:35:56:B7:0B:8D:A4:33:01:E2:C9:2D:F6:7F
ValidityTue, 07 Jun 2022 00:00:00 GMT - Tue, 06 Jun 2023 23:59:59 GMT
File type ASCII text, with very long lines (593), with no line terminators
Hash 3c0b8a2f4443df094ef85a3c14eecd17
87457021fbd98b4eba501b5756eb0392ee083f32
79ee56f6674b589118435cd89da37751b58d433e175099bd2efb474a34d457ae
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/contact.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=965
etag: W/"62f4e509-3c5"
last-modified: Thu, 11 Aug 2022 11:16:25 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 5431
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MPr%2BFIuocTmkaujNQL1DfR4b%2FOhn%2FbPgyIMswAHjUwj7bQ7ot0NFHNkz5hqj9tTZrHzSKKkZLRPYzR44MNkWyE2YMgNigFC8bgSWtlySxjAjwzFrAJSKAXdYwgg1MA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18374e5a5b00a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/css/materialdesignicons.min.css
104.21.234.95 22 kB URL mediacpm.pl/landing/css/materialdesignicons.min.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 603964c60faed641d532aa3c2273869b
287a91a0f62ccbbb4da0e16335004336322c25da
7ba7f3b70972313fe3f165eeeb91d54c26585039c0fd593d9bea1aa4d1122581
GET /landing/css/materialdesignicons.min.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:07 GMT
content-type: text/css
last-modified: Thu, 11 Aug 2022 11:16:13 GMT
vary: Accept-Encoding
etag: W/"62f4e4fd-1e13f"
cache-control: max-age=86400
cf-cache-status: HIT
age: 150
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bVdiAG8Mjd1VaJ3sjuej6uwZRj3fpTt14VNYoKC7zloXY8CGpC1%2FxRv7cQDId%2FK4nXAMrC677DoZfRplrs8mjg60ULXmvo9Vx0ZWKG7b9TVc4JDQXqYvs98yYwHHBA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837479ee000a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xngqoc.com/er?a=1
185.162.85.1 0 B IP 185.162.85.1:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /er?a=1 HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 03 May 2023 11:38:14 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2
mediacpm.pl/landing/css/owl.transitions.css
104.21.234.95 824 B URL mediacpm.pl/landing/css/owl.transitions.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (3699), with no line terminators
Hash 32652b9ffaae34c7d43c76bab43a2015
33f82a2d033ce52722c7c2e1e47923764fc58875
d8c359d903b38af32295a7f34ffe893e3700ae376227b659088c3359f3a35944
GET /landing/css/owl.transitions.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=4638
etag: W/"62f4e500-121e"
last-modified: Thu, 11 Aug 2022 11:16:16 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 594
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5tZ7nQtFIAU7Hl8%2FXrcALcD0m9P5hFo219inyUSumbqsQxjtxfvUKtD%2FMv7GpT7EDjPniY0fjY3JvhAKeN3BZOG4ttMczUFv3eF4m6znrahZQmUfCP3aZo%2Bkq6Ttqw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18374e3a1f00a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml.zaimads.com/redirect?feed=449092&auth=Rr6ulY&subid=zaimadsad&query=streamad&url=zaimadsad.com
174.137.133.17 0 B URL xml.zaimads.com/redirect?feed=449092&auth=Rr6ulY&subid=zaimadsad&query=streamad&url=zaimadsad.com
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=449092&auth=Rr6ulY&subid=zaimadsad&query=streamad&url=zaimadsad.com HTTP/1.1
Host: xml.zaimads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:14 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: http://tsyndicate.com/api/v1/direct/c75ac7af73a64bfe976e19e8ceb85c9c?
Pragma: no-cache
xml.adzgame.com/redirect?feed=436086&auth=7bONam&subid=adzgamea&query=adzgamea&url=adzgame.com
173.239.53.18 0 B URL xml.adzgame.com/redirect?feed=436086&auth=7bONam&subid=adzgamea&query=adzgamea&url=adzgame.com
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=436086&auth=7bONam&subid=adzgamea&query=adzgamea&url=adzgame.com HTTP/1.1
Host: xml.adzgame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:14 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://track.trackingtraffo.com/pop/imp?auth=mz3u78&c=ws0PIPSG-kyeqLe8Twp3IHVcGofgDabkLZWZTCpZBkzNok4_hbzMeEiWryymLINe3DSTLanRI2yTnDZ-hBlss_7pyP58x8d_qSPYOp_lKN3-nLcUai_Hn1DrIv1JzgN1pJrAqGGz9-0TtUohtdNg9KJ1NnIevkS5peCAoikzfmPCoPU8TC-TmcuyGRDhY5NjcbDSTCDMAUYyktePup0YK0LiMVa7fUapSlAPuyRFdzw-VW-MVirjEwPyU-DjTC19e9liLzCkXfy5F35usAjezFiztVj_-1Wp1_ZR3_pWwi6KxhQa_KVruqViovpajL57Sipufp6UCdZWspWJdIiRy7zpB_KNkKTzN5fBuv922KxtRsQvlBHucmBPw6JHRFVznnuIu1mjwqfwL9AhaK2Rg33qFjAFdViXTEfopusuxb3pl6nLvc9Z3aUMtUP7TnVVs3PjeVpwqbotfaGGguzYY6DV_uLhy9hKPxoN27ADyv654zkTePO6K4X9mjq58-sR17OrEDrUCVX7Vhkl4moi85CdQUua6els3zHn-8pJ_iM1Gk-73Eo8P5Qq63lRh9JiJtXTAAV17ABPvxNTA8q-or0_7aQMJh__vKf9q8W6O9Z9TZMWstGkaQrDJC5lYrOolPYnurPV2C4
Pragma: no-cache
xngqoc.com/cuclc?aid=15845927697690149211&t=1683113893&s=188
185.162.85.1 175 B URL xngqoc.com/cuclc?aid=15845927697690149211&t=1683113893&s=188
IP 185.162.85.1:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash b14687334973ba1650cb6cbaad9d903f
b80f5223cf5df3a9ce97c997a104f406ba6ca87d
2ed408769954ea8449ccd1522979264eb49c01db605db3a691f2320d2540dfb4
GET /cuclc?aid=15845927697690149211&t=1683113893&s=188 HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Wed, 03 May 2023 11:38:14 GMT
content-type: text/html; charset=utf-8
content-length: 175
location: https://xml-eu-v4.webmedrtb.com/click?i=o5I-EalMBOA_0
X-Firefox-Spdy: h2
xml.clickmi.net/redirect?feed=487259&auth=Phj71x&subid=clickmi&query=clickmi&url=clickmi.net
174.137.133.17 0 B URL xml.clickmi.net/redirect?feed=487259&auth=Phj71x&subid=clickmi&query=clickmi&url=clickmi.net
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=487259&auth=Phj71x&subid=clickmi&query=clickmi&url=clickmi.net HTTP/1.1
Host: xml.clickmi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:14 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl
142.250.74.130 122 kB URL pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl
IP 142.250.74.130:0
File type ASCII text, with very long lines (4452)
Size 122 kB (122072 bytes)
Hash 3d1194ee0850dae2ddd93a1faea1df75
573b752f0120edf5e76222cf99c6cdf1c6faf6ff
d4a346a17a1e5f717273d0118d2c8525aa33047ab20d647e47b1b1e6a4c9bc1a
GET /pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 03 May 2023 11:38:14 GMT
expires: Wed, 03 May 2023 11:38:14 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 11407124078978500657
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 122072
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.pki.goog/gts1c3
142.250.74.3 472 B IP 142.250.74.3:0
Hash 23b244110c9e48121c6f9e0188310d28
1f93e8aad3e8f335181bde10a961b9b6a09e9e11
fec1cb52107775931e77fec5b69d23ce494337e239bd08c9d995aa22c59cb7f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 11:38:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xml.clickmi.net/redirect?feed=487260&auth=AaB5ql&subid=clickmia&query=clickmia&url=clickmi.net
174.137.133.17 0 B URL xml.clickmi.net/redirect?feed=487260&auth=AaB5ql&subid=clickmia&query=clickmia&url=clickmi.net
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=487260&auth=AaB5ql&subid=clickmia&query=clickmia&url=clickmi.net HTTP/1.1
Host: xml.clickmi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:14 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
thenetwork18.net/adfa.html
188.114.96.1 164 B URL thenetwork18.net/adfa.html
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 1e2d8bc1ed7f834ba1a088a30bb9af9b
dbe50ab44267589b518c5ad756803adbfcbb908f
17c5e89d7754b44d69547d9d906abad39e61771e70eac4ee34e9ec89918e5c78
GET /adfa.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww1.good-trading.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: text/html
vary: Accept-Encoding
x-iplb-request-id: A29EDEA8:7A80_D5BA2113:0050_64523C7D_6DD4:12F05
x-iplb-instance: 30877
cache-control: max-age=14400
cf-cache-status: HIT
age: 2852
last-modified: Wed, 03 May 2023 10:50:37 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3y4Lah6vJ0CylflrZ0zBFg9ZVTSd0dfM0l5syJpbqBLOApInofyRfBcQn7e9CPg2iLpXR4OXsPB66IFoCpexjYNbxSC5anvl51Wqji4tYQY8u9BO1ksNt%2FG%2B9j7t%2F70FDB%2BP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18375338bfb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3 471 B IP 142.250.74.3:0
Hash f4f11ebbb841619405ecfc1c3fa817c2
48638a670e384a52bfb088e0d750b3852ce86738
07b5d27d838b1f1168a76fa1c4b93ad790823a2090e7af4c007bf78e1e2529d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 03 May 2023 11:38:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
shopde.pricedeals.shop/redirect.php?u=aHR0cHM6Ly9uby1nby5rZWxrb29ncm91cC5uZXQvb2ZmZXJzZWFyY2hHbz8udHM9MTY4MzA4NzMyOTE5MSYuc2lnPTR0UUNNdDZubmZ2eVhGMWk4M1p6MDhkTGhsZy0mYWZmaWxpYXRpb25JZD05Njk3OTcxNCZjb21JZD0xMDA0NzUyMDImY291bnRyeT1ubyZvZmZlcklkPTQ2OTQ0M2RkNjczYjZkNDk4OTEwMWVhMWIxZTUzNzczJnNlcnZpY2U9MzcmdG9rZW5JZD01ZWIzNGVjZi1hNDJmLTRhYjMtOThlZC1iOWIwYjhiYzk4MTgmd2FpdD10cnVlJmFkZGVkUGFyYW1zPXRydWUmY3VzdG9tMT01MSY
135.181.6.240 460 B URL shopde.pricedeals.shop/redirect.php?u=aHR0cHM6Ly9uby1nby5rZWxrb29ncm91cC5uZXQvb2ZmZXJzZWFyY2hHbz8udHM9MTY4MzA4NzMyOTE5MSYuc2lnPTR0UUNNdDZubmZ2eVhGMWk4M1p6MDhkTGhsZy0mYWZmaWxpYXRpb25JZD05Njk3OTcxNCZjb21JZD0xMDA0NzUyMDImY291bnRyeT1ubyZvZmZlcklkPTQ2OTQ0M2RkNjczYjZkNDk4OTEwMWVhMWIxZTUzNzczJnNlcnZpY2U9MzcmdG9rZW5JZD01ZWIzNGVjZi1hNDJmLTRhYjMtOThlZC1iOWIwYjhiYzk4MTgmd2FpdD10cnVlJmFkZGVkUGFyYW1zPXRydWUmY3VzdG9tMT01MSY
IP 135.181.6.240:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (356)
Hash ce228b9ab3bf1e7038ac5f74cb5e1545
33cd86c3cd66e3881e5cf338f69cbd0a01ed766b
342872512befd176fae9e4979e3200bdaad8fa95d83b71ce0887bec6e18d0d32
GET /redirect.php?u=aHR0cHM6Ly9uby1nby5rZWxrb29ncm91cC5uZXQvb2ZmZXJzZWFyY2hHbz8udHM9MTY4MzA4NzMyOTE5MSYuc2lnPTR0UUNNdDZubmZ2eVhGMWk4M1p6MDhkTGhsZy0mYWZmaWxpYXRpb25JZD05Njk3OTcxNCZjb21JZD0xMDA0NzUyMDImY291bnRyeT1ubyZvZmZlcklkPTQ2OTQ0M2RkNjczYjZkNDk4OTEwMWVhMWIxZTUzNzczJnNlcnZpY2U9MzcmdG9rZW5JZD01ZWIzNGVjZi1hNDJmLTRhYjMtOThlZC1iOWIwYjhiYzk4MTgmd2FpdD10cnVlJmFkZGVkUGFyYW1zPXRydWUmY3VzdG9tMT01MSY HTTP/1.1
Host: shopde.pricedeals.shop
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:14 GMT
Server: Apache/2.4.56 (Debian)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 460
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
xml.thenetwork18.com/redirect?feed=431559&auth=SlxGEt&subid=adult&query=adult&url=adult.com
174.137.133.17 0 B URL xml.thenetwork18.com/redirect?feed=431559&auth=SlxGEt&subid=adult&query=adult&url=adult.com
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=431559&auth=SlxGEt&subid=adult&query=adult&url=adult.com HTTP/1.1
Host: xml.thenetwork18.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:14 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.thenetwork18.com/redirect?feed=480553&auth=qvE9d3&subid=main&query=basket.com&url=basket.com
174.137.133.17 0 B URL xml.thenetwork18.com/redirect?feed=480553&auth=qvE9d3&subid=main&query=basket.com&url=basket.com
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=480553&auth=qvE9d3&subid=main&query=basket.com&url=basket.com HTTP/1.1
Host: xml.thenetwork18.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:14 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
22filexstarted22.com/rtb/r/?token=e92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&q=MediaCPM%20-%20Ad%20Network&cb=cbe92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&ref=https%3A%2F%2Fmediacpm.pl%2F&fp=&_uniq=7065509038686978&version=20210311132811&instance=upd1_bhfluPmVD33dnbWOyaCiNmPWOqP
188.72.236.136 51 B URL 22filexstarted22.com/rtb/r/?token=e92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&q=MediaCPM%20-%20Ad%20Network&cb=cbe92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&ref=https%3A%2F%2Fmediacpm.pl%2F&fp=&_uniq=7065509038686978&version=20210311132811&instance=upd1_bhfluPmVD33dnbWOyaCiNmPWOqP
IP 188.72.236.136:0
File type ASCII text, with no line terminators
Hash b8952524d976e657fa964321c1421c08
4c45c62b39e9e5c0da56d9259caa896b6b9e7224
2f124c41de09abfa0f1fb64a55c1211a79a9c7566d3e77c1ab5707fdc87a31f0
GET /rtb/r/?token=e92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&q=MediaCPM%20-%20Ad%20Network&cb=cbe92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&ref=https%3A%2F%2Fmediacpm.pl%2F&fp=&_uniq=7065509038686978&version=20210311132811&instance=upd1_bhfluPmVD33dnbWOyaCiNmPWOqP HTTP/1.1
Host: 22filexstarted22.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:14 GMT
content-type: application/javascript; charset=utf-8
content-length: 51
X-Firefox-Spdy: h2
adhitzads.com/1037686
188.114.96.1 1.0 kB IP 188.114.96.1:0
File type ASCII text, with very long lines (603)
Hash 9fdf929f27b6fa2dbd74ce1cf5b273af
97b80bb8b4e884281002082e27171cb9e13f9bb1
5d1dcb769bcefbec57b60332efed64ef4733945f40741f7c493a00881813cc9f
GET /1037686 HTTP/1.1
Host: adhitzads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: adhitzads.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:14 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4YPpH1wYrznaMp1%2Fe5RfP5ZgLm30Dl5TDgBCgLRVUBgL19eWC5E3PSBcELappIpfH3aHjvraUfdaO%2FS0gPk3Wpg6ao2tUBMWLkXAh0ixyIRk291%2BtJx0xNt0UScBBiNG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837710bd9b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/js/owl.carousel.min.js
104.21.234.95 18 kB URL mediacpm.pl/landing/js/owl.carousel.min.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (14916), with no line terminators
Hash 63cb2168d43fa819a9523eaf7c5819f1
829e901e8e2304f6643aa270c595d2a45a05b91c
c0f13cb9e8a48ec689841050d336935fc00937c931d309db496c9d80cc836497
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/owl.carousel.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:07 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:31 GMT
vary: Accept-Encoding
etag: W/"62f4e50f-3a44"
cache-control: max-age=86400
cf-cache-status: HIT
age: 1904
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pYeMveepthvIVbY5oyer%2F1CG7eL5BVlZBnacRbl1bcGgrfka%2F9h%2F%2FHON1VVLZ81U6cXj87pJC7C69bzXyw7WLKRglVUpB%2FKG25Sz88us7XLCrlS7074SpIdMr17F9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183747af0600a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xngqoc.com/trt?a=1&t=1054
185.162.85.1 0 B URL xngqoc.com/trt?a=1&t=1054
IP 185.162.85.1:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /trt?a=1&t=1054 HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 03 May 2023 11:38:15 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2
xml.flurryad.com/redirect?feed=437642&auth=qKgbOv&subid=flurryad&query=flurryad&url=flurryad.com
174.137.133.16 0 B URL xml.flurryad.com/redirect?feed=437642&auth=qKgbOv&subid=flurryad&query=flurryad&url=flurryad.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=437642&auth=qKgbOv&subid=flurryad&query=flurryad&url=flurryad.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:15 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://topicology.co/tech-gadgets/5-best-laptop-accessories-to-purchase-this-year-2022/
Pragma: no-cache
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
142.250.74.130 47 kB URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (3605)
Hash 9be9dfcb46d0d9f19642e67cf0bfb3cf
1f2096f59c272e17f04c73e72f508daa91fc2564
3cd8d5d49a564ea8f4fa5012f537c08bb31f49a0caef63b6e869fa059193f27f
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 03 May 2023 11:38:15 GMT
expires: Wed, 03 May 2023 11:38:15 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 4416197593731784312
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 47066
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cloudflare.com/cdn-cgi/trace
104.16.133.229 965 B URL cloudflare.com/cdn-cgi/trace
IP 104.16.133.229:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators
Hash 11994fbd9c6bec5ef2e6691b7c94e111
d57f13c29b904605aeec7ea1c5689e8ca69efdc6
c896a3c9d7002b9a5069cd50e1bba78da556d2a22169cfc6a3095fa193d6b885
GET /cdn-cgi/trace HTTP/1.1
Host: cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:14 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 7c1837708ea9b51d-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
s.optnx.com/cimp.php?data=TVRZNE16RXhNemc1TTN3eVpURXhNREZsT0RaaVpqUTNZMk5oTmpsa1lXWmpOVEpqT1RFMk1qaGxZZy0tfGh0dHBzOi8vdC5yZWFsbGlmZWNhbS5jb20vZXQvNjFjNDRkMzY5MGMzYTJmN2FlMGQxYjg2L2hlbGxvP3JlZj1naXJsLXZpZHMudGVjaHxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGdpcmwtdmlkcy50ZWNofDI0NTY1NHw4MTM2NDJ8OTkyNzk0fDQ5Njg4ODB8NTA4fDQ4MjcwMTR8Njk3NTI4NzJ8MTV8M3wwfDB8MjUzNDR8NTM0Mjk2fDgyLjExfDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8MTZ8NHwxfHwxNjM5NDMwNjM1fGI4NjEzYWVmYWRjMTljMDNjNGYzYmU1YjgyNDFmZjUyfDF8MHxydGJmYWN0b3J5LmNvbXwwfDB8MHwwLjA5fDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfC0xfDB8MzE0MzI0NHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjoxMDkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMTEuMHx8T0t8MTI5MGI5ZThiNDQ2N2Q0YzI2YjY0ZTNhNjA3ZjRlYjA-
95.211.229.245 1.0 kB URL s.optnx.com/cimp.php?data=TVRZNE16RXhNemc1TTN3eVpURXhNREZsT0RaaVpqUTNZMk5oTmpsa1lXWmpOVEpqT1RFMk1qaGxZZy0tfGh0dHBzOi8vdC5yZWFsbGlmZWNhbS5jb20vZXQvNjFjNDRkMzY5MGMzYTJmN2FlMGQxYjg2L2hlbGxvP3JlZj1naXJsLXZpZHMudGVjaHxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGdpcmwtdmlkcy50ZWNofDI0NTY1NHw4MTM2NDJ8OTkyNzk0fDQ5Njg4ODB8NTA4fDQ4MjcwMTR8Njk3NTI4NzJ8MTV8M3wwfDB8MjUzNDR8NTM0Mjk2fDgyLjExfDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8MTZ8NHwxfHwxNjM5NDMwNjM1fGI4NjEzYWVmYWRjMTljMDNjNGYzYmU1YjgyNDFmZjUyfDF8MHxydGJmYWN0b3J5LmNvbXwwfDB8MHwwLjA5fDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfC0xfDB8MzE0MzI0NHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjoxMDkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMTEuMHx8T0t8MTI5MGI5ZThiNDQ2N2Q0YzI2YjY0ZTNhNjA3ZjRlYjA-
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1420)
Hash 3ccd7d1a66bc2c0f92d8de1f1725aceb
d3fd868c913d94b2b4b115a78e96ec185f530de6
bbb444bc6c7fbf48abe60dde0cbd127b291d8917e1b067aadabdc76d8ae09576
GET /cimp.php?data=TVRZNE16RXhNemc1TTN3eVpURXhNREZsT0RaaVpqUTNZMk5oTmpsa1lXWmpOVEpqT1RFMk1qaGxZZy0tfGh0dHBzOi8vdC5yZWFsbGlmZWNhbS5jb20vZXQvNjFjNDRkMzY5MGMzYTJmN2FlMGQxYjg2L2hlbGxvP3JlZj1naXJsLXZpZHMudGVjaHxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGdpcmwtdmlkcy50ZWNofDI0NTY1NHw4MTM2NDJ8OTkyNzk0fDQ5Njg4ODB8NTA4fDQ4MjcwMTR8Njk3NTI4NzJ8MTV8M3wwfDB8MjUzNDR8NTM0Mjk2fDgyLjExfDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8MTZ8NHwxfHwxNjM5NDMwNjM1fGI4NjEzYWVmYWRjMTljMDNjNGYzYmU1YjgyNDFmZjUyfDF8MHxydGJmYWN0b3J5LmNvbXwwfDB8MHwwLjA5fDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfC0xfDB8MzE0MzI0NHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjoxMDkuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMTEuMHx8T0t8MTI5MGI5ZThiNDQ2N2Q0YzI2YjY0ZTNhNjA3ZjRlYjA- HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22645247a798f580.985258471392824623%22%3B%7D; expires=Fri, 02 May 2025 11:38:15 GMT; path=; domain=.optnx.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cdn.cryptobrowser.store/media/pb/632/c6b9be68834f4e3386e3ca5710d3868e.gif
188.114.97.1 336 kB URL cdn.cryptobrowser.store/media/pb/632/c6b9be68834f4e3386e3ca5710d3868e.gif
IP 188.114.97.1:0
File type GIF image data, version 89a, 728 x 90\012- data
Size 336 kB (335927 bytes)
Hash fc98832ed05da499d50af5e92dbfde1d
4c024d7efc17c697f7507711fcc3771ecdafdc46
0f5a2990a518aad988209b2b6bf4ead7e402f7e8d9436ed2139e5584a42c8316
GET /media/pb/632/c6b9be68834f4e3386e3ca5710d3868e.gif HTTP/1.1
Host: cdn.cryptobrowser.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cryptobrowser.store
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:15 GMT
content-type: image/gif
content-length: 335927
etag: "5dd7f05a-52037"
last-modified: Fri, 22 Nov 2019 14:27:38 GMT
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: HIT
age: 5985
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GsnQPIwtfzLRP2aJO58ZX3jax7ZUPUP0%2FvR7BfwtRKoS7x%2FcoxOuHBdrTBQ3sxz%2FZt9GnPLTeSREGZBLq7ZH7ZlfsPIxUlppEa2f21zo8rNDSqh57WDX%2F9tqr3K9Xzl1K%2FlNzqpy47g2Lw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c183778aafb0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
syndication.realsrv.com/vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx648tdlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hfprgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fNrzy8eeHPv17tcuTvFtt3l0a4ePHLlz7MeW9cEk9LlVUE0q9VbFdlWfHXBJPS5VVBNKvBLaxHA2vS4xVNLnw10uOuUuUr1QVuLvzVVysSOZ3Xcdz00ze2ulhuCV7c1NJrYbZjmaiz4a4G5nXXKc.GuBuNiVuCV5edh5zPhrtgbcmXctclrz1uU0zUtTNuZ64G22K2GnJa3Kc.WuBtpimmByleqaylpzPhrlmqapgnrz4a4JWpnpYK5l5Jm3M.GutyqteSZtzPhrpcegmlXecmlYkcXgbz58enPl05a56Zr8F6q2K7Ks9vHXA3OxTXK5Tnw1tQV4LvOTSsSOLwN58.PTny6dNcrlbDVkFeC89M1.C9eE7meuVythqyCvBeema_BdtypqmCeuCaXPWw2zHM1Eva5TnrgknpcqqgmlXYjjXgltYjgbXpcYqmlqz4a6rGeWfDXVYzzz4a6mqYJ6168J3M9dTVME9a8rEjmeupqmCete1ynPWzTNdU5Sva5Tnw12058NcEtblMrEefDXLMu7ZK3Vnw1wN0uVTzS1QWuLxsYTWV58NcDclkdcGM0rmfDW5IxBGvBVPnw11NUwT1rtuVsQR59tdTVME9a9rlNUE0ufHXbZZA3nx7eOfHjz8eeXHt28ce_Hx049unXl07sdG3G.HHXXBI5VWxJPnx7eOfHjz8eeWtqaaKBxqaWpyWvPj
95.211.229.246 20 B URL syndication.realsrv.com/vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx648tdlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hfprgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fNrzy8eeHPv17tcuTvFtt3l0a4ePHLlz7MeW9cEk9LlVUE0q9VbFdlWfHXBJPS5VVBNKvBLaxHA2vS4xVNLnw10uOuUuUr1QVuLvzVVysSOZ3Xcdz00ze2ulhuCV7c1NJrYbZjmaiz4a4G5nXXKc.GuBuNiVuCV5edh5zPhrtgbcmXctclrz1uU0zUtTNuZ64G22K2GnJa3Kc.WuBtpimmByleqaylpzPhrlmqapgnrz4a4JWpnpYK5l5Jm3M.GutyqteSZtzPhrpcegmlXecmlYkcXgbz58enPl05a56Zr8F6q2K7Ks9vHXA3OxTXK5Tnw1tQV4LvOTSsSOLwN58.PTny6dNcrlbDVkFeC89M1.C9eE7meuVythqyCvBeema_BdtypqmCeuCaXPWw2zHM1Eva5TnrgknpcqqgmlXYjjXgltYjgbXpcYqmlqz4a6rGeWfDXVYzzz4a6mqYJ6168J3M9dTVME9a8rEjmeupqmCete1ynPWzTNdU5Sva5Tnw12058NcEtblMrEefDXLMu7ZK3Vnw1wN0uVTzS1QWuLxsYTWV58NcDclkdcGM0rmfDW5IxBGvBVPnw11NUwT1rtuVsQR59tdTVME9a9rlNUE0ufHXbZZA3nx7eOfHjz8eeXHt28ce_Hx049unXl07sdG3G.HHXXBI5VWxJPnx7eOfHjz8eeWtqaaKBxqaWpyWvPj
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx648tdlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hfprgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fNrzy8eeHPv17tcuTvFtt3l0a4ePHLlz7MeW9cEk9LlVUE0q9VbFdlWfHXBJPS5VVBNKvBLaxHA2vS4xVNLnw10uOuUuUr1QVuLvzVVysSOZ3Xcdz00ze2ulhuCV7c1NJrYbZjmaiz4a4G5nXXKc.GuBuNiVuCV5edh5zPhrtgbcmXctclrz1uU0zUtTNuZ64G22K2GnJa3Kc.WuBtpimmByleqaylpzPhrlmqapgnrz4a4JWpnpYK5l5Jm3M.GutyqteSZtzPhrpcegmlXecmlYkcXgbz58enPl05a56Zr8F6q2K7Ks9vHXA3OxTXK5Tnw1tQV4LvOTSsSOLwN58.PTny6dNcrlbDVkFeC89M1.C9eE7meuVythqyCvBeema_BdtypqmCeuCaXPWw2zHM1Eva5TnrgknpcqqgmlXYjjXgltYjgbXpcYqmlqz4a6rGeWfDXVYzzz4a6mqYJ6168J3M9dTVME9a8rEjmeupqmCete1ynPWzTNdU5Sva5Tnw12058NcEtblMrEefDXLMu7ZK3Vnw1wN0uVTzS1QWuLxsYTWV58NcDclkdcGM0rmfDW5IxBGvBVPnw11NUwT1rtuVsQR59tdTVME9a9rlNUE0ufHXbZZA3nx7eOfHjz8eeXHt28ce_Hx049unXl07sdG3G.HHXXBI5VWxJPnx7eOfHjz8eeWtqaaKBxqaWpyWvPj HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww1.good-trading.com/
Connection: keep-alive
Cookie: impressions=bxaoccxansgxabseomrcbgxcceibxclolxcnxgxabseomrcbgxcceimrxccoscnogxabseobsbagxcceimrxccosenogxabseobsbmgxcceibxscllmanxgxabsessbregxcceibxscllacnxgxabsecxobsgxcceibxscllbcnxgxabsecreeegxcceibxscllrbnxgxabsecrxecgxcceibxscllbenxgxabserelmmgxcceimrmaobxansgxabseroxrmgxcceimaxecocbnxgxabserorscgxcceimxeemlebnxgxabserlrlagxcceibxscllmenxgxabseaellrgxcceimocbmmacnxgxabseambxegxcceisooloabsnxgxabseambxegxcceibxxxcslenxgxabseabamagxcceibxeslaocnxgxabseabamagxcceimbbcemoanxgxabsxelmocgxcceixaoosscrnxgxabsxxexbmgxcceimeelaclonxgxabsxxexbmgxcceimxeemleonxgxabsxxexbmgxcceixaoossalnxgxabsxxexbmgxcceibeoabmsanxgxabsxxexbmgxcceibxbmsebonxgxabsxxsbblgxcceibxbmsemcnxgxabsxxsblsgxcce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin:
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
xml.clixvista.com/redirect?feed=536488&auth=j6mN1x&subid=clixvista&query=best+deals&url=clixvista.com
198.134.116.28 0 B URL xml.clixvista.com/redirect?feed=536488&auth=j6mN1x&subid=clixvista&query=best+deals&url=clixvista.com
IP 198.134.116.28:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=536488&auth=j6mN1x&subid=clixvista&query=best+deals&url=clixvista.com HTTP/1.1
Host: xml.clixvista.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:15 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
adservice.google.no/adsid/integrator.js?domain=mediacpm.pl
142.250.74.130 100 B URL adservice.google.no/adsid/integrator.js?domain=mediacpm.pl
IP 142.250.74.130:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=mediacpm.pl HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 03 May 2023 11:38:16 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
adservice.google.com/adsid/integrator.js?domain=mediacpm.pl
142.250.74.34 100 B URL adservice.google.com/adsid/integrator.js?domain=mediacpm.pl
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=mediacpm.pl HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: adservice.google.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 03 May 2023 11:38:16 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
syndication.realsrv.com/splash.php?idzone=3981938
95.211.229.245 2.6 kB URL syndication.realsrv.com/splash.php?idzone=3981938
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1554)
Hash 8232a1326ef8ef9abe355f5a45b6f9cb
eaaad0e9c2bb416fc8ed6db7d6de36bf46ceab31
89f737e0fdd54aefb61c126e1b81072fcfd6bd2bfc84bb44931c6557ce9af27b
GET /splash.php?idzone=3981938 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww0.eurosptp.com/
Origin: https://ww0.eurosptp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:16 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22645247a8375038.367301163492977625%22%3B%7D; expires=Fri, 02 May 2025 11:38:16 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C3981938%7C81873078%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cww0.eurosptp.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 04 May 2023 11:38:16 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://ww0.eurosptp.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
tr.cryptobrowser.site/api/v2/an/bn/
185.173.160.143 0 B URL tr.cryptobrowser.site/api/v2/an/bn/
IP 185.173.160.143:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /api/v2/an/bn/ HTTP/1.1
Host: tr.cryptobrowser.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://get.cryptobrowser.site/
Origin: https://get.cryptobrowser.site
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 03 May 2023 11:38:16 GMT
access-control-allow-credentials: true
access-control-allow-headers: Origin,Content-Type,Accept,X-CB-Data
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: https://get.cryptobrowser.site
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230501&st=env
142.250.74.130 11 kB URL pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230501&st=env
IP 142.250.74.130:0
File type JSON data\012- , ASCII text, with very long lines (14941), with no line terminators
Hash 9e1584f9bd7b71fb4fd3a9d225058112
a524d52a5c22745ae27dcf6eb5c28c89d77a601d
1c2f054ce030feddf94b352003e8236d02d30f4d6a131e34115404601fde17aa
GET /getconfig/sodar?sv=200&tid=gda&tv=r20230501&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Wed, 03 May 2023 11:38:16 GMT
server: cafe
content-length: 11274
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
tr.cryptobrowser.site/api/v2/an/bn/
185.173.160.143 0 B URL tr.cryptobrowser.site/api/v2/an/bn/
IP 185.173.160.143:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/an/bn/ HTTP/1.1
Host: tr.cryptobrowser.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=UTF-8
Content-Length: 83
Origin: https://get.cryptobrowser.site
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:16 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://get.cryptobrowser.site
vary: Origin, Accept-Encoding
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
t4.lowtid.com/o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=8INWTLfDKBM_0&s=500268_443250
51.161.115.163 0 B URL t4.lowtid.com/o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=8INWTLfDKBM_0&s=500268_443250
IP 51.161.115.163:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=8INWTLfDKBM_0&s=500268_443250 HTTP/1.1
Host: t4.lowtid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:16 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12sdrz1osp
Raund: 2ql
Location: https://go.savethereef.xyz/redirect?feed=491151&url=t4.lowtid.com&subid=custom_123j1djb25.no.linux.firefox&query=500268_443250&pub_clickid=645247a86ab30a45d342ac68&default_url=https%3A%2F%2Ft5.hightid.com%2Fl.php%3Fp%3Dc%3Ata9_53qhga_rsxmy1%26d%3D63c8043c495b371a0335667c%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D
ocsp.sectigo.com/
172.64.155.188 471 B IP 172.64.155.188:0
Hash 1e74c45b19c5830341fb33229ab7b6f3
8f2785adf972536d221c31b39a7cccd74b134b8b
c674d66b96c5d6a78ab66a96df9935ec2cb8e24bee26eb65b5d6cac12bb353cc
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:16 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 03 May 2023 06:28:17 GMT
Expires: Wed, 10 May 2023 06:28:16 GMT
Etag: "8f2785adf972536d221c31b39a7cccd74b134b8b"
Cache-Control: max-age=585599,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c18377e4c12b505-OSL
adhitzads.com/1037686
188.114.96.1 966 B IP 188.114.96.1:0
File type ASCII text, with very long lines (603)
Hash 2262e6e947673eb65ea72c354fe3222e
c451bf2b8367df5244588b54d25bd0b343bd31a0
c75d4daae70078b33e6fd3cd20e64c8899531b121aa6ea4151088888f551ba95
GET /1037686 HTTP/1.1
Host: adhitzads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: adhitzads.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:07 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kOW4Icf6DFj07M1LVwFye1iQtBJGtM2dz7%2BxSPTpVxtaHmlwyktpUGlDSmaVTanaHQ8q7Lu5AR1bMliJtLI09E1ZkCwgYS9PlFPTHNE%2FqfP5e9J6ToK5MVCA9rbGOtiL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837479e4bb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml-eu-v4.webmedrtb.com/click?i=o5I-EalMBOA_0
77.245.57.64 0 B URL xml-eu-v4.webmedrtb.com/click?i=o5I-EalMBOA_0
IP 77.245.57.64:0
ASN #36057 WEBAIR-INTERNET-MTL
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=o5I-EalMBOA_0 HTTP/1.1
Host: xml-eu-v4.webmedrtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:16 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cngcpy.com/cuhdl?wh=MS9RKSYOsDOD7jbbc39Ni1Cy&si1=503548
Pragma: no-cache
cdn.cryptobrowser.store/media/pb/632/c6b9be68834f4e3386e3ca5710d3868e.gif
188.114.97.1 336 kB URL cdn.cryptobrowser.store/media/pb/632/c6b9be68834f4e3386e3ca5710d3868e.gif
IP 188.114.97.1:0
File type GIF image data, version 89a, 728 x 90\012- data
Size 336 kB (335927 bytes)
Hash fc98832ed05da499d50af5e92dbfde1d
4c024d7efc17c697f7507711fcc3771ecdafdc46
0f5a2990a518aad988209b2b6bf4ead7e402f7e8d9436ed2139e5584a42c8316
GET /media/pb/632/c6b9be68834f4e3386e3ca5710d3868e.gif HTTP/1.1
Host: cdn.cryptobrowser.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cryptobrowser.store
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:16 GMT
content-type: image/gif
content-length: 335927
etag: "5dd7f05a-52037"
last-modified: Fri, 22 Nov 2019 14:27:38 GMT
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: HIT
age: 5986
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TSK6bTbORKaaQpDHsBMiT2bJ8cQwozNEZDocN%2FR6R9X7EthQ8DVMXlC%2Bj9BP5xu6w%2FqEbV1bNt35a7ebYOrXWChFimglaC7O0GOGWaWfG0j3vz6YNWPguexOB0IKa2ExMPXpvm3xv9M68w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18377f69eb0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
22filexstarted22.com/rtb/r/?token=e92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&q=MediaCPM%20-%20Ad%20Network&cb=cbe92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&ref=https%3A%2F%2Fmediacpm.pl%2F&fp=&_uniq=4440379266465756&version=20210311132811&instance=main_uxp9Lf422DpOZ45Beh6ez74rO97
188.72.236.136 51 B URL GET 22filexstarted22.com/rtb/r/?token=e92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&q=MediaCPM%20-%20Ad%20Network&cb=cbe92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&ref=https%3A%2F%2Fmediacpm.pl%2F&fp=&_uniq=4440379266465756&version=20210311132811&instance=main_uxp9Lf422DpOZ45Beh6ez74rO97
IP 188.72.236.136:0
Certificate IssuerLet's Encrypt
Subject22filexstarted22.com
FingerprintA5:9C:8E:00:94:0C:78:D3:49:92:DB:56:1D:16:AF:B0:AE:AC:02:5F
ValiditySun, 05 Mar 2023 06:34:34 GMT - Sat, 03 Jun 2023 06:34:33 GMT
File type ASCII text, with no line terminators
Hash b8952524d976e657fa964321c1421c08
4c45c62b39e9e5c0da56d9259caa896b6b9e7224
2f124c41de09abfa0f1fb64a55c1211a79a9c7566d3e77c1ab5707fdc87a31f0
GET /rtb/r/?token=e92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&q=MediaCPM%20-%20Ad%20Network&cb=cbe92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&ref=https%3A%2F%2Fmediacpm.pl%2F&fp=&_uniq=4440379266465756&version=20210311132811&instance=main_uxp9Lf422DpOZ45Beh6ez74rO97 HTTP/1.1
Host: 22filexstarted22.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:16 GMT
content-type: application/javascript; charset=utf-8
content-length: 51
X-Firefox-Spdy: h2
syndication.realsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx649tdlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hfxrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.bXPvzb8tce3flw6dXevljsyw5z5t9Henjz5564JJ6XKqoJpV6q2K7Ks.OuCSelyqqCaVeCW1iOBtelxiqaXPhrpcdcpcpXqgrcXfmqrlYkczuu4bnLKZqp659zU0mthtmOZqLPhrgbmddcpz4a4G42JW4JXl52HnM.Gty9xqyuCaVeuCRzPhu4cdcDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58.PTny6ctc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.fHpz5dOmuVythqyCvBeema_BevCdzPXK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8NdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrsqcpXaYnnglez467KnKV2mJ54JXl3aXKLHJWsM.PTpw1uSMQRrwVT58NdTVME9a7blbEEefbXU1TBPWva5TVBNLnx1s2Ux567bLIG8.Pbxz48efjz24.fPPv358OHLt068undjxz89XPGuuCRyqtiSfPj28c.PHn489tbU00UDjU0tTktefGA
95.211.229.246 20 B URL syndication.realsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx649tdlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hfxrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.bXPvzb8tce3flw6dXevljsyw5z5t9Henjz5564JJ6XKqoJpV6q2K7Ks.OuCSelyqqCaVeCW1iOBtelxiqaXPhrpcdcpcpXqgrcXfmqrlYkczuu4bnLKZqp659zU0mthtmOZqLPhrgbmddcpz4a4G42JW4JXl52HnM.Gty9xqyuCaVeuCRzPhu4cdcDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58.PTny6ctc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.fHpz5dOmuVythqyCvBeema_BevCdzPXK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8NdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrsqcpXaYnnglez467KnKV2mJ54JXl3aXKLHJWsM.PTpw1uSMQRrwVT58NdTVME9a7blbEEefbXU1TBPWva5TVBNLnx1s2Ux567bLIG8.Pbxz48efjz24.fPPv358OHLt068undjxz89XPGuuCRyqtiSfPj28c.PHn489tbU00UDjU0tTktefGA
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx649tdlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hfxrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.bXPvzb8tce3flw6dXevljsyw5z5t9Henjz5564JJ6XKqoJpV6q2K7Ks.OuCSelyqqCaVeCW1iOBtelxiqaXPhrpcdcpcpXqgrcXfmqrlYkczuu4bnLKZqp659zU0mthtmOZqLPhrgbmddcpz4a4G42JW4JXl52HnM.Gty9xqyuCaVeuCRzPhu4cdcDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58.PTny6ctc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.fHpz5dOmuVythqyCvBeema_BevCdzPXK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8NdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrsqcpXaYnnglez467KnKV2mJ54JXl3aXKLHJWsM.PTpw1uSMQRrwVT58NdTVME9a7blbEEefbXU1TBPWva5TVBNLnx1s2Ux567bLIG8.Pbxz48efjz24.fPPv358OHLt068undjxz89XPGuuCRyqtiSfPj28c.PHn489tbU00UDjU0tTktefGA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww0.eurosptp.com/
Connection: keep-alive
Cookie: impressions=bxaoccxansgxabseomrcbgxcceibxclolxcnxgxabseomrcbgxcceimrxccoscnogxabseobsbagxcceimrxccosenogxabseobsbmgxcceibxscllmanxgxabsessbregxcceibxscllacnxgxabsecxobsgxcceibxscllbcnxgxabsecreeegxcceibxscllrbnxgxabsecrxecgxcceibxscllbenxgxabserelmmgxcceimrmaobxansgxabseroxrmgxcceimaxecocbnxgxabserorscgxcceimxeemlebnxgxabserlrlagxcceibxscllmenxgxabseaellrgxcceimocbmmacnxgxabseambxegxcceisooloabsnxgxabseambxegxcceibxxxcslenxgxabseabamagxcceibxeslaocnxgxabseabamagxcceimbbcemoanxgxabsxelmocgxcceixaoosscrnxgxabsxxexbmgxcceimeelaclonxgxabsxxexbmgxcceimxeemleonxgxabsxxexbmgxcceixaoossalnxgxabsxxexbmgxcceibeoabmsanxgxabsxxexbmgxcceibxbmsebonxgxabsxxsbblgxcceibxbmsemcnxgxabsxxsblsgxcce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin:
Access-Control-Allow-Credentials: true
Set-Cookie: impressions=bxaoccxansgxabseomrcbgxcceibxclolxcnxgxabseomrcbgxcceimrxccoscnogxabseobsbagxcceimrxccosenogxabseobsbmgxcceibxscllmanxgxabsessbregxcceibxscllacnxgxabsecxobsgxcceibxscllbcnxgxabsecreeegxcceibxscllrbnxgxabsecrxecgxcceibxscllbenxgxabserelmmgxcceimrmaobxansgxabseroxrmgxcceimaxecocbnxgxabserorscgxcceimxeemlebnxgxabserlrlagxcceibxscllmenxgxabseaellrgxcceimocbmmacnxgxabseambxegxcceisooloabsnxgxabseambxegxcceibxxxcslenxgxabseabamagxcceibxeslaocnxgxabseabamagxcceimbbcemoanxgxabsxelmocgxcceixaoosscrnxgxabsxxexbmgxcceimeelaclonxgxabsxxexbmgxcceimxeemleonxgxabsxxexbmgxcceixaoossalnxgxabsxxexbmgxcceibeoabmsanxgxabsxxexbmgxcceibxbmsebonxgxabsxxsbblgxcceibxbmsemcnxgxabsxxsblsgxcceibxbmsembnxgxabsxxsblmgxcce; expires=Thu, 04 May 2023 11:38:17 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
click.mediacpc.com/redirect?feed=441597&auth=K62AKr&subid=mediamain&query=main&url=media.com
174.137.133.18 0 B URL click.mediacpc.com/redirect?feed=441597&auth=K62AKr&subid=mediamain&query=main&url=media.com
IP 174.137.133.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=441597&auth=K62AKr&subid=mediamain&query=main&url=media.com HTTP/1.1
Host: click.mediacpc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:17 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://track.trackingtraffo.com/pop/imp?auth=mz3u78&c=6IduY9M6ZFHyFWf6TU315AU1_RXZBj4P9DpHURCHD4INKz4ChKHIJZm4hgCRLV9TGD80WE_h4EmNQV10QQSuK1jURYImub1TzRQGPlrxmJACd6Ij3Y9t6gqHHycOZPQB8i4G4vdTZbH5GsgsWAKoS6hWmf0FxfHd6FGJ9GDlu3ZyYdq_vxvh6ynzYu3wTV0rV1OaHhFUrEJgP9m5-IwIlSVe1A3G3TG1tLj5YdTdN2nufxPgR12t6NK5RM9Qsg_TziK6UcgE1BP3k_mapTWfGCcOK90Q7vQRtMmGUddmKWpp4oMWf_uqnFP1apGCJKet6-gM4TFK1XFfNjXosFIAm2iHKMAL6Rf5jkiaAxzSM5AIEBRIyk0tR6G0qC8AZKGp_-UNSME71FzuhUmqJ-iMqzCAhr-csZSjZRkR8ZFjHfoRiF4ccQ1lKlYH7jTclcJ3hIOJXdg_251xdo2dJRGwuUf_I-vbEbjX3V5n_tjquh-Sg82Lg_oAgq937yiiIcg4Qcwfv2VACUOJ1D9SCxnOEhTFysqU-p0pf7iDQNrY3n91Amux1HlWUbEzmDtw3afHBSRt7tpiAEHRFC_dVZnEYEmOlaKMxgmqqBtUL8lrJXL8sKzMwSRgBgeOGYmsoVPZhAXow-ZZQucHxbSyVorT1Anktek8IGfnfD3umf9bi_hOnh5PEV6vgQ
Pragma: no-cache
track.trackingtraffo.com/pop/imp?auth=mz3u78&c=ws0PIPSG-kyeqLe8Twp3IHVcGofgDabkLZWZTCpZBkzNok4_hbzMeEiWryymLINe3DSTLanRI2yTnDZ-hBlss_7pyP58x8d_qSPYOp_lKN3-nLcUai_Hn1DrIv1JzgN1pJrAqGGz9-0TtUohtdNg9KJ1NnIevkS5peCAoikzfmPCoPU8TC-TmcuyGRDhY5NjcbDSTCDMAUYyktePup0YK0LiMVa7fUapSlAPuyRFdzw-VW-MVirjEwPyU-DjTC19e9liLzCkXfy5F35usAjezFiztVj_-1Wp1_ZR3_pWwi6KxhQa_KVruqViovpajL57Sipufp6UCdZWspWJdIiRy7zpB_KNkKTzN5fBuv922KxtRsQvlBHucmBPw6JHRFVznnuIu1mjwqfwL9AhaK2Rg33qFjAFdViXTEfopusuxb3pl6nLvc9Z3aUMtUP7TnVVs3PjeVpwqbotfaGGguzYY6DV_uLhy9hKPxoN27ADyv654zkTePO6K4X9mjq58-sR17OrEDrUCVX7Vhkl4moi85CdQUua6els3zHn-8pJ_iM1Gk-73Eo8P5Qq63lRh9JiJtXTAAV17ABPvxNTA8q-or0_7aQMJh__vKf9q8W6O9Z9TZMWstGkaQrDJC5lYrOolPYnurPV2C4
88.214.206.175 0 B URL track.trackingtraffo.com/pop/imp?auth=mz3u78&c=ws0PIPSG-kyeqLe8Twp3IHVcGofgDabkLZWZTCpZBkzNok4_hbzMeEiWryymLINe3DSTLanRI2yTnDZ-hBlss_7pyP58x8d_qSPYOp_lKN3-nLcUai_Hn1DrIv1JzgN1pJrAqGGz9-0TtUohtdNg9KJ1NnIevkS5peCAoikzfmPCoPU8TC-TmcuyGRDhY5NjcbDSTCDMAUYyktePup0YK0LiMVa7fUapSlAPuyRFdzw-VW-MVirjEwPyU-DjTC19e9liLzCkXfy5F35usAjezFiztVj_-1Wp1_ZR3_pWwi6KxhQa_KVruqViovpajL57Sipufp6UCdZWspWJdIiRy7zpB_KNkKTzN5fBuv922KxtRsQvlBHucmBPw6JHRFVznnuIu1mjwqfwL9AhaK2Rg33qFjAFdViXTEfopusuxb3pl6nLvc9Z3aUMtUP7TnVVs3PjeVpwqbotfaGGguzYY6DV_uLhy9hKPxoN27ADyv654zkTePO6K4X9mjq58-sR17OrEDrUCVX7Vhkl4moi85CdQUua6els3zHn-8pJ_iM1Gk-73Eo8P5Qq63lRh9JiJtXTAAV17ABPvxNTA8q-or0_7aQMJh__vKf9q8W6O9Z9TZMWstGkaQrDJC5lYrOolPYnurPV2C4
IP 88.214.206.175:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pop/imp?auth=mz3u78&c=ws0PIPSG-kyeqLe8Twp3IHVcGofgDabkLZWZTCpZBkzNok4_hbzMeEiWryymLINe3DSTLanRI2yTnDZ-hBlss_7pyP58x8d_qSPYOp_lKN3-nLcUai_Hn1DrIv1JzgN1pJrAqGGz9-0TtUohtdNg9KJ1NnIevkS5peCAoikzfmPCoPU8TC-TmcuyGRDhY5NjcbDSTCDMAUYyktePup0YK0LiMVa7fUapSlAPuyRFdzw-VW-MVirjEwPyU-DjTC19e9liLzCkXfy5F35usAjezFiztVj_-1Wp1_ZR3_pWwi6KxhQa_KVruqViovpajL57Sipufp6UCdZWspWJdIiRy7zpB_KNkKTzN5fBuv922KxtRsQvlBHucmBPw6JHRFVznnuIu1mjwqfwL9AhaK2Rg33qFjAFdViXTEfopusuxb3pl6nLvc9Z3aUMtUP7TnVVs3PjeVpwqbotfaGGguzYY6DV_uLhy9hKPxoN27ADyv654zkTePO6K4X9mjq58-sR17OrEDrUCVX7Vhkl4moi85CdQUua6els3zHn-8pJ_iM1Gk-73Eo8P5Qq63lRh9JiJtXTAAV17ABPvxNTA8q-or0_7aQMJh__vKf9q8W6O9Z9TZMWstGkaQrDJC5lYrOolPYnurPV2C4 HTTP/1.1
Host: track.trackingtraffo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 03 May 2023 11:38:17 GMT
Content-Length: 0
Connection: keep-alive
Location: https://plinksplanet.com/click.php?key=ton7p9rlyxwdhpui7in5&clickid=a5a639d1-5457-4d1b-9c92-e310f3f8eea2&cost=0.0036&PUB_ID=118&SUB_ID=206736&KEYWORD=adzgamea&SUBSCRIBER_AGE=0&SUBSCRIBER_DATE=2023-05-03&BID_PUB=0.0036&CR_ID=361615&PUB_NAME=Yeesshh-POP 2
xml.thenetwork18.com/redirect?feed=417207&auth=WBnpsR&subid=main&query=main&url=main.com
174.137.133.17 0 B URL xml.thenetwork18.com/redirect?feed=417207&auth=WBnpsR&subid=main&query=main&url=main.com
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=417207&auth=WBnpsR&subid=main&query=main&url=main.com HTTP/1.1
Host: xml.thenetwork18.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:17 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
cdn.cryptobrowser.store/media/pb/881/b32217a5c7374c14913dbbbb1016e5e6.png
188.114.97.1 11 kB URL cdn.cryptobrowser.store/media/pb/881/b32217a5c7374c14913dbbbb1016e5e6.png
IP 188.114.97.1:0
File type PNG image data, 728 x 90, 8-bit colormap, non-interlaced\012- data
Hash 5ac9b265e5949f9c0940198a339a21c5
7926e6b31e753115be7c2f032217f37a6c2f9fa0
d1ae19ad76f1a0e3a08f2f288643268dcebd2eda47460118d9d0e2267d588387
GET /media/pb/881/b32217a5c7374c14913dbbbb1016e5e6.png HTTP/1.1
Host: cdn.cryptobrowser.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cryptobrowser.store
Connection: keep-alive
Referer: https://cryptotabbrowser.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:17 GMT
content-type: image/png
content-length: 10639
etag: "5f1b01b5-298f"
last-modified: Fri, 24 Jul 2020 15:43:49 GMT
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R2gvs32zY%2BMCMV2jCEWvZWz%2F9%2FPD3mE0H40m7k9L1JDuCwNKR4eV95iDUBA2Pb7iEyrZmNSBz%2BrpSlZmOp%2FD6r79fTpCv5FPf6XTBqMrQNQa%2B6uoFJEG%2BkCl8cWL12QJEj2%2BA6W6KKlLqg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837820cfc0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.cryptobrowser.store/media/pb/1277/e82800f33d50406a92684ad4b45ec30e.png
188.114.97.1 11 kB URL cdn.cryptobrowser.store/media/pb/1277/e82800f33d50406a92684ad4b45ec30e.png
IP 188.114.97.1:0
File type PNG image data, 728 x 90, 8-bit colormap, non-interlaced\012- data
Hash 426c545dca26d82eb1d43caf074572f7
ba33de172fd663d9b66e17c856944e7f9007e7ce
aad4023eed05ba4529ffc893cc94634a31dafd85c3da16f5c05bea850054d733
GET /media/pb/1277/e82800f33d50406a92684ad4b45ec30e.png HTTP/1.1
Host: cdn.cryptobrowser.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cryptobrowser.store
Connection: keep-alive
Referer: https://cryptotabbrowser.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:17 GMT
content-type: image/png
content-length: 11006
etag: "6138b2b8-2afe"
last-modified: Wed, 08 Sep 2021 12:55:20 GMT
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rEdJXiD8tqiXVD80b%2Bfs%2FrPL%2FzV4Ugtkqa2bBmqIuROV2g%2BXj9XFg6kVjN7YI4awvUzpNRJYPNJrWiAvZtxiV4B3CI%2BCz5TQnjuZ%2Fj%2FZPgY4ThjaNC05oYQitnfIYK%2BKxJrC9XANgmAp0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837825d530afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cadrctlnk.com/in/p/?spot_id=328702&cat=25&sub_id=149296894
109.206.182.60 13 kB URL cadrctlnk.com/in/p/?spot_id=328702&cat=25&sub_id=149296894
IP 109.206.182.60:0
Hash 762cff2bd02ea0deeb1690cfd34ca4b9
1291651d01ed18c663b42d374a7b9fd5ac91a79a
4220a790a218c349d2b81ed194d9756216ee18bf394cdba86f8978b766227661
GET /in/p/?spot_id=328702&cat=25&sub_id=149296894 HTTP/1.1
Host: cadrctlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Wed, 03 May 2023 11:38:14 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding, *
set-cookie: 1095.0=1; expires=Thu, 04 May 2023 11:38:15 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
mediacpm.pl/landing/js/jquery.min.js
104.21.234.95 32 kB URL mediacpm.pl/landing/js/jquery.min.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (65450), with CRLF line terminators
Hash efd61e7e054a3073ad2908b5765f4cc1
86fe7d0fe86d56ed80db3506125cf52428c1a029
39236763fe02bf2142a43fcb6bd2875b6ce96e3b67c55c053b9d43a78e039d21
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/jquery.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:17 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:26 GMT
vary: Accept-Encoding
etag: W/"62f4e50a-15853"
cache-control: max-age=86400
cf-cache-status: HIT
age: 1914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vXjWrbVVoo5uZku1bVJ3O7JCzYe6pLEg5UBwy86OFw9MeVngg%2F79oygxfBgL4CpXajr3WzDeteOtaDq0737zzekYSpmzU%2FLR2EF6u2jm%2B%2F44Nv%2B33A8CznLj80Imrg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183780bef400a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
get.cryptobrowser.site/pb/2/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
104.26.6.17 11 kB URL get.cryptobrowser.site/pb/2/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en
IP 104.26.6.17:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (64874)
Hash 847a3f755b6b2f6cf19acfb35ea0a292
f88152c9b88b5069fc78ba3b8ced8de049808ad6
91a8d38066bb5e70868b42418b21744ed8646ba3bf60db97b873cc827af3621c
GET /pb/2/16224264/?t=simple%2Ctext%2Cpro%2Cmobile&l=en HTTP/1.1
Host: get.cryptobrowser.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.yofaurls.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:16 GMT
content-type: text/html; charset=utf-8
content-language: en
vary: Accept-Language, Cookie, Accept-Encoding
strict-transport-security: max-age=15768000
cache-control: max-age=3600
cf-cache-status: HIT
age: 5594
last-modified: Wed, 03 May 2023 10:05:02 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J6iTvxm1torVR2Zbz9wv2pk1Ek9icx80bgpxStSCjJui8I1HHh9TMfM4mYJku%2BKP8PStZ1mA46KudaGfFFOJLvM2%2FlNXyuEiA3y9tFIABqcz8eLojAZIeb5dgMDMb9x2UoaHKVIACew%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18377ec8ebb4f3-OSL
content-encoding: br
X-Firefox-Spdy: h2
no-go.kelkoogroup.net/offersearchGo?.ts=1683087329191&.sig=4tQCMt6nnfvyXF1i83Zz08dLhlg-&affiliationId=96979714&comId=100475202&country=no&offerId=469443dd673b6d4989101ea1b1e53773&service=37&tokenId=5eb34ecf-a42f-4ab3-98ed-b9b0b8bc9818&wait=true&addedParams=true&custom1=51&
95.211.116.26 30 kB URL no-go.kelkoogroup.net/offersearchGo?.ts=1683087329191&.sig=4tQCMt6nnfvyXF1i83Zz08dLhlg-&affiliationId=96979714&comId=100475202&country=no&offerId=469443dd673b6d4989101ea1b1e53773&service=37&tokenId=5eb34ecf-a42f-4ab3-98ed-b9b0b8bc9818&wait=true&addedParams=true&custom1=51&
IP 95.211.116.26:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (12878)
Hash b53b30a748d3b1b5bd3163977aa1b5c9
23eb5fceaf99a329bc6d82152d57d348ad376337
581244633bde7565a681062bc159524e189b693b17766312e256d9dbaeade21e
GET /offersearchGo?.ts=1683087329191&.sig=4tQCMt6nnfvyXF1i83Zz08dLhlg-&affiliationId=96979714&comId=100475202&country=no&offerId=469443dd673b6d4989101ea1b1e53773&service=37&tokenId=5eb34ecf-a42f-4ab3-98ed-b9b0b8bc9818&wait=true&addedParams=true&custom1=51& HTTP/1.1
Host: no-go.kelkoogroup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
leadId: 62A001GZGPFVQR1FN9GHWKJMB5G1TY
clickId: 107698147_1683113897712_9941397
country: no
Accept-CH: Sec-CH-UA,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Model,Sec-CH-Device-Memory
Set-Cookie: datadome=4Zk7qFbsRBTDkTfEM_h93shGcdRWS84SbS_62cp4Ha0Rc6NShD3etf0RHnqzHxBFSxlBItBD2PEvoKJ-EpQXM9kZamc1VFJVzl-1nJ8xJ9v2vS9wK4NWKc9dtXVZ07Pk; Max-Age=31536000; Expires=Thu, 02 May 2024 11:38:17 GMT; SameSite=Lax; Path=/; Domain=.kelkoogroup.net; Secure
kelkooID=a4c6293-187e167eef0-214128; Max-Age=31536000; Expires=Thu, 02 May 2024 11:38:17 GMT; SameSite=None; Path=/; Domain=kelkoogroup.net; Secure; HTTPOnly
X-DataDome: protected
Request-Time: PT0.017159S
X-Robots-Tag: noindex,nofollow
Referrer-Policy: origin-when-cross-origin
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Permitted-Cross-Domain-Policies: master-only
Date: Wed, 03 May 2023 11:38:17 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 29544
xml.adflyer.media/redirect?feed=474232&auth=yILiVK&subid=adfa&query=adfa&url=adflyer.media
174.137.133.17 0 B URL xml.adflyer.media/redirect?feed=474232&auth=yILiVK&subid=adfa&query=adfa&url=adflyer.media
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=474232&auth=yILiVK&subid=adfa&query=adfa&url=adflyer.media HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:17 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://topicology.co/tech-gadgets/5-best-laptop-accessories-to-purchase-this-year-2022/
Pragma: no-cache
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl
142.250.74.130 122 kB URL pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl
IP 142.250.74.130:0
File type ASCII text, with very long lines (4452)
Size 122 kB (122072 bytes)
Hash 0fd76c11409a4ec33cfdf64cb607d072
d7889b42352e2a86ee715e06980bab2b67ba4e74
7279b198d38935c9c285ddb76ba5b54c7712868b96f5cf469b43f85d73400837
GET /pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 03 May 2023 11:38:17 GMT
expires: Wed, 03 May 2023 11:38:17 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 15004104948010824152
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 122072
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
mediacpm.pl/panel/logo.png
104.21.234.95 8.9 kB URL mediacpm.pl/panel/logo.png
IP 104.21.234.95:0
File type PNG image data, 346 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 78430378a19de3f739dee4a1a54334fe
48aa28d770c903b61db0ee222db98617f8120d59
c187fa399a92ecf069a6a590b41a3030b928d51076ecbe82df6c2b832e63d717
GET /panel/logo.png HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:18 GMT
content-type: image/png
content-length: 8917
last-modified: Thu, 11 Aug 2022 11:15:27 GMT
etag: "62f4e4cf-22d5"
cache-control: max-age=86400
cf-cache-status: HIT
age: 3287
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CrcRHl5%2B%2FnTJupoYISCkTxBkyKY3YvIXqB2E87sjCeOcK9DABWvsI6emYugwfuFBBiYKQ0cAQOQaa%2FuAUL%2B66P56%2B825xwAzb1qglMpTY7gXwACsQhI8dxI0BOQZkg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c183787298100a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/panel/logo-dark.png
104.21.234.95 11 kB URL mediacpm.pl/panel/logo-dark.png
IP 104.21.234.95:0
File type PNG image data, 346 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash cff99a03355eaabe593d0eb156f32bfd
53cffe413da353ffe37d6da227c3bc9ecd2652ab
73ada3130e5eb7e05247e6b7b7085672097241f7bc81b5d531663f82c9203967
GET /panel/logo-dark.png HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:18 GMT
content-type: image/png
content-length: 11250
last-modified: Thu, 11 Aug 2022 11:15:24 GMT
etag: "62f4e4cc-2bf2"
cache-control: max-age=86400
cf-cache-status: HIT
age: 1915
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8qLNRoT%2Fk4DjE01FBb9Evqk3jZ892SSfSN7Wt5mt8k4l%2B4x2wjE%2BBF7x2mOKwnSYjexe0r2GOH0zvaz%2BNrAe2K%2FOPRJTOLZlpaIP2Ac0Ij4HFCE2lJetjhGqPVAcGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c183787298600a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
tpc.googlesyndication.com/sodar/sodar2.js
216.58.207.193 6.4 kB URL tpc.googlesyndication.com/sodar/sodar2.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Wed, 03 May 2023 11:38:18 GMT
expires: Wed, 03 May 2023 11:38:18 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
popmyads.com/x/pma
188.114.96.1 36 kB IP 188.114.96.1:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 2c563333d855574375c241b39177e5ea
fc0c99fdb2060acffdbdc70d644c0a3f6eda186e
6b4af918169f73539b4e8bfaa55beeefe49c7c9b2a9d4e08864f1e1bb92d725c
GET /x/pma HTTP/1.1
Host: popmyads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://iatout.fr/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:15 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j5OGQidyYcVt7CCVkOrmKLHwgmpKJBkbsHxSoh8OesvQPjPreM8VZBOErAJGQv4EwaIUF5a0yKGlQ27rs3LNZ6nXjKAqxnPeG9DA97JxEev57b6RJCH7RIxW%2BAp1CL4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837752bceb4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2.js
216.58.207.193 6.4 kB URL tpc.googlesyndication.com/sodar/sodar2.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Wed, 03 May 2023 11:38:18 GMT
expires: Wed, 03 May 2023 11:38:18 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cpm.media/serve/ads.js
172.67.198.162 1.3 kB IP 172.67.198.162:0
File type ASCII text, with very long lines (3014), with no line terminators
Hash 0b5263b4f5d2d6f2c0c4b8e890548d27
c2d4e84c0e3191a353189020a7c03e18dc188f91
220433242fa34623ef020f3b1d5886b26b91179e7483515dadf1eca2bf2426e2
GET /serve/ads.js HTTP/1.1
Host: cpm.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cpm.media
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:07 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
cf-polished: origSize=3040
etag: W/"62e9db88-be0"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Wed, 03 Aug 2022 02:20:56 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 23532121
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1CL9rm6RWTtvcJAOzRtitRaoapNw8RaurTwA0kT%2BHRrHSlgkGJHCsnd5tjVb6B10C8a6HCSZhb9KGzOG4liXDXSIRiXX9F%2BoSpRZf3b5xCcCk24a05krApvKGEA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183744efe0fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.cryptobrowser.store/media/pb/1418/afed63d2e4c34a0c93e4c080190f52e8.png
188.114.97.1 22 kB URL cdn.cryptobrowser.store/media/pb/1418/afed63d2e4c34a0c93e4c080190f52e8.png
IP 188.114.97.1:0
File type PNG image data, 160 x 600, 8-bit colormap, non-interlaced\012- data
Hash 1a4ecea9d5f39252165e86c82bbcf8ec
6423c27684cd7478b9220d76be640ce9ccfa04f3
b6932280bc8220d4335c7e7b0fc20789841afbd8c0fba91f0728d529c4345681
GET /media/pb/1418/afed63d2e4c34a0c93e4c080190f52e8.png HTTP/1.1
Host: cdn.cryptobrowser.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cryptobrowser.store
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:18 GMT
content-type: image/png
content-length: 21580
etag: "6138b2b8-544c"
last-modified: Wed, 08 Sep 2021 12:55:20 GMT
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9e80PcEKS%2BGWXJOsX27MFmxbICTheF4PT%2BKQrO4b%2FkiBu2rvfJ%2B77B%2Bco1N23lLVcBLusB%2Fjw85wY02gwWbRzJD%2FpADfyeCRpjWyJhh2CPgDF0BKvF6KLQiXUtepLBHQ6cfA1ez7UhgQxg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18378a7e310afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
api.adhitz.com/adjs.php?zoneid=27592&block=1&c=3&l=https%3A//mediacpm.pl/&r=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D300x250&s=&p=362647902&cb=92871652648&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D300x250
172.67.166.40 5.3 kB URL api.adhitz.com/adjs.php?zoneid=27592&block=1&c=3&l=https%3A//mediacpm.pl/&r=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D300x250&s=&p=362647902&cb=92871652648&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D300x250
IP 172.67.166.40:0
Hash 2799beb4cc685b079d8c074f8bc14868
d12896f43699d67ad4a1921389f718f478ccd7e3
87a19d889d3924e9883021111418531275c827ae6b40366d3dacabe4b55d2bc9
GET /adjs.php?zoneid=27592&block=1&c=3&l=https%3A//mediacpm.pl/&r=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D300x250&s=&p=362647902&cb=92871652648&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D300x250 HTTP/1.1
Host: api.adhitz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: api.adhitz.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:18 GMT
content-type: text/html; charset=UTF-8
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Fu%2BcAtcsHMTS0RKJ43xJWetnQLkh%2BEkyEBOardD8AVlb8sT%2BiYXvjKlM6C9oQIGibNbDj%2FjRaLEWwgldjHY4cAgQiwcoIgNLHEPqVDcbtD9zv%2BpNggWCp6OGFHvMuRTrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18378a9a860b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/fonts/materialdesignicons-webfont.woff2?v=2.8.94
104.21.234.95 152 kB URL mediacpm.pl/landing/fonts/materialdesignicons-webfont.woff2?v=2.8.94
IP 104.21.234.95:0
File type Web Open Font Format (Version 2), TrueType, length 151728, version 1.0\012- data
Size 152 kB (151728 bytes)
Hash 459118748df2a5fcd7f684546cc8591b
d0b91e63e65d704a200e54001ad7240d17ac3351
ecd85a27200bb46ec4568a4bb1fb0e28a6cee361217d63f46a0c5a2b8db15018
GET /landing/fonts/materialdesignicons-webfont.woff2?v=2.8.94 HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/landing/css/materialdesignicons.min.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:18 GMT
content-type: font/woff2
content-length: 151728
last-modified: Thu, 11 Aug 2022 11:16:18 GMT
etag: "62f4e502-250b0"
cache-control: max-age=86400
cf-cache-status: HIT
age: 6522
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LpFG%2BCEajRmClmaiBzKgXznlM8OoYrqz%2BZPiQ9Wkh3cKXmMMwaZTK%2F2rok2WUMWaazBwYBvcK%2Bpl%2FSEp6pz8ytAzB3NGB4yjqS%2FJ66GFa42l%2Fpt9Z4lVoPtd%2Febsmw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18378bf89100a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cadrctlnk.com/in/p/?spot_id=299730&cat=25&sub_id=88
109.206.182.60 2.0 kB URL cadrctlnk.com/in/p/?spot_id=299730&cat=25&sub_id=88
IP 109.206.182.60:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (4427), with no line terminators
Hash 6a87eac1ecafcf76e71fca06923b86e4
e5242813942b16a91a78608ca79cd2ad58ab362b
4ed9f89e64c5c9b71bdd6835c719790ab4e4f59f1d5dbf09b0f2a19452cb2410
GET /in/p/?spot_id=299730&cat=25&sub_id=88 HTTP/1.1
Host: cadrctlnk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Wed, 03 May 2023 11:38:14 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding, *
set-cookie: 1095.0=1; expires=Thu, 04 May 2023 11:38:15 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
mediacpm.pl/landing/js/particles.js
104.21.234.95 24 kB URL GET mediacpm.pl/landing/js/particles.js
IP 104.21.234.95:0
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint87:94:78:81:9C:FA:BC:35:56:B7:0B:8D:A4:33:01:E2:C9:2D:F6:7F
ValidityTue, 07 Jun 2022 00:00:00 GMT - Tue, 06 Jun 2023 23:59:59 GMT
File type ASCII text, with very long lines (2352)
Hash 7a475404ae4be74f4548ff1c67aef038
efcdea0bbf37642244856a02c91cea9e5ced7726
6e0482c54da007d9356b169b8e6856fe8f9eab2efc5537a27be60a7bdc2233d8
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/particles.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=44621
etag: W/"62f4e50b-ae4d"
last-modified: Thu, 11 Aug 2022 11:16:27 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 6240
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Q4qYzXDUhlEM7DDB5Dir51PkBuyeLDHuGWYDZMP1ZUlvd07H0MCSDlYco5V3in5UCecPAODAMm95N8E5BiNu2tWdqXta8SKylPU43wft6X217yMRbr4%2B%2BESimxrY6w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183780bf1000a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/js/popper.min.js
104.21.234.95 32 kB URL mediacpm.pl/landing/js/popper.min.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (21084), with CRLF line terminators
Hash c012c37df7916bee09d3148cd2440c27
8844a34ec0133d6805adc1ec8a81d4ff5014d125
5e53ce655a628987ea13cf9d7651c998a6c68f20f88f1b2595dbf1c6c7bd3487
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/popper.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:17 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:27 GMT
vary: Accept-Encoding
etag: W/"62f4e50b-530e"
cache-control: max-age=86400
cf-cache-status: HIT
age: 1914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CVOWCWgJqqrIE%2FnmHrsq0qys3IldWyTq9BOB57Jjg11GiZYwH3dQzoHDeFTsEdhzi7FkAxdqnZRTdITiLIX7HyVdAktegG454tZjXkzroyXWr88T66c%2FfTbKwYMzCg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183780bef600a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/css/style.css
104.21.234.95 9.1 kB URL mediacpm.pl/landing/css/style.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (16215), with no line terminators
Hash b492c7a39f7e1a60be279cb097cd3df5
b5d18e1d7455b59db09fdaa45b153241ce2c5697
e65ad971477c8483121bfb1270ac20168de0a03e01c187dc6fb55d4bc16e3533
GET /landing/css/style.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:17 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=24602
etag: W/"62f4e501-601a"
last-modified: Thu, 11 Aug 2022 11:16:17 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 4028
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TSrTkV0esQbAqHnI4J7BsSdAJJPpyW24ETcmJ7S9zwKcF%2BTQeEC4DhIglyMFk4lxXN0TvkU5AxN%2FOCn1DlWEOfa4vorZJUJdxU0Fcq5WCJflHvOEBauPbwsAHBlHUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183780aee900a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
topicology.co/tech-gadgets/5-best-laptop-accessories-to-purchase-this-year-2022/
172.67.185.172 471 B URL topicology.co/tech-gadgets/5-best-laptop-accessories-to-purchase-this-year-2022/
IP 172.67.185.172:0
Hash e51e83f882638fd363c7e02cbfd53b8e
57fedd6f00b9bc673bfac4a81d0370b139a68da1
900f397ff2f847b08cacbfd0d0ba7d8011c5e530a49ebcfbeb0027774707ee5c
GET /tech-gadgets/5-best-laptop-accessories-to-purchase-this-year-2022/ HTTP/1.1
Host: topicology.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Wed, 03 May 2023 11:38:16 GMT
content-type: text/html; charset=UTF-8
location: https://topicology.co/5-best-laptop-accessories-to-purchase-this-year-2022/
x-powered-by: PHP/7.4.33, PleskLin
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-litespeed-tag: cf3_HTTP.404,cf3_HTTP.301
x-redirect-by: WordPress
x-cache-status: BYPASS
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=btzHY0Une8nrE9lFQzEYSYZKv2xbs5%2B83iFLlEY2M%2FbBHfh2%2FEG7TK7mdVu9jOHL6KSk%2FMJNia9B6zO8U7V5iEBDKfb0IPhq2uidyq55263GHZGvPxcjsYrJGTh73QvM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837777a58b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xngqoc.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=0&if=1&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv
185.162.85.1 21 kB URL xngqoc.com/cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=0&if=1&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv
IP 185.162.85.1:0
ASN #39572 DataWeb Global Group B.V.
Hash 67e4960fde24e7690862aebed564a72a
09ae22d96114cbc6b25989ddb8f93ca39e72b2a8
a15f7708f2c4b82b79b0410fbaa3913b4ab420554765b9c8900162b6bc0599b6
GET /cuload?a=1&e=aeyJwaWQiOjEwNTAxODIsInNpZCI6MTE0MDE0Nywid2lkIjozNzgxODMsImQiOiJuZXdzMjQubWVkaWEiLCJsaSI6MX0=&tz=0&if=1&u=aHR0cHM6Ly9uZXdzMjQubWVkaWEv HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 03 May 2023 11:38:14 GMT
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
accept-ch: Sec-CH-UA-Platform-Version
access-control-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
mediacpm.pl/panel/logo-dark.png
104.21.234.95 11 kB URL mediacpm.pl/panel/logo-dark.png
IP 104.21.234.95:0
File type PNG image data, 346 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash cff99a03355eaabe593d0eb156f32bfd
53cffe413da353ffe37d6da227c3bc9ecd2652ab
73ada3130e5eb7e05247e6b7b7085672097241f7bc81b5d531663f82c9203967
GET /panel/logo-dark.png HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:19 GMT
content-type: image/png
content-length: 11250
last-modified: Thu, 11 Aug 2022 11:15:24 GMT
etag: "62f4e4cc-2bf2"
cache-control: max-age=86400
cf-cache-status: HIT
age: 1916
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TYsCAknBtBsofP8EcwI%2BunHSI72b4gHql7hTgqPmPgZ8xpPxJCYO6VPIZnmbojhTRp21soR9%2BUbXMgrw6ZG1MxRS%2FLr48Arj1HGHtJ6H9bU5VWpMrirbvnlanUbGQA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18378e8c5400a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/css/materialdesignicons.min.css
104.21.234.95 23 kB URL mediacpm.pl/landing/css/materialdesignicons.min.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 4e704244a8f6a0bcfd9af653a4a6ac27
d3f6d0d801f5b39de8f5b74a3df3b32674dc3976
beba2e5b5b7842084f9dfe5bc8aff5ce67de2d7538bc0fbe3e27ffa7a671904a
GET /landing/css/materialdesignicons.min.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:18 GMT
content-type: text/css
last-modified: Thu, 11 Aug 2022 11:16:13 GMT
vary: Accept-Encoding
etag: W/"62f4e4fd-1e13f"
cache-control: max-age=86400
cf-cache-status: HIT
age: 161
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=L%2FhZhZC%2FM%2Fm4tVpzbUlLVmALQH4n%2Bx%2BsHg%2BhwHUfIWATgYI1%2FwXSpW3hzVkXD2t5T6wArFMyP79zG5c86XIvhzNN2ukqM4ZAszLUW5pSy8R0ivrGHjnpcYVcZPftUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18378a6e7300a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
admediatex.net/serve/valid.php?a=3388&b=160x600&referr=https%3A%2F%2Firugu.cogliatu.com%2F&t=1683113896&c=younnesa&doma=0&dcat=21&h=dabaebddbbecef
104.26.9.229 1.3 kB URL admediatex.net/serve/valid.php?a=3388&b=160x600&referr=https%3A%2F%2Firugu.cogliatu.com%2F&t=1683113896&c=younnesa&doma=0&dcat=21&h=dabaebddbbecef
IP 104.26.9.229:0
File type ASCII text, with very long lines (5545)
Hash 143f2921414d1a375efaecad56fafaa2
3e5eed5e673ba0ea22331c11e168e6adfe9cbbcf
27304160a783d1cba1e8b7f931a5869d2f9b4e6352c744d8775670207fb8d81c
GET /serve/valid.php?a=3388&b=160x600&referr=https%3A%2F%2Firugu.cogliatu.com%2F&t=1683113896&c=younnesa&doma=0&dcat=21&h=dabaebddbbecef HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:18 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/5.6.40
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K1DKYALpT2oHHNx%2FsDJ7K8HrHVpd%2FVMYp%2BJWX%2B4HiuU2mJFFpG4BCCEZkboGnWpy8itGhY5ZGpHb83mvced6IAanws9U0NCZO0IXGfU%2B6jJhbmG6wgMukRGIgHIviapA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18378919c60b4d-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.google.com/recaptcha/api2/aframe
142.250.74.164 514 B URL www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 59880a76c36583c0a74a06a6b0333446
67c5cab2e536f7bcff2cf0b399d3c817f9e3cfb4
de482921cb89470ec04103cf06ce0f96cfa464803ee8a993bf3636e566f3b60b
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 03 May 2023 11:38:19 GMT
date: Wed, 03 May 2023 11:38:19 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-2x5aaTlptl0z4QPZK0RVJw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
mediacpm.pl/landing/js/isotope.js
104.21.234.95 41 kB URL mediacpm.pl/landing/js/isotope.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (35525)
Hash 7a8ecec78ef5fe84218f44d1dbc55c8a
f2e43b228205e2de8255a6f650f747d1a43ebd25
ce76ccb4df3c45ba22a766aaa063cddbb8f040f6dc511c47589a61d9ccd91c66
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/isotope.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=35631
etag: W/"62f4e50b-8b2f"
last-modified: Thu, 11 Aug 2022 11:16:27 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 4743
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WFum2W8fx%2BtLZ5ROXzQ9fhxN%2FltAV2bdELssMY%2Bss%2FCXidqueVz7cmOjwB4iuvNYqCGq9N4Ijh4Uk6lwmpdCUaD%2FtZrRIUxprQ7DvgFASNJuXPEpNDxxS1LN%2BOg6RQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183780bf0300a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
api.adhitz.com/adjs.php?zoneid=27592&block=1&c=1&l=https%3A//mediacpm.pl/&r=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D300x250&s=&p=362647902&cb=75371639695&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D300x250
172.67.166.40 59 kB URL api.adhitz.com/adjs.php?zoneid=27592&block=1&c=1&l=https%3A//mediacpm.pl/&r=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D300x250&s=&p=362647902&cb=75371639695&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D300x250
IP 172.67.166.40:0
Hash 9154bf99a07b91828b5a2a7bfff9b77d
3864cf0cb74f62f0938d4399b5e088b8b3e26603
d7f5fb7c1019b9dc4fc54648c754d566e642ee9bf752574a6af19f873e206a0e
GET /adjs.php?zoneid=27592&block=1&c=1&l=https%3A//mediacpm.pl/&r=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D300x250&s=&p=362647902&cb=75371639695&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D300x250 HTTP/1.1
Host: api.adhitz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: api.adhitz.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:11 GMT
content-type: text/html; charset=UTF-8
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gZKqpfaQtAKwvYmxlBMER%2BI22Lb4kFq6%2FGh5pm7GCSrByOhhlU8VKAc3f6ohPGr8x0REEE4yUndYxW8GOt187joIfDC2lJcCqP0G%2BOeGP5A75h2AfUuiKw3EpZ6boOtkwg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18375bb9dd0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.21.234.95200 OK 655 B URL GET HTTP/3 mediacpm.pl/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 104.21.234.95:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint87:94:78:81:9C:FA:BC:35:56:B7:0B:8D:A4:33:01:E2:C9:2D:F6:7F
ValidityTue, 07 Jun 2022 00:00:00 GMT - Tue, 06 Jun 2023 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (1238)
Hash bc3ba461c8a309acf61b6d9c41cb6236
88482306ecc9258d5e9cbb9ba5314dab223a5db4
31331f1b1519882d2f2fb60367708fd56a7a1ec0bddd0554c635547179c7dc8f
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:18 GMT
content-type: application/javascript
last-modified: Tue, 25 Apr 2023 11:29:10 GMT
etag: W/"6447b986-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yN2IKFFaOrYTJ6myJzEBmnX34qLPKMLQ%2F%2FF0LPNP%2FYABzRias5M1gU1nSpFXNqjM4C5GnVp4DTbh562l0DKYVizvgjWBrQ4aX82sqfw4oOJ9weNG7Fy4GuRh5aGKoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18378a7e9200a7-LHR
x-frame-options: DENY
x-content-type-options: nosniff
expires: Fri, 05 May 2023 11:38:18 GMT
cache-control: max-age=172800, public
content-encoding: gzip
adhitzads.com/1037129
188.114.96.1 3.0 kB IP 188.114.96.1:0
File type ASCII text, with very long lines (603)
Hash 0cd2c137989ba27f3f77742d772f2d4d
a86127b22392ae4bdf994e514fcfea23553947fd
f7bd4d926d38640da63fffcb4f707315b0ddae5fd5b9cb77c1a2a1a8500e2bc4
GET /1037129 HTTP/1.1
Host: adhitzads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: adhitzads.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:17 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UMo%2Br%2FvYpFeikUb3qMWUrPuiEkNS%2F4QO7Munv4WtlenAkKu64paiiLcWkF7foBwY8cVCASR7crOG2P9UD0U7l1UfshHftSg2VtTaTwngVx4OQ2OZ0ogSsbHHCDGdh3YZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837809978b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/js/jquery.easing.min.js
104.21.234.95 1.4 kB URL mediacpm.pl/landing/js/jquery.easing.min.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (2532), with no line terminators
Hash 140764996f22e0ce18f5846c28dca9bc
ac46bda44483a3628c1fd29e1c025203baaea3d6
4266fd22f0d36a8cfac878a11a673b8c5f1216cdb54fd5d19e191453dc071cf7
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/jquery.easing.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:18 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:29 GMT
vary: Accept-Encoding
etag: W/"62f4e50d-9e4"
cache-control: max-age=86400
cf-cache-status: HIT
age: 4744
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Fa1G7F9KoszNWw%2BP58jn51xghwoAlbVDcGxuet0Kn9znOE2VBzkIkF%2Bvgd2zeWyQL3CaJl1GD7v0bjPJgt0Tb%2F4U0UQvRS6%2FbosvsnyKGaCFQZonrV%2BiFw5lUoXxwg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18378a7e9500a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/css/owl.theme.css
104.21.234.95 749 B URL mediacpm.pl/landing/css/owl.theme.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (1152), with no line terminators
Hash c04f9203c0c37e8e1745c9e02d898caa
a8c0204c39fe1850ea2f1bce21679d5e11ccde21
be46f06c78833fb8a1cff9f499410f3fd25438798adc3346fb91a0bf43487c78
GET /landing/css/owl.theme.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:17 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1743
etag: W/"62f4e4ff-6cf"
last-modified: Thu, 11 Aug 2022 11:16:15 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 602
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xiWedhPj4TdgWtX4C2odlJivBkDAdFfgyiJYSJRXB%2F4FybfL4oLk4BZZ1kl92qz4hcAzK%2FoDP360kDqNgRaqAO2VBO0xDrmIbd1r1TWgHwElVhyscO%2BV9slCeVpl9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183780aee500a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/images/bg-cta-img.jpg
104.21.234.95 892 kB URL mediacpm.pl/landing/images/bg-cta-img.jpg
IP 104.21.234.95:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1920x1440, components 3\012- data
Size 892 kB (891932 bytes)
Hash d992935f2f5240a649ef642bcadb53e1
98a1768b9d4358444d2d6b420d8bcfb3d89f4c9b
4069c5a1213cf3e3da8a4c59a1c996690882f3756a18bb679a8e909e5380a973
GET /landing/images/bg-cta-img.jpg HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/landing/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:19 GMT
content-type: image/jpeg
content-length: 891932
last-modified: Thu, 11 Aug 2022 11:16:23 GMT
etag: "62f4e507-d9c1c"
cache-control: max-age=86400
cf-cache-status: HIT
age: 3803
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O9F0BvHVnRI0rQJQkmWc5vaDF0%2FtZpGkf9A9QcG3RjtMLxzzRNMHR1hrv6vUdYKASGOhCy80Vo9oBkAPci%2BguJZy3bvUR6s5sfy7ThKLeMZfTrgx9B2l38BBSeXJsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18378fde4300a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cngcpy.com/cuhdl?wh=MS9RKSYOsDOD7jbbc39Ni1Cy&si1=503548
188.114.97.1 547 B URL cngcpy.com/cuhdl?wh=MS9RKSYOsDOD7jbbc39Ni1Cy&si1=503548
IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (318)
Hash 4f9d111b0c0d48969db6269e943014dd
9007b3e972b5dbc537c2c9090cdbcbe29e4d979d
83afef3726d935c317e109d9d8d4500df5ac938bda9a93bd8463714dc95324a5
GET /cuhdl?wh=MS9RKSYOsDOD7jbbc39Ni1Cy&si1=503548 HTTP/1.1
Host: cngcpy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 03 May 2023 11:38:18 GMT
content-type: text/html; charset=utf-8
location: https://videoshorts4k.com/kGpdGK?cost=0.0001&external_id=a2_3541167749588272924_355801_2_0&creative_id={CREATIVE_ID}&ad_campaign_id=942243&source=a355801&Country=NO&Browser=Firefox
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GPJ4YablCj1fBdjxO4m13kvC%2BNFhQKlaY0q9N394IAoX1D3C7q83WDohAW7WkXm7bVdyfBFh%2Fq9a0fzy0nCnhLmdBEQq7h6YUd9woCg4K0vE9xg4cln6VzMqQvh3"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837897cdbb524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230501&st=env
142.250.74.130 11 kB URL pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230501&st=env
IP 142.250.74.130:0
File type JSON data\012- , ASCII text, with very long lines (14737), with no line terminators
Hash 100a7f495863f8e5a68a465ae1ef2647
325321457b5c99ae532b62161de9696f8d88fdce
7714793e444f8bd2287b1cc663ef3ccb6e7c6beec0ce4bbede375e6ca33bc55d
GET /getconfig/sodar?sv=200&tid=gda&tv=r20230501&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Wed, 03 May 2023 11:38:19 GMT
server: cafe
content-length: 11119
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
mediacpm.pl/landing/js/bootstrap.min.js
104.21.234.95 33 kB URL mediacpm.pl/landing/js/bootstrap.min.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (59729), with CRLF line terminators
Hash 58beb0b6301f7fcab9d066463956547e
62787581ba3978766575e0eb03cdccc5f8ee6d98
9e36cf5072d9ac9a5357df694806fd2f7d91d191e554e8f0a7a946ad685f8e64
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/bootstrap.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:24 GMT
vary: Accept-Encoding
etag: W/"62f4e508-ea70"
cache-control: max-age=86400
cf-cache-status: HIT
age: 4520
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=haAV9KgfDpoLMXJefw%2Fzd5nxaQtZPTkw2iKXikT2i%2F8UNfUszYpe4nvmFDRTpKxlJ6iSueSZF7k5QDIFd6xnwY93NPE16s70YD0qI19jdF32vjruxtkpDXmhaxAaDw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18374e3a2700a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ad2bitcoin.com/ad.php?ref=younnesa&width=300
23.95.12.219 1.6 kB URL ad2bitcoin.com/ad.php?ref=younnesa&width=300
IP 23.95.12.219:0
ASN #36352 AS-COLOCROSSING
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 5bcb2c6ed3a464d46938bd91c38d7515
77b00a533e8014f3152ed4e81d32516b0fea5763
efe578aa0d91016ee0fcc6803023bdb6a7c2fadb20753fa8fb73d42dda8ff26b
GET /ad.php?ref=younnesa&width=300 HTTP/1.1
Host: ad2bitcoin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:19 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
ad2bitcoin.com/ad.php?ref=younnesa&width=468
23.95.12.219 2.0 kB URL ad2bitcoin.com/ad.php?ref=younnesa&width=468
IP 23.95.12.219:0
ASN #36352 AS-COLOCROSSING
File type HTML document text\012- exported SGML document, ASCII text
Hash f07bf8ccf41ceda3e3738fa186bcd807
9286c4b8c6c2dfd6b308a19f3a2ab97e9195a9f1
2f3c69d829905cd6343c55b92410236f0130520798f12ca785b3b08f03ca0d29
GET /ad.php?ref=younnesa&width=468 HTTP/1.1
Host: ad2bitcoin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:19 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
mediacpm.pl/landing/js/isotope.js
104.21.234.95 21 kB URL mediacpm.pl/landing/js/isotope.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (35525)
Hash 1edd3935438a47c0ad797b25835e1688
9655722aa2814540bbf6de9817ad34aae2a5b8d1
1653c3c55a373e29241e1298e9537e34daf66f4911e991f82454643808f545a3
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/isotope.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:06 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=35631
etag: W/"62f4e50b-8b2f"
last-modified: Thu, 11 Aug 2022 11:16:27 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 4732
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2VHV3tm1daGIeP72k%2BngJS9z0YX0q1uByRYaHOk4TxemrnPtCvFNkB3vrfjefx4XsDRsybiOM0OwgthYewGseGIYXoKOrZ66Mkwo4LdQaO3o4SN%2FZjE9zpuSyGR0FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373dad7e00a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
adhitzads.com/1037686
188.114.96.1 15 kB IP 188.114.96.1:0
Hash 51c5297821d559daef26a6d16d246f34
661f3c3c106d61dd42cc33e0196f580890b303a9
336e170acd2e01e2382f1ba2229d9aa655ac9e3311a965efc9ae9fa7e03d91f7
GET /1037686 HTTP/1.1
Host: adhitzads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: adhitzads.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:18 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KoeMSnDNbg2ok3y4aSrgfHRV1%2FeG1D9hMYpedtL1Sa5yDNDpPJa3gxEVbHxXVATeZBs1oxWZz76WADkI3kDal6brUd2zpVduiGnwK25Kbn5N8Suyw%2F%2BvfxCGgknDSGre"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18378a5855b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
tpc.googlesyndication.com/sodar/sodar2.js
216.58.207.193 6.4 kB URL tpc.googlesyndication.com/sodar/sodar2.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tpc.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Wed, 03 May 2023 11:38:20 GMT
expires: Wed, 03 May 2023 11:38:20 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pagead2.googlesyndication.com/bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js
142.250.74.130 15 kB URL pagead2.googlesyndication.com/bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (37039)
Hash 2bde309b63dec3e2ce422e693159c8a7
fb31528c108c285ac37b06f06b788aafe5cf9dfe
318070fbbe54c10318293e2f4418cfa70c1d0f65afa56086c1eadac8b62fe696
GET /bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 10:53:57 GMT
expires: Thu, 02 May 2024 10:53:57 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 25 Apr 2023 16:38:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 2663
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
adhitzads.com/1037129
188.114.96.1 585 B IP 188.114.96.1:0
File type ASCII text, with very long lines (603)
Hash 44d5b07bb3c2b31fc33053b48d12cf67
bc1e1bbc10c1a41072dee8f6ad7dbf48c10dd32d
17f227c1934c59c6bf918e4e4131085a7370ccb29b45d66798ecf79483273220
GET /1037129 HTTP/1.1
Host: adhitzads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: adhitzads.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:19 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g50Mhvo5b32%2B2Hko02PFrXJho%2FygYSWOKVSegOhaYeneymFChCZWOcGS05%2FpEVb8pH6a4pvjAht3L55Ma17SuZtl7NAgg4W68bCgeHq3%2BCoY4TBkaB%2F7hvJ12EarxlZq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183791cd71b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=507431568663578&rc=
142.250.74.130 0 B URL pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=507431568663578&rc=
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=507431568663578&rc= HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 03 May 2023 11:38:20 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
tpc.googlesyndication.com/sodar/sodar2.js
216.58.207.193 6.4 kB URL tpc.googlesyndication.com/sodar/sodar2.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tpc.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Wed, 03 May 2023 11:38:20 GMT
expires: Wed, 03 May 2023 11:38:20 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
mediacpm.pl/landing/js/particles.js
104.21.234.95 26 kB URL GET mediacpm.pl/landing/js/particles.js
IP 104.21.234.95:0
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint87:94:78:81:9C:FA:BC:35:56:B7:0B:8D:A4:33:01:E2:C9:2D:F6:7F
ValidityTue, 07 Jun 2022 00:00:00 GMT - Tue, 06 Jun 2023 23:59:59 GMT
File type ASCII text, with very long lines (2352)
Hash 082e5ba9c778651c43f117b27e04d986
6fc40d1c63abf8605bf6f50d38c5b151d2905063
f780240f2dfbef069aeefbee18f3039dcf12fa9d664bf776923896a6304b3d5c
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/particles.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:18 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=44621
etag: W/"62f4e50b-ae4d"
last-modified: Thu, 11 Aug 2022 11:16:27 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 6241
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2m8LrPFDln5ug%2B3TZ8BOJ39F%2BfNi%2BZMmPToVVVlM4LB4DC86GYjuLFovp627wzg0h5cjVBqoPKHD98RLFQDuaHKOLXOsDGByHkXTholAIMAY4YI2W9ujsjWWDI5jqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18378a8ea200a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=534041771447106&rc=
142.250.74.130 0 B URL pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=534041771447106&rc=
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=534041771447106&rc= HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 03 May 2023 11:38:20 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cdn.cpm.media/160x600/160x600.php
172.67.198.162 719 B URL cdn.cpm.media/160x600/160x600.php
IP 172.67.198.162:0
File type HTML document, ASCII text
Hash 12f41ec7fb547263ce06318856b6c588
39a88b795d07e1e79afa466719efffbd4f860397
c4a4eb8d8fdad86e036cf61785e067877e98eaef49103d240d17a243fe79b3b7
GET /160x600/160x600.php HTTP/1.1
Host: cdn.cpm.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cpm.media
Connection: keep-alive
Referer: https://www.yofaurls.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:12 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.4.33
expires: Tue, 01 Jan 2000 00:00:00 GMT
last-modified: Wed, 03 May 2023 11:38:12 GMT
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0,pre-check=0
pragma: no-cache
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Qg330pxmgjUYLnEe4YeJlo68aTj5HLAwNujX5vf%2FtaZ3kpF5iU4z2Oo7ni%2Fl9gZwGBP%2FwdUA8Tdi7OLi5UewdNFHflVbhEaCAv4N%2FfWAiF5Uy6EoSoFn4NO%2B9lkiJD9n"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837653e69fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
i.imgur.com/QxSJlPb.png
151.101.244.193 696 B IP 151.101.244.193:0
File type PNG image data, 23 x 17, 8-bit/color RGBA, non-interlaced\012- data
Hash c09343eeb0db68cd6c27d2c616d0e151
a55f65ed2d9df4179c0445c1b98acba21ef89d92
a555114e8e035c5f9ae196ed575249b11cdee99b10b419bd5772183b26396845
GET /QxSJlPb.png HTTP/1.1
Host: i.imgur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad2bitcoin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
last-modified: Tue, 02 May 2023 10:43:21 GMT
etag: "c09343eeb0db68cd6c27d2c616d0e151"
x-amz-server-side-encryption: AES256
content-type: image/png
cache-control: public, max-age=31536000
accept-ranges: bytes
date: Wed, 03 May 2023 11:38:20 GMT
age: 89699
x-served-by: cache-iad-kiad7000145-IAD, cache-hel1410020-HEL
x-cache: HIT, HIT
x-cache-hits: 23, 3855
x-timer: S1683113901.974162,VS0,VE0
strict-transport-security: max-age=300
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
server: cat factory 1.0
x-content-type-options: nosniff
content-length: 696
X-Firefox-Spdy: h2
cdn.cryptobrowser.store/media/pb/436/0d5348651ed34bad87716d3e71df3abf.jpg
188.114.97.1 15 kB URL cdn.cryptobrowser.store/media/pb/436/0d5348651ed34bad87716d3e71df3abf.jpg
IP 188.114.97.1:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x250, components 3\012- data
Hash ad9863951a4b0747b1082af0f025585a
b960f1e1087afd6f85c24fc1eb87a9223d82faaa
87f60131be790a64a4cc710a036413d2369a504f538138a1a0abc1b9370936f7
GET /media/pb/436/0d5348651ed34bad87716d3e71df3abf.jpg HTTP/1.1
Host: cdn.cryptobrowser.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cryptobrowser.store
Connection: keep-alive
Referer: https://ad2bitcoin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:20 GMT
content-type: image/jpeg
content-length: 14920
etag: "5dd7f059-3a48"
last-modified: Fri, 22 Nov 2019 14:27:37 GMT
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: HIT
age: 2233
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j7W24JGdINktV7%2F6Rm%2BkyPHTJq2zhLBlQN%2BVynl7yps7yX8Z%2BdasFn6zidBCiO2mPFd0cuEpFVdkWU%2F%2BfVtlyXF7KBJWtyb1lVZH9ob21mi%2BwGJ%2BqKi3jkvuzfXd1Lkk7DPbyqsEiZIVKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837991ccf0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
tpc.googlesyndication.com/generate_204?RV0t8w
216.58.207.193 0 B URL tpc.googlesyndication.com/generate_204?RV0t8w
IP 216.58.207.193:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /generate_204?RV0t8w HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tpc.googlesyndication.com
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-length: 0
cross-origin-resource-policy: cross-origin
date: Wed, 03 May 2023 11:38:20 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
tpc.googlesyndication.com/generate_204?wGUo1A
216.58.207.193 0 B URL tpc.googlesyndication.com/generate_204?wGUo1A
IP 216.58.207.193:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /generate_204?wGUo1A HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tpc.googlesyndication.com
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-length: 0
cross-origin-resource-policy: cross-origin
date: Wed, 03 May 2023 11:38:21 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
i.ibb.co/JCyq9z5/ad728x90.png
162.19.58.157 66 kB URL i.ibb.co/JCyq9z5/ad728x90.png
IP 162.19.58.157:0
File type PNG image data, 728 x 90, 8-bit/color RGB, non-interlaced\012- data
Hash 7cc016bae410f6dfc5b43b081342f59c
269ba1d482e2644c9b4f00a690fc1a62e46f76ae
e2be08c73296f0105502da8b4aa47ba088693953e5370ac65ab324485f1273ce
GET /JCyq9z5/ad728x90.png HTTP/1.1
Host: i.ibb.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad2bitcoin.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:21 GMT
content-type: image/png
content-length: 66356
last-modified: Mon, 26 Oct 2020 10:40:37 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, public
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
accept-ranges: bytes
X-Firefox-Spdy: h2
ad2bitcoin.com/adqlt.php?ref=younnesa&keycode=6462
23.95.12.219 1 B URL ad2bitcoin.com/adqlt.php?ref=younnesa&keycode=6462
IP 23.95.12.219:0
ASN #36352 AS-COLOCROSSING
File type very short file (no magic)
Hash 68b329da9893e34099c7d8ad5cb9c940
adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
GET /adqlt.php?ref=younnesa&keycode=6462 HTTP/1.1
Host: ad2bitcoin.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad2bitcoin.com/ad.php?ref=younnesa&width=300
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:20 GMT
Server: Apache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
216.58.207.193 5.0 kB URL tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 216.58.207.193:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tpc.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 10:53:57 GMT
expires: Thu, 02 May 2024 10:53:57 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
vary: Accept-Encoding
age: 2664
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
admediatex.net/js/asdshef.js
104.26.9.229 34 kB URL admediatex.net/js/asdshef.js
IP 104.26.9.229:0
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Hash 82e0f1a002a895e6f82959754ced6268
efc7ca791c09b4c6229109d515d3a942e77b3ead
1a607f696626c7810c3a61c246ba547d0007c234c31bbf7b0fa2ef6d34f84e57
GET /js/asdshef.js HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://admediatex.net/ads/160x600.html
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:20 GMT
content-type: application/javascript
cache-control: max-age=315360000
cf-bgj: minify
etag: W/"63693a97-16d0a"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 07 Nov 2022 17:04:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 47554
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YzZoJntfRs%2FTP5Ea4wBpcJ8CjR2TV67yk9pu03%2BclILg30MvqmPAtYl0ltftuCZjU7%2BgbhmPpRyBsBuehiHT8%2Fa1qxlemJCeou7VE7W8KP%2BBrzBNa4nlVTeTTmNFo%2BFJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183797381c0b4d-OSL
content-encoding: br
X-Firefox-Spdy: h2
mediacpm.pl/landing/js/particles.app.js
104.21.234.95 803 B URL mediacpm.pl/landing/js/particles.app.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (1278), with no line terminators
Hash c2925fd33e4f48fde00b0e938733c608
1319145b53483ca9195318378a0e521deeb57830
8ff62fe0fa0f14399bafac91f636b6b59a821badc1ce901af4635f2c931093c0
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/particles.app.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:17 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=2945
etag: W/"62f4e50b-b81"
last-modified: Thu, 11 Aug 2022 11:16:27 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 1914
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1FCQUmZ9PA9LK1nO1bIkA12UQDHbB%2B5wk46j7LSPP%2F13jxAuv6aQN3brMGPH1bDfftBvO2eNqnt6cixi39SLmyDjH1%2BRJNI0gXzB5hXyPyHBqN6Ey8tFyD3XaCxHeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183780bf1300a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
admediatex.net/ads/300x250.html
104.26.9.229 1.3 kB URL admediatex.net/ads/300x250.html
IP 104.26.9.229:0
File type HTML document text\012- HTML document, ASCII text
Hash b1f2e765de6e170cb2ffda3c786bacc2
2802810dd25d7e240c9b23d9cede0757c2956dda
f1f075e2ba77b1c6138e2abfa098044a53c3dca40cfa3aab05523c600ebaa03a
GET /ads/300x250.html HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.yofaurls.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:20 GMT
content-type: text/html
last-modified: Tue, 22 Nov 2022 20:20:09 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pe35AkYMh2fy%2BfQVmKTvYcRd0buZcaLsT%2FPrSbOknyvkOwoD%2Fd3ZCdpQSmYYc7KjF3oYd4suDqxMSVi8INgpb0%2Fd8vMWKaS4J5DyRlEFSWKvBOleMJSVpJsXaPhjfNFr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837956e770b4d-OSL
content-encoding: br
X-Firefox-Spdy: h2
submitads4free.com/tecoop.php?id=1380
199.85.208.28 508 B URL submitads4free.com/tecoop.php?id=1380
IP 199.85.208.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 9e25385e0e8443ec2b637279e7ea9682
6a84cfedfac757480a56298fd410260e20ef79b4
089c5334b8853f996ce6363d3232de503968f97c9c05421679b27606874ca0f1
GET /tecoop.php?id=1380 HTTP/1.1
Host: submitads4free.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad2bitcoin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:21 GMT
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: PHPSESSID=49de8f3a4c5979a4b6972ca56c860bef; path=/
tadcoop=1380; expires=Fri, 02-Jun-2023 11:38:21 GMT; Max-Age=2592000; path=/
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 508
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
142.250.74.130 47 kB URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (3605)
Hash 10dff4270cc05ec0b4e92018246f3b08
4b98a4d2231244c4b2de51e17650a4f00a88f8bf
2ca406e92d0810997e9cd1069caf42306a6b837a60a3249039d8d2978e325fb4
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 03 May 2023 11:38:21 GMT
expires: Wed, 03 May 2023 11:38:21 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 9990079626919497563
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 47069
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
admediatex.net/ads/images/160x600_659898525265565656.gif
104.26.9.229 60 kB URL admediatex.net/ads/images/160x600_659898525265565656.gif
IP 104.26.9.229:0
File type GIF image data, version 89a, 160 x 600\012- data
Hash 21894efc3c1da55839067c4ad4f49c70
5bf16617a7c64ec79128b3adc0827aa4ea7bf24e
15dfeddecec29a2af4fbf7d79606612493e80c9af00776d7f44afccb3d5297d2
GET /ads/images/160x600_659898525265565656.gif HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://admediatex.net/ads/160x600.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:21 GMT
content-type: image/gif
content-length: 60028
cache-control: max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=60092
etag: "63693acd-eabc"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 07 Nov 2022 17:05:17 GMT
cf-cache-status: HIT
age: 45091
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r4W6Js5JQ%2Bl0Ixj6sxMPUMEJCnKHE%2BGL51dIvLIETYsJG63TB7rh9HZQXrUi7FN%2Fkm9JytvOOQhPLvLvtaVmjqpsrTBwPigr02iw%2FDVQ8DuWqSiJy8xqNSp6etBKq3hj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18379c4cd70b4d-OSL
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
142.250.74.130 47 kB URL pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (3605)
Hash 5d83570e672682a18361292f1f8819a5
1cfe5198123289e08b6b34765cb73d38ae92c621
0a6b7e06535d74b3cefadb7f5bf2087d99c5c480e701a9eb9d841b0d48c04b8a
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 03 May 2023 11:38:21 GMT
expires: Wed, 03 May 2023 11:38:21 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 434853761241577288
access-control-allow-origin: *
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 47064
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
mediacpm.pl/serve/valid.php?a=28957&b=160x600&referr=https%3A%2F%2Firugu.cogliatu.com%2F&t=1683113893&c=younnesa&e=2&f=1&h=efcafadaec
104.21.234.95 360 B URL mediacpm.pl/serve/valid.php?a=28957&b=160x600&referr=https%3A%2F%2Firugu.cogliatu.com%2F&t=1683113893&c=younnesa&e=2&f=1&h=efcafadaec
IP 104.21.234.95:0
File type GIF image data, version 87a, 1 x 1\012- data
Hash 5b8f4235a15172c9a1c2fc0ca8b2aea0
fda90b86969d517425167426f02b10c8cba0c016
1611527f30ca6f0ece2972524ef5661ee282ae526128f4009190e84d7bda8bd3
GET /serve/valid.php?a=28957&b=160x600&referr=https%3A%2F%2Firugu.cogliatu.com%2F&t=1683113893&c=younnesa&e=2&f=1&h=efcafadaec HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:15 GMT
content-type: image/gif
x-powered-by: PHP/5.6.40
set-cookie: mc_160x600=1683113895; expires=Fri, 05-May-2023 11:38:15 GMT; Max-Age=172800; path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NJuVsQjKC2gTrx9vtOI8FKrKZITCbKa9BGYIBvTbC5aueIQFoqsERjJp9Bzr3LfuP8HBNd69h2pAf6x651Uc%2BfflqfSSA9oME4Qcg%2FNhWict4%2BFdHqdcrB1Hu5WQ1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183773690800a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
static.ad-good.com/images/banniere.gif
104.21.65.91 17 kB URL static.ad-good.com/images/banniere.gif
IP 104.21.65.91:0
File type GIF image data, version 89a, 468 x 60\012- data
Hash cfbdc1dce68822db023a7a4a73e343c4
1274d27d3b2c54445cb0e16e8eb4c29be86ae2ed
d3dd41e27a87dce49dbe4d9ac5bdf45bf6d214870a31f349b09d58ca527ced17
GET /images/banniere.gif HTTP/1.1
Host: static.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww3.eurosptp.com/
Alt-Used: static.ad-good.com
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:21 GMT
content-type: image/gif
content-length: 16624
expires: Wed, 03 May 2023 11:32:56 GMT
cache-control: max-age=14400
last-modified: Sat, 14 Dec 2013 13:51:24 GMT
age: 340
x-cdn-cache: HIT
x-cdn-request-id: 1005740630
x-cdn-pop: sbg
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zWCwY%2BONExb9XfHhGnL9jsMCZwRirDCEAScvHgAHTXKivSXiY5%2FbauRxAh5GfSfu6EhdbVFgkbdeKh99jIsWND1yo%2F5Z4QvkIMMMAVMWLXDSSICiWncUSd1CNep5YBQmLgPFyGY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18379d89ceb521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
thenetwork18.net/clickmia.html
188.114.96.1 2.8 kB URL thenetwork18.net/clickmia.html
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash dd556eaa242c45a361efa03a4edee134
2c46a275979449fd0cb9773cd3417fe8aa02f7a7
ecc51af747b9c72c0c71eefd029d628898b4b1816138a9d5dd12cfde404b033a
GET /clickmia.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww1.good-trading.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: text/html
vary: Accept-Encoding
x-iplb-request-id: A29EDEDD:36D0_D5BA2113:0050_64523C7D_991E:CFD9
x-iplb-instance: 30859
cache-control: max-age=14400
cf-cache-status: HIT
age: 2852
last-modified: Wed, 03 May 2023 10:50:37 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FMtakz1%2BJPnIfYkD3ULXo%2Fh023Bz4sqsJiBe6sEM7o9bwLMAmqJ7EAvY05jAQDfMmSZoClAjrNGwcX8kW%2FWg197kQ4Vzyw4naS4%2BbeBOH4UAcGQDNn%2BuTg4Xr%2FmAbeC7Drre"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18375338bbb524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
get.cryptobrowser.site/pb/4/16224264/634/?t=simple,text,pro,mobile
104.26.6.17 626 B URL get.cryptobrowser.site/pb/4/16224264/634/?t=simple,text,pro,mobile
IP 104.26.6.17:0
Hash a4313d9a54d4dcaec80c6e9bd88d76bb
182fdfbe48a0a606d268177f8adfd71e66f41da6
911cd97c022599a4c8a4ca2b55719bd5a639f44702bcc00c3907605fb8aaf619
GET /pb/4/16224264/634/?t=simple,text,pro,mobile HTTP/1.1
Host: get.cryptobrowser.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Wed, 03 May 2023 11:38:08 GMT
content-type: text/html; charset=utf-8
location: ?t=simple%2Ctext%2Cpro%2Cmobile&l=en
cache-control: max-age=3600, s-maxage=0
content-language: en
vary: Accept-Language, Cookie, Accept-Encoding
strict-transport-security: max-age=15768000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KzWyLr1h%2FbHwBIbzJV%2BdbvExIu3C%2B%2F8YlYiSPjn2ZK2X7ViCtvcnC%2Fnrc6JSJBVnGDT0TVKJVfwhJyAIgBeGrTpPVm5gTYFhpBXsy%2BZFIm8510oSdk56%2F2T6OiZvCQmDZSu0Rsw2jNQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837477936b4f3-OSL
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230501&jk=534041771447106&bg=!XV6lXgrNAAYcDqajPA47ADkAdvg8WvCs2EeM66X_fbSiGQ4WIRdGv0Oz62-OaLdMAuTlp4byRTwqgfxy-m9WHNB4lKpNkMbjumECAAABE1IAAAALaAEHCgB4B8ibZPIiwBsanel4Ut20e_3r8Z7om5VUOJF1-kiZQKcMQOYasn3KiOBy67J6SNNrJ3wcHWM-KLS-OYvChaZzKBd4CGstcr-iKEj2lacvPzLb3GGPg5wJFY2UyaexXqaQHKIsjr5Tlm2gal2PPKM8EWBap5HovYpomQKMaxRTRe3iQbV38nlZpXkAQDEqFGttS06zZ97IBN39LShfZLuIfbvnUxZCNK3lHsATJd0I7vksBmPBZ-RuWivHPowW35Sd_RqLfPvMUvt0Hk1V-pblzU59L5RDcebzuiTQxg_pAbOZCRQfizGIKshS4M0PO6P-96VWaH9vr0nysSXNzv88ApK4pZXOab6J6KEkLPag4gCcfAQkhvBn3jtCc9m22Yf9DE0jYyhpZHOKPgbiUtiOkL17NwRNAX3ODRbctuP4dqt3lnUlYK-FBRRw8P7EcBx1OPGvGrwq4fViEoFLUCdn6XF716tldO-oBaeMQMQRW38ZORnU4LXn23YTOkHvRbcyxdHMq7eN-1HGjEb-rGZ0-aZgK81mr49vG_8XKiPwznQ-NqeYV0OGrp6BPdzHt_WQ7PJ1T6Zl63ZsWOe09kJsGl_cuoh2Cl6I0Scgmmo4OmNgoh7wnTQoW4RKKSHnBaF2u4lQ7O_vgu26zX1YdB6JjmpEo8_ZAakXc6zUPXaoSVpD-rqLSgdPAwxroFBZj2F7nbjovpeVjU2XCoWDT2N1cf4ZThxxVf0bgcUwGHq74Z48wBn6q3DdMM2kjBo4EzFaY2mgAax4Uw3F4aYzYI5sUBdLvgPUAjwiWDXbUcTCL5eIMUbq6rR8p766gu59KHDanAnq177aFn1GZtIEzllwfrV7t5HtmTdfOsj95Sdj5xes7h5ETi4EsNBh05VtogPtl7GbEIN8lFh5B55-Ok7jNd7-N2RGvmIK4gnOaut2tojlPUVXkwSctfxG4wqNqlKDM6Kmpfn95hRgo-H9oboaQwxhRYs6SQ1kN8sjnD1QbISfy1sfKo3LQLn0UYnwrGxgzfvhNjkeAw
142.250.74.130 0 B URL pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230501&jk=534041771447106&bg=!XV6lXgrNAAYcDqajPA47ADkAdvg8WvCs2EeM66X_fbSiGQ4WIRdGv0Oz62-OaLdMAuTlp4byRTwqgfxy-m9WHNB4lKpNkMbjumECAAABE1IAAAALaAEHCgB4B8ibZPIiwBsanel4Ut20e_3r8Z7om5VUOJF1-kiZQKcMQOYasn3KiOBy67J6SNNrJ3wcHWM-KLS-OYvChaZzKBd4CGstcr-iKEj2lacvPzLb3GGPg5wJFY2UyaexXqaQHKIsjr5Tlm2gal2PPKM8EWBap5HovYpomQKMaxRTRe3iQbV38nlZpXkAQDEqFGttS06zZ97IBN39LShfZLuIfbvnUxZCNK3lHsATJd0I7vksBmPBZ-RuWivHPowW35Sd_RqLfPvMUvt0Hk1V-pblzU59L5RDcebzuiTQxg_pAbOZCRQfizGIKshS4M0PO6P-96VWaH9vr0nysSXNzv88ApK4pZXOab6J6KEkLPag4gCcfAQkhvBn3jtCc9m22Yf9DE0jYyhpZHOKPgbiUtiOkL17NwRNAX3ODRbctuP4dqt3lnUlYK-FBRRw8P7EcBx1OPGvGrwq4fViEoFLUCdn6XF716tldO-oBaeMQMQRW38ZORnU4LXn23YTOkHvRbcyxdHMq7eN-1HGjEb-rGZ0-aZgK81mr49vG_8XKiPwznQ-NqeYV0OGrp6BPdzHt_WQ7PJ1T6Zl63ZsWOe09kJsGl_cuoh2Cl6I0Scgmmo4OmNgoh7wnTQoW4RKKSHnBaF2u4lQ7O_vgu26zX1YdB6JjmpEo8_ZAakXc6zUPXaoSVpD-rqLSgdPAwxroFBZj2F7nbjovpeVjU2XCoWDT2N1cf4ZThxxVf0bgcUwGHq74Z48wBn6q3DdMM2kjBo4EzFaY2mgAax4Uw3F4aYzYI5sUBdLvgPUAjwiWDXbUcTCL5eIMUbq6rR8p766gu59KHDanAnq177aFn1GZtIEzllwfrV7t5HtmTdfOsj95Sdj5xes7h5ETi4EsNBh05VtogPtl7GbEIN8lFh5B55-Ok7jNd7-N2RGvmIK4gnOaut2tojlPUVXkwSctfxG4wqNqlKDM6Kmpfn95hRgo-H9oboaQwxhRYs6SQ1kN8sjnD1QbISfy1sfKo3LQLn0UYnwrGxgzfvhNjkeAw
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230501&jk=534041771447106&bg=!XV6lXgrNAAYcDqajPA47ADkAdvg8WvCs2EeM66X_fbSiGQ4WIRdGv0Oz62-OaLdMAuTlp4byRTwqgfxy-m9WHNB4lKpNkMbjumECAAABE1IAAAALaAEHCgB4B8ibZPIiwBsanel4Ut20e_3r8Z7om5VUOJF1-kiZQKcMQOYasn3KiOBy67J6SNNrJ3wcHWM-KLS-OYvChaZzKBd4CGstcr-iKEj2lacvPzLb3GGPg5wJFY2UyaexXqaQHKIsjr5Tlm2gal2PPKM8EWBap5HovYpomQKMaxRTRe3iQbV38nlZpXkAQDEqFGttS06zZ97IBN39LShfZLuIfbvnUxZCNK3lHsATJd0I7vksBmPBZ-RuWivHPowW35Sd_RqLfPvMUvt0Hk1V-pblzU59L5RDcebzuiTQxg_pAbOZCRQfizGIKshS4M0PO6P-96VWaH9vr0nysSXNzv88ApK4pZXOab6J6KEkLPag4gCcfAQkhvBn3jtCc9m22Yf9DE0jYyhpZHOKPgbiUtiOkL17NwRNAX3ODRbctuP4dqt3lnUlYK-FBRRw8P7EcBx1OPGvGrwq4fViEoFLUCdn6XF716tldO-oBaeMQMQRW38ZORnU4LXn23YTOkHvRbcyxdHMq7eN-1HGjEb-rGZ0-aZgK81mr49vG_8XKiPwznQ-NqeYV0OGrp6BPdzHt_WQ7PJ1T6Zl63ZsWOe09kJsGl_cuoh2Cl6I0Scgmmo4OmNgoh7wnTQoW4RKKSHnBaF2u4lQ7O_vgu26zX1YdB6JjmpEo8_ZAakXc6zUPXaoSVpD-rqLSgdPAwxroFBZj2F7nbjovpeVjU2XCoWDT2N1cf4ZThxxVf0bgcUwGHq74Z48wBn6q3DdMM2kjBo4EzFaY2mgAax4Uw3F4aYzYI5sUBdLvgPUAjwiWDXbUcTCL5eIMUbq6rR8p766gu59KHDanAnq177aFn1GZtIEzllwfrV7t5HtmTdfOsj95Sdj5xes7h5ETi4EsNBh05VtogPtl7GbEIN8lFh5B55-Ok7jNd7-N2RGvmIK4gnOaut2tojlPUVXkwSctfxG4wqNqlKDM6Kmpfn95hRgo-H9oboaQwxhRYs6SQ1kN8sjnD1QbISfy1sfKo3LQLn0UYnwrGxgzfvhNjkeAw HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 03 May 2023 11:38:21 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
c.statcounter.com/t.php?sc_project=12400007&u1=0CB0F501C6134FCA7308229EF5B07E06&java=1&security=bf9cbb67&sc_snum=3&sess=1aec61&p=0&rcat=r&rdomo=irugu.cogliatu.com&rdomg=0&jg=0&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=https%3A//irugu.cogliatu.com/&u=https%3A//www.yofaurls.com/webroot/bts/index.html&t=&invisible=1&sc_rum_e_s=18106&sc_rum_e_e=18113&sc_rum_f_s=0&sc_rum_f_e=17873&get_config=true
104.20.218.77 150 B URL c.statcounter.com/t.php?sc_project=12400007&u1=0CB0F501C6134FCA7308229EF5B07E06&java=1&security=bf9cbb67&sc_snum=3&sess=1aec61&p=0&rcat=r&rdomo=irugu.cogliatu.com&rdomg=0&jg=0&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=https%3A//irugu.cogliatu.com/&u=https%3A//www.yofaurls.com/webroot/bts/index.html&t=&invisible=1&sc_rum_e_s=18106&sc_rum_e_e=18113&sc_rum_f_s=0&sc_rum_f_e=17873&get_config=true
IP 104.20.218.77:0
File type JSON data\012- , ASCII text, with no line terminators
Hash beb8551f90f04070135b26f437cb8b93
b2a6140cd6cc0929abbc435d1deb90745e41e1f3
b7eb6efdef53a4ec06f9e8d44d9f3fcf6927d2199485a2e447a97de215b5bf89
GET /t.php?sc_project=12400007&u1=0CB0F501C6134FCA7308229EF5B07E06&java=1&security=bf9cbb67&sc_snum=3&sess=1aec61&p=0&rcat=r&rdomo=irugu.cogliatu.com&rdomg=0&jg=0&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=https%3A//irugu.cogliatu.com/&u=https%3A//www.yofaurls.com/webroot/bts/index.html&t=&invisible=1&sc_rum_e_s=18106&sc_rum_e_e=18113&sc_rum_f_s=0&sc_rum_f_e=17873&get_config=true HTTP/1.1
Host: c.statcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.yofaurls.com
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:21 GMT
content-type: application/json
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
expires: Mon, 26 Jul 1997 05:00:00 GMT
set-cookie: is_unique_2=sc12400007.1683113901.0; SameSite=None; Secure; Expires=Monday, 01-May-2028 07:38:21 -04; Path=/; Domain=.statcounter.com
is_visitor_unique=1683113901277469706; SameSite=None; Secure; Expires=Friday, 02-May-2025 07:38:21 -04; Path=/; Domain=.statcounter.com
access-control-allow-origin: https://www.yofaurls.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7c1837994ff6b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
api.adhitz.com/adjs.php?zoneid=22848&block=1&c=3&l=https%3A//mediacpm.pl/&r=https%3A//www.yofaurls.com/&s=&p=2371085330&cb=9064229306&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//www.yofaurls.com/
172.67.166.40 4.6 kB URL api.adhitz.com/adjs.php?zoneid=22848&block=1&c=3&l=https%3A//mediacpm.pl/&r=https%3A//www.yofaurls.com/&s=&p=2371085330&cb=9064229306&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//www.yofaurls.com/
IP 172.67.166.40:0
Hash 4e1d6c517f43e122bcce85db98a1ce9d
e51265a2a6c5eae692654a6d324c87c19c8293f1
2cdef1d628efdcb0905e22b19834265030acdd6df9740b98ba8cf98bc4264fb7
GET /adjs.php?zoneid=22848&block=1&c=3&l=https%3A//mediacpm.pl/&r=https%3A//www.yofaurls.com/&s=&p=2371085330&cb=9064229306&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//www.yofaurls.com/ HTTP/1.1
Host: api.adhitz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: api.adhitz.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:21 GMT
content-type: text/html; charset=UTF-8
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zQw7IeWgGy1AQ2RLlrPS7i%2Fe1pbEPIRTO5nhzfOuvMCbYxGrUSRyadri2ybpbtTKzc18Rig60QMac9mYVpa263NSuvMPXrADQUD%2B6uu5UiboH3HU%2BDW%2Ba3s2P2TyAoxjxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18379e6ea90b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pagead2.googlesyndication.com/bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js
142.250.74.130 15 kB URL pagead2.googlesyndication.com/bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (37039)
Hash 2bde309b63dec3e2ce422e693159c8a7
fb31528c108c285ac37b06f06b788aafe5cf9dfe
318070fbbe54c10318293e2f4418cfa70c1d0f65afa56086c1eadac8b62fe696
GET /bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 10:53:57 GMT
expires: Thu, 02 May 2024 10:53:57 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 25 Apr 2023 16:38:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 2665
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
syndication.realsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65cddlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hftrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fLsw47w8cuPTkw14a4.evRp11l3n3b89O3JzXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc5ZTNVPXPuamk1sNsxzNRZ8NcDczrrlOfDXA3GxK3BK8vOw85nw1uXuNWVwTSr1wSOZ8N3DjrgbbYrYaclrcpz5a4G2mKaYHKV6prKWnM.GuWapqmCevPhrglamelgrmXkmbcz4a63Kq15Jm3M.Gulx6CaVd5yaViRxeBvPnx6c.XTlrnpmvwXqrYrsqz28dcDc7FNcrlOfDW1BXgu85NKxI4vA3nz49OfLp01yuVsNWQV4Lz0zX4L14TuZ65XK2GrIK8F56Zr8F23KmqYJ64Jpc9bDbMczUS9rlOeuCSelyqqCaVdiONeCW1iOBtelxiqaWrPhrqsZ5Z8NdVjPPPhrqapgnrXrwncz11NUwT1rysSOZ66mqYJ617XKc9bNM11TlK9rlOfDXbTnw1wS1uUysR58Ncsy7tkrdWfDXA3S5VPNLVBa4vGxhNZXnw1wNyWR1wYzSuZ8NdlTlK7TE88Er2fHXZU5Su0xPPBK8u7S5RY5K1hnx6dOGtyRiCNeCqfPhrqapgnrXbcrYgjz7a6mqYJ617XKaoJpc.OtmymPPXbZZA3nx7eOfHjz88OPLhy6eOvfp26deXTuw2y2338664JHKq2JJ8.Pbxz48efnhx1tTTRQONTS1OS158Y
95.211.229.245 20 B URL syndication.realsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65cddlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hftrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fLsw47w8cuPTkw14a4.evRp11l3n3b89O3JzXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc5ZTNVPXPuamk1sNsxzNRZ8NcDczrrlOfDXA3GxK3BK8vOw85nw1uXuNWVwTSr1wSOZ8N3DjrgbbYrYaclrcpz5a4G2mKaYHKV6prKWnM.GuWapqmCevPhrglamelgrmXkmbcz4a63Kq15Jm3M.Gulx6CaVd5yaViRxeBvPnx6c.XTlrnpmvwXqrYrsqz28dcDc7FNcrlOfDW1BXgu85NKxI4vA3nz49OfLp01yuVsNWQV4Lz0zX4L14TuZ65XK2GrIK8F56Zr8F23KmqYJ64Jpc9bDbMczUS9rlOeuCSelyqqCaVdiONeCW1iOBtelxiqaWrPhrqsZ5Z8NdVjPPPhrqapgnrXrwncz11NUwT1rysSOZ66mqYJ617XKc9bNM11TlK9rlOfDXbTnw1wS1uUysR58Ncsy7tkrdWfDXA3S5VPNLVBa4vGxhNZXnw1wNyWR1wYzSuZ8NdlTlK7TE88Er2fHXZU5Su0xPPBK8u7S5RY5K1hnx6dOGtyRiCNeCqfPhrqapgnrXbcrYgjz7a6mqYJ617XKaoJpc.OtmymPPXbZZA3nx7eOfHjz88OPLhy6eOvfp26deXTuw2y2338664JHKq2JJ8.Pbxz48efnhx1tTTRQONTS1OS158Y
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65cddlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hftrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fLsw47w8cuPTkw14a4.evRp11l3n3b89O3JzXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc5ZTNVPXPuamk1sNsxzNRZ8NcDczrrlOfDXA3GxK3BK8vOw85nw1uXuNWVwTSr1wSOZ8N3DjrgbbYrYaclrcpz5a4G2mKaYHKV6prKWnM.GuWapqmCevPhrglamelgrmXkmbcz4a63Kq15Jm3M.Gulx6CaVd5yaViRxeBvPnx6c.XTlrnpmvwXqrYrsqz28dcDc7FNcrlOfDW1BXgu85NKxI4vA3nz49OfLp01yuVsNWQV4Lz0zX4L14TuZ65XK2GrIK8F56Zr8F23KmqYJ64Jpc9bDbMczUS9rlOeuCSelyqqCaVdiONeCW1iOBtelxiqaWrPhrqsZ5Z8NdVjPPPhrqapgnrXrwncz11NUwT1rysSOZ66mqYJ617XKc9bNM11TlK9rlOfDXbTnw1wS1uUysR58Ncsy7tkrdWfDXA3S5VPNLVBa4vGxhNZXnw1wNyWR1wYzSuZ8NdlTlK7TE88Er2fHXZU5Su0xPPBK8u7S5RY5K1hnx6dOGtyRiCNeCqfPhrqapgnrXbcrYgjz7a6mqYJ617XKaoJpc.OtmymPPXbZZA3nx7eOfHjz88OPLhy6eOvfp26deXTuw2y2338664JHKq2JJ8.Pbxz48efnhx1tTTRQONTS1OS158Y HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww3.eurosptp.com/
Connection: keep-alive
Cookie: impressions=bxaoccxansgxabseomrcbgxcceibxclolxcnxgxabseomrcbgxcceimrxccoscnogxabseobsbagxcceimrxccosenogxabseobsbmgxcceibxscllmanxgxabsessbregxcceibxscllacnxgxabsecxobsgxcceibxscllbcnxgxabsecreeegxcceibxscllrbnxgxabsecrxecgxcceibxscllbenxgxabserelmmgxcceimrmaobxansgxabseroxrmgxcceimaxecocbnxgxabserorscgxcceimxeemlebnxgxabserlrlagxcceibxscllmenxgxabseaellrgxcceimocbmmacnxgxabseambxegxcceisooloabsnxgxabseambxegxcceibxxxcslenxgxabseabamagxcceibxeslaocnxgxabseabamagxcceimbbcemoanxgxabsxelmocgxcceixaoosscrnxgxabsxxexbmgxcceimeelaclonxgxabsxxexbmgxcceimxeemleonxgxabsxxexbmgxcceixaoossalnxgxabsxxexbmgxcceibeoabmsanxgxabsxxexbmgxcceibxbmsebonxgxabsxxsbblgxcceibxbmsemcnxgxabsxxsblsgxcceibxbmsembnxgxabsxxsblmgxcce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:22 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin:
Access-Control-Allow-Credentials: true
Set-Cookie: impressions=bxaoccxansgxabseomrcbgxcceibxclolxcnxgxabseomrcbgxcceimrxccoscnogxabseobsbagxcceimrxccosenogxabseobsbmgxcceibxscllmanxgxabsessbregxcceibxscllacnxgxabsecxobsgxcceibxscllbcnxgxabsecreeegxcceibxscllrbnxgxabsecrxecgxcceibxscllbenxgxabserelmmgxcceimrmaobxansgxabseroxrmgxcceimaxecocbnxgxabserorscgxcceimxeemlebnxgxabserlrlagxcceibxscllmenxgxabseaellrgxcceimocbmmacnxgxabseambxegxcceisooloabsnxgxabseambxegxcceibxxxcslenxgxabseabamagxcceibxeslaocnxgxabseabamagxcceimbbcemoanxgxabsxelmocgxcceixaoosscrnxgxabsxxexbmgxcceimeelaclonxgxabsxxexbmgxcceimxeemleonxgxabsxxexbmgxcceixaoossalnxgxabsxxexbmgxcceibeoabmsanxgxabsxxexbmgxcceibxbmsebonxgxabsxxsbblgxcceibxbmsemcnxgxabsxxsblsgxcceibxbmsembnxgxabsxxsblmgxcceibxbmsemanxgxabsxxsleogxcce; expires=Thu, 04 May 2023 11:38:22 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=4214924253406339&rc=
142.250.74.130 0 B URL pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=4214924253406339&rc=
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=4214924253406339&rc= HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 03 May 2023 11:38:22 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ww3.good-trading.com/images/logo.png
188.114.96.1 7.8 kB URL ww3.good-trading.com/images/logo.png
IP 188.114.96.1:0
File type PNG image data, 228 x 75, 8-bit/color RGBA, non-interlaced\012- data
Hash 9c908bdd523d99b87f5c78a0f967558b
fc5553e0bdfaefcbf074920f27f2021fcc660eab
9ed55d1c02a973f42b56ee7bea32394cdf62984179b4e2b7b86ab2fdfe9e669f
GET /images/logo.png HTTP/1.1
Host: ww3.good-trading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww3.good-trading.com/
Alt-Used: ww3.good-trading.com
Connection: keep-alive
Cookie: goodtrading=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:22 GMT
content-type: image/png
content-length: 7752
last-modified: Fri, 25 Jun 2021 05:57:26 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:52:10 GMT
cf-cache-status: HIT
age: 72
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Tk35dVcjJ%2FSgMvb2vcmQ5WZ8ggUpdS49J%2BO1Y0iWJk6065hx2dNRSVc9Js7DR7QehoseGQ5FSzCf9UP2xk9frHfckJAACFx6lvxq2jAV%2ByDpr1pIZa8%2Bm8vGQgCz4FqXpxy8VuAdrw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837a4ab5cb51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/css/owl.carousel.css
104.21.234.95 22 kB URL mediacpm.pl/landing/css/owl.carousel.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (1134), with no line terminators
Hash 88bc4e2c7f33204a8a6212991efe54c1
df2416a9bd8e14a66e94183c3e5611fc9357e3bc
b8ab0135670f5458c4747ae0f0352476955375d9ca8925151c9d09d96039248e
GET /landing/css/owl.carousel.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:17 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=1464
etag: W/"62f4e4fe-5b8"
last-modified: Thu, 11 Aug 2022 11:16:14 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 875
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RlePhM8QCs36zRs8W6Z5H80UMkweK2zdXlNUpOGj3%2Fq893AOcDBTISQHcUzYzLvDhETtkPi1IgbKZLnKn5D04gPbDLWB3YAvPKfI8WKb5OQGqsbb4Nq%2F%2FBHlFS05lA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183780aede00a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
news24.media/ressources/img/united_kingdom.png
172.67.213.79 7.8 kB URL news24.media/ressources/img/united_kingdom.png
IP 172.67.213.79:0
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash 8896fbe5e15614860f1d0708927703f5
5e8bf1fcaeac0bcca65d31487602bd9ba5cfde92
3f186a6aeaf86993e8e80bfafd8ee3021035b7fe669b7eac587326cca75a18f4
GET /ressources/img/united_kingdom.png HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Alt-Used: news24.media
Connection: keep-alive
Cookie: __r=1.529cbbdf98e5848fe8883e1b80b99b4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:23 GMT
content-type: image/png
content-length: 7822
last-modified: Sat, 28 Aug 2021 22:22:04 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:48:20 GMT
cf-cache-status: HIT
age: 303
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FI7iVDuvzcrdNpfHY2W77qxaulZ%2BrjM2IV23qPA2SlwC2ZMDNbpY2BTIKY8wuX9%2Fz8WNIUS%2B%2BHSWxBm6o6WATkXktbIYCXdvSfpQObAGzbxK%2F8QkbAH3aLv9Kt3ly%2FE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837a6d85cb4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
news24.media/ressources/img/australia.png
172.67.213.79 6.7 kB URL news24.media/ressources/img/australia.png
IP 172.67.213.79:0
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash 8c52db34739491046cbf513122cb77fd
68214564f393223a70b70d4e1abccd752f1d627a
7b6166c1be3c420bb7016de6582416bee83fa4c8b29a4f6a97b1399a9b8f8ef8
GET /ressources/img/australia.png HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Alt-Used: news24.media
Connection: keep-alive
Cookie: __r=1.529cbbdf98e5848fe8883e1b80b99b4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:23 GMT
content-type: image/png
content-length: 6725
last-modified: Sat, 28 Aug 2021 22:22:03 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:45:34 GMT
cf-cache-status: HIT
age: 469
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fnJXpvygGkuwnD9bV8ivMePFN8mU4FK77YyP6cR3us8pUc0EvKJrAPDRHGGXU%2F9bLJS%2BOIawxgKPlOXxU%2Bi0k5E4P1q8dlhac8%2FYw%2B1FtYCv5XuOKUbjnSaIRF8srzA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837a6d862b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
news24.media/ressources/img/france.png
172.67.213.79 4.5 kB URL news24.media/ressources/img/france.png
IP 172.67.213.79:0
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash 314c36d7220b163b0670df31484929ef
040f7b278b8b8c6c43ce3f47b75440bac5783841
4c4c4c027acddc232583e36e6a803ba9b9d4bb13ebfc361d908fe7d7e235045b
GET /ressources/img/france.png HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Alt-Used: news24.media
Connection: keep-alive
Cookie: __r=1.529cbbdf98e5848fe8883e1b80b99b4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:23 GMT
content-type: image/png
content-length: 4450
last-modified: Sat, 28 Aug 2021 22:22:03 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:43:45 GMT
cf-cache-status: HIT
age: 578
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AHB8qDcvfv7sBxN3RcgpTN0D2tmmixCKHki8NWS10IVilMKlnf1bgjbrrndZpHdJn4kO%2BndiDjGUil8yLcnaAU7gqiRugcrqeyazJWkfC5zy1RHNIAaeVzkGqbwyLfk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837a6d868b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
news24.media/ressources/img/united_states.png
172.67.213.79 8.8 kB URL news24.media/ressources/img/united_states.png
IP 172.67.213.79:0
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash d7be2083b0822d5c046fc4b8568d1131
6d81cba00546836b083e0ab83e5ea494baecff10
5c733dd3d6aba174e0722e735916dbbc34d0dbbf26b8f471b6fb2949c90acb36
GET /ressources/img/united_states.png HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Alt-Used: news24.media
Connection: keep-alive
Cookie: __r=1.529cbbdf98e5848fe8883e1b80b99b4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:23 GMT
content-type: image/png
content-length: 8769
last-modified: Sat, 28 Aug 2021 22:22:04 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:43:45 GMT
cf-cache-status: HIT
age: 578
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jZJ7zKnJ7LQXtvmhbkpQESZcqhxIU3HOBkd%2FnbeaeIuUheCbSw3TV6TQseODXbxKLjCKwn%2BpN92MNc7oWNpWNNJwvhkWzeSKVf5N3084qvr3vGC4fofTacSTXG2Lyms%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837a6c83eb4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
news24.media/ressources/img/germany.png
172.67.213.79 3.2 kB URL news24.media/ressources/img/germany.png
IP 172.67.213.79:0
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash f1e39baf9515b06aa284e32fc5f0daed
43b8ddf0006a77f5f8872538f367c2e5ccfb3f81
680305d537ce0979b34786aa4c4b51737f8219d656bfef3df90b4284ecc5e1ae
GET /ressources/img/germany.png HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Alt-Used: news24.media
Connection: keep-alive
Cookie: __r=1.529cbbdf98e5848fe8883e1b80b99b4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:23 GMT
content-type: image/png
content-length: 3161
last-modified: Sat, 28 Aug 2021 22:22:03 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:45:34 GMT
cf-cache-status: HIT
age: 469
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8kijPrsw7glKkuGxcMdzlCR8KL6EUXZdOsEnNK1bduRs8JBquFPloqX46o6NtlLajq0EczhoJ%2BQxQeEB6BLjrS79TbflegPF3OXZ7mnOBIQ34%2BBDlK4AMF%2BkfQ3sbRQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837a6d86db4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
news24.media/ressources/img/spain.png
172.67.213.79 7.4 kB URL news24.media/ressources/img/spain.png
IP 172.67.213.79:0
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash 72ea937d0b128810cf9c4002de2d774f
d418bd34278034921bf461475058e414fa933850
99f65a451d25c952257bdc379d70301b4b5427a30f2de7214a23b4b54902cd2e
GET /ressources/img/spain.png HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Alt-Used: news24.media
Connection: keep-alive
Cookie: __r=1.529cbbdf98e5848fe8883e1b80b99b4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:23 GMT
content-type: image/png
content-length: 7392
last-modified: Sat, 28 Aug 2021 22:22:03 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:48:20 GMT
cf-cache-status: HIT
age: 303
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rsRZPKDqZUZuwhc6dB14cmNjHbgUWks6gV1S0ykPnQH8MHJfsCA%2BftZgc8fPB87%2FNRQHxPJRm9k7OBW9aT2jTX3B1vwpMiqzFko1GKIHWn8Xs7pdf62qhwzFBnAQuPI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837a6d873b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
news24.media/ressources/img/italy.png
172.67.213.79 4.6 kB URL news24.media/ressources/img/italy.png
IP 172.67.213.79:0
File type PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced\012- data
Hash fac5965697d7019a99e13c1b8c040991
c785480d3cfa56793dc352811a8ff2c3f71945cd
84eafd9ce88bec5f163103eb2bea0448caa805c212f8f7018a9746b665147f6a
GET /ressources/img/italy.png HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Alt-Used: news24.media
Connection: keep-alive
Cookie: __r=1.529cbbdf98e5848fe8883e1b80b99b4e
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:23 GMT
content-type: image/png
content-length: 4556
last-modified: Sat, 28 Aug 2021 22:22:03 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:45:34 GMT
cf-cache-status: HIT
age: 469
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GJKfs8N06pHhGWMOBYu4N49b1bR8rXGKUEbPJi6DyZrucBMEwuJ17SMPJ%2FqV%2FvojmhXBXtG%2BSxK9T2TAf4tABK40rNY4MZZLQankgpU%2BMdMLh%2BX8WJpV%2Buh0jxaTmvo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837a6d86fb4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
s4.histats.com/stats/0.php?2577526&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@m&@n0&@ohttps%3A%2F%2Fwww.yofaurls.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-3359592&@b3:1683113910&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fww3.eurosptp.com%2Fpage.php%3Fid%3D16760%26ban%26format%3D468x60&@w
149.56.240.129 66 B URL s4.histats.com/stats/0.php?2577526&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@m&@n0&@ohttps%3A%2F%2Fwww.yofaurls.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-3359592&@b3:1683113910&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fww3.eurosptp.com%2Fpage.php%3Fid%3D16760%26ban%26format%3D468x60&@w
IP 149.56.240.129:0
File type ASCII text, with no line terminators
Hash ee63e6b2ab59f6fb48c0ee0d95ea8eb9
66c8549ecf725b58e54fc55bd08ec834b7cc73fa
94b1b3c93685c1f96d896e138fcb5e21f3b62bb431e988cba593638d805eae7c
GET /stats/0.php?2577526&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@m&@n0&@ohttps%3A%2F%2Fwww.yofaurls.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-3359592&@b3:1683113910&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fww3.eurosptp.com%2Fpage.php%3Fid%3D16760%26ban%26format%3D468x60&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww3.eurosptp.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:23 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 66
Connection: close
pagead2.googlesyndication.com/bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js
142.250.74.130 15 kB URL pagead2.googlesyndication.com/bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (37039)
Hash 2bde309b63dec3e2ce422e693159c8a7
fb31528c108c285ac37b06f06b788aafe5cf9dfe
318070fbbe54c10318293e2f4418cfa70c1d0f65afa56086c1eadac8b62fe696
GET /bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 10:53:57 GMT
expires: Thu, 02 May 2024 10:53:57 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 25 Apr 2023 16:38:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 2666
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
admediatex.net/ads/images/300x250_45455454.gif
104.26.9.229 43 kB URL admediatex.net/ads/images/300x250_45455454.gif
IP 104.26.9.229:0
File type GIF image data, version 89a, 300 x 250\012- data
Hash 121ffe680e6653369c26f6cc50e6eb61
afb3b75bdd6d4d2e02d58c74a959dbe88cbb64fe
0a4d0a846e48bd2d8eeb944e876532ecb5c3e91084c914181c8ad36f51dfe6fa
GET /ads/images/300x250_45455454.gif HTTP/1.1
Host: admediatex.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://admediatex.net/ads/300x250.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:23 GMT
content-type: image/gif
content-length: 43207
cache-control: max-age=315360000
cf-bgj: imgq:100,h2pri
cf-polished: origSize=43247
etag: "63693ada-a8ef"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Mon, 07 Nov 2022 17:05:30 GMT
cf-cache-status: HIT
age: 1498
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c6LOMZ%2B9AVD1MWI56fKqLfKaYYvj18F76aysTy4gZMDQT7pIGQ0sRf6QK49zdl5fl8XuxgVGsIn29NRHD%2FatsR5ckKM2N5qtWr0OuFu0WYEHap%2BGkmZwJ7AKhtcwR5Mj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837a9bc860b4d-OSL
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=2533122763912008&rc=
142.250.74.130 0 B URL pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=2533122763912008&rc=
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=2533122763912008&rc= HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 03 May 2023 11:38:23 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
submitads4free.com/_tecoop_top.php?c=1380&p=0.5&n=
199.85.208.28 660 B URL submitads4free.com/_tecoop_top.php?c=1380&p=0.5&n=
IP 199.85.208.28:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (557)
Hash 1d2ed43f7c6acbfcb4a0b83c33fb51dc
b4bd89ffbcb274f85e51fbd2025eb850813146d3
bd5d7e47d5d9be89d53a3401a449012a372e30b8f4def6641efdac5589055796
GET /_tecoop_top.php?c=1380&p=0.5&n= HTTP/1.1
Host: submitads4free.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://submitads4free.com/tecoop.php?id=1380
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: frame
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:23 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 660
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
submitads4free.com/_tecoop_bottom.php?c=1380
199.85.208.28 336 B URL submitads4free.com/_tecoop_bottom.php?c=1380
IP 199.85.208.28:0
File type HTML document text\012- HTML document, ASCII text
Hash 46e29a06107704f4e051534a03951294
0783f80948026088680a757c67659cddd398142b
9a5ce87752fa8a3db3e104196fbb7079e2e3acb30cf17176ddd85883dbb2e0c4
GET /_tecoop_bottom.php?c=1380 HTTP/1.1
Host: submitads4free.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://submitads4free.com/tecoop.php?id=1380
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: frame
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:23 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 336
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
mediacpm.pl/landing/css/materialdesignicons.min.css
104.21.234.95 36 kB URL mediacpm.pl/landing/css/materialdesignicons.min.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 6776b411d2319947674207d3e97eebbd
855d1a21a2e7bd874e97ce8b8c87aa68edc09d0c
ba59e2d9f72ba78b2db77d07a5ebcc99ac9e0a57ffc73ad53178c0c835acc23c
GET /landing/css/materialdesignicons.min.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:17 GMT
content-type: text/css
last-modified: Thu, 11 Aug 2022 11:16:13 GMT
vary: Accept-Encoding
etag: W/"62f4e4fd-1e13f"
cache-control: max-age=86400
cf-cache-status: HIT
age: 160
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UEue8dH8siFw7JA%2BjZ4IUauUyUTOzc1t%2FhRbnx7JwAh0QuzUMaE%2FYsClcJN5ba0q3bTVqiLbf1hal7%2Fjj06LOBGEh0ZTkG0SFAKNrc8DkkT806c%2B7usXjmlvEhXMZw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183780aed800a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
fonts.gstatic.com/s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2
216.58.207.227200 OK 34 kB URL GET HTTP/2 fonts.gstatic.com/s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2
IP 216.58.207.227:443
File type Web Open Font Format (Version 2), TrueType, length 33868, version 1.0\012- data
Hash a55fefd02b25a2cb141efe2d17776d60
ba132269410be55bbd81032011d5904ceb33bc64
e5b4655e2fac9e5887dfc63e54a5ea312f8779ad2a4316765a690c5177ef1acc
GET /s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mediacpm.pl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33868
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 29 Apr 2023 07:44:30 GMT
expires: Sun, 28 Apr 2024 07:44:30 GMT
cache-control: public, max-age=31536000
age: 359634
last-modified: Wed, 08 Mar 2023 21:37:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2
216.58.207.227200 OK 34 kB URL GET HTTP/2 fonts.gstatic.com/s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2
IP 216.58.207.227:443
File type Web Open Font Format (Version 2), TrueType, length 33868, version 1.0\012- data
Hash a55fefd02b25a2cb141efe2d17776d60
ba132269410be55bbd81032011d5904ceb33bc64
e5b4655e2fac9e5887dfc63e54a5ea312f8779ad2a4316765a690c5177ef1acc
GET /s/rubik/v26/iJWKBXyIfDnIV7nBrXw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://mediacpm.pl
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 33868
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 29 Apr 2023 07:44:30 GMT
expires: Sun, 28 Apr 2024 07:44:30 GMT
cache-control: public, max-age=31536000
age: 359634
last-modified: Wed, 08 Mar 2023 21:37:56 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230501&jk=4214924253406339&bg=!zc6lzprNAAYcDqajPA47ADkAdvg8WnyiQXL5WW4u_uYixXLL9QIFinAk2cnowwcLx7bHZUbbdXEJw5bmSetI_87-MFbs3PdW8dgCAAAA3VIAAAAGaAEHCgDPwPn8SnNL7E4LyXWSOGsantrGSlVACb55nHs_ppiSBhmkJEufYHS16KGNcw2S7dcwk_JpkvyFqqAClchS2GGJrq_k9DVOSK_tMUHx8dF813UXXm2YZYdhV4-PogHPWu4qN5sggPSS5wh-F5JiWzO9PQQGeHgS0aAV6hNl7nCl9-mzWgyJu7S3Drm-RijOhL84mKrioPiQOdckE1fNQo7EbOH7-yNabLFrvZlE-Dc0sy1aMOncZAXqGnFXbEGBzkyC7B6ZxvHTchjyR1m68OmsmQJ4vRpUCZR6NeqlNwi7rs6-DFp9O_rs5rp6U5GqPFzSxdk3aYzUKlR_Knav5Lcy0lqFptU5MfeYMR2TXaKWpZpfMpHmiN69xqIukyOFFf-mLW44NT8KHRfffvKVKnJTJb6_6ev1Cdi2g9ezqq73WCTYo57feuyUFsnvLeKvTMgA2g-C7qeDGbV9sp2t6lV5OpavKot-AGJp2FBAZv7F18cgwxuab5wwXm-GrIJ_930O_f-F2tenBbzaPatqFqdUjoLwfSAJu7O7YM6o595sZNCBNvwj8nRlUEbU9bVGBn7R_I8iMBYZqogiy3wtqyRJYOQQWqiZefR8tpAxGaJOZJeYma8FylT2Fv87ixi_NM39kXp7Nd-SA0SPg1JGYkDYKF8eTWYiktRlIqdrUikYKYQweBeot1z-MYRiMfvbU3BWCEY-dJZDd0smN741LC4_RnWYhlzGtGDSY0gI11pRjkxr0c-3tkIO8wLNQXapoP8xvUDzqWcjEBQfkXBVEY2eDlSkgxmbMWnEm1e8LvgtJuziQ2MKfVTcP1BWm0ywOCHDcKw5vmudaYn7J07aENpuz2IwCsZaX_jKA_7v3CUncM04i5Sdn3FPQXVvQMEo5eV9XymGsmb_zn4iRhQNb_iOYXOIrjvLWV9BAOga-LpNWs4qSqGnvm9BgugNoEzbWKqszSAHsJHu-DFI4s0eBLN1Y927tU7gJNcuLx_FK7PncPj3gbIg3ZpFrRzPlRavBYrzjvoCWwhypBdpWPF5BWVGjySvdcQTnpUCmxAPnY_6zjZbE1pB1ewM-Cnm82VgPzhvuKJl4xPq8UmTYA3H4bOBMM40a5JjgOhD2yg
142.250.74.130 0 B URL pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230501&jk=4214924253406339&bg=!zc6lzprNAAYcDqajPA47ADkAdvg8WnyiQXL5WW4u_uYixXLL9QIFinAk2cnowwcLx7bHZUbbdXEJw5bmSetI_87-MFbs3PdW8dgCAAAA3VIAAAAGaAEHCgDPwPn8SnNL7E4LyXWSOGsantrGSlVACb55nHs_ppiSBhmkJEufYHS16KGNcw2S7dcwk_JpkvyFqqAClchS2GGJrq_k9DVOSK_tMUHx8dF813UXXm2YZYdhV4-PogHPWu4qN5sggPSS5wh-F5JiWzO9PQQGeHgS0aAV6hNl7nCl9-mzWgyJu7S3Drm-RijOhL84mKrioPiQOdckE1fNQo7EbOH7-yNabLFrvZlE-Dc0sy1aMOncZAXqGnFXbEGBzkyC7B6ZxvHTchjyR1m68OmsmQJ4vRpUCZR6NeqlNwi7rs6-DFp9O_rs5rp6U5GqPFzSxdk3aYzUKlR_Knav5Lcy0lqFptU5MfeYMR2TXaKWpZpfMpHmiN69xqIukyOFFf-mLW44NT8KHRfffvKVKnJTJb6_6ev1Cdi2g9ezqq73WCTYo57feuyUFsnvLeKvTMgA2g-C7qeDGbV9sp2t6lV5OpavKot-AGJp2FBAZv7F18cgwxuab5wwXm-GrIJ_930O_f-F2tenBbzaPatqFqdUjoLwfSAJu7O7YM6o595sZNCBNvwj8nRlUEbU9bVGBn7R_I8iMBYZqogiy3wtqyRJYOQQWqiZefR8tpAxGaJOZJeYma8FylT2Fv87ixi_NM39kXp7Nd-SA0SPg1JGYkDYKF8eTWYiktRlIqdrUikYKYQweBeot1z-MYRiMfvbU3BWCEY-dJZDd0smN741LC4_RnWYhlzGtGDSY0gI11pRjkxr0c-3tkIO8wLNQXapoP8xvUDzqWcjEBQfkXBVEY2eDlSkgxmbMWnEm1e8LvgtJuziQ2MKfVTcP1BWm0ywOCHDcKw5vmudaYn7J07aENpuz2IwCsZaX_jKA_7v3CUncM04i5Sdn3FPQXVvQMEo5eV9XymGsmb_zn4iRhQNb_iOYXOIrjvLWV9BAOga-LpNWs4qSqGnvm9BgugNoEzbWKqszSAHsJHu-DFI4s0eBLN1Y927tU7gJNcuLx_FK7PncPj3gbIg3ZpFrRzPlRavBYrzjvoCWwhypBdpWPF5BWVGjySvdcQTnpUCmxAPnY_6zjZbE1pB1ewM-Cnm82VgPzhvuKJl4xPq8UmTYA3H4bOBMM40a5JjgOhD2yg
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230501&jk=4214924253406339&bg=!zc6lzprNAAYcDqajPA47ADkAdvg8WnyiQXL5WW4u_uYixXLL9QIFinAk2cnowwcLx7bHZUbbdXEJw5bmSetI_87-MFbs3PdW8dgCAAAA3VIAAAAGaAEHCgDPwPn8SnNL7E4LyXWSOGsantrGSlVACb55nHs_ppiSBhmkJEufYHS16KGNcw2S7dcwk_JpkvyFqqAClchS2GGJrq_k9DVOSK_tMUHx8dF813UXXm2YZYdhV4-PogHPWu4qN5sggPSS5wh-F5JiWzO9PQQGeHgS0aAV6hNl7nCl9-mzWgyJu7S3Drm-RijOhL84mKrioPiQOdckE1fNQo7EbOH7-yNabLFrvZlE-Dc0sy1aMOncZAXqGnFXbEGBzkyC7B6ZxvHTchjyR1m68OmsmQJ4vRpUCZR6NeqlNwi7rs6-DFp9O_rs5rp6U5GqPFzSxdk3aYzUKlR_Knav5Lcy0lqFptU5MfeYMR2TXaKWpZpfMpHmiN69xqIukyOFFf-mLW44NT8KHRfffvKVKnJTJb6_6ev1Cdi2g9ezqq73WCTYo57feuyUFsnvLeKvTMgA2g-C7qeDGbV9sp2t6lV5OpavKot-AGJp2FBAZv7F18cgwxuab5wwXm-GrIJ_930O_f-F2tenBbzaPatqFqdUjoLwfSAJu7O7YM6o595sZNCBNvwj8nRlUEbU9bVGBn7R_I8iMBYZqogiy3wtqyRJYOQQWqiZefR8tpAxGaJOZJeYma8FylT2Fv87ixi_NM39kXp7Nd-SA0SPg1JGYkDYKF8eTWYiktRlIqdrUikYKYQweBeot1z-MYRiMfvbU3BWCEY-dJZDd0smN741LC4_RnWYhlzGtGDSY0gI11pRjkxr0c-3tkIO8wLNQXapoP8xvUDzqWcjEBQfkXBVEY2eDlSkgxmbMWnEm1e8LvgtJuziQ2MKfVTcP1BWm0ywOCHDcKw5vmudaYn7J07aENpuz2IwCsZaX_jKA_7v3CUncM04i5Sdn3FPQXVvQMEo5eV9XymGsmb_zn4iRhQNb_iOYXOIrjvLWV9BAOga-LpNWs4qSqGnvm9BgugNoEzbWKqszSAHsJHu-DFI4s0eBLN1Y927tU7gJNcuLx_FK7PncPj3gbIg3ZpFrRzPlRavBYrzjvoCWwhypBdpWPF5BWVGjySvdcQTnpUCmxAPnY_6zjZbE1pB1ewM-Cnm82VgPzhvuKJl4xPq8UmTYA3H4bOBMM40a5JjgOhD2yg HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 03 May 2023 11:38:24 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
xngqoc.com/cuclc?aid=16250486976235981953&t=1683113903&s=78
185.162.85.1 275 B URL xngqoc.com/cuclc?aid=16250486976235981953&t=1683113903&s=78
IP 185.162.85.1:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 324644a73e75b2cf463de24018330f35
9343b98a2168fb244c1db8d99a9fd93f58382c24
f04a798ded7f75403cbbf2b8718a0dc632ceca97a4671c08458ba4b8b5a18d26
GET /cuclc?aid=16250486976235981953&t=1683113903&s=78 HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Wed, 03 May 2023 11:38:24 GMT
content-type: text/html; charset=utf-8
content-length: 275
location: https://thale-gds.com/zcvisitor/02b7bec3-e9a7-11ed-aafb-0a47fb9902e5/faeea8e0-6f90-11ea-9454-0a71705c5345?campaignid=153d6600-b0e8-11ed-82e9-0a918cbcbb97
X-Firefox-Spdy: h2
xngqoc.com/er?a=1
185.162.85.1 0 B IP 185.162.85.1:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Phishing
GET /er?a=1 HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 03 May 2023 11:38:24 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2
submitads4free.com/_tecoop_center.php?i=1380
199.85.208.28 2.1 kB URL submitads4free.com/_tecoop_center.php?i=1380
IP 199.85.208.28:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, Unicode text, UTF-8 text, with very long lines (3055)
Hash 1764af636c9fce57db0567497c4bc5e6
e1d868a51120b860c407be46efa5a8454ee2df6b
8205c631ab2c76565be705c331ef5d5b608216fba0a2a47fc37bba94ae08c66d
GET /_tecoop_center.php?i=1380 HTTP/1.1
Host: submitads4free.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://submitads4free.com/tecoop.php?id=1380
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: frame
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:24 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 2079
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
static.a-ads.com/a-ads-banners/440071/728x90?region=eu-central-1
148.251.192.72 121 kB URL static.a-ads.com/a-ads-banners/440071/728x90?region=eu-central-1
IP 148.251.192.72:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 728 x 90\012- data
Size 121 kB (121059 bytes)
Hash ab13898afef27fafdb76b01ee407a243
7996efc34494294c95faf464a39bc0b3b684dfed
929fb26f16ad1198ec3be5436f744222c0f58ca4041fa458bf1de2700c045184
GET /a-ads-banners/440071/728x90?region=eu-central-1 HTTP/1.1
Host: static.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad.a-ads.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:24 GMT
content-type: image/gif
content-length: 121059
x-amz-id-2: P634cNh2KmcdSM7DQ2o9APnX/JL5gi3mBF6EY1sh2/e8AYe+EwBEZqHSNjdNEnnO88JfSt3QxCo=
x-amz-request-id: MB35RBTDHFX1QWT6
x-amz-replication-status: COMPLETED
last-modified: Tue, 21 Feb 2023 07:55:43 GMT
etag: "ab13898afef27fafdb76b01ee407a243"
x-amz-server-side-encryption: AES256
cache-control: max-age=315360000
x-amz-version-id: J_pmtu6moeMJHMYHtB31Ao3c1ZMxpNtr
expires: Thu, 31 Dec 2037 23:55:55 GMT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cryptobrowser.store/media/pb/632/c6b9be68834f4e3386e3ca5710d3868e.gif
188.114.97.1 336 kB URL cdn.cryptobrowser.store/media/pb/632/c6b9be68834f4e3386e3ca5710d3868e.gif
IP 188.114.97.1:0
File type GIF image data, version 89a, 728 x 90\012- data
Size 336 kB (335927 bytes)
Hash fc98832ed05da499d50af5e92dbfde1d
4c024d7efc17c697f7507711fcc3771ecdafdc46
0f5a2990a518aad988209b2b6bf4ead7e402f7e8d9436ed2139e5584a42c8316
GET /media/pb/632/c6b9be68834f4e3386e3ca5710d3868e.gif HTTP/1.1
Host: cdn.cryptobrowser.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cryptobrowser.store
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:24 GMT
content-type: image/gif
content-length: 335927
etag: "5dd7f05a-52037"
last-modified: Fri, 22 Nov 2019 14:27:38 GMT
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: HIT
age: 5994
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z5GXU9WtRO2fT9BzO36EfMhXB3A9Mx4Lr3yWQ%2FeLrLun27nweEWUfw2kludAs5%2BSNw4zqIWfpK54coCMzz2K1j90vaTgukkcoDZzhtV4VvpaQ46FRiTnct9BkW5wjxCP27sTWkKPAczIyg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837ae5a8c0afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
my.rtmark.net/img.gif?f=merge&userId=26e857151fe5455881f32733b9efd427
139.45.195.8 43 B URL my.rtmark.net/img.gif?f=merge&userId=26e857151fe5455881f32733b9efd427
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=26e857151fe5455881f32733b9efd427 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:24 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=26e857151fe5455881f32733b9efd427; expires=Thu, 02 May 2024 11:38:24 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
mediacpm.pl/landing/js/jquery.easing.min.js
104.21.234.95 337 kB URL mediacpm.pl/landing/js/jquery.easing.min.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (2532), with no line terminators
Size 337 kB (337093 bytes)
Hash bd414d5f62360eec082364f3cfef2d9a
da0a2d21c68425252a53dda5a1796422a1808502
b6fb0fa2ee0b45dbe173b4f20f8bf10d8cccc486e63132aebb0fad81ab579651
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/jquery.easing.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:29 GMT
vary: Accept-Encoding
etag: W/"62f4e50d-9e4"
cache-control: max-age=86400
cf-cache-status: HIT
age: 4735
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dO2yRPooTWWDAp3BoOCPLfsdnaDweIskYiRbLhqUFCn5wuhWwrfyRGHTloJFu6ejZbI2tjTuNfAR%2FIJq2207ot%2Bqc4cDucmHf2kMPGybv%2FX4z7tgnpz84d4%2FkE%2FpTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18374e5a4500a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
thenetwork18.net/direct.html
188.114.96.1 241 B URL thenetwork18.net/direct.html
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 7476d71b5cd148b5b33fb5ee202f75b2
26a24266e49f749f4fcb4ab239b4672d76dea1e3
05f7c4d40f13aa4ee1fe4d94d0180b970cb489c84f98ecbb1fe2b47d3c547846
GET /direct.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww3.good-trading.com/
Alt-Used: thenetwork18.net
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:22 GMT
content-type: text/html
vary: Accept-Encoding
x-iplb-request-id: A29EDEF8:7406_D5BA2113:0050_64523C7D_93B6:12F07
x-iplb-instance: 30877
cache-control: max-age=14400
cf-cache-status: HIT
age: 2865
last-modified: Wed, 03 May 2023 10:50:37 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4029DIe07vK9aLcheQmOayfizO8HP4%2FaptOfj4sZLVnnZsEZ8M5eu%2FkyPyTIFCQCa1xWKisi4xwNZAxyf%2FQQNJeRzkE5kcufS3jNxEgGLpARdORUiW6VoR7kONKcmafQWEYE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837a43d39fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ctrtraffic.me/mediam.html
188.114.97.1 176 B URL ctrtraffic.me/mediam.html
IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 5f6f02f1fed6027ddd58ef781fad658d
7aa03bca8c77dc1433fa7cbc21fa0ae40dbcf7b6
2c4722b89324141130fc5f55e9b7c851e0f74a5708c7c636129d66c8ef650da8
GET /mediam.html HTTP/1.1
Host: ctrtraffic.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: ctrtraffic.me
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:22 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 822
last-modified: Wed, 03 May 2023 11:24:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ygnPO7ank3Mo6jaKW928keMtd3RRqafU0vUrugSV73%2F1ZHlArEFPJdcSlbpVlEmx6H6thaI8CkTq4XCG3xB9VymS0jWGbqu5zo9tyA6jBHQL3OZbCFigdk6aZWvRwppF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837a43c11b4ed-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
syndication.realsrv.com/vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65cddlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hftrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fLsw47w8cuPTkw14a4.evRp11l3n3b89O3JzXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc5ZTNVPXPuamk1sNsxzNRZ8NcDczrrlOfDXA3GxK3BK8vOw85nw12wNuTLuWuS1563KaZqWpm3M9cDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58.PTny6ctc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.fHpz5dOmuVythqyCvBeema_BevCdzPXK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8NdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrckYgjXgqnz4a6mqYJ6123K2II8.2upqmCete1ymqCaXPjrtssgbz49vHPjx5.eHHlw8.ePHp06cu3Try6d2G2W_LrWuuCRyqtiSfPj28c.PHn54cdbU00UDjU0tTktefGA
95.211.229.245 20 B URL syndication.realsrv.com/vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65cddlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hftrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fLsw47w8cuPTkw14a4.evRp11l3n3b89O3JzXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc5ZTNVPXPuamk1sNsxzNRZ8NcDczrrlOfDXA3GxK3BK8vOw85nw12wNuTLuWuS1563KaZqWpm3M9cDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58.PTny6ctc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.fHpz5dOmuVythqyCvBeema_BevCdzPXK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8NdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrckYgjXgqnz4a6mqYJ6123K2II8.2upqmCete1ymqCaXPjrtssgbz49vHPjx5.eHHlw8.ePHp06cu3Try6d2G2W_LrWuuCRyqtiSfPj28c.PHn54cdbU00UDjU0tTktefGA
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65cddlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hftrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fLsw47w8cuPTkw14a4.evRp11l3n3b89O3JzXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc5ZTNVPXPuamk1sNsxzNRZ8NcDczrrlOfDXA3GxK3BK8vOw85nw12wNuTLuWuS1563KaZqWpm3M9cDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58.PTny6ctc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.fHpz5dOmuVythqyCvBeema_BevCdzPXK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8NdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrckYgjXgqnz4a6mqYJ6123K2II8.2upqmCete1ymqCaXPjrtssgbz49vHPjx5.eHHlw8.ePHp06cu3Try6d2G2W_LrWuuCRyqtiSfPj28c.PHn54cdbU00UDjU0tTktefGA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww3.eurosptp.com/
Connection: keep-alive
Cookie: impressions=bxaoccxansgxabseomrcbgxcceibxclolxcnxgxabseomrcbgxcceimrxccoscnogxabseobsbagxcceimrxccosenogxabseobsbmgxcceibxscllmanxgxabsessbregxcceibxscllacnxgxabsecxobsgxcceibxscllbcnxgxabsecreeegxcceibxscllrbnxgxabsecrxecgxcceibxscllbenxgxabserelmmgxcceimrmaobxansgxabseroxrmgxcceimaxecocbnxgxabserorscgxcceimxeemlebnxgxabserlrlagxcceibxscllmenxgxabseaellrgxcceimocbmmacnxgxabseambxegxcceisooloabsnxgxabseambxegxcceibxxxcslenxgxabseabamagxcceibxeslaocnxgxabseabamagxcceimbbcemoanxgxabsxelmocgxcceixaoosscrnxgxabsxxexbmgxcceimeelaclonxgxabsxxexbmgxcceimxeemleonxgxabsxxexbmgxcceixaoossalnxgxabsxxexbmgxcceibeoabmsanxgxabsxxexbmgxcceibxbmsebonxgxabsxxsbblgxcceibxbmsemcnxgxabsxxsblsgxcceibxbmsembnxgxabsxxsblmgxcceibxbmsemanxgxabsxxsleogxcce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:24 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin:
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
c.statcounter.com/t.php?sc_project=12400007&u1=0CB0F501C6134FCA7308229EF5B07E06&java=1&security=bf9cbb67&sc_snum=2&sess=1aec61&p=0&rcat=r&rdom=irugu.cogliatu.com&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=https%3A//irugu.cogliatu.com/&u=https%3A//www.yofaurls.com/webroot/bts/index.html&t=&invisible=1&pg=0&get_config=true
104.20.218.77 418 B URL c.statcounter.com/t.php?sc_project=12400007&u1=0CB0F501C6134FCA7308229EF5B07E06&java=1&security=bf9cbb67&sc_snum=2&sess=1aec61&p=0&rcat=r&rdom=irugu.cogliatu.com&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=https%3A//irugu.cogliatu.com/&u=https%3A//www.yofaurls.com/webroot/bts/index.html&t=&invisible=1&pg=0&get_config=true
IP 104.20.218.77:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 88f5edaab16df6a69be11a4ce6ee498d
343a4b1e434fe048dac5d911538d73c815c6af4b
3e62711a2b64294a331891a8da6f730ba73427f20dbd613e0ee58078c5293815
GET /t.php?sc_project=12400007&u1=0CB0F501C6134FCA7308229EF5B07E06&java=1&security=bf9cbb67&sc_snum=2&sess=1aec61&p=0&rcat=r&rdom=irugu.cogliatu.com&rdomg=new&bb=1&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1280&h=1024&camefrom=https%3A//irugu.cogliatu.com/&u=https%3A//www.yofaurls.com/webroot/bts/index.html&t=&invisible=1&pg=0&get_config=true HTTP/1.1
Host: c.statcounter.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.yofaurls.com
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:21 GMT
content-type: application/json
p3p: policyref="http://www.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
expires: Mon, 26 Jul 1997 05:00:00 GMT
set-cookie: is_unique_1=sc12400007.1683113901.0; SameSite=None; Secure; Expires=Monday, 01-May-2028 07:38:21 -04; Path=/; Domain=.statcounter.com
is_visitor_unique=1683113901131745121; SameSite=None; Secure; Expires=Friday, 02-May-2025 07:38:21 -04; Path=/; Domain=.statcounter.com
access-control-allow-origin: https://www.yofaurls.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7c1837994fe0b4ee-OSL
content-encoding: br
X-Firefox-Spdy: h2
tr.cryptobrowser.site/api/v2/an/bn/
185.173.160.143 0 B URL tr.cryptobrowser.site/api/v2/an/bn/
IP 185.173.160.143:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/an/bn/ HTTP/1.1
Host: tr.cryptobrowser.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=UTF-8
Content-Length: 83
Origin: https://get.cryptobrowser.site
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:24 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://get.cryptobrowser.site
vary: Origin, Accept-Encoding
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
mediacpm.pl/landing/css/pe-icon-7.css
104.21.234.95 200 kB URL mediacpm.pl/landing/css/pe-icon-7.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (9717)
Size 200 kB (199970 bytes)
Hash 4836f204de39d8a2824c9ddc2e4272e2
dad09a789c6aa77fc7f10fe7ce2d4862c2ea60e8
df81cbae4b92f0f124df63d5f6d0f17a120e3dd45cec31c6f80490541d36eeb6
GET /landing/css/pe-icon-7.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:17 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=14067
etag: W/"62f4e501-36f3"
last-modified: Thu, 11 Aug 2022 11:16:17 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 5937
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZDyaHnzfUEh5GQT0ugBafPC%2FZ5445qmFVCy5%2Fka7sVM8hwNa2DAodokvSNy5fP%2BdYs7TeqMpMvrm5ibjQ%2FRd3vo6IkCJsEsGMqN51pEwc11%2BHCXLwAlJ2eIXlKrD%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183780aeda00a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
fonts.googleapis.com/css?family=Noto+Sans:400,700|Rubik:400,500
142.250.74.74 4.7 kB URL fonts.googleapis.com/css?family=Noto+Sans:400,700|Rubik:400,500
IP 142.250.74.74:0
Hash 57aa06cd47eed0f212d6e2e37e8f55a3
b575c904a2bec19869c2c2379bb966efe9808543
cdf4530c9a813e40c92a8c55fec306f30a9510992575ee7a43223a49039673d6
GET /css?family=Noto+Sans:400,700|Rubik:400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: fonts.googleapis.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 03 May 2023 11:38:08 GMT
date: Wed, 03 May 2023 11:38:08 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227 48 kB URL fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 48412, version 1.0\012- data
Hash 31a8297826cdcea344698ff952694a7f
4fa1ee4c471d1c05e9141855eec5ee09b898d594
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ww3.good-trading.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 02 May 2023 17:29:43 GMT
expires: Wed, 01 May 2024 17:29:43 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:08:53 GMT
content-type: font/woff2
age: 65322
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
tr.cryptobrowser.site/api/v2/an/bn/
185.173.160.143 0 B URL tr.cryptobrowser.site/api/v2/an/bn/
IP 185.173.160.143:0
ASN #49981 WorldStream B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /api/v2/an/bn/ HTTP/1.1
Host: tr.cryptobrowser.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=UTF-8
Content-Length: 83
Origin: https://get.cryptobrowser.site
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:25 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin: https://get.cryptobrowser.site
vary: Origin, Accept-Encoding
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230501&jk=2533122763912008&bg=!KimlKX3NAAYcDqajPA47ADkAdvg8WlYhcqHyoSX3HWNtTpa__YMrPS-m9zZL62jmZPTW3_BOlkOsEQpfDs7tvAk89vR10NZHMy4CAAAAvVIAAAAIaAEHmQJ3SQoDjzwb37CfDiGnT5yU_5B2isiLIKji7GSL9QkjIe34NFCNXUVEEm6GLIwQSLPwtHWiw3J9fAXNh1fAVJZEfD4k1BqRrTP1tJzaYL_BxP_S8nM1Z_yvnSgeQg201F9F-4qo8zaL5YYDyrrFvY0UMrYvVTQzfRs0wzOWARGmyLzfhyrvxwaPW1zIMd5Z8jyLGBYbYV8qVir-qluJ0fiBDLUId1Roqh6LZQGHPqi3J3Tk1FWV0kFeonMAWuvL8Gs48nLCYPcwXCS71WRRnP2WRcUfpVkR97Qyzc73NpVEuGWJ7nwZXfYLDNvRRTKis9Ss7kgupKfDMqpUfJK_z8BOs2yXXrhkqJvSS6yhDbpERXayj8Sc49QSHya1BfADUmLsWFK57woPMOAoasdIuMmMPAQTaYuYLl1ZY2IS_jDQkaJrHN2ZQrmBz64HrFjs2Is4r7c6buc8pqT4mmK5BUEd62pgidEKquQ5LSDOqLGMsb5DzXRoY_10kTDUJqP2eWe6rgSNkSLAWCVflpx3lI4PdoILmUlc_3980jReWL17Hhk8YadtN1w78Ki56XRw2o0Lt-wsapDRqzYCarDrkR5pWRss9_jqTrhG5l8XD90uFo3-yj1xWI0olTuJvX1UArztBEeFhr2ICYvOnjmeFl0Gl-QSCdWK4Idgtjc_rUJOW_YTTtVkSp0YVET2ne_GHYemvuUrpbYdx_a4YdAN-5YQAiHyT0DQ1b88w8Q8JWHilpZInZx_aLPd6mv-BQ-O2FptWWCjCABJ_fvhimuSmGeQAbWKAj8pTUOMZehfQ5AlSULp6282EAfDUEsfrCUU_AUUWyuN1kByCw
142.250.74.130 0 B URL pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230501&jk=2533122763912008&bg=!KimlKX3NAAYcDqajPA47ADkAdvg8WlYhcqHyoSX3HWNtTpa__YMrPS-m9zZL62jmZPTW3_BOlkOsEQpfDs7tvAk89vR10NZHMy4CAAAAvVIAAAAIaAEHmQJ3SQoDjzwb37CfDiGnT5yU_5B2isiLIKji7GSL9QkjIe34NFCNXUVEEm6GLIwQSLPwtHWiw3J9fAXNh1fAVJZEfD4k1BqRrTP1tJzaYL_BxP_S8nM1Z_yvnSgeQg201F9F-4qo8zaL5YYDyrrFvY0UMrYvVTQzfRs0wzOWARGmyLzfhyrvxwaPW1zIMd5Z8jyLGBYbYV8qVir-qluJ0fiBDLUId1Roqh6LZQGHPqi3J3Tk1FWV0kFeonMAWuvL8Gs48nLCYPcwXCS71WRRnP2WRcUfpVkR97Qyzc73NpVEuGWJ7nwZXfYLDNvRRTKis9Ss7kgupKfDMqpUfJK_z8BOs2yXXrhkqJvSS6yhDbpERXayj8Sc49QSHya1BfADUmLsWFK57woPMOAoasdIuMmMPAQTaYuYLl1ZY2IS_jDQkaJrHN2ZQrmBz64HrFjs2Is4r7c6buc8pqT4mmK5BUEd62pgidEKquQ5LSDOqLGMsb5DzXRoY_10kTDUJqP2eWe6rgSNkSLAWCVflpx3lI4PdoILmUlc_3980jReWL17Hhk8YadtN1w78Ki56XRw2o0Lt-wsapDRqzYCarDrkR5pWRss9_jqTrhG5l8XD90uFo3-yj1xWI0olTuJvX1UArztBEeFhr2ICYvOnjmeFl0Gl-QSCdWK4Idgtjc_rUJOW_YTTtVkSp0YVET2ne_GHYemvuUrpbYdx_a4YdAN-5YQAiHyT0DQ1b88w8Q8JWHilpZInZx_aLPd6mv-BQ-O2FptWWCjCABJ_fvhimuSmGeQAbWKAj8pTUOMZehfQ5AlSULp6282EAfDUEsfrCUU_AUUWyuN1kByCw
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230501&jk=2533122763912008&bg=!KimlKX3NAAYcDqajPA47ADkAdvg8WlYhcqHyoSX3HWNtTpa__YMrPS-m9zZL62jmZPTW3_BOlkOsEQpfDs7tvAk89vR10NZHMy4CAAAAvVIAAAAIaAEHmQJ3SQoDjzwb37CfDiGnT5yU_5B2isiLIKji7GSL9QkjIe34NFCNXUVEEm6GLIwQSLPwtHWiw3J9fAXNh1fAVJZEfD4k1BqRrTP1tJzaYL_BxP_S8nM1Z_yvnSgeQg201F9F-4qo8zaL5YYDyrrFvY0UMrYvVTQzfRs0wzOWARGmyLzfhyrvxwaPW1zIMd5Z8jyLGBYbYV8qVir-qluJ0fiBDLUId1Roqh6LZQGHPqi3J3Tk1FWV0kFeonMAWuvL8Gs48nLCYPcwXCS71WRRnP2WRcUfpVkR97Qyzc73NpVEuGWJ7nwZXfYLDNvRRTKis9Ss7kgupKfDMqpUfJK_z8BOs2yXXrhkqJvSS6yhDbpERXayj8Sc49QSHya1BfADUmLsWFK57woPMOAoasdIuMmMPAQTaYuYLl1ZY2IS_jDQkaJrHN2ZQrmBz64HrFjs2Is4r7c6buc8pqT4mmK5BUEd62pgidEKquQ5LSDOqLGMsb5DzXRoY_10kTDUJqP2eWe6rgSNkSLAWCVflpx3lI4PdoILmUlc_3980jReWL17Hhk8YadtN1w78Ki56XRw2o0Lt-wsapDRqzYCarDrkR5pWRss9_jqTrhG5l8XD90uFo3-yj1xWI0olTuJvX1UArztBEeFhr2ICYvOnjmeFl0Gl-QSCdWK4Idgtjc_rUJOW_YTTtVkSp0YVET2ne_GHYemvuUrpbYdx_a4YdAN-5YQAiHyT0DQ1b88w8Q8JWHilpZInZx_aLPd6mv-BQ-O2FptWWCjCABJ_fvhimuSmGeQAbWKAj8pTUOMZehfQ5AlSULp6282EAfDUEsfrCUU_AUUWyuN1kByCw HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 03 May 2023 11:38:25 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
xngqoc.com/trt?a=1&t=854
185.162.85.1 0 B IP 185.162.85.1:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /trt?a=1&t=854 HTTP/1.1
Host: xngqoc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Wed, 03 May 2023 11:38:25 GMT
content-length: 0
access-control-allow-origin: *
access-control-allow-credentials: true
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?idzone=3981938
95.211.229.246 2.6 kB URL syndication.realsrv.com/splash.php?idzone=3981938
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1558)
Hash c61aa2579ce946216c81acb48b6e6da5
c34fa46ac6faf531d8c5a0e866e71c34555660e7
8edb63dae80385c770eb77caef4268838fcedd0b2f122f3e25eeb7552fc34b20
GET /splash.php?idzone=3981938 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww3.good-trading.com/
Origin: https://ww3.good-trading.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:25 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22645247b119be45.407929613050254733%22%3B%7D; expires=Fri, 02 May 2025 11:38:25 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C3981938%7C81873080%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cww3.good-trading.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 04 May 2023 11:38:25 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://ww3.good-trading.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
raheelads.com/bits-ads.php?type=3&&ids=13
188.114.96.1 4.0 kB URL raheelads.com/bits-ads.php?type=3&&ids=13
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2457)
Hash 3a6b7c1feb79f07f21f6dfc76324565e
6c0b60902dd16e2e4a9bdf371f9c68c4261b0aba
c5387c9411b8e8314683aedd0a6e1b1a2f42ccfcadcc5f9016848faf7a77d215
GET /bits-ads.php?type=3&&ids=13 HTTP/1.1
Host: raheelads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad2bitcoin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 403 Forbidden
date: Wed, 03 May 2023 11:38:20 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7I2LQ9vLrp2nFxm3x6flMwr5EBR2lKrC2uvaCxv4M5PlKUt7IA49kbADU2BcCMbMuprtlLXItDldIvn44PGE9kl6teu6O5eVdppVx7N24szRvPHkJJuIjEx7oEePnWsS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c183798f9f20b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css
104.17.25.14 4.2 kB URL cdnjs.cloudflare.com/ajax/libs/animate.css/4.1.1/animate.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (65348)
Hash eefc9abe5bc10d658a2393a70d052566
dd49deafcd3ebe1306cda0b843f2da265f8a90e1
6011c33e447455e96e1d4926b0e15ca399eb993163a8e5ee0c523947396d66c3
GET /ajax/libs/animate.css/4.1.1/animate.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://submitads4free.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:25 GMT
content-type: text/css; charset=utf-8
content-length: 4216
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5f5628a2-11846"
last-modified: Mon, 07 Sep 2020 12:33:38 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 498183
expires: Mon, 22 Apr 2024 11:38:25 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZjSiuY2%2BZUO%2BmwZMF9kIVsTTaebpaVcevNEXnDU0xrDC8B9TRe6tOwih0Ue2zXJ1%2B4mUllrRfvjsi8BeXBzwlDy4ul6Numjw1ad5iHcwbvzycMBlYbOEWesZzIHo7tfXULxQ9kWX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7c1837b34dc5b524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.clixvista.com/redirect?feed=536493&auth=cZSlEi&subid=clixvistaa&query=best+hot&url=clixvista.com
198.134.116.28 0 B URL xml.clixvista.com/redirect?feed=536493&auth=cZSlEi&subid=clixvistaa&query=best+hot&url=clixvista.com
IP 198.134.116.28:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=536493&auth=cZSlEi&subid=clixvistaa&query=best+hot&url=clixvista.com HTTP/1.1
Host: xml.clixvista.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:25 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
volnadsol.ru/?rdk=rk1
104.21.84.148 4.4 kB IP 104.21.84.148:0
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /?rdk=rk1 HTTP/1.1
Host: volnadsol.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
date: Wed, 03 May 2023 11:38:23 GMT
content-type: text/html; charset=UTF-8
location: http://volnadsol.ru/?rdk=rk1
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=crEbzEHI53s7gDIwIrmGLKQ3P4HoIxcGMn4EmEbQq37JGq82zUlfVHAvvI%2BQhgI4AWfxM%2BitJNpwnrIYAWlcf6BAD7PaqpSFrjQlPs8daW8hLBjDHGuktMoAi8dzXe0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837aa4b32b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
thale-gds.com/zcvisitor/02b7bec3-e9a7-11ed-aafb-0a47fb9902e5/faeea8e0-6f90-11ea-9454-0a71705c5345?campaignid=153d6600-b0e8-11ed-82e9-0a918cbcbb97
34.238.227.119 0 B URL thale-gds.com/zcvisitor/02b7bec3-e9a7-11ed-aafb-0a47fb9902e5/faeea8e0-6f90-11ea-9454-0a71705c5345?campaignid=153d6600-b0e8-11ed-82e9-0a918cbcbb97
IP 34.238.227.119:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /zcvisitor/02b7bec3-e9a7-11ed-aafb-0a47fb9902e5/faeea8e0-6f90-11ea-9454-0a71705c5345?campaignid=153d6600-b0e8-11ed-82e9-0a918cbcbb97 HTTP/1.1
Host: thale-gds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Wed, 03 May 2023 11:38:25 GMT
content-length: 0
location: https://5iukc.bemobtracks.com/go/3ea9af3d-c98e-44b6-9823-4315359cd7b9
cache-control: no-store, no-cache, pre-check=0, post-check=0
content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-content-security-policy: default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp: default-src 'self'; script-src 'self' 'unsafe-inline'
access-control-allow-origin: *
access-control-allow-methods: GET,POST,OPTIONS
access-control-allow-headers: X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
server: pHtjZwod
X-Firefox-Spdy: h2
thenetwork18.net/adf1.html
188.114.96.1 165 B URL thenetwork18.net/adf1.html
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 351b6e46dbbeddc39178d53e99f72afc
8ef4892ebf3183c276c9f63bdfd66fda3dcb216d
0a8345cfb377fe8559f349b95f5fba8fbe791336cdfb0b1efa8acf5592db6f9f
GET /adf1.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww3.good-trading.com/
Alt-Used: thenetwork18.net
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:22 GMT
content-type: text/html
vary: Accept-Encoding
x-iplb-request-id: A29EDEF2:59D4_D5BA2113:0050_64523C7D_7070:A784
x-iplb-instance: 30868
cache-control: max-age=14400
cf-cache-status: HIT
age: 2865
last-modified: Wed, 03 May 2023 10:50:37 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mB1OZnTzcYDotFeHbkLHzB2wVTZXukFmjBgd5rbb4IWLzxaK1lG3YGpHqF%2BrDEemD7y3JXiCZe61eJYG4HBO3HxuFPcLDgO7a09aScl5tCozU0d3M6tRUSPWNbB%2BNQ5JXSUT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837a49d83fac0-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
www.ad-good.com/clixvistaa.html
188.114.97.1 175 B URL www.ad-good.com/clixvistaa.html
IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash e5b1e306bbfd9067b560fa20f5523a73
4b84d168c254005be8c9b53090ee64f20e35d919
5a9edeeb4cc8032226e8df3c0f5ca80e3df1ecc7c7103458ca6394748df819ee
GET /clixvistaa.html HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: www.ad-good.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:22 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2502
last-modified: Wed, 03 May 2023 10:56:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yu9RNSun91OvhCQlrmOpYVN4POyvD5%2BZWHN69IpCmzr3SAd1yqw4k6Ru5tpg6dsAp%2FPidTbnfg23S6mzCcisARxLsttKtdpw32FHOu2A3Nydz5nkmuPO1viZlxGDc1JK3Kg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837a46b33b524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
syndication.realsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65dddlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hjhrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.bvHn2YZ5uMt8.TnJnv3b5Mc22ufHo736cO3XXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc9NM3trpYbgle3NTSa2G2Y5mos.GuBuZ11ynPhrgbjYlbgleXnYecz4a3L3GrK4JpV64JHM.G7hx1wNtsVsNOS1uU58tcDbTFNMDlK9U1lLTmfDXLNU1TBPXnw1wStTPSwVzLyTNuZ8NdblVa8kzbmfDXS49BNKu85NKxI4vA3nz49OfLpy1z0zX4L1VsV2VZ7eOuBudimuVynPhragrwXecmlYkcXgbz58enPl06a5XK2GrIK8F56Zr8F68J3M9crlbDVkFeC89M1.C7blTVME9cE0uethtmOZqJe1ynPXBJPS5VVBNKuxHGvBLaxHA2vS4xVNLVnw11WM8s.Guqxnnnw11NUwT1r14TuZ66mqYJ615WJHM9dTVME9a9rlOetmma6pyle1ynPhrtpz4a4Ja3KZWI8.GuWZd2yVurPhrgbpcqnmlqgtcXjYwmsrz4a4G5LI64MZpXM.GuypyldpieeCV7PjrsqcpXaYnngleXdpcosclawz49OnDW5IxBGvBVPnw11NUwT1rtuVsQR59tdTVME9a9rlNUE0ufHWzZTHnrtssgbz49vHPjx5.eHXj288_PXx579O3Try6d2ePFlrzw11wSOVVsST58e3jnx48_PDrrammigcamlqclrz4w-
95.211.229.245 20 B URL syndication.realsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65dddlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hjhrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.bvHn2YZ5uMt8.TnJnv3b5Mc22ufHo736cO3XXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc9NM3trpYbgle3NTSa2G2Y5mos.GuBuZ11ynPhrgbjYlbgleXnYecz4a3L3GrK4JpV64JHM.G7hx1wNtsVsNOS1uU58tcDbTFNMDlK9U1lLTmfDXLNU1TBPXnw1wStTPSwVzLyTNuZ8NdblVa8kzbmfDXS49BNKu85NKxI4vA3nz49OfLpy1z0zX4L1VsV2VZ7eOuBudimuVynPhragrwXecmlYkcXgbz58enPl06a5XK2GrIK8F56Zr8F68J3M9crlbDVkFeC89M1.C7blTVME9cE0uethtmOZqJe1ynPXBJPS5VVBNKuxHGvBLaxHA2vS4xVNLVnw11WM8s.Guqxnnnw11NUwT1r14TuZ66mqYJ615WJHM9dTVME9a9rlOetmma6pyle1ynPhrtpz4a4Ja3KZWI8.GuWZd2yVurPhrgbpcqnmlqgtcXjYwmsrz4a4G5LI64MZpXM.GuypyldpieeCV7PjrsqcpXaYnngleXdpcosclawz49OnDW5IxBGvBVPnw11NUwT1rtuVsQR59tdTVME9a9rlNUE0ufHWzZTHnrtssgbz49vHPjx5.eHXj288_PXx579O3Try6d2ePFlrzw11wSOVVsST58e3jnx48_PDrrammigcamlqclrz4w-
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65dddlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hjhrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.bvHn2YZ5uMt8.TnJnv3b5Mc22ufHo736cO3XXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc9NM3trpYbgle3NTSa2G2Y5mos.GuBuZ11ynPhrgbjYlbgleXnYecz4a3L3GrK4JpV64JHM.G7hx1wNtsVsNOS1uU58tcDbTFNMDlK9U1lLTmfDXLNU1TBPXnw1wStTPSwVzLyTNuZ8NdblVa8kzbmfDXS49BNKu85NKxI4vA3nz49OfLpy1z0zX4L1VsV2VZ7eOuBudimuVynPhragrwXecmlYkcXgbz58enPl06a5XK2GrIK8F56Zr8F68J3M9crlbDVkFeC89M1.C7blTVME9cE0uethtmOZqJe1ynPXBJPS5VVBNKuxHGvBLaxHA2vS4xVNLVnw11WM8s.Guqxnnnw11NUwT1r14TuZ66mqYJ615WJHM9dTVME9a9rlOetmma6pyle1ynPhrtpz4a4Ja3KZWI8.GuWZd2yVurPhrgbpcqnmlqgtcXjYwmsrz4a4G5LI64MZpXM.GuypyldpieeCV7PjrsqcpXaYnngleXdpcosclawz49OnDW5IxBGvBVPnw11NUwT1rtuVsQR59tdTVME9a9rlNUE0ufHWzZTHnrtssgbz49vHPjx5.eHXj288_PXx579O3Try6d2ePFlrzw11wSOVVsST58e3jnx48_PDrrammigcamlqclrz4w- HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww3.good-trading.com/
Connection: keep-alive
Cookie: impressions=bxaoccxansgxabseomrcbgxcceibxclolxcnxgxabseomrcbgxcceimrxccoscnogxabseobsbagxcceimrxccosenogxabseobsbmgxcceibxscllmanxgxabsessbregxcceibxscllacnxgxabsecxobsgxcceibxscllbcnxgxabsecreeegxcceibxscllrbnxgxabsecrxecgxcceibxscllbenxgxabserelmmgxcceimrmaobxansgxabseroxrmgxcceimaxecocbnxgxabserorscgxcceimxeemlebnxgxabserlrlagxcceibxscllmenxgxabseaellrgxcceimocbmmacnxgxabseambxegxcceisooloabsnxgxabseambxegxcceibxxxcslenxgxabseabamagxcceibxeslaocnxgxabseabamagxcceimbbcemoanxgxabsxelmocgxcceixaoosscrnxgxabsxxexbmgxcceimeelaclonxgxabsxxexbmgxcceimxeemleonxgxabsxxexbmgxcceixaoossalnxgxabsxxexbmgxcceibeoabmsanxgxabsxxexbmgxcceibxbmsebonxgxabsxxsbblgxcceibxbmsemcnxgxabsxxsblsgxcceibxbmsembnxgxabsxxsblmgxcceibxbmsemanxgxabsxxsleogxcce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:25 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin:
Access-Control-Allow-Credentials: true
Set-Cookie: impressions=bxaoccxansgxabseomrcbgxcceibxclolxcnxgxabseomrcbgxcceimrxccoscnogxabseobsbagxcceimrxccosenogxabseobsbmgxcceibxscllmanxgxabsessbregxcceibxscllacnxgxabsecxobsgxcceibxscllbcnxgxabsecreeegxcceibxscllrbnxgxabsecrxecgxcceibxscllbenxgxabserelmmgxcceimrmaobxansgxabseroxrmgxcceimaxecocbnxgxabserorscgxcceimxeemlebnxgxabserlrlagxcceibxscllmenxgxabseaellrgxcceimocbmmacnxgxabseambxegxcceisooloabsnxgxabseambxegxcceibxxxcslenxgxabseabamagxcceibxeslaocnxgxabseabamagxcceimbbcemoanxgxabsxelmocgxcceixaoosscrnxgxabsxxexbmgxcceimeelaclonxgxabsxxexbmgxcceimxeemleonxgxabsxxexbmgxcceixaoossalnxgxabsxxexbmgxcceibeoabmsanxgxabsxxexbmgxcceibxbmsebonxgxabsxxsbblgxcceibxbmsemcnxgxabsxxsblsgxcceibxbmsembnxgxabsxxsblmgxcceibxbmsemanxgxabsxxsleogxcceibxbmsebenxgxabsxxslergxcce; expires=Thu, 04 May 2023 11:38:25 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
redirect3.online/flurry2.html
104.21.92.126 160 B URL redirect3.online/flurry2.html
IP 104.21.92.126:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash c89635952650a259f74a1b006456f98b
2d706f088c9565fea4cf6aa9ae27946034c6ad6c
de10afdebe078222ec39d7936f62c5206f175da67bd5591d95b9228d0a022280
GET /flurry2.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: redirect3.online
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:22 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 1976
last-modified: Wed, 03 May 2023 11:05:26 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u1EBihpQSoMCj%2Bh8t6LEcsAmv1mXWazqFSKppDDvcbyZ9u9vynXV2IoV0V5U%2BRYrFeWGzfAy1dQUmD9YBjtYDASCnBupPyIXnMmYNgZm9FgznFuofFRNk%2FllXTD%2FQ%2Bd16%2BBK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837a43844b4fa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
www.ad-good.com/infinitya.html?1
188.114.97.1 178 B URL www.ad-good.com/infinitya.html?1
IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash db935bab56a49e1cc1b1625dc5d6fac6
2101ed4e2acc746d61a6903d46fdb2145e9c2c9a
a54218f14cf67fd4502561cf54c9ea00e493f3746a9db1db81c1939337aa46fa
GET /infinitya.html?1 HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: www.ad-good.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:22 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 7029
last-modified: Wed, 03 May 2023 09:41:13 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fttb0s41y%2B5x6NaWSLjfn2jU9hzMZMjyCitqL1Nx%2FhUnIOjKxqgHEdmdDfTOJFecJCVlNf3Cx3JIbHybhhfzVBGNc7zETNbL5n2mQs%2F8xUYR7K3Et806kC2pnSzIVmiE4nY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837a46b2ab524-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
api.adhitz.com/adjs.php?zoneid=27592&block=1&c=2&l=https%3A//mediacpm.pl/&r=https%3A//www.yofaurls.com/&s=&p=2371085330&cb=18945049859&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//www.yofaurls.com/
172.67.166.40 4.3 kB URL api.adhitz.com/adjs.php?zoneid=27592&block=1&c=2&l=https%3A//mediacpm.pl/&r=https%3A//www.yofaurls.com/&s=&p=2371085330&cb=18945049859&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//www.yofaurls.com/
IP 172.67.166.40:0
Hash 2938a2b4b5178fccb76019f625833195
a03c0ec2eba5d76eff855707be54bd9f8276378d
cb595a69bc962d11a34e3cbaf1df5994167922d1dfe7142f92db288c003fd8ae
GET /adjs.php?zoneid=27592&block=1&c=2&l=https%3A//mediacpm.pl/&r=https%3A//www.yofaurls.com/&s=&p=2371085330&cb=18945049859&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//www.yofaurls.com/ HTTP/1.1
Host: api.adhitz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: api.adhitz.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:20 GMT
content-type: text/html; charset=UTF-8
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DOmOcEmTWZ27G%2Fdt%2BwmKKgAW73M%2BULpwjg7smFFQ%2FOt3gFSFCSh2a%2FO6o8ShMMmu68lg4nu0sq0vjX67459M7KiOrDWCZj98bLN988HGIhatID3xcX3tNaz6bYAXfuew2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837961e4b0b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml.flurryad.com/redirect?feed=437634&auth=bmMqba&subid=flurry&query=flurry&url=flurryad.com
174.137.133.16 0 B URL xml.flurryad.com/redirect?feed=437634&auth=bmMqba&subid=flurry&query=flurry&url=flurryad.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=437634&auth=bmMqba&subid=flurry&query=flurry&url=flurryad.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:25 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
mediacpm.pl/landing/css/magnific-popup.css
104.21.234.95 1.6 kB URL mediacpm.pl/landing/css/magnific-popup.css
IP 104.21.234.95:0
File type ASCII text, with very long lines (5927), with no line terminators
Hash eceaf4f4ec316da76a46f9f2ee801e57
077fbbb6d4811c15ae0faf07ae9473531d6596be
0ca128452c38fef82910ee9b7737dece5db4582c5ac5d0554a7ca3c25c5e5cda
GET /landing/css/magnific-popup.css HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:17 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=8150
etag: W/"62f4e4fc-1fd6"
last-modified: Thu, 11 Aug 2022 11:16:12 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 6241
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VDRnAlF1GEyIDyAFKYpBFUeUJvyu3h1klxayIOi3yaoKKkPyqDbA8a8pfW%2Bx%2FUtYH6IVDr3JxUKUCuQspQ07B0iVsilIB8Onzmhqbme4zzxpOYIra9Vx3Sv5D8D4ow%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183780aed700a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
adhitzads.com/1037686
188.114.96.1 688 B IP 188.114.96.1:0
File type ASCII text, with very long lines (603)
Hash 3b9f7a464b5fa435affb4da0e4edbb1e
24ae53cce240f9749b160f4ae11ee17d20367293
bfd46af4998f5f1da9df8b3babc908ec8756015bb77a257ca6d4b8fed1c5c09f
GET /1037686 HTTP/1.1
Host: adhitzads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: adhitzads.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:21 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rlHzaofWjD66t%2F5oN43FP7Nidn8suVorc6mt8xROtGD5qbGTf60r5sVbGe0iINqqNPFyCN702Ppoa6lM8J97aIKVNjNeStUPDe8htBhnKnZGFsgkX6mDIF8Vk2Jh8%2Bt9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18379e6e7cb511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
api.adhitz.com/adjs.php?zoneid=27592&block=1&c=1&l=https%3A//mediacpm.pl/&r=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D160x600&s=&p=3760603919&cb=77306076251&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D160x600
172.67.166.40 4.3 kB URL api.adhitz.com/adjs.php?zoneid=27592&block=1&c=1&l=https%3A//mediacpm.pl/&r=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D160x600&s=&p=3760603919&cb=77306076251&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D160x600
IP 172.67.166.40:0
Hash 27127e7f435cc29ba0e33ad133972dae
749b7869ce47dde8e2a1f077997e2aedd5fc40a9
34a0c1597a956ca20dcaf2cd07e2d51ade62899716c80b18114cd2de488883a9
GET /adjs.php?zoneid=27592&block=1&c=1&l=https%3A//mediacpm.pl/&r=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D160x600&s=&p=3760603919&cb=77306076251&charset=UTF-8&loc=https%3A//mediacpm.pl/&referer=https%3A//mediacpm.pl/serve/show.php%3Fa%3D28957%26b%3D160x600 HTTP/1.1
Host: api.adhitz.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: api.adhitz.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:20 GMT
content-type: text/html; charset=UTF-8
pragma: no-cache
cache-control: no-cache, no-store, must-revalidate
expires: 0
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cPc6wb63AvjPcrrMThVSQSaqHja9OeJcppdlHZpqHr1Wh%2BD3oi4q%2F1gomUZuVhNLq49%2FrC4sJmt3YtflYeXP6tX3CDg7vwPOkb2WL6K%2FElKe1VVzgAzwm4FggraEYMsrCw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837967eb80b31-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml.clickmi.net/redirect?feed=487260&auth=AaB5ql&subid=clickmia&query=clickmia&url=clickmi.net
174.137.133.17 0 B URL xml.clickmi.net/redirect?feed=487260&auth=AaB5ql&subid=clickmia&query=clickmia&url=clickmi.net
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=487260&auth=AaB5ql&subid=clickmia&query=clickmia&url=clickmi.net HTTP/1.1
Host: xml.clickmi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:25 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
ww3.good-trading.com/?good-e
188.114.96.1 3.3 kB URL ww3.good-trading.com/?good-e
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with CRLF line terminators
Hash d8a029a88ae9536f4edaafe5ed8a08f6
7de9411cf307d02453726f1497723dfd3f28bd6a
68c378265f8f04e799ef9d36f6bd4bec6aa796b8889c484517949de50c595a71
Analyzer Verdict Alert fortinet Phishing
GET /?good-e HTTP/1.1
Host: ww3.good-trading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww3.eurosptp.com/
Connection: keep-alive
Cookie: goodtrading=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:21 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.3
expires: Sun, 01 Jan 2014 00:00:00 GMT
pragma: no-cache
cache-control: no-cache, must-revalidate
referrer-policy: origin
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MQ8HLYjaYfLZ4tnSTyAtM88RqHUQvVOyXOEsvmbbzDh5KrARoFvji0yVQYLXYkdRTNRWQXebNXLG9O41O12aiEZdAd3aRaj5mUFuKOhhJOh1GtR33VQbJN4SZNU45u%2BIaAov2te06g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18379c99150b61-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.infinity-info.com/redirect?feed=443250&auth=8SxGcE&subid=infinitygeo&query=best+deals&url=infinity-info.com
174.137.133.16 0 B URL xml.infinity-info.com/redirect?feed=443250&auth=8SxGcE&subid=infinitygeo&query=best+deals&url=infinity-info.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=443250&auth=8SxGcE&subid=infinitygeo&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:25 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.thenetwork18.com/redirect?feed=480553&auth=qvE9d3&subid=main&query=basket.com&url=basket.com
174.137.133.17 0 B URL xml.thenetwork18.com/redirect?feed=480553&auth=qvE9d3&subid=main&query=basket.com&url=basket.com
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=480553&auth=qvE9d3&subid=main&query=basket.com&url=basket.com HTTP/1.1
Host: xml.thenetwork18.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:25 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
fonts.googleapis.com/css?family=Oleo+Script:400|Open+Sans:300,300italic,600,600italic,800
142.250.74.74 924 B URL fonts.googleapis.com/css?family=Oleo+Script:400|Open+Sans:300,300italic,600,600italic,800
IP 142.250.74.74:0
Hash 077b6d1b81d07c8599f280f9d633976f
d4e880af65d0a08b6bb98e4e34a98e8b2e6e48d9
24400a7a6f71c6aeeb6752c71e72c61cc527059d8eae1a628e0e309ebe38ec6e
GET /css?family=Oleo+Script:400|Open+Sans:300,300italic,600,600italic,800 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: fonts.googleapis.com
Connection: keep-alive
Referer: https://ww3.good-trading.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 03 May 2023 11:38:24 GMT
date: Wed, 03 May 2023 11:38:24 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
mediacpm.pl/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
104.21.234.95200 OK 7.2 kB URL GET HTTP/3 mediacpm.pl/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP 104.21.234.95:443
Certificate IssuerCloudflare, Inc.
Subjectsni.cloudflaressl.com
Fingerprint87:94:78:81:9C:FA:BC:35:56:B7:0B:8D:A4:33:01:E2:C9:2D:F6:7F
ValidityTue, 07 Jun 2022 00:00:00 GMT - Tue, 06 Jun 2023 23:59:59 GMT
Hash 085ef55fd0b43875e63607d5f37677e0
f13191512fc32fd01aaaae7ab6b38f8643959160
df6b020daabeb0fb7aa18489e96ec00726d1e757f71b848a9c800daa8785a324
Analyzer Verdict Alert fortinet Phishing
GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: application/javascript
last-modified: Tue, 25 Apr 2023 11:29:10 GMT
etag: W/"6447b986-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2jd8gBysmc7vO2fmH3sW5eIs6n1jOoxbPnYyBXS4LzQ%2FxojoSejQVJL8U7xLkpzcU0ol9B6l2LsVIOmEfQmVIdBq7E%2FwN%2BE8oNYPkVl8O%2FUZoWe9yvFlkoxMSlLz2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18374e3a2b00a7-LHR
x-frame-options: DENY
x-content-type-options: nosniff
expires: Fri, 05 May 2023 11:38:09 GMT
cache-control: max-age=172800, public
content-encoding: gzip
cloudflare.com/cdn-cgi/trace
104.16.133.229 228 B URL cloudflare.com/cdn-cgi/trace
IP 104.16.133.229:0
Hash 01e9b876720a7a5b523d374d698f0583
560aa66ddde3f124f6d34aba54d451f506175c45
d89c57d013e499afaf112a37db6fa209d8c0f27f4bb17ac7b6e57105d050f4b6
GET /cdn-cgi/trace HTTP/1.1
Host: cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://news24.media/
Origin: https://news24.media
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:24 GMT
content-type: text/plain
access-control-allow-origin: *
server: cloudflare
cf-ray: 7c1837accae0b51d-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: no-cache
content-encoding: gzip
X-Firefox-Spdy: h2
www.votreimc.com/eximdigitalm.html
172.67.206.113 167 B URL www.votreimc.com/eximdigitalm.html
IP 172.67.206.113:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 5b62c4daca5eb68c13bd209c5e2c0171
d69bcc071d84edb2b9f6f9125a7a63dddde341c9
38b906ddf224686cc2e41acf49b6f6cbaecf4313682e502b3e79923c1114439c
GET /eximdigitalm.html HTTP/1.1
Host: www.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: www.votreimc.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:22 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 3550
last-modified: Wed, 03 May 2023 10:39:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BE7ZSg7L3%2FpLymOVBsBIcp72KlYIwbAVgsENuIK6Lqv4bEPR08vmCyHNh5fDmcHQ%2FtB%2Fp5YNloqn0ZoTW5b0XkVFlrfRV0GQwc94Bj4y87%2B2Ls%2FgWI4N%2F9dlX9mVKByEGNf0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837a43fa70b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
www.votreimc.com/eximdigitala.html
172.67.206.113 164 B URL www.votreimc.com/eximdigitala.html
IP 172.67.206.113:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash be84d06e56eca2425adb21dd593415f6
fddde744fabae9489ec4b97e08fb4e98c6ff4cd8
5b30e9e42c6870c9eb53ce98ed442470f9f6a8af3449c6c5cfaccfca716e7777
GET /eximdigitala.html HTTP/1.1
Host: www.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:10 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=14400
cf-cache-status: HIT
age: 3538
last-modified: Wed, 03 May 2023 10:39:12 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lR%2Bizovnvlw%2B7XCb4L8jeU482wJzeruL18dhPkjBahVpixE%2FPyz1zFcqQhjjpzcVYEG39YJ98ycUbZgwrlqKlEKimfuuX0%2Btz8rIV5jofGYYF2UAyg8eagbXVTIJgYs22kbt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837547a47b518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.227 48 kB URL fonts.gstatic.com/s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 48412, version 1.0\012- data
Hash 31a8297826cdcea344698ff952694a7f
4fa1ee4c471d1c05e9141855eec5ee09b898d594
7c7818c25a18e8a38553fcbcbc2ad0b5e964103a7d2e494f82815e3f70bf3fc5
GET /s/opensans/v35/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://ww3.good-trading.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 48412
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 02 May 2023 17:29:43 GMT
expires: Wed, 01 May 2024 17:29:43 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 02 May 2023 15:08:53 GMT
content-type: font/woff2
age: 65322
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ww3.good-trading.com/assets/webfonts/fa-solid-900.woff2
188.114.96.1 75 kB URL ww3.good-trading.com/assets/webfonts/fa-solid-900.woff2
IP 188.114.96.1:0
File type Web Open Font Format (Version 2), TrueType, length 75440, version 329.-1049\012- data
Hash b5cf8ae26748570d8fb95a47f46b69e1
07bed153d47f9129a944ee54dd72952deed074c8
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0
Analyzer Verdict Alert fortinet Phishing
GET /assets/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: ww3.good-trading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Alt-Used: ww3.good-trading.com
Connection: keep-alive
Referer: https://ww3.good-trading.com/assets/css/fontawesome-all.min.css
Cookie: goodtrading=1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:25 GMT
content-length: 75440
last-modified: Fri, 25 Jun 2021 05:57:20 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 1324
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2Fh1OB6m354%2FthAwyIUntbuoUzuptZulcKktwxPvV%2FoHRCqXbp8I0cb%2FYrcyIwrtlnR5y9O0rLGwGp7qmtMoI6wyf%2Bgk9acRv8nfd2CaKG3CHoke7pbKdRsGePYvyYX5nooIJ1HMTvA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837b86d08b51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl
142.250.74.130 122 kB URL pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl
IP 142.250.74.130:0
File type ASCII text, with very long lines (4452)
Size 122 kB (122071 bytes)
Hash ec33f476d5f019293f48aa65401152cc
01c773e757da8dc3e2131aa34cedc605125965a8
65a8c51f1d594e2c0a5aeaf26df4426d3b947fc3691e20390e42fda18096b6f1
GET /pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 03 May 2023 11:38:26 GMT
expires: Wed, 03 May 2023 11:38:26 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 8697188115127511493
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 122071
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
xml.rtbfactory.com/redirect?feed=538480&auth=oBN7ws&subid=rtb&query=rtb&url=rtbfactory.com
173.239.53.18 0 B URL xml.rtbfactory.com/redirect?feed=538480&auth=oBN7ws&subid=rtb&query=rtb&url=rtbfactory.com
IP 173.239.53.18:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=538480&auth=oBN7ws&subid=rtb&query=rtb&url=rtbfactory.com HTTP/1.1
Host: xml.rtbfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 03 May 2023 11:38:26 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://xml-click.afront.io/b2/l/c/redir?cid=20&eid=12656&n=efa5f6131b58d00d1707d756&nid=10013&sid=LJ8cDTWvsU9I8BjyvTW%2B%2Bzjm0lJFmukK2PGyh0bX7BMfv8DGPfOoOlsV09X1H6qE4MVq0C7qN9MEa%2BBTdHjNBUac3ONyPUcvPje01%2FfSkHxCjJUSQCigPTihnHlyZ2h6%2BOHYpCHfJTeO%2FJFhC%2BCL8%2B2crKJ1Vp7RmrTY%2FgiDz5dfmK%2FjvXRSZB28E%2FfsXXN0WFy1bwD0Qe8aymnou47T5waWmiok%2B78f%2F2w6bDIfDBtOSXjGmq4Y9pvN0m8xL6Hw8Vr4apXvhjzSojQ37Tu4SawthA3qe202KQtoK0oPGt4FtYS4f5Qr4k4moN1%2FoUYc%2FfE9hymGIBzGL2BzJn9Iil%2FzhTQThNNAIBP6PFVKYWRd82xuYmopkgiPZTV5mvYft14hOIm2UVPM99%2BT%2FlmMrCKaZnvvn1BUUZMWG%2BHI4xDBRRicMUZQ%2BzE%2BbAPqF77GdOrpovE5rUMpyXWzle6mPoUtszik4CfQPgIJdSeX9sprpyf6KmWGE5899k33RAlqii3%2BqkPwb%2Fa1ZMmG4Ji55n8KYj2M%2FOKkuc5ZcNsAWMDIU2U43D0IAh4K4j0%2F2dDDzuxA49IkIQnjCWC4nz9A3aPdmL4RNp%2FxW%2BtZoXVaaqT2FYjvne0ztIrIBvWRlOKZ3fEC9h2Rp8RZWQ0hSiDYVQ2VBauwX5LITgfBai5GTyv0aqeGg1Lw8T6qGQzNJgE2%2F9SPEwydytiLBaMWaCWSDiSmz8LRvv7mq0xTIPaoE9huiiuwzu2XAz3vX%2FJfd2NMWNwb9O%2Fp0JxN67DtTxwmeDZjNB6j5RzU4UqcvLq%2BBge9F8k4WwlGIQTVu7LMQPAKw3NMpS1tjRBDI9Nuwt71euO5IpJfQ4xUI4wSHl9WGRsAWv5sYfAQrgrvcj3Hx7IV3zLhJLSH9ASblHFoZ6F%2BwT8cJmEyczqnHwM8NWMMC8Jyz9VcvwHvNwXlJEd4q1osLWP3S%2Bi54uoDFRG8VwDkElL1c%2F7YCAaPL%2BCN0ghEnzXRAY4t%2F9H0%2Fkg7JQiJKuE%2BINHCbDW%2FzAETR%2FlyhpI7u7l2vT7tE9UOEZxWePBXg9Lx1yJZRSWoZGy%2BGXUel%2B8OXaeOM%2BDZfE%2Bq8yzD8YCsRGjfWgcrqhWAoB5n8oIMUa0y4Va1SV%2B8GWzygpY5LQlzv0E8lchJS2cixp2R5ZOBAavMLpdrZakE1TFtL%2BuMFHA%2Bz1e00iIYdEjIDOEBbcS1nUFN0bh%2F4OXbs7UyvKKbSo95iBdkp63V8l5Tbk090Ya0lXb%2F39tw%2BpRl6aGwJ8nVYRR5Xjl2qPil%2Flv8HgjHbBktRuaGz1om5yEpMdSUs5lEIgKILz2YoRKWcYJC0VufJ86vRYn5u5%2BcSsqP7LX2oMd9%2FImHrxWR%2FCTgEhqUOwXxngCkfZ0Vx6ATP5KsEXT%2BYlxNPSKwpXTNwqvVN5B5%2FrUSfNt%2F3M7c%2FzToOtT3kF2H7PBSWygCxoKiQKZof8KzaWbK8bl1JuzNFoLltbPE83b15amkmTT9rh7jHXZj4d5Z%2BhQHnQERg7mh5U3VhDt3Zwo9kT7x8THZs7xh9dg%2BZVrHRMWA9Zd2sNsry8DJrFNgAx0VtXgSkSQWlDdZrc4tcA5rArLWMELzFvRRfBReZo%2BVMVUAy1q9y5hR%2BGA4UBSoQG06TV%2FIkku6BBrFMJgR6GsGtgFuo6kX9fS8MOtoXJewUbeCta7aDzDREAPPEeWyxwwE%2FLZ6WacHUbZud2UbB6GhoWhbO%2F2ZUYpZgB5DsnEYAn6O2RiPJ7i8%2Bya94Ac84kTZ%2BIjreb1l%2F2RSfHxj58Va2dr4Z8G10OSDj0TEsDrOwyIZ%2FxPY7omkPxcLFGcsbsz%2BXzWECpnXUeESJ2nvfaV77e%2B6VVh%2BpbT1Ki9ci4MBxAeUeuzb9%2BVcV197H7c%2Bbd5BDJmnrvUiCbV0PV%2BO7bgc0eXGFnNsa9WE9kHoVrFvZnKnGAj2jqA6KvLDnns%2B4CNK8o24%2BD%2FkW%2Bai3%2FB1dU98VqZTkw&ts=1683113905&ttl=300&v=v5.7.6
Pragma: no-cache
22filexstarted22.com/rtb/r/?token=e92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&q=MediaCPM%20-%20Ad%20Network&cb=cbe92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&ref=https%3A%2F%2Fmediacpm.pl%2F&fp=&_uniq=8595440960344123&version=20210311132811&instance=main_LkKgCj43VUTR6ctPzEHlmb9ScUh
188.72.236.136 51 B URL 22filexstarted22.com/rtb/r/?token=e92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&q=MediaCPM%20-%20Ad%20Network&cb=cbe92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&ref=https%3A%2F%2Fmediacpm.pl%2F&fp=&_uniq=8595440960344123&version=20210311132811&instance=main_LkKgCj43VUTR6ctPzEHlmb9ScUh
IP 188.72.236.136:0
File type ASCII text, with no line terminators
Hash b8952524d976e657fa964321c1421c08
4c45c62b39e9e5c0da56d9259caa896b6b9e7224
2f124c41de09abfa0f1fb64a55c1211a79a9c7566d3e77c1ab5707fdc87a31f0
GET /rtb/r/?token=e92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&q=MediaCPM%20-%20Ad%20Network&cb=cbe92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&ref=https%3A%2F%2Fmediacpm.pl%2F&fp=&_uniq=8595440960344123&version=20210311132811&instance=main_LkKgCj43VUTR6ctPzEHlmb9ScUh HTTP/1.1
Host: 22filexstarted22.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 51
X-Firefox-Spdy: h2
22filexstarted22.com/rtb/r/?token=e92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&q=MediaCPM%20-%20Ad%20Network&cb=cbe92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&ref=https%3A%2F%2Fmediacpm.pl%2F&fp=&_uniq=2677144462344967&version=20210311132811&instance=upd1_1yRHa0B1869hdGmivWjAobtPqY2
188.72.236.136 51 B URL 22filexstarted22.com/rtb/r/?token=e92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&q=MediaCPM%20-%20Ad%20Network&cb=cbe92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&ref=https%3A%2F%2Fmediacpm.pl%2F&fp=&_uniq=2677144462344967&version=20210311132811&instance=upd1_1yRHa0B1869hdGmivWjAobtPqY2
IP 188.72.236.136:0
File type ASCII text, with no line terminators
Hash b8952524d976e657fa964321c1421c08
4c45c62b39e9e5c0da56d9259caa896b6b9e7224
2f124c41de09abfa0f1fb64a55c1211a79a9c7566d3e77c1ab5707fdc87a31f0
GET /rtb/r/?token=e92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&q=MediaCPM%20-%20Ad%20Network&cb=cbe92fa9a3bdde73b4d1c9244f33b81a8b9d803cea&ref=https%3A%2F%2Fmediacpm.pl%2F&fp=&_uniq=2677144462344967&version=20210311132811&instance=upd1_1yRHa0B1869hdGmivWjAobtPqY2 HTTP/1.1
Host: 22filexstarted22.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 51
X-Firefox-Spdy: h2
mediacpm.pl/landing/fonts/Pe-icon-7-stroke.woff?d7yf1v
104.21.234.95 59 kB URL mediacpm.pl/landing/fonts/Pe-icon-7-stroke.woff?d7yf1v
IP 104.21.234.95:0
File type Web Open Font Format, TrueType, length 58556, version 1.0\012- data
Hash b38ef310874bdd008ac14ef3db939032
7e544bb11b7655998db6f324c612f7ffbf0ab66e
6fb4217048f333e23e0fd0ba2ab05e05fd7500f86a5a80a7cf04a2f94b257bec
GET /landing/fonts/Pe-icon-7-stroke.woff?d7yf1v HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/landing/css/pe-icon-7.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:26 GMT
content-type: font/woff
content-length: 58556
last-modified: Thu, 11 Aug 2022 11:16:21 GMT
etag: "62f4e505-e4bc"
cache-control: max-age=86400
cf-cache-status: HIT
age: 13
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o%2B0MTLKSX9lf77cnolG6rLShYyS2Up8jT0u8r6V%2BwsH0bezj%2Bg1ZqK%2BScH2HEG1fOKZLWuAv1ivq4etPL45F%2Fm1BTiBC00SoLswAJfLNoHBOW3Z6MRb%2BbsSkDimQtw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837bad83200a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
adservice.google.no/adsid/integrator.js?domain=mediacpm.pl
142.250.74.130 100 B URL adservice.google.no/adsid/integrator.js?domain=mediacpm.pl
IP 142.250.74.130:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=mediacpm.pl HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 03 May 2023 11:38:26 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
adservice.google.com/adsid/integrator.js?domain=mediacpm.pl
142.250.74.34 100 B URL adservice.google.com/adsid/integrator.js?domain=mediacpm.pl
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=mediacpm.pl HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: adservice.google.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 03 May 2023 11:38:26 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
mediacpm.pl/landing/images/bg-cta-img.jpg
104.21.234.95 892 kB URL mediacpm.pl/landing/images/bg-cta-img.jpg
IP 104.21.234.95:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1920x1440, components 3\012- data
Size 892 kB (891932 bytes)
Hash d992935f2f5240a649ef642bcadb53e1
98a1768b9d4358444d2d6b420d8bcfb3d89f4c9b
4069c5a1213cf3e3da8a4c59a1c996690882f3756a18bb679a8e909e5380a973
GET /landing/images/bg-cta-img.jpg HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/landing/css/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:26 GMT
content-type: image/jpeg
content-length: 891932
last-modified: Thu, 11 Aug 2022 11:16:23 GMT
etag: "62f4e507-d9c1c"
cache-control: max-age=86400
cf-cache-status: HIT
age: 3810
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z90we%2FXQghgeLko3wA211n8%2Fr%2FNdNfXGB4%2Bd3o%2FcVkGjinQzgSi8ecLJuGcM4VyLeD894pMADnsLX5kV0wUvX8IUX1Z5rIQSS0deak%2Bvky6Kx1j%2B203sYjqWMI8l3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837bad82f00a7-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ocsp.sectigo.com/
172.64.155.188 471 B IP 172.64.155.188:0
Hash f19f9e98961ab71ba8bcec52c233ef0b
954a5cfde17bcd20cb7bdc7ece74e93a0c5fdbb4
f4f2c43247273a9c7b0b24c81eca1e6e4e87110dd360f0448e30db1fcb68c329
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:26 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 01 May 2023 17:21:58 GMT
Expires: Mon, 08 May 2023 17:21:57 GMT
Etag: "954a5cfde17bcd20cb7bdc7ece74e93a0c5fdbb4"
Cache-Control: max-age=452010,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c1837bc0c8eb505-OSL
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl
142.250.74.130 122 kB URL pagead2.googlesyndication.com/pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl
IP 142.250.74.130:0
File type ASCII text, with very long lines (4452)
Size 122 kB (122071 bytes)
Hash fdff5b5e066315072f638757a35ac59f
fc7a7f7f24f8f908bf512ba42f8f53cf7fb2a022
7f2a7b9f290506ba7f04a8c2e88e8c699e752c65775e59c754c5a1963f6b8eb1
GET /pagead/managed/js/adsense/m202304270101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-8992836176785619&plah=mediacpm.pl HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
date: Wed, 03 May 2023 11:38:26 GMT
expires: Wed, 03 May 2023 11:38:26 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: text/javascript; charset=UTF-8
etag: 6303578635817621492
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 122071
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
xml.adflyer.media/redirect?feed=474232&auth=yILiVK&subid=adfa&query=adfa&url=adflyer.media
174.137.133.17 0 B URL xml.adflyer.media/redirect?feed=474232&auth=yILiVK&subid=adfa&query=adfa&url=adflyer.media
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=474232&auth=yILiVK&subid=adfa&query=adfa&url=adflyer.media HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:26 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml-click.afront.io/b2/l/c/redir?cid=20&eid=12656&n=efa5f6131b58d00d1707d756&nid=10013&sid=LJ8cDTWvsU9I8BjyvTW%2B%2Bzjm0lJFmukK2PGyh0bX7BMfv8DGPfOoOlsV09X1H6qE4MVq0C7qN9MEa%2BBTdHjNBUac3ONyPUcvPje01%2FfSkHxCjJUSQCigPTihnHlyZ2h6%2BOHYpCHfJTeO%2FJFhC%2BCL8%2B2crKJ1Vp7RmrTY%2FgiDz5dfmK%2FjvXRSZB28E%2FfsXXN0WFy1bwD0Qe8aymnou47T5waWmiok%2B78f%2F2w6bDIfDBtOSXjGmq4Y9pvN0m8xL6Hw8Vr4apXvhjzSojQ37Tu4SawthA3qe202KQtoK0oPGt4FtYS4f5Qr4k4moN1%2FoUYc%2FfE9hymGIBzGL2BzJn9Iil%2FzhTQThNNAIBP6PFVKYWRd82xuYmopkgiPZTV5mvYft14hOIm2UVPM99%2BT%2FlmMrCKaZnvvn1BUUZMWG%2BHI4xDBRRicMUZQ%2BzE%2BbAPqF77GdOrpovE5rUMpyXWzle6mPoUtszik4CfQPgIJdSeX9sprpyf6KmWGE5899k33RAlqii3%2BqkPwb%2Fa1ZMmG4Ji55n8KYj2M%2FOKkuc5ZcNsAWMDIU2U43D0IAh4K4j0%2F2dDDzuxA49IkIQnjCWC4nz9A3aPdmL4RNp%2FxW%2BtZoXVaaqT2FYjvne0ztIrIBvWRlOKZ3fEC9h2Rp8RZWQ0hSiDYVQ2VBauwX5LITgfBai5GTyv0aqeGg1Lw8T6qGQzNJgE2%2F9SPEwydytiLBaMWaCWSDiSmz8LRvv7mq0xTIPaoE9huiiuwzu2XAz3vX%2FJfd2NMWNwb9O%2Fp0JxN67DtTxwmeDZjNB6j5RzU4UqcvLq%2BBge9F8k4WwlGIQTVu7LMQPAKw3NMpS1tjRBDI9Nuwt71euO5IpJfQ4xUI4wSHl9WGRsAWv5sYfAQrgrvcj3Hx7IV3zLhJLSH9ASblHFoZ6F%2BwT8cJmEyczqnHwM8NWMMC8Jyz9VcvwHvNwXlJEd4q1osLWP3S%2Bi54uoDFRG8VwDkElL1c%2F7YCAaPL%2BCN0ghEnzXRAY4t%2F9H0%2Fkg7JQiJKuE%2BINHCbDW%2FzAETR%2FlyhpI7u7l2vT7tE9UOEZxWePBXg9Lx1yJZRSWoZGy%2BGXUel%2B8OXaeOM%2BDZfE%2Bq8yzD8YCsRGjfWgcrqhWAoB5n8oIMUa0y4Va1SV%2B8GWzygpY5LQlzv0E8lchJS2cixp2R5ZOBAavMLpdrZakE1TFtL%2BuMFHA%2Bz1e00iIYdEjIDOEBbcS1nUFN0bh%2F4OXbs7UyvKKbSo95iBdkp63V8l5Tbk090Ya0lXb%2F39tw%2BpRl6aGwJ8nVYRR5Xjl2qPil%2Flv8HgjHbBktRuaGz1om5yEpMdSUs5lEIgKILz2YoRKWcYJC0VufJ86vRYn5u5%2BcSsqP7LX2oMd9%2FImHrxWR%2FCTgEhqUOwXxngCkfZ0Vx6ATP5KsEXT%2BYlxNPSKwpXTNwqvVN5B5%2FrUSfNt%2F3M7c%2FzToOtT3kF2H7PBSWygCxoKiQKZof8KzaWbK8bl1JuzNFoLltbPE83b15amkmTT9rh7jHXZj4d5Z%2BhQHnQERg7mh5U3VhDt3Zwo9kT7x8THZs7xh9dg%2BZVrHRMWA9Zd2sNsry8DJrFNgAx0VtXgSkSQWlDdZrc4tcA5rArLWMELzFvRRfBReZo%2BVMVUAy1q9y5hR%2BGA4UBSoQG06TV%2FIkku6BBrFMJgR6GsGtgFuo6kX9fS8MOtoXJewUbeCta7aDzDREAPPEeWyxwwE%2FLZ6WacHUbZud2UbB6GhoWhbO%2F2ZUYpZgB5DsnEYAn6O2RiPJ7i8%2Bya94Ac84kTZ%2BIjreb1l%2F2RSfHxj58Va2dr4Z8G10OSDj0TEsDrOwyIZ%2FxPY7omkPxcLFGcsbsz%2BXzWECpnXUeESJ2nvfaV77e%2B6VVh%2BpbT1Ki9ci4MBxAeUeuzb9%2BVcV197H7c%2Bbd5BDJmnrvUiCbV0PV%2BO7bgc0eXGFnNsa9WE9kHoVrFvZnKnGAj2jqA6KvLDnns%2B4CNK8o24%2BD%2FkW%2Bai3%2FB1dU98VqZTkw&ts=1683113905&ttl=300&v=v5.7.6
109.206.175.73 424 B URL xml-click.afront.io/b2/l/c/redir?cid=20&eid=12656&n=efa5f6131b58d00d1707d756&nid=10013&sid=LJ8cDTWvsU9I8BjyvTW%2B%2Bzjm0lJFmukK2PGyh0bX7BMfv8DGPfOoOlsV09X1H6qE4MVq0C7qN9MEa%2BBTdHjNBUac3ONyPUcvPje01%2FfSkHxCjJUSQCigPTihnHlyZ2h6%2BOHYpCHfJTeO%2FJFhC%2BCL8%2B2crKJ1Vp7RmrTY%2FgiDz5dfmK%2FjvXRSZB28E%2FfsXXN0WFy1bwD0Qe8aymnou47T5waWmiok%2B78f%2F2w6bDIfDBtOSXjGmq4Y9pvN0m8xL6Hw8Vr4apXvhjzSojQ37Tu4SawthA3qe202KQtoK0oPGt4FtYS4f5Qr4k4moN1%2FoUYc%2FfE9hymGIBzGL2BzJn9Iil%2FzhTQThNNAIBP6PFVKYWRd82xuYmopkgiPZTV5mvYft14hOIm2UVPM99%2BT%2FlmMrCKaZnvvn1BUUZMWG%2BHI4xDBRRicMUZQ%2BzE%2BbAPqF77GdOrpovE5rUMpyXWzle6mPoUtszik4CfQPgIJdSeX9sprpyf6KmWGE5899k33RAlqii3%2BqkPwb%2Fa1ZMmG4Ji55n8KYj2M%2FOKkuc5ZcNsAWMDIU2U43D0IAh4K4j0%2F2dDDzuxA49IkIQnjCWC4nz9A3aPdmL4RNp%2FxW%2BtZoXVaaqT2FYjvne0ztIrIBvWRlOKZ3fEC9h2Rp8RZWQ0hSiDYVQ2VBauwX5LITgfBai5GTyv0aqeGg1Lw8T6qGQzNJgE2%2F9SPEwydytiLBaMWaCWSDiSmz8LRvv7mq0xTIPaoE9huiiuwzu2XAz3vX%2FJfd2NMWNwb9O%2Fp0JxN67DtTxwmeDZjNB6j5RzU4UqcvLq%2BBge9F8k4WwlGIQTVu7LMQPAKw3NMpS1tjRBDI9Nuwt71euO5IpJfQ4xUI4wSHl9WGRsAWv5sYfAQrgrvcj3Hx7IV3zLhJLSH9ASblHFoZ6F%2BwT8cJmEyczqnHwM8NWMMC8Jyz9VcvwHvNwXlJEd4q1osLWP3S%2Bi54uoDFRG8VwDkElL1c%2F7YCAaPL%2BCN0ghEnzXRAY4t%2F9H0%2Fkg7JQiJKuE%2BINHCbDW%2FzAETR%2FlyhpI7u7l2vT7tE9UOEZxWePBXg9Lx1yJZRSWoZGy%2BGXUel%2B8OXaeOM%2BDZfE%2Bq8yzD8YCsRGjfWgcrqhWAoB5n8oIMUa0y4Va1SV%2B8GWzygpY5LQlzv0E8lchJS2cixp2R5ZOBAavMLpdrZakE1TFtL%2BuMFHA%2Bz1e00iIYdEjIDOEBbcS1nUFN0bh%2F4OXbs7UyvKKbSo95iBdkp63V8l5Tbk090Ya0lXb%2F39tw%2BpRl6aGwJ8nVYRR5Xjl2qPil%2Flv8HgjHbBktRuaGz1om5yEpMdSUs5lEIgKILz2YoRKWcYJC0VufJ86vRYn5u5%2BcSsqP7LX2oMd9%2FImHrxWR%2FCTgEhqUOwXxngCkfZ0Vx6ATP5KsEXT%2BYlxNPSKwpXTNwqvVN5B5%2FrUSfNt%2F3M7c%2FzToOtT3kF2H7PBSWygCxoKiQKZof8KzaWbK8bl1JuzNFoLltbPE83b15amkmTT9rh7jHXZj4d5Z%2BhQHnQERg7mh5U3VhDt3Zwo9kT7x8THZs7xh9dg%2BZVrHRMWA9Zd2sNsry8DJrFNgAx0VtXgSkSQWlDdZrc4tcA5rArLWMELzFvRRfBReZo%2BVMVUAy1q9y5hR%2BGA4UBSoQG06TV%2FIkku6BBrFMJgR6GsGtgFuo6kX9fS8MOtoXJewUbeCta7aDzDREAPPEeWyxwwE%2FLZ6WacHUbZud2UbB6GhoWhbO%2F2ZUYpZgB5DsnEYAn6O2RiPJ7i8%2Bya94Ac84kTZ%2BIjreb1l%2F2RSfHxj58Va2dr4Z8G10OSDj0TEsDrOwyIZ%2FxPY7omkPxcLFGcsbsz%2BXzWECpnXUeESJ2nvfaV77e%2B6VVh%2BpbT1Ki9ci4MBxAeUeuzb9%2BVcV197H7c%2Bbd5BDJmnrvUiCbV0PV%2BO7bgc0eXGFnNsa9WE9kHoVrFvZnKnGAj2jqA6KvLDnns%2B4CNK8o24%2BD%2FkW%2Bai3%2FB1dU98VqZTkw&ts=1683113905&ttl=300&v=v5.7.6
IP 109.206.175.73:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash e702614dc64e845fa554431825f20857
b746a0570fb539785d68a792936117788e82c5d2
d32725c93e517f284c3f91f4fb9bf62e15c15c3eaaac92c92a5f76732bba506d
GET /b2/l/c/redir?cid=20&eid=12656&n=efa5f6131b58d00d1707d756&nid=10013&sid=LJ8cDTWvsU9I8BjyvTW%2B%2Bzjm0lJFmukK2PGyh0bX7BMfv8DGPfOoOlsV09X1H6qE4MVq0C7qN9MEa%2BBTdHjNBUac3ONyPUcvPje01%2FfSkHxCjJUSQCigPTihnHlyZ2h6%2BOHYpCHfJTeO%2FJFhC%2BCL8%2B2crKJ1Vp7RmrTY%2FgiDz5dfmK%2FjvXRSZB28E%2FfsXXN0WFy1bwD0Qe8aymnou47T5waWmiok%2B78f%2F2w6bDIfDBtOSXjGmq4Y9pvN0m8xL6Hw8Vr4apXvhjzSojQ37Tu4SawthA3qe202KQtoK0oPGt4FtYS4f5Qr4k4moN1%2FoUYc%2FfE9hymGIBzGL2BzJn9Iil%2FzhTQThNNAIBP6PFVKYWRd82xuYmopkgiPZTV5mvYft14hOIm2UVPM99%2BT%2FlmMrCKaZnvvn1BUUZMWG%2BHI4xDBRRicMUZQ%2BzE%2BbAPqF77GdOrpovE5rUMpyXWzle6mPoUtszik4CfQPgIJdSeX9sprpyf6KmWGE5899k33RAlqii3%2BqkPwb%2Fa1ZMmG4Ji55n8KYj2M%2FOKkuc5ZcNsAWMDIU2U43D0IAh4K4j0%2F2dDDzuxA49IkIQnjCWC4nz9A3aPdmL4RNp%2FxW%2BtZoXVaaqT2FYjvne0ztIrIBvWRlOKZ3fEC9h2Rp8RZWQ0hSiDYVQ2VBauwX5LITgfBai5GTyv0aqeGg1Lw8T6qGQzNJgE2%2F9SPEwydytiLBaMWaCWSDiSmz8LRvv7mq0xTIPaoE9huiiuwzu2XAz3vX%2FJfd2NMWNwb9O%2Fp0JxN67DtTxwmeDZjNB6j5RzU4UqcvLq%2BBge9F8k4WwlGIQTVu7LMQPAKw3NMpS1tjRBDI9Nuwt71euO5IpJfQ4xUI4wSHl9WGRsAWv5sYfAQrgrvcj3Hx7IV3zLhJLSH9ASblHFoZ6F%2BwT8cJmEyczqnHwM8NWMMC8Jyz9VcvwHvNwXlJEd4q1osLWP3S%2Bi54uoDFRG8VwDkElL1c%2F7YCAaPL%2BCN0ghEnzXRAY4t%2F9H0%2Fkg7JQiJKuE%2BINHCbDW%2FzAETR%2FlyhpI7u7l2vT7tE9UOEZxWePBXg9Lx1yJZRSWoZGy%2BGXUel%2B8OXaeOM%2BDZfE%2Bq8yzD8YCsRGjfWgcrqhWAoB5n8oIMUa0y4Va1SV%2B8GWzygpY5LQlzv0E8lchJS2cixp2R5ZOBAavMLpdrZakE1TFtL%2BuMFHA%2Bz1e00iIYdEjIDOEBbcS1nUFN0bh%2F4OXbs7UyvKKbSo95iBdkp63V8l5Tbk090Ya0lXb%2F39tw%2BpRl6aGwJ8nVYRR5Xjl2qPil%2Flv8HgjHbBktRuaGz1om5yEpMdSUs5lEIgKILz2YoRKWcYJC0VufJ86vRYn5u5%2BcSsqP7LX2oMd9%2FImHrxWR%2FCTgEhqUOwXxngCkfZ0Vx6ATP5KsEXT%2BYlxNPSKwpXTNwqvVN5B5%2FrUSfNt%2F3M7c%2FzToOtT3kF2H7PBSWygCxoKiQKZof8KzaWbK8bl1JuzNFoLltbPE83b15amkmTT9rh7jHXZj4d5Z%2BhQHnQERg7mh5U3VhDt3Zwo9kT7x8THZs7xh9dg%2BZVrHRMWA9Zd2sNsry8DJrFNgAx0VtXgSkSQWlDdZrc4tcA5rArLWMELzFvRRfBReZo%2BVMVUAy1q9y5hR%2BGA4UBSoQG06TV%2FIkku6BBrFMJgR6GsGtgFuo6kX9fS8MOtoXJewUbeCta7aDzDREAPPEeWyxwwE%2FLZ6WacHUbZud2UbB6GhoWhbO%2F2ZUYpZgB5DsnEYAn6O2RiPJ7i8%2Bya94Ac84kTZ%2BIjreb1l%2F2RSfHxj58Va2dr4Z8G10OSDj0TEsDrOwyIZ%2FxPY7omkPxcLFGcsbsz%2BXzWECpnXUeESJ2nvfaV77e%2B6VVh%2BpbT1Ki9ci4MBxAeUeuzb9%2BVcV197H7c%2Bbd5BDJmnrvUiCbV0PV%2BO7bgc0eXGFnNsa9WE9kHoVrFvZnKnGAj2jqA6KvLDnns%2B4CNK8o24%2BD%2FkW%2Bai3%2FB1dU98VqZTkw&ts=1683113905&ttl=300&v=v5.7.6 HTTP/1.1
Host: xml-click.afront.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
server: dspclick-v3.8.6
date: Wed, 03 May 2023 11:38:25 GMT
content-type: text/html
content-length: 424
set-cookie: adcsid-c-3316885795nkDoaPYH=1; expires=Thu, 04 May 2023 11:38:26 GMT; path=/
cpm.media/serve/ads.php?a=844&b=300x250&random=51837317&referr=https%3A%2F%2Firugu.cogliatu.com%2F
172.67.198.162 908 B URL cpm.media/serve/ads.php?a=844&b=300x250&random=51837317&referr=https%3A%2F%2Firugu.cogliatu.com%2F
IP 172.67.198.162:0
Hash b0f6ca29f573a25e784bfee40ea57eba
25e42499a3ef61f6abdceef3371a0d454fe94630
59a44f3854c18ea4b7b1e88f9d7012a4b5ba0736a9ab2a15d25ee258cff2e773
GET /serve/ads.php?a=844&b=300x250&random=51837317&referr=https%3A%2F%2Firugu.cogliatu.com%2F HTTP/1.1
Host: cpm.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cpm.media
Connection: keep-alive
Referer: https://www.yofaurls.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:07 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jfAyBuseAjYavBpBBsxi2KvNvt1p9oiJnk8Rxp0GcGR4CNmzmuG1wDnBl0AmYoyQQRKcPdsFbOKyPV9USe%2Bw98CoZs%2FGMJLDNuaXC3Q7lh4VSYyKmZD12tmfx7Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183745e8d9fab4-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
s4.histats.com/stats/0.php?4563544&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@mGood%20Trading%20%3A%20Les%20meilleurs%20sites%20de%20trading%20!&@n0&@ohttps%3A%2F%2Fww3.eurosptp.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-106257295&@b3:1683113913&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fww3.good-trading.com%2F%3Fgood-e&@w
149.56.240.129 54 B URL s4.histats.com/stats/0.php?4563544&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@mGood%20Trading%20%3A%20Les%20meilleurs%20sites%20de%20trading%20!&@n0&@ohttps%3A%2F%2Fww3.eurosptp.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-106257295&@b3:1683113913&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fww3.good-trading.com%2F%3Fgood-e&@w
IP 149.56.240.129:0
File type ASCII text, with no line terminators
Hash 89d4f1b11baa2636cd5491ac6123af3e
0e7c54a7d9276ede864c3031d89862204bb2a402
90de9404c0c1b66064f1174f8d47d28f7f35b837c7449f2f7ca8359812a0f16d
GET /stats/0.php?4563544&@f16&@g1&@h0&@i0&@j0&@k0&@l0&@mGood%20Trading%20%3A%20Les%20meilleurs%20sites%20de%20trading%20!&@n0&@ohttps%3A%2F%2Fww3.eurosptp.com%2F&@q0&@r0&@s0&@ten-US&@u1280&@b1:-106257295&@b3:1683113913&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fww3.good-trading.com%2F%3Fgood-e&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww3.good-trading.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:26 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 54
Connection: close
xml.flurryad.com/redirect?feed=480556&auth=7VgrMJ&subid=flurryad1&query=flurryad1&url=flurryad.com
174.137.133.16 0 B URL xml.flurryad.com/redirect?feed=480556&auth=7VgrMJ&subid=flurryad1&query=flurryad1&url=flurryad.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=480556&auth=7VgrMJ&subid=flurryad1&query=flurryad1&url=flurryad.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:26 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
raheelads.com/bits-ads.php?type=2&&ids=13
188.114.96.1 4.1 kB URL raheelads.com/bits-ads.php?type=2&&ids=13
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2479)
Hash 4310591dd0defadac9b3e9accb15efb7
a7629544773bf87c4fcbc81837664446ce6b80bb
d946706271b9f6b8228d0eff4f8800dc7279279b4c2c1dffc44c3081f16a3f7a
GET /bits-ads.php?type=2&&ids=13 HTTP/1.1
Host: raheelads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad2bitcoin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 403 Forbidden
date: Wed, 03 May 2023 11:38:20 GMT
content-type: text/html; charset=UTF-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
permissions-policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SZxsNASsRz%2FHPqsQxY%2F8RYPP7Q%2F%2FdghV%2BUd1p97XhMBKs9oAf6o0qmpgnRykNw60DW1jYbdxpvQDxkMnUDHXBmObMFt3UBSXdw%2FA8Q4fBhVvFtfTFONsHn%2FrbrUoE%2FcQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c18379909ff0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.adflyer.media/redirect?feed=474231&auth=YyannI&subid=adf&query=adf&url=adflyer.media
174.137.133.17 0 B URL xml.adflyer.media/redirect?feed=474231&auth=YyannI&subid=adf&query=adf&url=adflyer.media
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=474231&auth=YyannI&subid=adf&query=adf&url=adflyer.media HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:26 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230501&st=env
142.250.74.130 11 kB URL pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230501&st=env
IP 142.250.74.130:0
File type JSON data\012- , ASCII text, with very long lines (14719), with no line terminators
Hash f2ef3822e8fe386fab7b19fda1933810
1774f94b60085be1168817ef3db9629c2940171e
aaa6a93cad49db08d1858bb95354748daf404763d1735cdd45d474690917217f
GET /getconfig/sodar?sv=200&tid=gda&tv=r20230501&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Wed, 03 May 2023 11:38:26 GMT
server: cafe
content-length: 11110
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
mediacpm.pl/landing/js/scrollspy.min.js
104.21.234.95 891 B URL mediacpm.pl/landing/js/scrollspy.min.js
IP 104.21.234.95:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (1310), with no line terminators
Hash 0fd631a83049af3bf892cdc86a6e4561
5d9523cf4fea54adee70b9701754f08dbd0365b8
804dcfdf090ab89757c2b90122549ce1a56867492950944e08e3d574e4ed03d9
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/scrollspy.min.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:09 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 11:16:27 GMT
vary: Accept-Encoding
etag: W/"62f4e50b-521"
cache-control: max-age=86400
cf-cache-status: HIT
age: 1946
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rQUfo2QFjMfl0nWQTb257YZZtGTQBAVqIi%2B1lqzCVsqoSmiYS4HwKZn0j9cfNC%2BdQOwDWI728UHhXijEPzuWcWfk9svmAdBb5jE9mV3xBwdywnSWLEAAUZjLsq2p%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18374e5a5800a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.cryptobrowser.store/media/pb/37/8a240792be7248d88f32c50a54c5c29b.jpg
188.114.97.1 21 kB URL cdn.cryptobrowser.store/media/pb/37/8a240792be7248d88f32c50a54c5c29b.jpg
IP 188.114.97.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], progressive, precision 8, 728x90, components 3\012- data
Hash 50323e6039cb8cadda8c209704202ad8
4234c94d33f0a4e511ee65883b11ddd33b60f647
a288841738c3d4e6d46e522b0e256b9d80a73b69ee6011f3aeb1cc43031bc347
GET /media/pb/37/8a240792be7248d88f32c50a54c5c29b.jpg HTTP/1.1
Host: cdn.cryptobrowser.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cryptobrowser.store
Connection: keep-alive
Referer: https://cryptotabbrowser.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:26 GMT
content-type: image/jpeg
content-length: 20795
etag: "5dd7eff2-513b"
last-modified: Fri, 22 Nov 2019 14:25:54 GMT
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ey7Dqs0Fx5qY9rbP9g8Sfq2h7QdcFKpgMXeweSzJQIOB3BW7KBARzcIFMLemxnq7Tab%2FhLpFjWpKV6VONZJD8bHigelqaWnjb51%2BT9SwNkFSjSkzU%2FR%2BZu3%2Bs9yst0wK%2Fp7zwMh5Ws5ImA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837bc38820afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cdn.cryptobrowser.store/media/pb/381/021a401c57894f1197788c46a976d552.jpg
188.114.97.1 20 kB URL cdn.cryptobrowser.store/media/pb/381/021a401c57894f1197788c46a976d552.jpg
IP 188.114.97.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], progressive, precision 8, 728x90, components 3\012- data
Hash c0fc0f4c90f1c7e908b6a345c04a2a09
1037d5b32f5223ea2cd99b31323623b1e356f171
65393567a69a6fc850f0636abefc29debbd3924582c8d9700088ce75c4802362
GET /media/pb/381/021a401c57894f1197788c46a976d552.jpg HTTP/1.1
Host: cdn.cryptobrowser.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cryptobrowser.store
Connection: keep-alive
Referer: https://cryptotabbrowser.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:26 GMT
content-type: image/jpeg
content-length: 19837
etag: "5dd7f05a-4d7d"
last-modified: Fri, 22 Nov 2019 14:27:38 GMT
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0yzTP9rw5ouJFuBXh6SIXWbWBhFKZac0Ol83ZFIPPCYQqQsyYHVgR7axs6M0RloBYZnXv1eT%2Fx9Qi8upb0RAN3ajeLUPDHK6txTe1oo37iogf5XOPiWBb6MSTkI6HqCzZbvk4I3flaBjmw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837bc58940afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
ww1.good-trading.com/assets/css/fontawesome-all.min.css
104.21.77.114 12 kB URL ww1.good-trading.com/assets/css/fontawesome-all.min.css
IP 104.21.77.114:0
File type ASCII text, with very long lines (55782)
Hash 7d7ee1f800916f8a28b859daf48f1926
84359eab584aec29e467b502eb30d5225e8f9320
fecbc67b49ab6a994064f5cf34279742b32da77ffbe7e21f77f087f7ada377c4
GET /assets/css/fontawesome-all.min.css HTTP/1.1
Host: ww1.good-trading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: ww1.good-trading.com
Connection: keep-alive
Referer: https://ww1.good-trading.com/assets/css/main.css
Cookie: goodtrading=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:11 GMT
content-type: text/css
last-modified: Fri, 25 Jun 2021 05:57:04 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:38:41 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 870
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nNW1JTqbI2amyLSp00tCMwWKohZy9T52aDGW8K%2FbGPQLIDiEeydTllvpCsF2VejOYTzbSM1G4Zs82n9CPM%2FBZiGFU%2BryjciVNIqlZTAdrFHgsOn1r2bVxE2tRM6vuiCq4fQ%2BA6zZkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18375d4bfdb52d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
mediacpm.pl/landing/js/particles.app.js
104.21.234.95 19 kB URL mediacpm.pl/landing/js/particles.app.js
IP 104.21.234.95:0
File type ASCII text, with very long lines (1278), with no line terminators
Hash d455d51a1329d9dde0ddcf55b9be575c
438a3606a391732420ebb2bfce46cc26eb0135f5
3b7a36f37a53abb2f452eec66f119f978bdb91f4b1dfecb90bbaffb398b25b3e
Analyzer Verdict Alert fortinet Phishing
GET /landing/js/particles.app.js HTTP/1.1
Host: mediacpm.pl
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:18 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=2945
etag: W/"62f4e50b-b81"
last-modified: Thu, 11 Aug 2022 11:16:27 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 1915
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Iy5TeZf%2BITva23vy73hsbqsKHXQtbOw43chYi9ZW%2BvL5JtbMhcvFC8rQGjmyUbSdLmTV%2BVVHH7YYfg%2BWGZ2TdHCLhwJmvLKFjdw9rXtgfYJtdXwckpmyjZNzhrohsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18378a8ea400a7-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml.clixvista.com/redirect?feed=536488&auth=j6mN1x&subid=clixvista&query=best+deals&url=clixvista.com
198.134.116.28 0 B URL xml.clixvista.com/redirect?feed=536488&auth=j6mN1x&subid=clixvista&query=best+deals&url=clixvista.com
IP 198.134.116.28:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=536488&auth=j6mN1x&subid=clixvista&query=best+deals&url=clixvista.com HTTP/1.1
Host: xml.clixvista.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:26 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
xml.thenetwork18.com/redirect?feed=431558&auth=3q55aa&subid=pop&query=pop&url=pop.php
174.137.133.17 0 B URL xml.thenetwork18.com/redirect?feed=431558&auth=3q55aa&subid=pop&query=pop&url=pop.php
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=431558&auth=3q55aa&subid=pop&query=pop&url=pop.php HTTP/1.1
Host: xml.thenetwork18.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:26 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
www.ad-good.com/infinitya.html
188.114.97.1 359 B URL www.ad-good.com/infinitya.html
IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 936faa7032f930d7b13274773d1ab471
9be77edd6b32e742cbac1fc1ab2bdd98029cca9c
ec3dae458d816658d3df27e0c478a34efd5436ecbee88b48961619bdb49279d5
GET /infinitya.html HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:10 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2480
last-modified: Wed, 03 May 2023 10:56:50 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5kDNu5I0oH2bxvfW88Qi%2B8%2F%2B54RMgKNLRLh0Rji4gHIAxHwqgSERIpC4exsQssNXjOhiISka3khZ2MKWshpn705c9RxEefiOalgEwzOfRXKXY7j%2BNxNhm547nwVM2yJAe%2BY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837547cb2b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
adservice.google.no/adsid/integrator.js?domain=mediacpm.pl
142.250.74.130 100 B URL adservice.google.no/adsid/integrator.js?domain=mediacpm.pl
IP 142.250.74.130:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=mediacpm.pl HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: googleads.g.doubleclick.net
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Wed, 03 May 2023 11:38:27 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000
ad.a-ads.com/1110727?size=728x90
148.251.192.72 4.8 kB URL ad.a-ads.com/1110727?size=728x90
IP 148.251.192.72:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (11122)
Hash 5dd4a5b826205da53eefa1d43e25cdb1
a1a6ad77bc77c1982bd5d0d0841e26ce921471d4
88ebc5c43509668de3f5c510985dc10d91a7889583d357963d9b130e0e1b5c64
GET /1110727?size=728x90 HTTP/1.1
Host: ad.a-ads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ad2bitcoin.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 03 May 2023 11:38:22 GMT
content-type: text/html;charset=utf-8
vary: Accept-Encoding, Accept-Encoding
status: 200 OK
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-powered-by: Phusion Passenger(R)
x-original-referer: https://ad2bitcoin.com/
x-robots-tag: noindex, nofollow, nosnippet, noarchive
content-encoding: gzip
X-Firefox-Spdy: h2
news24.media/?d
172.67.213.79 8.7 kB IP 172.67.213.79:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (782), with CRLF, LF line terminators
Hash abd6b6e439ff19da218a985a331e9b89
36d39e0838cf21f4fa997037c46af2a858126295
70e736a2c5ea9582ae1310027ace5c8c08930cad149af0026bacc8d8511b9807
GET /?d HTTP/1.1
Host: news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: news24.media
Connection: keep-alive
Cookie: __r=1.529cbbdf98e5848fe8883e1b80b99b4e
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:21 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1
referrer-policy: origin
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=134u8V2CDCB2OGnudwg3ulgfrv8noPAi9UiJHYckpgPSCUO7mthSvWnUDYYZCOb9%2Fz0fh9hg4OxTOJRC4V6eJOlRVbueBYDCkXkWpArTgZoMp1DvWnANGaDyAHRWrGw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18379c3fd4b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
xml.flurryad.com/redirect?feed=486026&auth=kWHJi8&subid=flurry2&query=flurry2&url=flurryad.com
174.137.133.16 0 B URL xml.flurryad.com/redirect?feed=486026&auth=kWHJi8&subid=flurry2&query=flurry2&url=flurryad.com
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=486026&auth=kWHJi8&subid=flurry2&query=flurry2&url=flurryad.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:27 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
tpc.googlesyndication.com/sodar/sodar2.js
216.58.207.193 6.4 kB URL tpc.googlesyndication.com/sodar/sodar2.js
IP 216.58.207.193:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tpc.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Wed, 03 May 2023 11:38:27 GMT
expires: Wed, 03 May 2023 11:38:27 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
syndication.realsrv.com/vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65dddlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hjhrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.bvHn2YZ5uMt8.TnJnv3b5Mc22ufHo736cO3XXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc9NM3trpYbgle3NTSa2G2Y5mos.GuBuZ11ynPhrgbjYlbgleXnYecz4a7YG3Jl3LXJa89blNM1LUzbmeuBttithpyWtynPlrgbaYppgcpXqmspacz4a5ZqmqYJ68.GuCVqZ6WCuZeSZtzPhrrcqrXkmbcz4a6XHoJpV3nJpWJHF4G8.fHpz5dOWuema_BeqtiuyrPbx1wNzsU1yuU58NbUFeC7zk0rEji8DefPj058unTXK5Ww1ZBXgvPTNfgvXhO5nrlcrYasgrwXnpmvwXbcqapgnrgmlz1sNsxzNRL2uU564JJ6XKqoJpV2I414JbWI4G16XGKppas.Guqxnlnw11WM88.GupqmCetevCdzPXU1TBPWvKxI5nrqapgnrXtcpz1s0zXVOUr2uU58NdtOfDXBLW5TKxHnw1yzLu2St1Z8NcDdLlU80tUFri8bGE1lefDXA3JZHXBjNK5nw1uSMQRrwVT58NdTVME9a7blbEEefbXU1TBPWva5TVBNLnx122WQN58e3jnx48_PDrx6cu3Xxw6efPbp15dO7PHiz3Y5a64JHKq2JJ8.Pbxz48efnh11tTTRQONTS1OS158Y
95.211.229.245 20 B URL syndication.realsrv.com/vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65dddlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hjhrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.bvHn2YZ5uMt8.TnJnv3b5Mc22ufHo736cO3XXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc9NM3trpYbgle3NTSa2G2Y5mos.GuBuZ11ynPhrgbjYlbgleXnYecz4a7YG3Jl3LXJa89blNM1LUzbmeuBttithpyWtynPlrgbaYppgcpXqmspacz4a5ZqmqYJ68.GuCVqZ6WCuZeSZtzPhrrcqrXkmbcz4a6XHoJpV3nJpWJHF4G8.fHpz5dOWuema_BeqtiuyrPbx1wNzsU1yuU58NbUFeC7zk0rEji8DefPj058unTXK5Ww1ZBXgvPTNfgvXhO5nrlcrYasgrwXnpmvwXbcqapgnrgmlz1sNsxzNRL2uU564JJ6XKqoJpV2I414JbWI4G16XGKppas.Guqxnlnw11WM88.GupqmCetevCdzPXU1TBPWvKxI5nrqapgnrXtcpz1s0zXVOUr2uU58NdtOfDXBLW5TKxHnw1yzLu2St1Z8NcDdLlU80tUFri8bGE1lefDXA3JZHXBjNK5nw1uSMQRrwVT58NdTVME9a7blbEEefbXU1TBPWva5TVBNLnx122WQN58e3jnx48_PDrx6cu3Xxw6efPbp15dO7PHiz3Y5a64JHKq2JJ8.Pbxz48efnh11tTTRQONTS1OS158Y
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65dddlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPj048._LXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_jt178tcDdrFMDFcE0ufjj478.Hjhrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw3cOHDjx1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmieBrcvafYlecXrmXnsZjgqfcpz4bvPHhx1uXtPsSvOL1zLyuV3TUxZ8dbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn35a56YGoJXl5Jm3I8_Gt.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.bvHn2YZ5uMt8.TnJnv3b5Mc22ufHo736cO3XXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc9NM3trpYbgle3NTSa2G2Y5mos.GuBuZ11ynPhrgbjYlbgleXnYecz4a7YG3Jl3LXJa89blNM1LUzbmeuBttithpyWtynPlrgbaYppgcpXqmspacz4a5ZqmqYJ68.GuCVqZ6WCuZeSZtzPhrrcqrXkmbcz4a6XHoJpV3nJpWJHF4G8.fHpz5dOWuema_BeqtiuyrPbx1wNzsU1yuU58NbUFeC7zk0rEji8DefPj058unTXK5Ww1ZBXgvPTNfgvXhO5nrlcrYasgrwXnpmvwXbcqapgnrgmlz1sNsxzNRL2uU564JJ6XKqoJpV2I414JbWI4G16XGKppas.Guqxnlnw11WM88.GupqmCetevCdzPXU1TBPWvKxI5nrqapgnrXtcpz1s0zXVOUr2uU58NdtOfDXBLW5TKxHnw1yzLu2St1Z8NcDdLlU80tUFri8bGE1lefDXA3JZHXBjNK5nw1uSMQRrwVT58NdTVME9a7blbEEefbXU1TBPWva5TVBNLnx122WQN58e3jnx48_PDrx6cu3Xxw6efPbp15dO7PHiz3Y5a64JHKq2JJ8.Pbxz48efnh11tTTRQONTS1OS158Y HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww3.good-trading.com/
Connection: keep-alive
Cookie: impressions=bxaoccxansgxabseomrcbgxcceibxclolxcnxgxabseomrcbgxcceimrxccoscnogxabseobsbagxcceimrxccosenogxabseobsbmgxcceibxscllmanxgxabsessbregxcceibxscllacnxgxabsecxobsgxcceibxscllbcnxgxabsecreeegxcceibxscllrbnxgxabsecrxecgxcceibxscllbenxgxabserelmmgxcceimrmaobxansgxabseroxrmgxcceimaxecocbnxgxabserorscgxcceimxeemlebnxgxabserlrlagxcceibxscllmenxgxabseaellrgxcceimocbmmacnxgxabseambxegxcceisooloabsnxgxabseambxegxcceibxxxcslenxgxabseabamagxcceibxeslaocnxgxabseabamagxcceimbbcemoanxgxabsxelmocgxcceixaoosscrnxgxabsxxexbmgxcceimeelaclonxgxabsxxexbmgxcceimxeemleonxgxabsxxexbmgxcceixaoossalnxgxabsxxexbmgxcceibeoabmsanxgxabsxxexbmgxcceibxbmsebonxgxabsxxsbblgxcceibxbmsemcnxgxabsxxsblsgxcceibxbmsembnxgxabsxxsblmgxcceibxbmsemanxgxabsxxsleogxcceibxbmsebenxgxabsxxslergxcce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:27 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin:
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
216.58.207.193 5.0 kB URL tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 216.58.207.193:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tpc.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 10:53:57 GMT
expires: Thu, 02 May 2024 10:53:57 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
vary: Accept-Encoding
age: 2670
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.google.com/recaptcha/api2/aframe
142.250.74.164 514 B URL www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 01d3e89b6c74d17b4657630601f5c1c0
94b9e312b2dde282f6f4672f9cca1155977cbf6f
36af587535840701af116ee08b05b073865be59b18942650f71b2cfd391fb9cc
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: www.google.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 03 May 2023 11:38:27 GMT
date: Wed, 03 May 2023 11:38:27 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-Dd24_8c4GUzKfMClUBVfCQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 514
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
xml.xmladsystem.com/redirect?feed=467489&auth=7cx4Dj&subid=purem&query=purem&url=pureads.com
198.134.116.28 0 B URL xml.xmladsystem.com/redirect?feed=467489&auth=7cx4Dj&subid=purem&query=purem&url=pureads.com
IP 198.134.116.28:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=467489&auth=7cx4Dj&subid=purem&query=purem&url=pureads.com HTTP/1.1
Host: xml.xmladsystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:27 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Pragma: no-cache
ww3.good-trading.com/assets/css/fontawesome-all.min.css
188.114.96.1 12 kB URL ww3.good-trading.com/assets/css/fontawesome-all.min.css
IP 188.114.96.1:0
File type ASCII text, with very long lines (55782)
Hash 2601315ec470945437b3fb6f4641126a
28e134a82f50bddb474c45ace8c69c5004de70f1
e52d27763d5300414fb647271416a2b92c914cbc68779d1bf960f7d275b5ceb1
GET /assets/css/fontawesome-all.min.css HTTP/1.1
Host: ww3.good-trading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: ww3.good-trading.com
Connection: keep-alive
Referer: https://ww3.good-trading.com/assets/css/main.css
Cookie: goodtrading=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:24 GMT
content-type: text/css
last-modified: Fri, 25 Jun 2021 05:57:04 GMT
cache-control: max-age=14400
expires: Wed, 03 May 2023 11:53:17 GMT
vary: Accept-Encoding
cf-cache-status: HIT
age: 7
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QiUhJt41nzUwmnC%2Fb522HqH1tFcP816eHLCMCjfok6D9W7YAg2MUg5NVRk7WR%2F0csizvC4X69To6nyC64NmbHq5FD7KtavADnHwmS5GXt45jMOiXgrxuvKeT01eSUN9pK7Mgr3rCgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837ac3d5eb51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
fancycrab.net/sc?a=6pip&c=G9wgkZ8VcdUnBowL5jaECd&e=gAAAAABkUkeyF7m-yM-5F4yg4GZeR31_Ttl4EOO-7fGcgp2y5Smp28r_0e7MFs2lkfANWx1SCIsbUGLcH5hY6Lg_YoOaivZjNm0wcTUQhlMQ7c90a86D2JW2b7uOzjbc19Ei2Nu9PLUTjd153MXN0njV_y3Kqr87vwmcynhssduhXcIAyW8jxU5lJCufKVvmz5MivVzwEWHU_NW6WDrmhnxvppTPmmu1e-4Zd8FRhvryTyJDw41RA3eCAynp1hOXf3Gqs1SWRtkc2fZ2s6lyH8GISAW7hw07gblWnOkFUegPtnyCRTc_Oqh6J-A96gt7tU6MWBjJRpOwXTe9aNJzI7MLq11Xru7-zmXw6YazscUcBBGb_r2PhG7FLZIl2Yp8sIi6HdeqGIcoEM55o_poyI8BBZcFG4ihpEy2eJnsnOfOCFUxuwHbolwmV4EuVle479DsnETVrwnUtMJXtOcmeHq1tcT-gw5mS8QnFyQbDc6wtyu_sCxfrfmd0lWgQd94tyafiCbrswIm0Qq3kuusOxz5JWOTCFsbjZm4t8Y7s-uL2dIHvoJCVGZAPC-CMLq1Tk3gC7iGgc1-R70eWAO7vxBKsHshkgWC-7M2y46BC7TwQnK-VRrlCgZ1kfsi60Ry3z7s1pjRsZuMOMR7hXchRgKqvFXCD8oaChSjwZnO78Gl2PReqxj8qdHgp4M0Wqx0_8N-hGS9qyFp5jn0JRYqSQ0HRUtMtfqLEP0V30Z-gqLws8TScFw9-VQYO_rpfAnuTMM1dnMY4oLvKbMK5SsuaNTl9nasturc2wuCdWA3IJJuKPp2QZS-krEOwHVIyg3FUQzIvgQoAzgu4x9p537vOYocQg7OfqfeZvneF7QY3McD_XU8M8FUoJa2OyeJ6hgLkMXxKJBko5-ueZ8T4fJhDFGzx0sBwcNViChY2Fi-IGXGMmtAdw502zPvW5uMakKDZfIeXxK5UoMJpVH_u1oSgmKKU9t_ewu8g2Zex_TCM12mpwFpDliueJodglnLnaP_AeBM8CXt-awvdRFrwdw1JD2eyCZUUa6SSqP2c8UgcrRqco8XWEpqMItY0ftvypMjzlI9tuT6TbVja0CcvKAgkflfwbGw99Ff5IsRBFaZvKzofdZm8dECdtTE19IYNTmUpNnqGdaWsbxc-ylq-19Qg1jIy3PPy7Su0zvfohAX068Sft-pJcgfxA6x-pBPQWJXAT8Z2O8H_BjVey2KmtQ_OmmsqslMupXrxtpDY16SJNJ017bYCOm_rTBa-2pOqOg0e1xFneeiMULumQGw7w7xSifba171OXZ7wxIqtWLysWAsiHyegz91-YEK5hem6_PorQcjcyitlZPDAg6_da0xen3VxBgXj4uZAgVZZxJOWL47kNETO_pb3x2wZyLmRh56Tj2gJPe-bjldLNizBbDCk8l6e7sBMo4-KBjw5zIRYFpTUWLGYxm3GjYlK2Q_KTf3tAZg1fgRQNVtzz2zF7mDfXvgZ_EM93PtY1uGT2OlM6XVxV0ypSImBo2dZEcMlGFVp1UlBQGl58fDd0ieyKD7gQ3ep_utnitZpnGl3T978Fxz4ACQZAK5tgF9sj2LgeIY9mm0CSjn6TfErnxErymmKszjc8LCca2-nGkuAunP2Fa5yOqw0WkPP8ZPqtGCfWFl1UuBZ1iiiz-zdp9oY83TvUKUMt0hlehE5oOmTc0XCcFEWuV6HOA5swH5-7ysQ6sD__y_feSpeQ8Vrf9DnOgfAKFywunIVY30FDC4yduLZnGusAjiVOhl1W3vMidVGCZfZu53UKLy4Ik0vPhVesBPfW3VR7NdTt_B77SgJqXawaHh9L6JRAYY1IVFBlyN9Ee0VFBwFqqJ6MSTEaQUED7VNLSa3g00PoKBjEdJVH1iVKSMqhhynzK4bQdvQRaAW1IEPJLUzm8Kdd1Yn-ONgpfz0UpGd_gIkD-UocrQRHWVQf2TTGBA8yhrJwrRjYfCZkYAy2pbxO3w6x7Zou6SUaVuK2A5Ue7PJL2TsOKXrAEeu1IL4J9yQSJDqducI1SWB3fkEEQI-Jk61zMaPh5k7M4CYNzntU5cxk8MW9RSwPJ9KCfb0we48lJYlGw4KdjFxBgh1lEimN4zuzBPMitBzM9rNj-VboJtXMWFrH_CamiGh0kX0BM0eQjzbk2zDGuYDygaa44Z0kzC0sp1UZtkJHkTJ-9PLqwCACjinWmUiW-Ssey-v3Y7P-1HB198B5mGSScutRKgjwmm6yR3RFabCHK9x9cz86JjmvYOXKFRDPTdrpkdok7Wb5B9LsOCUzTOKziKAUHjI3-SK_djBl75HX5hHC4JyfiaXB1LIxDs4P2eEd_azpUVUODC5bY=&f=2048
176.9.41.59 108 B URL fancycrab.net/sc?a=6pip&c=G9wgkZ8VcdUnBowL5jaECd&e=gAAAAABkUkeyF7m-yM-5F4yg4GZeR31_Ttl4EOO-7fGcgp2y5Smp28r_0e7MFs2lkfANWx1SCIsbUGLcH5hY6Lg_YoOaivZjNm0wcTUQhlMQ7c90a86D2JW2b7uOzjbc19Ei2Nu9PLUTjd153MXN0njV_y3Kqr87vwmcynhssduhXcIAyW8jxU5lJCufKVvmz5MivVzwEWHU_NW6WDrmhnxvppTPmmu1e-4Zd8FRhvryTyJDw41RA3eCAynp1hOXf3Gqs1SWRtkc2fZ2s6lyH8GISAW7hw07gblWnOkFUegPtnyCRTc_Oqh6J-A96gt7tU6MWBjJRpOwXTe9aNJzI7MLq11Xru7-zmXw6YazscUcBBGb_r2PhG7FLZIl2Yp8sIi6HdeqGIcoEM55o_poyI8BBZcFG4ihpEy2eJnsnOfOCFUxuwHbolwmV4EuVle479DsnETVrwnUtMJXtOcmeHq1tcT-gw5mS8QnFyQbDc6wtyu_sCxfrfmd0lWgQd94tyafiCbrswIm0Qq3kuusOxz5JWOTCFsbjZm4t8Y7s-uL2dIHvoJCVGZAPC-CMLq1Tk3gC7iGgc1-R70eWAO7vxBKsHshkgWC-7M2y46BC7TwQnK-VRrlCgZ1kfsi60Ry3z7s1pjRsZuMOMR7hXchRgKqvFXCD8oaChSjwZnO78Gl2PReqxj8qdHgp4M0Wqx0_8N-hGS9qyFp5jn0JRYqSQ0HRUtMtfqLEP0V30Z-gqLws8TScFw9-VQYO_rpfAnuTMM1dnMY4oLvKbMK5SsuaNTl9nasturc2wuCdWA3IJJuKPp2QZS-krEOwHVIyg3FUQzIvgQoAzgu4x9p537vOYocQg7OfqfeZvneF7QY3McD_XU8M8FUoJa2OyeJ6hgLkMXxKJBko5-ueZ8T4fJhDFGzx0sBwcNViChY2Fi-IGXGMmtAdw502zPvW5uMakKDZfIeXxK5UoMJpVH_u1oSgmKKU9t_ewu8g2Zex_TCM12mpwFpDliueJodglnLnaP_AeBM8CXt-awvdRFrwdw1JD2eyCZUUa6SSqP2c8UgcrRqco8XWEpqMItY0ftvypMjzlI9tuT6TbVja0CcvKAgkflfwbGw99Ff5IsRBFaZvKzofdZm8dECdtTE19IYNTmUpNnqGdaWsbxc-ylq-19Qg1jIy3PPy7Su0zvfohAX068Sft-pJcgfxA6x-pBPQWJXAT8Z2O8H_BjVey2KmtQ_OmmsqslMupXrxtpDY16SJNJ017bYCOm_rTBa-2pOqOg0e1xFneeiMULumQGw7w7xSifba171OXZ7wxIqtWLysWAsiHyegz91-YEK5hem6_PorQcjcyitlZPDAg6_da0xen3VxBgXj4uZAgVZZxJOWL47kNETO_pb3x2wZyLmRh56Tj2gJPe-bjldLNizBbDCk8l6e7sBMo4-KBjw5zIRYFpTUWLGYxm3GjYlK2Q_KTf3tAZg1fgRQNVtzz2zF7mDfXvgZ_EM93PtY1uGT2OlM6XVxV0ypSImBo2dZEcMlGFVp1UlBQGl58fDd0ieyKD7gQ3ep_utnitZpnGl3T978Fxz4ACQZAK5tgF9sj2LgeIY9mm0CSjn6TfErnxErymmKszjc8LCca2-nGkuAunP2Fa5yOqw0WkPP8ZPqtGCfWFl1UuBZ1iiiz-zdp9oY83TvUKUMt0hlehE5oOmTc0XCcFEWuV6HOA5swH5-7ysQ6sD__y_feSpeQ8Vrf9DnOgfAKFywunIVY30FDC4yduLZnGusAjiVOhl1W3vMidVGCZfZu53UKLy4Ik0vPhVesBPfW3VR7NdTt_B77SgJqXawaHh9L6JRAYY1IVFBlyN9Ee0VFBwFqqJ6MSTEaQUED7VNLSa3g00PoKBjEdJVH1iVKSMqhhynzK4bQdvQRaAW1IEPJLUzm8Kdd1Yn-ONgpfz0UpGd_gIkD-UocrQRHWVQf2TTGBA8yhrJwrRjYfCZkYAy2pbxO3w6x7Zou6SUaVuK2A5Ue7PJL2TsOKXrAEeu1IL4J9yQSJDqducI1SWB3fkEEQI-Jk61zMaPh5k7M4CYNzntU5cxk8MW9RSwPJ9KCfb0we48lJYlGw4KdjFxBgh1lEimN4zuzBPMitBzM9rNj-VboJtXMWFrH_CamiGh0kX0BM0eQjzbk2zDGuYDygaa44Z0kzC0sp1UZtkJHkTJ-9PLqwCACjinWmUiW-Ssey-v3Y7P-1HB198B5mGSScutRKgjwmm6yR3RFabCHK9x9cz86JjmvYOXKFRDPTdrpkdok7Wb5B9LsOCUzTOKziKAUHjI3-SK_djBl75HX5hHC4JyfiaXB1LIxDs4P2eEd_azpUVUODC5bY=&f=2048
IP 176.9.41.59:0
ASN #24940 Hetzner Online GmbH
File type HTML document, ASCII text
Hash 1b72591fecbc6adee359345b6c2fca18
2536f3299282307d3b95bcfa56d2972125842333
121ced3fbc15d74454832f05cbe0f885cdf9fa42d9e2d5f6344a8a4578adfc54
GET /sc?a=6pip&c=G9wgkZ8VcdUnBowL5jaECd&e=gAAAAABkUkeyF7m-yM-5F4yg4GZeR31_Ttl4EOO-7fGcgp2y5Smp28r_0e7MFs2lkfANWx1SCIsbUGLcH5hY6Lg_YoOaivZjNm0wcTUQhlMQ7c90a86D2JW2b7uOzjbc19Ei2Nu9PLUTjd153MXN0njV_y3Kqr87vwmcynhssduhXcIAyW8jxU5lJCufKVvmz5MivVzwEWHU_NW6WDrmhnxvppTPmmu1e-4Zd8FRhvryTyJDw41RA3eCAynp1hOXf3Gqs1SWRtkc2fZ2s6lyH8GISAW7hw07gblWnOkFUegPtnyCRTc_Oqh6J-A96gt7tU6MWBjJRpOwXTe9aNJzI7MLq11Xru7-zmXw6YazscUcBBGb_r2PhG7FLZIl2Yp8sIi6HdeqGIcoEM55o_poyI8BBZcFG4ihpEy2eJnsnOfOCFUxuwHbolwmV4EuVle479DsnETVrwnUtMJXtOcmeHq1tcT-gw5mS8QnFyQbDc6wtyu_sCxfrfmd0lWgQd94tyafiCbrswIm0Qq3kuusOxz5JWOTCFsbjZm4t8Y7s-uL2dIHvoJCVGZAPC-CMLq1Tk3gC7iGgc1-R70eWAO7vxBKsHshkgWC-7M2y46BC7TwQnK-VRrlCgZ1kfsi60Ry3z7s1pjRsZuMOMR7hXchRgKqvFXCD8oaChSjwZnO78Gl2PReqxj8qdHgp4M0Wqx0_8N-hGS9qyFp5jn0JRYqSQ0HRUtMtfqLEP0V30Z-gqLws8TScFw9-VQYO_rpfAnuTMM1dnMY4oLvKbMK5SsuaNTl9nasturc2wuCdWA3IJJuKPp2QZS-krEOwHVIyg3FUQzIvgQoAzgu4x9p537vOYocQg7OfqfeZvneF7QY3McD_XU8M8FUoJa2OyeJ6hgLkMXxKJBko5-ueZ8T4fJhDFGzx0sBwcNViChY2Fi-IGXGMmtAdw502zPvW5uMakKDZfIeXxK5UoMJpVH_u1oSgmKKU9t_ewu8g2Zex_TCM12mpwFpDliueJodglnLnaP_AeBM8CXt-awvdRFrwdw1JD2eyCZUUa6SSqP2c8UgcrRqco8XWEpqMItY0ftvypMjzlI9tuT6TbVja0CcvKAgkflfwbGw99Ff5IsRBFaZvKzofdZm8dECdtTE19IYNTmUpNnqGdaWsbxc-ylq-19Qg1jIy3PPy7Su0zvfohAX068Sft-pJcgfxA6x-pBPQWJXAT8Z2O8H_BjVey2KmtQ_OmmsqslMupXrxtpDY16SJNJ017bYCOm_rTBa-2pOqOg0e1xFneeiMULumQGw7w7xSifba171OXZ7wxIqtWLysWAsiHyegz91-YEK5hem6_PorQcjcyitlZPDAg6_da0xen3VxBgXj4uZAgVZZxJOWL47kNETO_pb3x2wZyLmRh56Tj2gJPe-bjldLNizBbDCk8l6e7sBMo4-KBjw5zIRYFpTUWLGYxm3GjYlK2Q_KTf3tAZg1fgRQNVtzz2zF7mDfXvgZ_EM93PtY1uGT2OlM6XVxV0ypSImBo2dZEcMlGFVp1UlBQGl58fDd0ieyKD7gQ3ep_utnitZpnGl3T978Fxz4ACQZAK5tgF9sj2LgeIY9mm0CSjn6TfErnxErymmKszjc8LCca2-nGkuAunP2Fa5yOqw0WkPP8ZPqtGCfWFl1UuBZ1iiiz-zdp9oY83TvUKUMt0hlehE5oOmTc0XCcFEWuV6HOA5swH5-7ysQ6sD__y_feSpeQ8Vrf9DnOgfAKFywunIVY30FDC4yduLZnGusAjiVOhl1W3vMidVGCZfZu53UKLy4Ik0vPhVesBPfW3VR7NdTt_B77SgJqXawaHh9L6JRAYY1IVFBlyN9Ee0VFBwFqqJ6MSTEaQUED7VNLSa3g00PoKBjEdJVH1iVKSMqhhynzK4bQdvQRaAW1IEPJLUzm8Kdd1Yn-ONgpfz0UpGd_gIkD-UocrQRHWVQf2TTGBA8yhrJwrRjYfCZkYAy2pbxO3w6x7Zou6SUaVuK2A5Ue7PJL2TsOKXrAEeu1IL4J9yQSJDqducI1SWB3fkEEQI-Jk61zMaPh5k7M4CYNzntU5cxk8MW9RSwPJ9KCfb0we48lJYlGw4KdjFxBgh1lEimN4zuzBPMitBzM9rNj-VboJtXMWFrH_CamiGh0kX0BM0eQjzbk2zDGuYDygaa44Z0kzC0sp1UZtkJHkTJ-9PLqwCACjinWmUiW-Ssey-v3Y7P-1HB198B5mGSScutRKgjwmm6yR3RFabCHK9x9cz86JjmvYOXKFRDPTdrpkdok7Wb5B9LsOCUzTOKziKAUHjI3-SK_djBl75HX5hHC4JyfiaXB1LIxDs4P2eEd_azpUVUODC5bY=&f=2048 HTTP/1.1
Host: fancycrab.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
date: Wed, 03 May 2023 11:38:27 GMT
content-type: text/html; charset=utf-8
content-length: 108
location: http://tsyndicate.com/api/v1/direct/3d9d0fa059214dd7b269d3c7179fefb0?subid=3366336129
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
cdn.cryptobrowser.store/media/pb/228/9a69bb0503054e5d8bc3cd30e1bbabba.jpg
188.114.97.1 26 kB URL cdn.cryptobrowser.store/media/pb/228/9a69bb0503054e5d8bc3cd30e1bbabba.jpg
IP 188.114.97.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], progressive, precision 8, 160x600, components 3\012- data
Hash d0602b48450f982bbf312af7a319ea25
453e7fe4c0faf58997f2e1c214f33b185d05ec2b
2c6f0a751ea26b5169c9d14de14b6739e0c8e0a9501b6414fa6a016d71607771
GET /media/pb/228/9a69bb0503054e5d8bc3cd30e1bbabba.jpg HTTP/1.1
Host: cdn.cryptobrowser.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cryptobrowser.store
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:28 GMT
content-type: image/jpeg
content-length: 26016
etag: "5dd7eff2-65a0"
last-modified: Fri, 22 Nov 2019 14:25:54 GMT
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: HIT
age: 1832
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i9rXht%2F7ChbNFZMEUo82%2Fn5EF6AjyTC9tGK1TABlHNfHHjlERiSTECaLSIKurD1Jkk6axvi0Rxj%2FFxD2LvkmMhq1Pi2QdBes23o57E6MIuBt2PWWhn%2FPleUFGNN7usvsyyvZVwr%2BI0KXKw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837c509a10afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230501&st=env
142.250.74.130 11 kB URL pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gda&tv=r20230501&st=env
IP 142.250.74.130:0
File type JSON data\012- , ASCII text, with very long lines (14727), with no line terminators
Hash b256f8284b3f50818c42456ab5ddb7b9
75ede13fb1c3cadf71ac57011d75b7278bc05ca4
e31cc56e4e5d662b390e458d1945fe72c243f344d37f4be4ad7f8c5409128f56
GET /getconfig/sodar?sv=200&tid=gda&tv=r20230501&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://mediacpm.pl
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
date: Wed, 03 May 2023 11:38:28 GMT
server: cafe
content-length: 11117
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=683872887075107&rc=
142.250.74.130 0 B URL pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=683872887075107&rc=
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=683872887075107&rc= HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 03 May 2023 11:38:28 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
syndication.realsrv.com/splash.php?idzone=3981938
95.211.229.245 2.1 kB URL syndication.realsrv.com/splash.php?idzone=3981938
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type XML 1.0 document text\012- XML document, ASCII text, with very long lines (1550)
Hash b459da9dda010109764d878bdc04e68d
8072586a0cac10fd7153df1b7be7a82a236a163f
ab3eb45330eed48b5b61afab805a22e488f59b7dfb6048543e8249867131852f
GET /splash.php?idzone=3981938 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww3.eurosptp.com/
Origin: https://ww3.eurosptp.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:28 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22645247b440c7f8.361496172026849174%22%3B%7D; expires=Fri, 02 May 2025 11:38:28 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v3%7C%7CNOR%7C3981938%7C81165698%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cww3.eurosptp.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 04 May 2023 11:38:28 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://ww3.eurosptp.com
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
www.ad-good.com/clixvistaa.html
188.114.97.1 24 kB URL www.ad-good.com/clixvistaa.html
IP 188.114.97.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 8e9ccee5278b3f0ec451399b154086fb
48d15bf69fe3a83b71b58ac32cd8b7a38dba060c
4a6ce6e16a65090bc3672c8e0ac84aabc8bbef79b213420255d55edf82a935cb
GET /clixvistaa.html HTTP/1.1
Host: www.ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 03 May 2023 11:38:10 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2490
last-modified: Wed, 03 May 2023 10:56:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FH12NTlQjkw5snZAaKBJ%2Bt3j%2B5yfrV4G%2BA%2FmJBjOAYz5Bg5e54xnB71TpvTz51HIZx0VHjXDVNAJ8F5GZErAeJdAFOfPJvpqOWHcGg2NI1KepZ3QD8MrqgpjQwD9%2B0n93dY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c183754cd39b50f-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js
142.250.74.130 15 kB URL pagead2.googlesyndication.com/bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (37039)
Hash 2bde309b63dec3e2ce422e693159c8a7
fb31528c108c285ac37b06f06b788aafe5cf9dfe
318070fbbe54c10318293e2f4418cfa70c1d0f65afa56086c1eadac8b62fe696
GET /bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 10:53:57 GMT
expires: Thu, 02 May 2024 10:53:57 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 25 Apr 2023 16:38:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 2671
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
c.cpstrk.com/click?campaign_id=148387&pub_id=1940
188.114.96.1 0 B URL c.cpstrk.com/click?campaign_id=148387&pub_id=1940
IP 188.114.96.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?campaign_id=148387&pub_id=1940 HTTP/1.1
Host: c.cpstrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 03 May 2023 11:38:28 GMT
content-length: 0
location: https://prf.hn/click/camref:1101lkm2a/pubref:645247b418b67003466a8f66/ar:1940_
referer:
referrer-policy: no-referrer
x-rt: 5
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LLkRib8ecBkTsgIL4oGe0asogbICkMvA9%2Bl3%2Bx2xOsuivhi497KS5VV9BrrLF6tKIr5nMhKwJx%2BSkXSmw3UQqJO8PLFlaNzvIgnhEg7zX9bFf1%2BTY89n0oS9zAZPuhI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c1837c69928b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tpc.googlesyndication.com/sodar/sodar2/225/runner.html
216.58.207.193 5.0 kB URL tpc.googlesyndication.com/sodar/sodar2/225/runner.html
IP 216.58.207.193:0
File type HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2020)
Hash f530c16b248be97e10df228df6a41c24
ca3c3a38bbeef6906682b3e0b2a7be40c08b0925
f45287dcfd79a2411e79f98c834c6f7eff8a281a9b4fdba0124be9d204987786
GET /sodar/sodar2/225/runner.html HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tpc.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 5046
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 10:53:57 GMT
expires: Thu, 02 May 2024 10:53:57 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
content-type: text/html
vary: Accept-Encoding
age: 2671
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
www.google.com/recaptcha/api2/aframe
142.250.74.164 511 B URL www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash eb304793ae1b8b6ee46ce60ca48f98bc
4bf3bead2a155cb490ccef721831fe8dead43336
198cb243aa18d1cdc92d6eecf6c483a4ff36154c4244aca559f32d5991bc39ba
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: www.google.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Wed, 03 May 2023 11:38:28 GMT
date: Wed, 03 May 2023 11:38:28 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce--_7Ng7R-ilgqcif0pMc0rA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 511
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
syndication.realsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65eNdlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPv188uHLXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_Pv37ctcDdrFMDFcE0ufjjx7de3nxrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmCidrcvafYlecXrmXnsZjgqfcpz463L2n2JXnF65l5XK7pqYs.O7h58dNbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn48a56YGoJXl5Jm3I8.Ot.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fLsw47w8cuPTkw14a4.evRp11l3n3b89O3JzXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc5ZTNVPXPuamk1sNsxzNRZ8NcDczrrlOfDXA3GxK3BK8vOw85nw1uXuNWVwTSr1wSOZ8NcDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58.PTny6ctc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.fHpz5dOmuVythqyCvBeema_BevCdzPXK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8NdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrsqcpXaYnnglez467KnKV2mJ54JXl3aXKLHJWsM.PTpw1uSMQRrwVT58NdTVME9a7blbEEefbXU1TBPWva5TVBNLnx1s2Ux567bLIG8.Pbxz48efnh47dOfXjz6de3bp15dO7PTpxaY8664JHKq2JJ8.Pbxz48efnh41tTTRQONTS1OS158Y-
95.211.229.245 20 B URL syndication.realsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65eNdlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPv188uHLXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_Pv37ctcDdrFMDFcE0ufjjx7de3nxrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmCidrcvafYlecXrmXnsZjgqfcpz463L2n2JXnF65l5XK7pqYs.O7h58dNbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn48a56YGoJXl5Jm3I8.Ot.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fLsw47w8cuPTkw14a4.evRp11l3n3b89O3JzXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc5ZTNVPXPuamk1sNsxzNRZ8NcDczrrlOfDXA3GxK3BK8vOw85nw1uXuNWVwTSr1wSOZ8NcDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58.PTny6ctc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.fHpz5dOmuVythqyCvBeema_BevCdzPXK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8NdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrsqcpXaYnnglez467KnKV2mJ54JXl3aXKLHJWsM.PTpw1uSMQRrwVT58NdTVME9a7blbEEefbXU1TBPWva5TVBNLnx1s2Ux567bLIG8.Pbxz48efnh47dOfXjz6de3bp15dO7PTpxaY8664JHKq2JJ8.Pbxz48efnh41tTTRQONTS1OS158Y-
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65eNdlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPv188uHLXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_Pv37ctcDdrFMDFcE0ufjjx7de3nxrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmCidrcvafYlecXrmXnsZjgqfcpz463L2n2JXnF65l5XK7pqYs.O7h58dNbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn48a56YGoJXl5Jm3I8.Ot.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fLsw47w8cuPTkw14a4.evRp11l3n3b89O3JzXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc5ZTNVPXPuamk1sNsxzNRZ8NcDczrrlOfDXA3GxK3BK8vOw85nw1uXuNWVwTSr1wSOZ8NcDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58.PTny6ctc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.fHpz5dOmuVythqyCvBeema_BevCdzPXK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8NdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrsqcpXaYnnglez467KnKV2mJ54JXl3aXKLHJWsM.PTpw1uSMQRrwVT58NdTVME9a7blbEEefbXU1TBPWva5TVBNLnx1s2Ux567bLIG8.Pbxz48efnh47dOfXjz6de3bp15dO7PTpxaY8664JHKq2JJ8.Pbxz48efnh41tTTRQONTS1OS158Y- HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww3.eurosptp.com/
Connection: keep-alive
Cookie: impressions=bxaoccxansgxabseomrcbgxcceibxclolxcnxgxabseomrcbgxcceimrxccoscnogxabseobsbagxcceimrxccosenogxabseobsbmgxcceibxscllmanxgxabsessbregxcceibxscllacnxgxabsecxobsgxcceibxscllbcnxgxabsecreeegxcceibxscllrbnxgxabsecrxecgxcceibxscllbenxgxabserelmmgxcceimrmaobxansgxabseroxrmgxcceimaxecocbnxgxabserorscgxcceimxeemlebnxgxabserlrlagxcceibxscllmenxgxabseaellrgxcceimocbmmacnxgxabseambxegxcceisooloabsnxgxabseambxegxcceibxxxcslenxgxabseabamagxcceibxeslaocnxgxabseabamagxcceimbbcemoanxgxabsxelmocgxcceixaoosscrnxgxabsxxexbmgxcceimeelaclonxgxabsxxexbmgxcceimxeemleonxgxabsxxexbmgxcceixaoossalnxgxabsxxexbmgxcceibeoabmsanxgxabsxxexbmgxcceibxbmsebonxgxabsxxsbblgxcceibxbmsemcnxgxabsxxsblsgxcceibxbmsembnxgxabsxxsblmgxcceibxbmsemanxgxabsxxsleogxcceibxbmsebenxgxabsxxslergxcce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin:
Access-Control-Allow-Credentials: true
Set-Cookie: impressions=bxaoccxansgxabseomrcbgxcceibxclolxcnxgxabseomrcbgxcceimrxccoscnogxabseobsbagxcceimrxccosenogxabseobsbmgxcceibxscllmanxgxabsessbregxcceibxscllacnxgxabsecxobsgxcceibxscllbcnxgxabsecreeegxcceibxscllrbnxgxabsecrxecgxcceibxscllbenxgxabserelmmgxcceimrmaobxansgxabseroxrmgxcceimaxecocbnxgxabserorscgxcceimxeemlebnxgxabserlrlagxcceibxscllmenxgxabseaellrgxcceimocbmmacnxgxabseambxegxcceisooloabsnxgxabseambxegxcceibxxxcslenxgxabseabamagxcceibxeslaocnxgxabseabamagxcceimbbcemoanxgxabsxelmocgxcceixaoosscrnxgxabsxxexbmgxcceimeelaclonxgxabsxxexbmgxcceimxeemleonxgxabsxxexbmgxcceixaoossalnxgxabsxxexbmgxcceibeoabmsanxgxabsxxexbmgxcceibxbmsebonxgxabsxxsbblgxcceibxbmsemcnxgxabsxxsblsgxcceibxbmsembnxgxabsxxsblmgxcceibxbmsemanxgxabsxxsleogxcceibxbmsebenxgxabsxxslergxcceibxxaralbnxgxabsxxslebgxcce; expires=Thu, 04 May 2023 11:38:28 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
orlcrq.com/dsp/cu/clc?aid=271901303284777538&t=1683113905&s=880968&sid=1762
192.243.58.98 237 B URL orlcrq.com/dsp/cu/clc?aid=271901303284777538&t=1683113905&s=880968&sid=1762
IP 192.243.58.98:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 1ca53968191a053da0248dce639051bc
52cc8ac4ad5f6e6d764e0269d5076475044c8bcc
2cc662848412fc40129bf3bcc78242ed215d6d42ca4ce59f5b346029a9aea965
GET /dsp/cu/clc?aid=271901303284777538&t=1683113905&s=880968&sid=1762 HTTP/1.1
Host: orlcrq.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.18.0
date: Wed, 03 May 2023 11:38:28 GMT
content-type: text/html; charset=utf-8
content-length: 237
location: https://timeone.pro/click.php?key=al2kwgqkrn27doghv570&SOURCE_ID=s1762_G29012585&CAMPAIGN_ID=880968&BROWSER=Firefox
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=301564409271246&rc=
142.250.74.130 0 B URL pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=301564409271246&rc=
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&li=gda_r20230501&jk=301564409271246&rc= HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://www.google.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 03 May 2023 11:38:28 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
pagead2.googlesyndication.com/bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js
142.250.74.130 15 kB URL pagead2.googlesyndication.com/bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js
IP 142.250.74.130:0
File type ASCII text, with very long lines (37039)
Hash 2bde309b63dec3e2ce422e693159c8a7
fb31528c108c285ac37b06f06b788aafe5cf9dfe
318070fbbe54c10318293e2f4418cfa70c1d0f65afa56086c1eadac8b62fe696
GET /bg/layuLwmq3jdBuTYQxid3_BliAeBVpa3hzTsmkPzdK-E.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
accept-ranges: bytes
content-encoding: br
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-length: 14580
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 03 May 2023 10:53:57 GMT
expires: Thu, 02 May 2024 10:53:57 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 25 Apr 2023 16:38:00 GMT
content-type: text/javascript
vary: Accept-Encoding
age: 2671
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
tpc.googlesyndication.com/generate_204?-egGJA
216.58.207.193 0 B URL tpc.googlesyndication.com/generate_204?-egGJA
IP 216.58.207.193:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /generate_204?-egGJA HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tpc.googlesyndication.com
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-length: 0
cross-origin-resource-policy: cross-origin
date: Wed, 03 May 2023 11:38:28 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
ocsp.sectigo.com/
172.64.155.188 471 B IP 172.64.155.188:0
Hash 8857422f0df8e0035665eb29db3efe5a
763155d5fa7ac173c48eb06dc5c67bef118b2a3f
2112baa243ff766cac97010652ff70d996b448d7f5e8b25eb05f77617088110a
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 03 May 2023 11:38:28 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 30 Apr 2023 16:02:10 GMT
Expires: Sun, 07 May 2023 16:02:09 GMT
Etag: "763155d5fa7ac173c48eb06dc5c67bef118b2a3f"
Cache-Control: max-age=360820,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7c1837c7de63b505-OSL
tpc.googlesyndication.com/generate_204?xtyYVQ
216.58.207.193 0 B URL tpc.googlesyndication.com/generate_204?xtyYVQ
IP 216.58.207.193:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /generate_204?xtyYVQ HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: tpc.googlesyndication.com
Connection: keep-alive
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
content-length: 0
cross-origin-resource-policy: cross-origin
date: Wed, 03 May 2023 11:38:28 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
prf.hn/click/camref:1101lkm2a/pubref:645247b418b67003466a8f66/ar:1940_
5.150.170.6 0 B URL prf.hn/click/camref:1101lkm2a/pubref:645247b418b67003466a8f66/ar:1940_
IP 5.150.170.6:0
ASN #31151 Performance Horizon Group Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click/camref:1101lkm2a/pubref:645247b418b67003466a8f66/ar:1940_ HTTP/1.1
Host: prf.hn
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Wed, 03 May 2023 11:38:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
P3P: CP="NOI DSP COR PSAa PSDa OUR IND UNI"
Set-Cookie: tPHG-PS=1101l8416871141; expires=Thursday, 02-May-2024 11:38:28 UTC; path=/; domain=.prf.hn; SameSite=None; Secure
Location: https://www.dfds.com?clickref=1100lwJgBPCs&utm_source=Partnerize&utm_medium=affiliate&utm_campaign=nikhil_branmark
www.dfds.com/?clickref=1100lwJgBPCs&utm_source=Partnerize&utm_medium=affiliate&utm_campaign=nikhil_branmark
54.230.111.114 0 B URL www.dfds.com/?clickref=1100lwJgBPCs&utm_source=Partnerize&utm_medium=affiliate&utm_campaign=nikhil_branmark
IP 54.230.111.114:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?clickref=1100lwJgBPCs&utm_source=Partnerize&utm_medium=affiliate&utm_campaign=nikhil_branmark HTTP/1.1
Host: www.dfds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 301 Moved Permanently
content-length: 0
server: CloudFront
date: Wed, 03 May 2023 11:38:28 GMT
location: /en
x-cache: LambdaGeneratedResponse from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ApVfUgQdbrFwGi759Mep4ctMSiugr61qGWAJLIQfLaWYpAwuYeXwhg==
X-Firefox-Spdy: h2
cdn.cryptobrowser.store/media/pb/1415/d31acf216a2e40528580c5318f33f652.png
188.114.97.1 31 kB URL cdn.cryptobrowser.store/media/pb/1415/d31acf216a2e40528580c5318f33f652.png
IP 188.114.97.1:0
File type PNG image data, 160 x 600, 8-bit colormap, non-interlaced\012- data
Hash bed247f1866140b4cfc16f1f862bd721
a3a789f86f2a314c56e95bbf834ff78c86f80eb4
6b2b8d3fdb4007644d994e546f66765a0083d0ff75bcf5c187d3bd5c253b5c85
GET /media/pb/1415/d31acf216a2e40528580c5318f33f652.png HTTP/1.1
Host: cdn.cryptobrowser.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: cdn.cryptobrowser.store
Connection: keep-alive
Referer: https://get.cryptobrowser.site/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Wed, 03 May 2023 11:38:28 GMT
content-type: image/png
content-length: 30625
etag: "6138b2b8-77a1"
last-modified: Wed, 08 Sep 2021 12:55:20 GMT
strict-transport-security: max-age=15768000
cache-control: max-age=14400
cf-cache-status: HIT
age: 1020
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RZ53RCoUHIIGfT6%2FzGhK%2BzZzzUj6D4s%2FsNCEX6EGPwrAnNK8aJs65Jp1Za8qcIdDaG0SRn%2F6vwdGbYfd4fhxUeu1oSEb0ffAw9ug4BzDt7%2FqrzD%2F%2BLZJn26NFYO9sh8sn2OyPDSpoBPFiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7c1837cb0f820afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
timeone.pro/click.php?key=al2kwgqkrn27doghv570&SOURCE_ID=s1762_G29012585&CAMPAIGN_ID=880968&BROWSER=Firefox
136.243.110.236 3.0 kB URL timeone.pro/click.php?key=al2kwgqkrn27doghv570&SOURCE_ID=s1762_G29012585&CAMPAIGN_ID=880968&BROWSER=Firefox
IP 136.243.110.236:0
ASN #24940 Hetzner Online GmbH
File type gzip compressed data, from Unix\012- data
Hash 190f64977fb5820b1f2693be9708ac7e
84acb807c217d021f1c04e8784da40960e8bd70b
008657f99d6c30a4e7fe78fa69f36b15b8797d1f3075e33725cd623c3725a09a
GET /click.php?key=al2kwgqkrn27doghv570&SOURCE_ID=s1762_G29012585&CAMPAIGN_ID=880968&BROWSER=Firefox HTTP/1.1
Host: timeone.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx/1.16.1
date: Wed, 03 May 2023 11:38:28 GMT
content-type: text/html; charset=UTF-8
location: https://lifesize24.com/dating/no/3a/?uclick=17k217gxwj&uclickhash=17k217gxwj-17k217gxwj-h9myvr-qdqe-2tpm8n-xo7sdz-8pslfe-2adba6
set-cookie: uclick=17k217gxwj; expires=Thu, 04-May-2023 11:38:28 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=17k217gxwj-17k217gxwj-h9myvr-qdqe-2tpm8n-xo7sdz-8pslfe-2adba6; expires=Thu, 04-May-2023 11:38:28 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230501&jk=301564409271246&bg=!1Nel14PNAAYcDqajPA47ADkAdvg8WsLsrHf_9D4UVbrb866o8jkIWY40xhNnTJoXwQC21dbAI2fI91hKZGsBzz4kdarJ4onTklgCAAAApVIAAAAGaAEHmQJ_bkyUztRwoyLsHEIcHHpIdFvIdT3cXvHkc7ibNpzSen19iQj-1fquDBZnWT2OBfDVYOtWwzKRMtUiUt7fJOyISBfprxRo-Nob9opO4dlgyD9Fwt8QnUOazPQMZXqjCTDoSBgQhHGr-VTfEc4-eaAKmKawcighb_T0vD15xhNiOjth3WtqQwLyWaLNFLTt44yLUKWFn0nlyVK-o1NOZzKwIDarP92w0z_r0YCpR_1YrbM2I5o9OkIN-fYv8KSp1M8kZHGYEI7HI2yiO8E973onfifpH9WlV_6_3Qv94eNuOwcWCsYsVeq5GpTcKbWBPv6farBIK-ev7uu-xIaVX3-4syvRsiXtR1GVKQ1NWsVaureDvY5w80ul2BszcpCMjogxts9Xx3ex00sz1MhzaIEfCUp9JyInL9e01Q7P3PQ5jxw6ZbkrMuFNLsQkmOrd7QbPfV9qoPTgfbTJNwo8GR94RL3V0ykELbAuWeprOAqBzIErcr7xXCM6H2DtdQaLfn3kr4zbpYB-Y0Dcwp6fxqwcheCCd1gs4CFdK38dFCUK2raXL3hl-67MAA4--MHASfXf77iuzwlc9dMxFpVvS4PXngUJkgeVO3bsK9OqTdo-9RlLt4itoEM7oa_U1HSIYsEGUBP-u2o7oLs6WGnKZC9h8x4QQK-XxvNp8snV92yYRTNbXNsz5-xOxkI0YXDT6g7p5QmvfowMxM_TQxc6E2Xr6FGtUMnb_LFQQYs3VRaFvZLTvyg_Rj-YsHW6oxaxo_iDs4B4s72FdHfZAK30vXdHY4XXcM2R5pq2tvtNZ1cNmIC40BfGqhFNE_Q3Y10XvMR5lwKiaYCqApYjZN9lSPv5
142.250.74.130 0 B URL pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230501&jk=301564409271246&bg=!1Nel14PNAAYcDqajPA47ADkAdvg8WsLsrHf_9D4UVbrb866o8jkIWY40xhNnTJoXwQC21dbAI2fI91hKZGsBzz4kdarJ4onTklgCAAAApVIAAAAGaAEHmQJ_bkyUztRwoyLsHEIcHHpIdFvIdT3cXvHkc7ibNpzSen19iQj-1fquDBZnWT2OBfDVYOtWwzKRMtUiUt7fJOyISBfprxRo-Nob9opO4dlgyD9Fwt8QnUOazPQMZXqjCTDoSBgQhHGr-VTfEc4-eaAKmKawcighb_T0vD15xhNiOjth3WtqQwLyWaLNFLTt44yLUKWFn0nlyVK-o1NOZzKwIDarP92w0z_r0YCpR_1YrbM2I5o9OkIN-fYv8KSp1M8kZHGYEI7HI2yiO8E973onfifpH9WlV_6_3Qv94eNuOwcWCsYsVeq5GpTcKbWBPv6farBIK-ev7uu-xIaVX3-4syvRsiXtR1GVKQ1NWsVaureDvY5w80ul2BszcpCMjogxts9Xx3ex00sz1MhzaIEfCUp9JyInL9e01Q7P3PQ5jxw6ZbkrMuFNLsQkmOrd7QbPfV9qoPTgfbTJNwo8GR94RL3V0ykELbAuWeprOAqBzIErcr7xXCM6H2DtdQaLfn3kr4zbpYB-Y0Dcwp6fxqwcheCCd1gs4CFdK38dFCUK2raXL3hl-67MAA4--MHASfXf77iuzwlc9dMxFpVvS4PXngUJkgeVO3bsK9OqTdo-9RlLt4itoEM7oa_U1HSIYsEGUBP-u2o7oLs6WGnKZC9h8x4QQK-XxvNp8snV92yYRTNbXNsz5-xOxkI0YXDT6g7p5QmvfowMxM_TQxc6E2Xr6FGtUMnb_LFQQYs3VRaFvZLTvyg_Rj-YsHW6oxaxo_iDs4B4s72FdHfZAK30vXdHY4XXcM2R5pq2tvtNZ1cNmIC40BfGqhFNE_Q3Y10XvMR5lwKiaYCqApYjZN9lSPv5
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/sodar?id=sodar2&v=225&t=2&li=gda_r20230501&jk=301564409271246&bg=!1Nel14PNAAYcDqajPA47ADkAdvg8WsLsrHf_9D4UVbrb866o8jkIWY40xhNnTJoXwQC21dbAI2fI91hKZGsBzz4kdarJ4onTklgCAAAApVIAAAAGaAEHmQJ_bkyUztRwoyLsHEIcHHpIdFvIdT3cXvHkc7ibNpzSen19iQj-1fquDBZnWT2OBfDVYOtWwzKRMtUiUt7fJOyISBfprxRo-Nob9opO4dlgyD9Fwt8QnUOazPQMZXqjCTDoSBgQhHGr-VTfEc4-eaAKmKawcighb_T0vD15xhNiOjth3WtqQwLyWaLNFLTt44yLUKWFn0nlyVK-o1NOZzKwIDarP92w0z_r0YCpR_1YrbM2I5o9OkIN-fYv8KSp1M8kZHGYEI7HI2yiO8E973onfifpH9WlV_6_3Qv94eNuOwcWCsYsVeq5GpTcKbWBPv6farBIK-ev7uu-xIaVX3-4syvRsiXtR1GVKQ1NWsVaureDvY5w80ul2BszcpCMjogxts9Xx3ex00sz1MhzaIEfCUp9JyInL9e01Q7P3PQ5jxw6ZbkrMuFNLsQkmOrd7QbPfV9qoPTgfbTJNwo8GR94RL3V0ykELbAuWeprOAqBzIErcr7xXCM6H2DtdQaLfn3kr4zbpYB-Y0Dcwp6fxqwcheCCd1gs4CFdK38dFCUK2raXL3hl-67MAA4--MHASfXf77iuzwlc9dMxFpVvS4PXngUJkgeVO3bsK9OqTdo-9RlLt4itoEM7oa_U1HSIYsEGUBP-u2o7oLs6WGnKZC9h8x4QQK-XxvNp8snV92yYRTNbXNsz5-xOxkI0YXDT6g7p5QmvfowMxM_TQxc6E2Xr6FGtUMnb_LFQQYs3VRaFvZLTvyg_Rj-YsHW6oxaxo_iDs4B4s72FdHfZAK30vXdHY4XXcM2R5pq2tvtNZ1cNmIC40BfGqhFNE_Q3Y10XvMR5lwKiaYCqApYjZN9lSPv5 HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Alt-Used: pagead2.googlesyndication.com
Connection: keep-alive
Referer: https://mediacpm.pl/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 204 No Content
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
date: Wed, 03 May 2023 11:38:29 GMT
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
lifesize24.com/dating/no/3a/index_files/stylesheet.css
136.243.110.236 3.2 kB URL lifesize24.com/dating/no/3a/index_files/stylesheet.css
IP 136.243.110.236:0
ASN #24940 Hetzner Online GmbH
Hash 28509f32246376afba429b67b6ee46a8
01eabe5c59454e569e4b9f53ca8f564187bed93f
c56822d23ae5270e5c97706484545fb6d0171fa2969af55aa2e1035b9ff75044
GET /dating/no/3a/index_files/stylesheet.css HTTP/1.1
Host: lifesize24.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifesize24.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 03 May 2023 11:38:29 GMT
content-type: text/css
content-length: 3208
last-modified: Mon, 28 Mar 2022 13:49:19 GMT
etag: "6241bcdf-c88"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
lifesize24.com/scripts/propush_script_dating.js
136.243.110.236 511 B URL lifesize24.com/scripts/propush_script_dating.js
IP 136.243.110.236:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with CRLF line terminators
Hash 983a4b872cee8701a99f04788998b9f7
eb079f971147996811ff68f710f631c36c8e5c32
a3444458f67596f98a88f03277cd68225f882f2d8c14e219ab3b429bc05993ae
Analyzer Verdict Alert fortinet Phishing
GET /scripts/propush_script_dating.js HTTP/1.1
Host: lifesize24.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifesize24.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 03 May 2023 11:38:29 GMT
content-type: application/javascript
content-length: 511
last-modified: Fri, 19 Aug 2022 13:39:20 GMT
etag: "62ff9288-1ff"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
lifesize24.com/new_domain_push2.js
136.243.110.236 219 B URL lifesize24.com/new_domain_push2.js
IP 136.243.110.236:0
ASN #24940 Hetzner Online GmbH
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 98e58f3a606b1cf8d0643b76acdbc7d3
7235e8819e3fde18b233cc5e00b9781792abbe52
41e27df008358aa50a4fb9df98c1575fedb458c6bd176718bf4b9c37f02e4d87
Analyzer Verdict Alert fortinet Phishing
GET /new_domain_push2.js HTTP/1.1
Host: lifesize24.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifesize24.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 03 May 2023 11:38:29 GMT
content-type: application/javascript
content-length: 219
last-modified: Mon, 22 Aug 2022 09:46:46 GMT
etag: "63035086-db"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
lifesize24.com/dating/no/3a/index_files/main.js
136.243.110.236 164 kB URL lifesize24.com/dating/no/3a/index_files/main.js
IP 136.243.110.236:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (568), with CRLF line terminators
Size 164 kB (163772 bytes)
Hash a0f4da40bd81c65d824afc106743d47f
55b2d4c57fdb017314f62ac2fe8a3e287dcadf7f
e40e7cc368c897d6a3a5095fae6ccd6d9a3f88af5ef9c590f79b9fd22293ad10
Analyzer Verdict Alert fortinet Phishing
GET /dating/no/3a/index_files/main.js HTTP/1.1
Host: lifesize24.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifesize24.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 03 May 2023 11:38:29 GMT
content-type: application/javascript
content-length: 163772
last-modified: Mon, 28 Mar 2022 09:46:38 GMT
etag: "624183fe-27fbc"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
lifesize24.com/dating/no/3a/index_files/pin.gif
136.243.110.236 124 kB URL lifesize24.com/dating/no/3a/index_files/pin.gif
IP 136.243.110.236:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 200 x 200\012- data
Size 124 kB (124526 bytes)
Hash 4b89992f800cc7618b65c632cf2386f8
01d647d50bfc72f7a8f9bf5516ff8cb18cc7bf32
f516f951bd81c2834d901c7038c485f292be04e4c15f6c82a857e3400f55ad1c
GET /dating/no/3a/index_files/pin.gif HTTP/1.1
Host: lifesize24.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifesize24.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 03 May 2023 11:38:29 GMT
content-type: image/gif
content-length: 124526
last-modified: Mon, 28 Mar 2022 09:46:38 GMT
etag: "624183fe-1e66e"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
lifesize24.com/dating/no/3a/index_files/blo3.gif
136.243.110.236 6.8 MB URL lifesize24.com/dating/no/3a/index_files/blo3.gif
IP 136.243.110.236:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 400 x 600\012- data
Size 6.8 MB (6840669 bytes)
Hash 7acf0c5384324349dd13091f1020d967
fd2c49cc6ec5d69041839e72f6c3760dd91fd773
7a29b4dfde958515dc5493ebe6c3c14928d1ab187f27162a03fabde37a3b6ae2
GET /dating/no/3a/index_files/blo3.gif HTTP/1.1
Host: lifesize24.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lifesize24.com/dating/no/3a/index_files/stylesheet.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 03 May 2023 11:38:29 GMT
content-type: image/gif
content-length: 6840669
last-modified: Mon, 28 Mar 2022 09:46:37 GMT
etag: "624183fd-68615d"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
www.dfds.com/en
54.230.111.114 53 kB IP 54.230.111.114:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (58339)
Hash 26b4bdef5f9dabdd5d79f3af4e77645f
abad32cdf8f24ef7e5265d62ccdb266f994b63b1
8865507d04b977dd1d580461f52f3af980f4d6fd49766193ffaaed72c3a81075
GET /en HTTP/1.1
Host: www.dfds.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
content-type: text/html
x-amz-id-2: CeXp9PNpG1ptlgNKa4w8iwpozgs/f0iVgodYeCvHO5QaWYuN4ki4J+JLsaDLCkT7L7OxF84QVdY=
x-amz-request-id: QF7223Y8K78GXE0F
date: Wed, 03 May 2023 11:38:30 GMT
last-modified: Tue, 02 May 2023 09:37:07 GMT
x-amz-server-side-encryption: AES256
cache-control: public, max-age=0, must-revalidate
x-amz-version-id: IZR1CI7ivrXkHCRNDNo7joLfpG6NE1Zu
server: AmazonS3
x-frame-options: deny
content-security-policy: frame-ancestors 'none'
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains; preload
referrer-policy: no-referrer-when-downgrade
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(self), battery=(), camera=(), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(self), xr-spatial-tracking=(self), clipboard-read=(self), clipboard-write=(self), gamepad=(), speaker-selection=(), conversion-measurement=(self), focus-without-user-activation=(self), hid=(self), idle-detection=(self), interest-cohort=(self), serial=(self), sync-script=(self), trust-token-redemption=(self), vertical-scroll=(self)
content-encoding: gzip
etag: W/"fbbdb169662161382b1477cad2bd795c"
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: XD4cbUIkVXJI1OD3QcXkPD0yHyFI4BikUMYjnH4DxX7RWlRyYybIDQ==
X-Firefox-Spdy: h2
lifesize24.com/sw-check-permissions-48d47.js
136.243.110.236 566 B URL lifesize24.com/sw-check-permissions-48d47.js
IP 136.243.110.236:0
ASN #24940 Hetzner Online GmbH
Hash 774601dbf5cabb3374ea8ab8ca451f3b
e87422501d2e48454e8e99882e7c1defff27a3fc
bdb7933cbbd736d6929abd4af7d0ab6380bf1458d005350d1f0b50590f67f762
Analyzer Verdict Alert fortinet Phishing
GET /sw-check-permissions-48d47.js HTTP/1.1
Host: lifesize24.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Moz: prefetch
Connection: keep-alive
Referer: https://lifesize24.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.1
date: Wed, 03 May 2023 11:38:30 GMT
content-type: application/javascript
content-length: 566
last-modified: Fri, 19 Aug 2022 13:37:22 GMT
etag: "62ff9212-236"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
syndication.realsrv.com/vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65eNdlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPv188uHLXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_Pv37ctcDdrFMDFcE0ufjjx7de3nxrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmCidrcvafYlecXrmXnsZjgqfcpz463L2n2JXnF65l5XK7pqYs.O7h58dNbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn48a56YGoJXl5Jm3I8.Ot.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fLsw47w8cuPTkw14a4.evRp11l3n3b89O3JzXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc5ZTNVPXPuamk1sNsxzNRZ8NcDczrrlOfDXA3GxK3BK8vOw85nw12wNuTLuWuS1563KaZqWpm3M9cDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58.PTny6ctc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.fHpz5dOmuVythqyCvBeema_BevCdzPXK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8NdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrckYgjXgqnz4a6mqYJ6123K2II8.2upqmCete1ymqCaXPjrtssgbz49vHPjx5.eHjjy7cuvjpy6eO3Try6d2enTj3Z8664JHKq2JJ8.Pbxz48efnh41tTTRQONTS1OS158YA--
95.211.229.245 20 B URL syndication.realsrv.com/vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65eNdlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPv188uHLXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_Pv37ctcDdrFMDFcE0ufjjx7de3nxrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmCidrcvafYlecXrmXnsZjgqfcpz463L2n2JXnF65l5XK7pqYs.O7h58dNbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn48a56YGoJXl5Jm3I8.Ot.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fLsw47w8cuPTkw14a4.evRp11l3n3b89O3JzXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc5ZTNVPXPuamk1sNsxzNRZ8NcDczrrlOfDXA3GxK3BK8vOw85nw12wNuTLuWuS1563KaZqWpm3M9cDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58.PTny6ctc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.fHpz5dOmuVythqyCvBeema_BevCdzPXK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8NdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrckYgjXgqnz4a6mqYJ6123K2II8.2upqmCete1ymqCaXPjrtssgbz49vHPjx5.eHjjy7cuvjpy6eO3Try6d2enTj3Z8664JHKq2JJ8.Pbxz48efnh41tTTRQONTS1OS158YA--
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLnt4ddvDnq4d_XPx65eNdlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPv188uHLXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59e_Pv37ctcDdrFMDFcE0ufjjx7de3nxrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nw1z2MxwVPuUr0sVuZ9.GuexmOCp9yldqymlyVrDMFE7W0xJOxA9Ku1ZTS5K1hmCidrcvafYlecXrmXnsZjgqfcpz463L2n2JXnF65l5XK7pqYs.O7h58dNbDa9eE7mfPjrdmpkYrz1wNyuV3TUxZ8dbU1ktdOC81MD0ErEeZRZ2t.uude9d2am5iltxtd2anPXA3PTM3Y1Wu0xW49NThn48a56YGoJXl5Jm3I8.Ot.uuerPjrqapcclXpcqmjsrgmlz12VOUrwN58NdlMa77FT.fLsw47w8cuPTkw14a4.evRp11l3n3b89O3JzXBJPS5VVBNKvVWxXZVnx1wST0uVVQTSrwS2sRwNr0uMVTS58NdLjrlLlK9UFbi781VcrEjmd13Pc5ZTNVPXPuamk1sNsxzNRZ8NcDczrrlOfDXA3GxK3BK8vOw85nw12wNuTLuWuS1563KaZqWpm3M9cDbbFbDTktblOfLXA20xTTA5SvVNZS05nw1yzVNUwT158NcErUz0sFcy8kzbmfDXW5VWvJM25nw10uPQTSrvOTSsSOLwN58.PTny6ctc9M1.C9VbFdlWe3jrgbnYprlcpz4a2oK8F3nJpWJHF4G8.fHpz5dOmuVythqyCvBeema_BevCdzPXK5Ww1ZBXgvPTNfgu25U1TBPXBNLnrYbZjmaiXtcpz1wST0uVVQTSrsRxrwS2sRwNr0uMVTS1Z8NdVjPLPhrqsZ558NdTVME9a9eE7meupqmCeteViRzPXU1TBPWva5TnrZpmuqcpXtcpz4a7ac.GuCWtymViPPhrlmXdslbqz4a4G6XKp5paoLXF42MJrK8.GuBuSyOuDGaVzPhrckYgjXgqnz4a6mqYJ6123K2II8.2upqmCete1ymqCaXPjrtssgbz49vHPjx5.eHjjy7cuvjpy6eO3Try6d2enTj3Z8664JHKq2JJ8.Pbxz48efnh41tTTRQONTS1OS158YA-- HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww3.eurosptp.com/
Connection: keep-alive
Cookie: impressions=bxaoccxansgxabseomrcbgxcceibxclolxcnxgxabseomrcbgxcceimrxccoscnogxabseobsbagxcceimrxccosenogxabseobsbmgxcceibxscllmanxgxabsessbregxcceibxscllacnxgxabsecxobsgxcceibxscllbcnxgxabsecreeegxcceibxscllrbnxgxabsecrxecgxcceibxscllbenxgxabserelmmgxcceimrmaobxansgxabseroxrmgxcceimaxecocbnxgxabserorscgxcceimxeemlebnxgxabserlrlagxcceibxscllmenxgxabseaellrgxcceimocbmmacnxgxabseambxegxcceisooloabsnxgxabseambxegxcceibxxxcslenxgxabseabamagxcceibxeslaocnxgxabseabamagxcceimbbcemoanxgxabsxelmocgxcceixaoosscrnxgxabsxxexbmgxcceimeelaclonxgxabsxxexbmgxcceimxeemleonxgxabsxxexbmgxcceixaoossalnxgxabsxxexbmgxcceibeoabmsanxgxabsxxexbmgxcceibxbmsebonxgxabsxxsbblgxcceibxbmsemcnxgxabsxxsblsgxcceibxbmsembnxgxabsxxsblmgxcceibxbmsemanxgxabsxxsleogxcceibxbmsebenxgxabsxxslergxcceibxxaralbnxgxabsxxslebgxcce
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 03 May 2023 11:38:30 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin:
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cryptotabbrowser.com/pb/6/16224264/?t=simple,text,pro,mobile
104.26.11.230302 Found 105 kB URL GET HTTP/2 cryptotabbrowser.com/pb/6/16224264/?t=simple,text,pro,mobile
IP 104.26.11.230:443
Requested by https://mediacpm.pl/serve/show.php?a=28957&b=728x90
Size 105 kB (105329 bytes)
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pb/6/16224264/?t=simple,text,pro,mobile HTTP/1.1
Host: cryptotabbrowser.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://mediacpm.pl/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 03 May 2023 11:38:06 GMT
content-type: text/html; charset=utf-8
location: ?t=simple%2Ctext%2Cpro%2Cmobile&l=en
cache-control: max-age=14400, s-maxage=0
content-language: en
vary: Accept-Language, Cookie, Accept-Encoding
strict-transport-security: max-age=15768000
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t53GRcHj4aJfr5oFSt35bmKX5asVRV7MvCReaAm0lSK1cmvIl6PMYyzNQcA1ovFydo3%2BKOiPQ%2FKcVv7GyXQ6oSsYHkis9t3GcueZ2pwHyfyfPRVoF4DNBPEpz8TBvXGCamO6se3f"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7c18373b7ecc0b49-OSL
X-Firefox-Spdy: h2