go.gkrtmc.com/aff_f?h=NYwoYh&aff_sub5=free-social&click_id=376l60j140rcl&source=1220_1128
172.255.248.119302 Found 312 B URL User Request GET HTTP/1.1 go.gkrtmc.com/aff_f?h=NYwoYh&aff_sub5=free-social&click_id=376l60j140rcl&source=1220_1128
IP 172.255.248.119:443
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint55:95:28:6A:EC:1D:DC:9B:AA:33:46:53:FF:B5:17:A0:D5:5F:2F:B4
ValidityTue, 23 Apr 2024 12:38:03 GMT - Mon, 22 Jul 2024 12:38:02 GMT
File type HTML document, ASCII text, with very long lines (312), with no line terminators
Hash e0f04870c405ef746c466a2a3501279c
bee3a46fc588e8a78618efc550ea33a733f4aaff
2944ea27428784044fd4080d7a0b68fe787fc9ed0d7c28d93211652ddacd4b97
GET /aff_f?h=NYwoYh&aff_sub5=free-social&click_id=376l60j140rcl&source=1220_1128 HTTP/1.1
Host: go.gkrtmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 24 Apr 2024 23:45:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 312
Connection: keep-alive
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Set-Cookie: language=en; Domain=go.gkrtmc.com; Path=/; Expires=Fri, 24 May 2024 23:45:12 GMT
flow_id=NYwoYh; Domain=go.gkrtmc.com; Path=/; Expires=Wed, 24 Apr 2024 23:46:12 GMT
Location: aff_c?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j140rcl&last=6
Vary: Accept
Cache-Control: no-store, no-cache
go.gkrtmc.com/aff_c?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j140rcl&last=6
172.255.248.119302 Found 380 B URL User Request GET HTTP/1.1 go.gkrtmc.com/aff_c?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j140rcl&last=6
IP 172.255.248.119:443
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint55:95:28:6A:EC:1D:DC:9B:AA:33:46:53:FF:B5:17:A0:D5:5F:2F:B4
ValidityTue, 23 Apr 2024 12:38:03 GMT - Mon, 22 Jul 2024 12:38:02 GMT
File type HTML document, ASCII text, with very long lines (380), with no line terminators
Hash 0335c5ff3c2057444dc129ab500c6a33
726f6b75cb62a87b2154163e5b771e5886695cd5
efa7eb8ac3bfd892ebea0fb34348e0b3b2d143736e267e71b3b6d41f3c765218
GET /aff_c?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j140rcl&last=6 HTTP/1.1
Host: go.gkrtmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: language=en; flow_id=NYwoYh
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 24 Apr 2024 23:45:12 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 380
Connection: keep-alive
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Set-Cookie: language=en; Domain=go.gkrtmc.com; Path=/; Expires=Fri, 24 May 2024 23:45:12 GMT
test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
Location: https://go.gkrtmc.com/cl?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j140rcl&last=6&bofc=aff_c
Vary: Accept
Cache-Control: no-store, no-cache
go.gkrtmc.com/cl?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j140rcl&last=6&bofc=aff_c
172.255.248.119200 OK 658 B URL User Request GET HTTP/1.1 go.gkrtmc.com/cl?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j140rcl&last=6&bofc=aff_c
IP 172.255.248.119:443
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint55:95:28:6A:EC:1D:DC:9B:AA:33:46:53:FF:B5:17:A0:D5:5F:2F:B4
ValidityTue, 23 Apr 2024 12:38:03 GMT - Mon, 22 Jul 2024 12:38:02 GMT
File type JavaScript source, ASCII text, with very long lines (307)
Hash 8cb8df9d6f45bcd198447eff48ef3b44
07a0712ecc033f3b06eeb02545834e0d1a8c0ff7
df118cb43e8bc6ff3468c04fb266298d41a9d0b56c86911dd34f70fc3be5b6b8
GET /cl?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j140rcl&last=6&bofc=aff_c HTTP/1.1
Host: go.gkrtmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: language=en; flow_id=NYwoYh
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 23:45:12 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval'
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Set-Cookie: language=en; Domain=go.gkrtmc.com; Path=/; Expires=Fri, 24 May 2024 23:45:12 GMT
ETag: W/"5e3-B6BxLswDPzsG7rAlRYNODRqMD/c"
Cache-Control: no-store, no-store, no-cache
Content-Encoding: gzip
go.gkrtmc.com/aff_c?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j140rcl&last=6&bofc=aff_c
172.255.248.119302 Found 428 B URL User Request GET HTTP/1.1 go.gkrtmc.com/aff_c?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j140rcl&last=6&bofc=aff_c
IP 172.255.248.119:443
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint55:95:28:6A:EC:1D:DC:9B:AA:33:46:53:FF:B5:17:A0:D5:5F:2F:B4
ValidityTue, 23 Apr 2024 12:38:03 GMT - Mon, 22 Jul 2024 12:38:02 GMT
File type HTML document, ASCII text, with very long lines (428), with no line terminators
Hash 45c339496763a4402b533c931c229a3e
35a3113fa2fe23169f8da3c1055872308c51b928
460749a858e42b5ecc454fe12b7e74ceaa61faf2e86af6f3eead61d522c6c5e6
GET /aff_c?aff_id=65195&offer_id=10000&url_id=0&source=1220_1128&aff_sub5=free-social&click_id=376l60j140rcl&last=6&bofc=aff_c HTTP/1.1
Host: go.gkrtmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: language=en; flow_id=NYwoYh
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 24 Apr 2024 23:45:13 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 428
Connection: keep-alive
Content-Security-Policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Cross-Origin-Opener-Policy: same-origin
Cross-Origin-Resource-Policy: same-origin
Origin-Agent-Cluster: ?1
Referrer-Policy: no-referrer
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Set-Cookie: language=en; Domain=go.gkrtmc.com; Path=/; Expires=Fri, 24 May 2024 23:45:13 GMT
test=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT
10000=32_65195_10000_89b094afc396d17a8d34c454e0d26a9d; Domain=go.gkrtmc.com; Path=/; Expires=Fri, 24 May 2024 23:45:13 GMT; Secure; SameSite=None
op_10000=0; Domain=go.gkrtmc.com; Path=/; Expires=Fri, 24 May 2024 23:45:13 GMT
user_id=13354f2f-39d7-453a-96e1-7a2c3a2849f5_4c738bb8b5559ec1798007943d65b40a; Domain=go.gkrtmc.com; Path=/; Expires=Mon, 23 Apr 2029 23:45:13 GMT; Secure; SameSite=None
Location: /rd.html?go=https%3A%2F%2Fqueitho.com%2Fclient%3Fcamp%3Ds9%26aff_id%3D2%26aff_sub%3D65195%26source%3D65195%26aff_sub2%3Dfree-social%26click_id%3D32_65195_10000_89b094afc396d17a8d34c454e0d26a9d
Vary: Accept
Cache-Control: no-store, no-cache
go.gkrtmc.com/rd.html?go=https%3A%2F%2Fqueitho.com%2Fclient%3Fcamp%3Ds9%26aff_id%3D2%26aff_sub%3D65195%26source%3D65195%26aff_sub2%3Dfree-social%26click_id%3D32_65195_10000_89b094afc396d17a8d34c454e0d26a9d
172.255.248.119200 OK 255 B URL User Request GET HTTP/1.1 go.gkrtmc.com/rd.html?go=https%3A%2F%2Fqueitho.com%2Fclient%3Fcamp%3Ds9%26aff_id%3D2%26aff_sub%3D65195%26source%3D65195%26aff_sub2%3Dfree-social%26click_id%3D32_65195_10000_89b094afc396d17a8d34c454e0d26a9d
IP 172.255.248.119:443
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint55:95:28:6A:EC:1D:DC:9B:AA:33:46:53:FF:B5:17:A0:D5:5F:2F:B4
ValidityTue, 23 Apr 2024 12:38:03 GMT - Mon, 22 Jul 2024 12:38:02 GMT
File type HTML document, ASCII text
Hash d032811d8a01caff2a5ce141a657ca0e
7cfb5ac640b5496f18939ee73dc89cccf77125cc
e2efe220662dd9a54582aa6ab3f6d9fcaf0341710d0b01aa051fc09258ff9e6e
GET /rd.html?go=https%3A%2F%2Fqueitho.com%2Fclient%3Fcamp%3Ds9%26aff_id%3D2%26aff_sub%3D65195%26source%3D65195%26aff_sub2%3Dfree-social%26click_id%3D32_65195_10000_89b094afc396d17a8d34c454e0d26a9d HTTP/1.1
Host: go.gkrtmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: language=en; flow_id=NYwoYh; 10000=32_65195_10000_89b094afc396d17a8d34c454e0d26a9d; op_10000=0; user_id=13354f2f-39d7-453a-96e1-7a2c3a2849f5_4c738bb8b5559ec1798007943d65b40a
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Apr 2024 23:45:13 GMT
Content-Type: text/html
Last-Modified: Fri, 13 Aug 2021 14:56:49 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"61168831-149"
Cache-Control: no-store, no-cache
Content-Encoding: gzip
go.gkrtmc.com/favicon.ico
172.255.248.119 106 B URL go.gkrtmc.com/favicon.ico
IP 172.255.248.119:0
Certificate IssuerLet's Encrypt
Subjecttrack.cpamatica.com
Fingerprint55:95:28:6A:EC:1D:DC:9B:AA:33:46:53:FF:B5:17:A0:D5:5F:2F:B4
ValidityTue, 23 Apr 2024 12:38:03 GMT - Mon, 22 Jul 2024 12:38:02 GMT
File type HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
GET /favicon.ico HTTP/1.1
Host: go.gkrtmc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.gkrtmc.com/rd.html?go=https%3A%2F%2Fqueitho.com%2Fclient%3Fcamp%3Ds9%26aff_id%3D2%26aff_sub%3D65195%26source%3D65195%26aff_sub2%3Dfree-social%26click_id%3D32_65195_10000_89b094afc396d17a8d34c454e0d26a9d
Cookie: language=en; flow_id=NYwoYh; 10000=32_65195_10000_89b094afc396d17a8d34c454e0d26a9d; op_10000=0; user_id=13354f2f-39d7-453a-96e1-7a2c3a2849f5_4c738bb8b5559ec1798007943d65b40a
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 24 Apr 2024 23:45:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
oacenom.com/ckset
188.114.96.1 117 B IP 188.114.96.1:0
Hash 8f46f15482a92508fccb3d371b052439
cc1bdacd28b8d4a3de3d63e97fd24c6a773149af
c859c77c0671a8898666249f17a60cc202a9ba61318676437b0bd0377f066406
POST /ckset HTTP/1.1
Host: oacenom.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
HTTP/2 201 Created
date: Wed, 24 Apr 2024 23:45:13 GMT
content-type: application/json; charset=utf-8
content-length: 117
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: mastidencook=7c611027-6e75-4bcc-a22e-9f140bec76ce_20b18727b75b95f01ea947457eca6be3; Domain=oacenom.com; Path=/; Expires=Mon, 23 Apr 2029 23:45:13 GMT; Secure; SameSite=None
etag: W/"75-zBvazSi41KPePWPpf9JMancxSa8"
access-control-allow-origin: https://queitho.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AdUo%2B9%2BSEX3n9FZvba9WowTqUHORh7S2Bcaqe3QDNkGV2u4lUaBhxHqU2ZCx4UCnKkbJvr0XdZuuaFvp2axByAQmQt6xaI8m391AOcNl%2F7xmh7h1dAgEZ3If6Js3rQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799f73ba97ab4fa-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
queitho.com/visit?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_89b094afc396d17a8d34c454e0d26a9d&source=65195&ttype=direct&camp=s9&p_camp=&bstep=&sid=&efcn=custom-unknown&cntp=custom-unknown&sch=&scw=&vph=&vpw=<=
172.67.169.237 823 B URL queitho.com/visit?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_89b094afc396d17a8d34c454e0d26a9d&source=65195&ttype=direct&camp=s9&p_camp=&bstep=&sid=&efcn=custom-unknown&cntp=custom-unknown&sch=&scw=&vph=&vpw=<=
IP 172.67.169.237:0
Hash 575cbf282f86f119cca5d8b8bdf80315
00c39b2fbf0d48e85e3012987a7d90ebf82395bc
1f5c6acd176eabc81bbd9a854e5bc6a080cd4c92b0ddcdc9447b0728eb37f344
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /visit?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_89b094afc396d17a8d34c454e0d26a9d&source=65195&ttype=direct&camp=s9&p_camp=&bstep=&sid=&efcn=custom-unknown&cntp=custom-unknown&sch=&scw=&vph=&vpw=<= HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 409
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 201 Created
date: Wed, 24 Apr 2024 23:45:13 GMT
content-type: application/json; charset=utf-8
content-length: 823
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: browserLanguage=en; Domain=queitho.com; Path=/; Expires=Fri, 24 May 2024 23:45:13 GMT
userId=85d7ff9a-6367-4a6c-bef8-94f1d9b2e2b3_611c51646bfe0af91dac94a6d1d9b8e3; Domain=queitho.com; Path=/; Expires=Mon, 23 Apr 2029 23:45:13 GMT; Secure; SameSite=None
cache-control: no-store, no-store, no-cache
etag: W/"337-AMObL78NSOheMBKYen2Q6/gjlbw"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=drQ4K%2FgpA8w4R56sH9TIaG5HKbz6rB5QjxY4ijIZJjAYhauiuekvWKfPBPX48dbQNrJ0qis39L9UhgM3S51J9%2BGL0zdlKbc2osX8Nks7VwUcB6JsEWGky7QnhuYDqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799f73c38035687-OSL
alt-svc: h3=":443"; ma=86400
queitho.com/fl?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_89b094afc396d17a8d34c454e0d26a9d&source=65195&ttype=direct&camp=f14&sl_cid=bce573ea-126d-40a8-9427-55b51fef3e2c_ce3c95526ea00a539b1943ade3625dab&p_camp=&bstep=&sid=s9&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.gkrtmc.com%2F<=
172.67.169.237 1.3 kB URL queitho.com/fl?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_89b094afc396d17a8d34c454e0d26a9d&source=65195&ttype=direct&camp=f14&sl_cid=bce573ea-126d-40a8-9427-55b51fef3e2c_ce3c95526ea00a539b1943ade3625dab&p_camp=&bstep=&sid=s9&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.gkrtmc.com%2F<=
IP 172.67.169.237:0
Hash 6c6d345fc237eff677baf51b1062592f
c693cd1efeac9d249b53f15bb92c6236bb60f3c4
50f0fff2a236ccd67dda7a34c240c03fed8efcac60789cef4c0bcc10cb4488da
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /fl?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_89b094afc396d17a8d34c454e0d26a9d&source=65195&ttype=direct&camp=f14&sl_cid=bce573ea-126d-40a8-9427-55b51fef3e2c_ce3c95526ea00a539b1943ade3625dab&p_camp=&bstep=&sid=s9&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.gkrtmc.com%2F<= HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 415
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Cookie: browserLanguage=en; userId=85d7ff9a-6367-4a6c-bef8-94f1d9b2e2b3_611c51646bfe0af91dac94a6d1d9b8e3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 201 Created
date: Wed, 24 Apr 2024 23:45:13 GMT
content-type: application/json; charset=utf-8
content-length: 1325
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: browserLanguage=en; Domain=queitho.com; Path=/; Expires=Fri, 24 May 2024 23:45:13 GMT
cache-control: no-store, no-store, no-cache
etag: W/"52d-xpPNHv6snSSbU/FbuSxiNrtg88Q"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Elsj%2FNiwouoGdo0Qy1%2Bd%2BeKtmaZ8WhB9F6HPIaf68mWXwd9bsSgeGAEfAhEqTrFnmiWgy%2BXdOcGNQ91wb1QPw3hF8qXy9LuJtDMEdkq9ee3SxfA9iNMrlAHqy2gGNA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799f73cb8325687-OSL
alt-svc: h3=":443"; ma=86400
queitho.com/ofp?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_89b094afc396d17a8d34c454e0d26a9d&source=65195&ttype=direct&camp=f14&sl_cid=bce573ea-126d-40a8-9427-55b51fef3e2c_ce3c95526ea00a539b1943ade3625dab&p_camp=&bstep=0&sid=s9&ofp_id=111&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.gkrtmc.com%2F<=0
172.67.169.237 231 B URL queitho.com/ofp?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_89b094afc396d17a8d34c454e0d26a9d&source=65195&ttype=direct&camp=f14&sl_cid=bce573ea-126d-40a8-9427-55b51fef3e2c_ce3c95526ea00a539b1943ade3625dab&p_camp=&bstep=0&sid=s9&ofp_id=111&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.gkrtmc.com%2F<=0
IP 172.67.169.237:0
Hash 19b72b5c36a048ee58a054fcf614ea73
7f054472fa5e17de3a7011163e81a7430bda37d9
06b4a981da626cf29fff95b40380f6a6714de56db2c3eb367295c45ff959012c
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /ofp?aff_id=2&aff_sub=65195&aff_sub2=free-social&click_id=32_65195_10000_89b094afc396d17a8d34c454e0d26a9d&source=65195&ttype=direct&camp=f14&sl_cid=bce573ea-126d-40a8-9427-55b51fef3e2c_ce3c95526ea00a539b1943ade3625dab&p_camp=&bstep=0&sid=s9&ofp_id=111&efcn=custom-unknown&cntp=custom-unknown&sch=1024&scw=1280&vph=1024&vpw=1280&ref=https%3A%2F%2Fgo.gkrtmc.com%2F<=0 HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 422
Origin: https://queitho.com
DNT: 1
Connection: keep-alive
Cookie: browserLanguage=en; userId=85d7ff9a-6367-4a6c-bef8-94f1d9b2e2b3_611c51646bfe0af91dac94a6d1d9b8e3
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 201 Created
date: Wed, 24 Apr 2024 23:45:13 GMT
content-type: application/json; charset=utf-8
content-length: 231
content-security-policy: default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
set-cookie: browserLanguage=en; Domain=queitho.com; Path=/; Expires=Fri, 24 May 2024 23:45:13 GMT
cache-control: no-store, no-store, no-cache
etag: W/"e7-fwVEcvpeF946cBEWPoGnQwvaN9k"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zeTR6gq1RPrAhunmAtVPOY%2F2NGxNUl%2BXUs6qQBmFaXEvX9cU74NSwbtqgCEXCuu4RNgti%2FFy%2BqEp5633EhWBFO3gSviSH8gWMnaF8kXHKem%2BP8W1sdddxzyBiZXBoA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799f73d586a5687-OSL
alt-svc: h3=":443"; ma=86400
queitho.com/favicon.ico
172.67.169.237 2.9 kB IP 172.67.169.237:0
File type HTML document, ASCII text, with CRLF line terminators
Hash 8eec510e57f5f732fd2cce73df7b73ef
3c0af39ecb3753c5fee3b53d063c7286019eac3b
55f7d9e99b8e2d4e0e193b2f0275501e6d9c1ebd29cadbea6a0da48a8587e3e0
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /favicon.ico HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Wed, 24 Apr 2024 23:45:13 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vcz0rdFHP4Hw4lIcMJfQqTCSfA%2Fzm7fX5fyqvKFPJLnSJK1mHEl4QcZonXLCGdsr4kvmN6tMI%2B4vXfXLI2qJJ%2BCjAz9CND%2BQ%2Fp8zFoHorY8FMQ4sRXuzj3g1c%2B%2Bq8w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799f73bffea5687-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
cdn-dimi.akamaized.net/landings/285828/1704989181/css/reviews.css?1704989181
88.221.27.128200 OK 1.0 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/css/reviews.css?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hash ab7655b7e0870e539ab60ed308b94176
6d2528a94402def11fcfab529ad51b98e8b6ec88
2e9c81b9fd7c0be920940728b172ecaf0e0652e147f345caa8ef36bf6ade8180
GET /landings/285828/1704989181/css/reviews.css?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 1EEptWOROEaGG5mO7Xd0pCVIx0s3pAnYMWBLbB7/UpyGfdG/4Rz96gqvh6vGsJNrUp+zJCVicEc=
x-amz-request-id: EYADXEX0N0MD5DZD
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "ab7655b7e0870e539ab60ed308b94176"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 24 Apr 2024 23:45:15 GMT
Content-Length: 1029
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
88.221.27.128200 OK 2.7 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hash e6d646e8547e3961d2ebf527b18bbf13
7302490aa895cb313625cad1ca902f270d35246e
4e8f270058992bd6af75e4242d0bd3778478f48fbe0a9d8d7ea3d0fcd9490e5f
GET /landings/285828/1704989181/css/style.css?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: HlwgEM/5Q7GXORFqe7NoSkHzr19kCE+OXRKT2CqjyaTKp1X1m+UcavUTqajAG9Xv2YWusANHcrM=
x-amz-request-id: H8K29JFTWDMZ5G9D
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "e6d646e8547e3961d2ebf527b18bbf13"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 24 Apr 2024 23:45:15 GMT
Content-Length: 2702
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/css/timer.css?1704989181
88.221.27.128200 OK 667 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/css/timer.css?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hash 5eaf241d81e3c64a39eba770ed834bb3
743084a68436d58ad9c602dcf22947aa713867c7
7d4adb96762d6e54b20618631f9d8a215d89af5d4e411227a71a2ec907a5c17d
GET /landings/285828/1704989181/css/timer.css?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 8d9zT0Y20/x2bJ85vxMFXD0i5U5r0jnZ3hUVlHyGqAlo1WkbkU4kchbsIiqbcIHekOQAEel0RiE=
x-amz-request-id: 65F072RHVWM0XBXT
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "5eaf241d81e3c64a39eba770ed834bb3"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 24 Apr 2024 23:45:15 GMT
Content-Length: 667
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/css/popup.css?1704989181
88.221.27.128200 OK 589 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/css/popup.css?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type assembler source, ASCII text
Hash fb984c4fc6f9603c755e271685dcf17b
c51ce8be5fc93f8079f1c58edb9bd9f71ed3b564
abc470a646b5352f0a0372edf3f2ce2c62d64148682ff73c98799daabded1e96
GET /landings/285828/1704989181/css/popup.css?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: u276NTe/sCmuRfsuN/gguGn/xUgiZrd6zRB5UzFWDK1gtA3bfmrp0vykPOBlaIIVY+b35E63jK4=
x-amz-request-id: 885XRHEERTKHHPHZ
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "fb984c4fc6f9603c755e271685dcf17b"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 24 Apr 2024 23:45:15 GMT
Content-Length: 589
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/translates-review.js?1704989181
88.221.27.128200 OK 14 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/translates-review.js?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hash 9061bd0c6ff627d3a43a9e6c125350a7
ddd7b182a17fed4e7f13250599fe9fe3eb63b907
2898923c357cf44fb75bfeb3236d1e237d16bc112466176f0be582d156ee9b04
GET /landings/285828/1704989181/js/translates-review.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: G3Int/dytdYQZrhomaYn42X7EB5m8daORezFcc/NLQ6eWWsvZSWnTkfl+ijEzGyjAKKj5MDrWAs=
x-amz-request-id: 65F9RYW11AZNSRFP
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "9061bd0c6ff627d3a43a9e6c125350a7"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 24 Apr 2024 23:45:15 GMT
Content-Length: 14059
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/translates.js?1704989181
88.221.27.128200 OK 30 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/translates.js?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
Hash 768bd7d069903883d0d73244b9757368
11da78f1d8f9ff98741b963cdbeacfd8d026f325
f4bed9686a64594af1beaff7bc8242212ae19f6d3eaa5ef083e939037d5a2c53
GET /landings/285828/1704989181/js/translates.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: bPA8k4trwjt5amV0QNuR0WbJW1QCfN+heiDfaw/g0+fX9dfwdmPSIupFfkOuziROpNrNY5nNd5Y=
x-amz-request-id: 885Y5RXRYM1PB8GB
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "768bd7d069903883d0d73244b9757368"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 24 Apr 2024 23:45:15 GMT
Content-Length: 30207
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/title_tanslate.js?1704989181
88.221.27.128200 OK 1.3 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/title_tanslate.js?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 5f373fa5bf21c44b9ad23b70ef96e73d
068ef5b63ab18924a286f2c0c3ec46545e08c678
7f40bc2c95ee280de5320ae7d33f2e57eeeb0cda5b5820f2c456a0c9ba50ed77
GET /landings/285828/1704989181/js/title_tanslate.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: XPMu2/CkNG7d3Qsp9XjAlNjL0eO6DHbZnZh4rF3cZuYbUngu9TsYTtkh4Jgc+tfTh9eVK36AmaU=
x-amz-request-id: 65F0JYBF9RH7ZMBR
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "5f373fa5bf21c44b9ad23b70ef96e73d"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 24 Apr 2024 23:45:15 GMT
Content-Length: 1298
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/timer.js?1704989181
88.221.27.128200 OK 906 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/timer.js?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text
Hash a5e8bb74efe1c2b6fa13d0ef8d71c926
80855d0f0976667f260d513f90168e0e08736553
d1c19e3721d62556d0f5f65b160121ade1b0b07eaeb8e85d644a5ecb024fdebe
GET /landings/285828/1704989181/js/timer.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: Baf2d3adVaccgohxkfRC6UKIZZzvv+3bojfGkg5NC7hBdxJjOj1WkkoHWKUPXG6hCEykS0yT2V8=
x-amz-request-id: 885MEJ5JV929J54V
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "a5e8bb74efe1c2b6fa13d0ef8d71c926"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 24 Apr 2024 23:45:15 GMT
Content-Length: 906
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/translate-popup-timer.js?1704989181
88.221.27.128200 OK 1.1 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/translate-popup-timer.js?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash e87a84612ebce6b2a84f41ef7f6d40b0
fa22c93e2d9672f9d3d7e52304ffbb9425d49186
6ab40ce148d5bd7e60bcfb447765c7f54394e318da80970c8b636d2d5fe122ec
GET /landings/285828/1704989181/js/translate-popup-timer.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 5hURoXwOUGkodHE2eXF0Tfyy3X8CfLEKebtiywBG7SurRU2jEhMpJsPm6iMwxPbLjqefYVJ8BIg=
x-amz-request-id: RG88AE00W4CH5MJZ
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "e87a84612ebce6b2a84f41ef7f6d40b0"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 24 Apr 2024 23:45:15 GMT
Content-Length: 1080
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/jquery-2.2.4.min.js?1704989181
88.221.27.128200 OK 30 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/jquery-2.2.4.min.js?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (32065)
Hash 2f6b11a7e914718e0290410e85366fe9
69bb69e25ca7d5ef0935317584e6153f3fd9a88c
05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e
GET /landings/285828/1704989181/js/jquery-2.2.4.min.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: 81QT8/lisLnyMpy8vDJulPX3cH0n4dHjZBFqVkU/epYjVr0ulzgaUgxa41uS5oUN/tWUULXWPEY=
x-amz-request-id: H8K8W066H9DDJ48M
Last-Modified: Fri, 12 Jan 2024 08:41:19 GMT
ETag: "2f6b11a7e914718e0290410e85366fe9"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 24 Apr 2024 23:45:15 GMT
Content-Length: 29855
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/js/jquery.validate.min.js?1704989181
88.221.27.128200 OK 7.8 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/js/jquery.validate.min.js?1704989181
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JavaScript source, Unicode text, UTF-8 text, with very long lines (24228)
Hash 23d73c6bd6cbea8f06d0cc227896a827
3815cf11e1020ac70cc86789ba2adaf07d3db434
6eefc13f4d9832e74173dea423bca495ceb7f4cbb888a19434d71a9bc0f69cb7
GET /landings/285828/1704989181/js/jquery.validate.min.js?1704989181 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: Cv8uQDGPImAYdjl6m7FUP8SRbDj4iJIEVb3GzfilYZNFFDZ6HwDiMCzuEL/tvbdOB+fabfHwNcQ=
x-amz-request-id: 7SHXX1AJ0VAYD78D
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "23d73c6bd6cbea8f06d0cc227896a827"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Wed, 24 Apr 2024 23:45:15 GMT
Content-Length: 7815
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/logo_inst3.svg
88.221.27.128200 OK 7.0 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/logo_inst3.svg
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 0025657d9d2274a15aed06a9eadd2ab2
2838a36bfaa63abfe8b9f4bca8f8fe1a7ab7405d
d7b396cbae8aa719a1a277fa8fcf7df40f61b50e59b5937fcb347c679c6e990c
GET /landings/285828/1704989181/images/logo_inst3.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: Dc7tguhl8hM0hrHWTDT3C3NM7v6zMToJXgpY2d2h3gO1O3ancEcERx3eMSzuhYJaSrIrOxiPgm0=
x-amz-request-id: 885RXD2VH4GTQRFF
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "0025657d9d2274a15aed06a9eadd2ab2"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 7042
Date: Wed, 24 Apr 2024 23:45:15 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/110010_4.jpg
88.221.27.128200 OK 55 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/110010_4.jpg
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 682x388, components 3
Hash daf4cb58fb756b1ed20036941b7a6b72
f59a45cb83366de64071b3a35dfcb54aabbdcd9a
42b2fe5d347c3c56725d0addd7129d13ce335df871730534ecee42d2df3a637b
GET /landings/285828/1704989181/images/110010_4.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: bRnM8WWdOeHOVi9n07RLxDr8LCof3X75XscEhAWbTDf6fuZai4PkZZCu2lUbqUyvxa+NOYpR1Qo=
x-amz-request-id: 2G97SGYPS1QRKVWC
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "daf4cb58fb756b1ed20036941b7a6b72"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 55243
Date: Wed, 24 Apr 2024 23:45:15 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/blocked-icon.png
88.221.27.128200 OK 502 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/blocked-icon.png
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 23 x 32, 8-bit/color RGBA, non-interlaced
Hash 87487ad255dde0624f59abb85602defc
caafad17df41875bed690353ead6cc495a9bf8c2
f7a4b3fb74b9e06f243f23ede51a801a0aa3fa2c0040bc44a49a97444780923d
GET /landings/285828/1704989181/images/blocked-icon.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: iMo1vpVXCjZds9lfI8NQxx6FutfDdywZvJ0tVdbdZa13rGyQjllSeKziqc6cFZTz3Rk2G3K2Skw=
x-amz-request-id: 2G921JM493W4HW51
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "87487ad255dde0624f59abb85602defc"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 502
Date: Wed, 24 Apr 2024 23:45:15 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
fonts.googleapis.com/css2?family=Inter:wght@400;700&display=swap
142.250.74.106200 OK 5.2 kB URL GET HTTP/2 fonts.googleapis.com/css2?family=Inter:wght@400;700&display=swap
IP 142.250.74.106:443
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint15:CB:F7:AC:18:3F:DC:1E:F9:4E:94:D1:98:40:40:61:53:17:28:F2
ValidityMon, 18 Mar 2024 20:35:28 GMT - Mon, 10 Jun 2024 20:35:27 GMT
File type gzip compressed data, max compression
Hash 87597f7b93e74df789be827e21c86ec4
db276f1b3f02ca24eb05109c261d995fb73cffb8
3dbf214bd51048d0d87fe43737fc8e959a595e7f17a747976f4de218c4131ee9
GET /css2?family=Inter:wght@400;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 24 Apr 2024 23:45:15 GMT
date: Wed, 24 Apr 2024 23:45:15 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-home.svg
88.221.27.128200 OK 889 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-home.svg
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 02866968d59a649b76df83c300d2d8f6
8293027c754094ab05cb7d6daa7f7cdb1be5c98e
ce26e303b33d69ca20eb3079b4c37ed364eacb8c633260c56315d6db74414b74
GET /landings/285828/1704989181/images/icon-home.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: J2j15DxUM5rlXT7Nxc3X0Y34YFEmdyaOsazkHX/ikypVKg62NIs40smGzAENdDYJk1inK7Vfddg=
x-amz-request-id: PT5GE7X8D0WQFEVR
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "02866968d59a649b76df83c300d2d8f6"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 889
Date: Wed, 24 Apr 2024 23:45:15 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-search.svg
88.221.27.128200 OK 1.2 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-search.svg
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash aa6ea58a389a3ebe541d5f9d622dedd7
9fb684b6f6cd982396bd8c8e745997c3a01dd6be
4aa4713ccd74ad24299b1558cb49061c90076e841b3b1177fb3b056a8448b4c5
GET /landings/285828/1704989181/images/icon-search.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: UyvJp7abyCAVvUgTycbpxCVIXES+S3axBggc4H0kwj27FfBXK5ArdQSP6POWmZqRGuROx+s1rj0=
x-amz-request-id: 1C1Y5RY1G3A4G39G
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "aa6ea58a389a3ebe541d5f9d622dedd7"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 1189
Date: Wed, 24 Apr 2024 23:45:15 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-user.svg
88.221.27.128200 OK 844 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-user.svg
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 00aa56c530f0df6ddbb8805f25376920
2331bb67d5538e5fb2c010ef41541ce8dc8acfc1
ed65348e7b16bbe9b436282214590814692d0fb779fc2155c82ca0d94fe5a94e
GET /landings/285828/1704989181/images/icon-user.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: ZVWyB5ozfQueRX3ARgZwgS6byU5YmYd5sDJaULfMKtPGzGVQTFNuThivp4ySbhpjF6j48BLDZ6I=
x-amz-request-id: PT5RVY9G7TN79JAK
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "00aa56c530f0df6ddbb8805f25376920"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 844
Date: Wed, 24 Apr 2024 23:45:15 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-plus.svg
88.221.27.128200 OK 1.1 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-plus.svg
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash f89e15ef5cf4b32ca987f73bd4a2ef9d
0f55d36995906b78bd98f23c7fdc67778212b7fc
7b023c50adbfe6554e1bf1986a12de8ba9e47c5d14a3e57318d117004ea6a641
GET /landings/285828/1704989181/images/icon-plus.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: R8ISDoAk6yapIVUfIwscUBW6bTK3JKja3s/XdLdKBIi9H30IQ7+z5JdfhoffN+oMj7P/7M3mCSE=
x-amz-request-id: PT5P4086S3D4K9Q5
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "f89e15ef5cf4b32ca987f73bd4a2ef9d"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 1117
Date: Wed, 24 Apr 2024 23:45:15 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-like.svg
88.221.27.128200 OK 914 B URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/icon-like.svg
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type SVG Scalable Vector Graphics image
Hash 2457f6954df5056e25151bcdd05a2718
41ab46311796f9ade12cae960687a422ee8ff0a0
c1a26e7a024fd0e566423b10e91c63854979ce89f3fe2625043dc52dfe20891b
GET /landings/285828/1704989181/images/icon-like.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: ZUbXCJxGwKXqwMDezh47FNzo2IdI9tQ3EVMUeb7WOoM9SR3kJWllIXaTlo8GNQ1JVuBYXsHbwGA=
x-amz-request-id: PT5J41Y0V1HKXFRB
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "2457f6954df5056e25151bcdd05a2718"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 914
Date: Wed, 24 Apr 2024 23:45:15 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/4.mp4
88.221.27.128206 Partial Content 692 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/4.mp4
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
Size 692 kB (691794 bytes)
Hash 254c97fbac9f92203f7871bea8ef1eb7
b5d254d711ff98206ee3b103de601415eadc883a
104dc2eb9fffa01bdbcff72b2ee0544ed1e09dfb03ff11cee8012366f9dfaae8
GET /landings/285828/1704989181/images/4.mp4 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Accept-Encoding: identity
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 206 Partial Content
x-amz-id-2: 4AhltQXYj8gQQLSEHCUY9AGuSxwbPlvGmuC+ICWk/rhF5LL2NhqpA99ZkCkkgnF8m/7qVthktdo=
x-amz-request-id: PT5YP3NSC0YYKG8S
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "254c97fbac9f92203f7871bea8ef1eb7"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: video/mp4
Server: AmazonS3
Date: Wed, 24 Apr 2024 23:45:15 GMT
Content-Range: bytes 0-691793/691794
Content-Length: 691794
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
216.58.207.227200 OK 47 kB URL GET HTTP/2 fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP 216.58.207.227:443
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File type Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Hash 30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rgqval.awaitingdream.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 07:14:19 GMT
expires: Wed, 23 Apr 2025 07:14:19 GMT
cache-control: public, max-age=31536000
age: 145857
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
216.58.207.227200 OK 47 kB URL GET HTTP/2 fonts.gstatic.com/s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
IP 216.58.207.227:443
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerGoogle Trust Services LLC
Subject*.gstatic.com
FingerprintF5:5C:D9:68:C6:5F:A3:33:5A:73:C3:79:B6:83:FE:44:2E:A4:83:74
ValidityMon, 18 Mar 2024 20:34:25 GMT - Mon, 10 Jun 2024 20:34:24 GMT
File type Web Open Font Format (Version 2), TrueType, length 46704, version 1.0
Hash 30a274cd01b6eeb0b082c918b0697f1e
393311bde26b99a4ad935fa55bad1dce7994388b
88df0b5a7bc397dbc13a26bb8b3742cc62cd1c9b0dded57da7832416d6f52f42
GET /s/inter/v13/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://rgqval.awaitingdream.net
DNT: 1
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 46704
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 23 Apr 2024 07:14:19 GMT
expires: Wed, 23 Apr 2025 07:14:19 GMT
cache-control: public, max-age=31536000
age: 145857
last-modified: Wed, 13 Sep 2023 23:49:07 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/285828/1704989181/images/favicon.png?t=20240424234514
88.221.27.128200 OK 4.1 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/favicon.png?t=20240424234514
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Hash 40a54c3ecf143b64096b063ff793fdbb
017eafffc5e55226a2aec0dd3c03f1b6130a6bab
39b439471019cb16f819e05166d23492593310fd55cce8471062d8f2dc5de423
GET /landings/285828/1704989181/images/favicon.png?t=20240424234514 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: T0JZ6ljKqoyJAOGUBnRd/n9ODLnR50iFEq+fJRLINQJn55lOEdrrfBXy6+lDLMp0mzqks0/j+yQ=
x-amz-request-id: V3PHYWQQ69S9VSBZ
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "40a54c3ecf143b64096b063ff793fdbb"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4093
Date: Wed, 24 Apr 2024 23:45:16 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/285828/1704989181/images/favicon.png?t=20240424234514
88.221.27.128200 OK 4.1 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/favicon.png?t=20240424234514
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced
Hash 40a54c3ecf143b64096b063ff793fdbb
017eafffc5e55226a2aec0dd3c03f1b6130a6bab
39b439471019cb16f819e05166d23492593310fd55cce8471062d8f2dc5de423
GET /landings/285828/1704989181/images/favicon.png?t=20240424234514 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://rgqval.awaitingdream.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: T0JZ6ljKqoyJAOGUBnRd/n9ODLnR50iFEq+fJRLINQJn55lOEdrrfBXy6+lDLMp0mzqks0/j+yQ=
x-amz-request-id: V3PHYWQQ69S9VSBZ
Last-Modified: Fri, 12 Jan 2024 08:41:18 GMT
ETag: "40a54c3ecf143b64096b063ff793fdbb"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4093
Date: Wed, 24 Apr 2024 23:45:16 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
rgqval.awaitingdream.net/?s1=134504&s2=2005070&s3=sml_e1f18e7f&s5=backuser&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&iexpp=1&j1=1&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&utm_source=e2905f55ec3a568b
52.19.138.177 145 B URL rgqval.awaitingdream.net/?s1=134504&s2=2005070&s3=sml_e1f18e7f&s5=backuser&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&iexpp=1&j1=1&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&utm_source=e2905f55ec3a568b
IP 52.19.138.177:0
File type HTML document, ASCII text
Hash d0704b61226077abdceaca0f8b6b8b90
4b3d8c9798554abd87fc69b7478149edf312bc01
15149d8478b64df0a731ee6bd1fdf353db7d3ba08326d53e0c995f8e4717885d
GET /?s1=134504&s2=2005070&s3=sml_e1f18e7f&s5=backuser&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&iexpp=1&j1=1&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&utm_source=e2905f55ec3a568b HTTP/1.1
Host: rgqval.awaitingdream.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Wed, 24 Apr 2024 23:45:35 GMT
content-type: text/html; charset=utf-8
content-length: 145
location: https://sevenmove.com/dc?s1=spp_imi&lb=1&oid=68124_68123&s3=134504&s2=ilmao6629999f00045691&s4=2005070
set-cookie: unique_id=6629998a00067fbd; Path=/; Expires=Sun, 23 Jun 2024 23:45:35 GMT; Secure; SameSite=None
unique_id2=6629998a0007bd3d; Path=/; Expires=Tue, 23 Jul 2024 23:45:35 GMT; Secure; SameSite=None
6629998a0007bd3d_c=1; Path=/; Expires=Tue, 23 Jul 2024 23:45:35 GMT; Secure; SameSite=None
ref_token=134504; Path=/; Expires=Fri, 24 May 2024 23:45:35 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Wed, 24 Apr 2024 23:45:35 GMT; Secure; SameSite=None
tid=ilmao6629999f00045691; Path=/; Expires=Thu, 29 Mar 2029 23:45:35 GMT; Secure; SameSite=None
X-Firefox-Spdy: h2
empirelayer.club/tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fempirelayer.club%2Ftds%2Finterlayer%2Feb%2Fs%2Fdff2e7b6fc4daf66cf9e9ae54df7b42b%3F__t%3D1714002314299%26__l%3D3600%26__c%3Dc535c12398d71511e4a18e6fb0faf3a2a0891ff9%26__u%3D&urlOut=https%3A%2F%2Frgqval.awaitingdream.net%2F%3Fs1%3D134504%26click_id%3Dc535c12398d71511e4a18e6fb0faf3a2a0891ff9%26j9%3D1%26tds_cid%3Dc535c12398d71511e4a18e6fb0faf3a2a0891ff9%26ban%3Dother%26s5%3Ddit1558%26s2%3D2005070%26j1%3D1%26utm_source%3De2905f55ec3a568b%26s3%3Dsml_e1f18e7f&altQs=utm_campaign%3De1f18e7f%26utm_source%3Dint%26utm_content%3Ddit1558%26data2%3Dbce573ea-126d-40a8-9427-55b51fef3e2c%26s1%3Dps%26s3%3DNjUxOTVfZGl0MTU1OA%253D%253D%26tds_campaign%3Db7637pos%26tds_id%3Db7637pos_lp_a_1575477620507_smartlink%26tds_oid%3D83b8f3ff%26tds_cid%3Dc535c12398d71511e4a18e6fb0faf3a2a0891ff9%26tds_ac_id%3Ds5428sto%26p_tds_cid%3Dc0eb6203728164d78be38986de3c3f4c3a3ddeae%26tds_host%3Dluvwhisper.com%26tds_path%3D%252Ftds%252Fae%26dci%3D9ef7492ad4d0d132c9c9393af83334651c4d344c%26tds_ps%3Da&tdsCid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&reason=beacon&visitsCount=1&ts=1714002314645
143.204.55.80200 OK 0 B URL POST HTTP/3 empirelayer.club/tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fempirelayer.club%2Ftds%2Finterlayer%2Feb%2Fs%2Fdff2e7b6fc4daf66cf9e9ae54df7b42b%3F__t%3D1714002314299%26__l%3D3600%26__c%3Dc535c12398d71511e4a18e6fb0faf3a2a0891ff9%26__u%3D&urlOut=https%3A%2F%2Frgqval.awaitingdream.net%2F%3Fs1%3D134504%26click_id%3Dc535c12398d71511e4a18e6fb0faf3a2a0891ff9%26j9%3D1%26tds_cid%3Dc535c12398d71511e4a18e6fb0faf3a2a0891ff9%26ban%3Dother%26s5%3Ddit1558%26s2%3D2005070%26j1%3D1%26utm_source%3De2905f55ec3a568b%26s3%3Dsml_e1f18e7f&altQs=utm_campaign%3De1f18e7f%26utm_source%3Dint%26utm_content%3Ddit1558%26data2%3Dbce573ea-126d-40a8-9427-55b51fef3e2c%26s1%3Dps%26s3%3DNjUxOTVfZGl0MTU1OA%253D%253D%26tds_campaign%3Db7637pos%26tds_id%3Db7637pos_lp_a_1575477620507_smartlink%26tds_oid%3D83b8f3ff%26tds_cid%3Dc535c12398d71511e4a18e6fb0faf3a2a0891ff9%26tds_ac_id%3Ds5428sto%26p_tds_cid%3Dc0eb6203728164d78be38986de3c3f4c3a3ddeae%26tds_host%3Dluvwhisper.com%26tds_path%3D%252Ftds%252Fae%26dci%3D9ef7492ad4d0d132c9c9393af83334651c4d344c%26tds_ps%3Da&tdsCid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&reason=beacon&visitsCount=1&ts=1714002314645
IP 143.204.55.80:443
Requested by https://empirelayer.club/tds/interlayer/eb/s/dff2e7b6fc4daf66cf9e9ae54df7b42b?__t=1714002314299&__l=3600&__c=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&__u=
Certificate IssuerAmazon
Subjectempirelayer.club
FingerprintD0:9A:6A:E3:BC:1C:59:10:F7:F8:FD:8F:63:D3:56:1C:43:2C:75:EF
ValidityThu, 02 Nov 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /tds/interlayer?handler=ExternalBackofferEvent&urlIn=https%3A%2F%2Fempirelayer.club%2Ftds%2Finterlayer%2Feb%2Fs%2Fdff2e7b6fc4daf66cf9e9ae54df7b42b%3F__t%3D1714002314299%26__l%3D3600%26__c%3Dc535c12398d71511e4a18e6fb0faf3a2a0891ff9%26__u%3D&urlOut=https%3A%2F%2Frgqval.awaitingdream.net%2F%3Fs1%3D134504%26click_id%3Dc535c12398d71511e4a18e6fb0faf3a2a0891ff9%26j9%3D1%26tds_cid%3Dc535c12398d71511e4a18e6fb0faf3a2a0891ff9%26ban%3Dother%26s5%3Ddit1558%26s2%3D2005070%26j1%3D1%26utm_source%3De2905f55ec3a568b%26s3%3Dsml_e1f18e7f&altQs=utm_campaign%3De1f18e7f%26utm_source%3Dint%26utm_content%3Ddit1558%26data2%3Dbce573ea-126d-40a8-9427-55b51fef3e2c%26s1%3Dps%26s3%3DNjUxOTVfZGl0MTU1OA%253D%253D%26tds_campaign%3Db7637pos%26tds_id%3Db7637pos_lp_a_1575477620507_smartlink%26tds_oid%3D83b8f3ff%26tds_cid%3Dc535c12398d71511e4a18e6fb0faf3a2a0891ff9%26tds_ac_id%3Ds5428sto%26p_tds_cid%3Dc0eb6203728164d78be38986de3c3f4c3a3ddeae%26tds_host%3Dluvwhisper.com%26tds_path%3D%252Ftds%252Fae%26dci%3D9ef7492ad4d0d132c9c9393af83334651c4d344c%26tds_ps%3Da&tdsCid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&reason=beacon&visitsCount=1&ts=1714002314645 HTTP/1.1
Host: empirelayer.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://empirelayer.club
DNT: 1
Connection: keep-alive
Referer: https://empirelayer.club/tds/interlayer/eb/s/dff2e7b6fc4daf66cf9e9ae54df7b42b?__t=1714002314299&__l=3600&__c=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&__u=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Content-Length: 0
HTTP/3 200 OK
alt-svc: h3=":443"; ma=86400
x-amz-cf-pop: OSL50-C1
date: Wed, 24 Apr 2024 23:45:14 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
x-cache: Miss from cloudfront
via: 1.1 6a757ab2991da716151f94ca00b38098.cloudfront.net (CloudFront)
x-amz-cf-id: FwfzSC2egD9qod_gyhGpvR5M5cU3auZsIvJhaWzZg2uhBfJKGslt2g==
rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
52.19.138.177200 OK 36 kB URL User Request GET HTTP/2 rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
IP 52.19.138.177:443
Certificate IssuerLet's Encrypt
Subject*.awaitingdream.net
Fingerprint80:13:71:FD:9C:9C:0B:BF:1A:E0:B5:EA:6C:C4:ED:77:5A:CA:B4:02
ValidityTue, 19 Mar 2024 09:01:07 GMT - Mon, 17 Jun 2024 09:01:06 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f HTTP/1.1
Host: rgqval.awaitingdream.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empirelayer.club/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Wed, 24 Apr 2024 23:45:14 GMT
content-type: text/html; charset=utf-8
set-cookie: unique_id=6629998a00067fbd; Path=/; Expires=Sun, 23 Jun 2024 23:45:14 GMT; Secure; SameSite=None
unique_id2=6629998a0007bd3d; Path=/; Expires=Tue, 23 Jul 2024 23:45:14 GMT; Secure; SameSite=None
6629998a0007bd3d_c=1; Path=/; Expires=Tue, 23 Jul 2024 23:45:14 GMT; Secure; SameSite=None
ref_token=134504; Path=/; Expires=Fri, 24 May 2024 23:45:14 GMT; Secure; SameSite=None
impression=; Path=/; Expires=Wed, 24 Apr 2024 23:45:14 GMT; Secure; SameSite=None
6629998a0007bd3d_sl=[285828]; Path=/; Expires=Wed, 08 May 2024 23:45:14 GMT; Secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
luvwhisper.com/tds/ae?tdsId=s5428sto_r&tds_campaign=s5428sto&s1=ps&utm_source=int&utm_sub=opnfnl&affid=e1f18e7f&subid=dit1558&subid2=NjUxOTVfZGl0MTU1OA==&clickid=bce573ea-126d-40a8-9427-55b51fef3e2c
54.230.111.9302 Found 1.2 kB URL User Request GET HTTP/2 luvwhisper.com/tds/ae?tdsId=s5428sto_r&tds_campaign=s5428sto&s1=ps&utm_source=int&utm_sub=opnfnl&affid=e1f18e7f&subid=dit1558&subid2=NjUxOTVfZGl0MTU1OA==&clickid=bce573ea-126d-40a8-9427-55b51fef3e2c
IP 54.230.111.9:443
Certificate IssuerAmazon
Subjectluvwhisper.com
Fingerprint4D:EC:81:10:9E:C3:DA:0D:65:B1:D0:C2:7A:5E:0F:BE:3E:14:88:E3
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tds/ae?tdsId=s5428sto_r&tds_campaign=s5428sto&s1=ps&utm_source=int&utm_sub=opnfnl&affid=e1f18e7f&subid=dit1558&subid2=NjUxOTVfZGl0MTU1OA==&clickid=bce573ea-126d-40a8-9427-55b51fef3e2c HTTP/1.1
Host: luvwhisper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
location: https://empirelayer.club/tds/interlayer/eb/s/dff2e7b6fc4daf66cf9e9ae54df7b42b?__t=1714002314299&__l=3600&__c=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&__u=
date: Wed, 24 Apr 2024 23:45:14 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
set-cookie: dci=9ef7492ad4d0d132c9c9393af83334651c4d344c; Max-Age=31536000; Domain=.luvwhisper.com; Path=/; Expires=Thu, 24 Apr 2025 23:45:14 GMT; Secure; SameSite=None
dm=fe450dd0d1dadc615429144d33241f42; Max-Age=432000; Path=/; Expires=Mon, 29 Apr 2024 23:45:14 GMT
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: LbYbjVyfDuzM6PNr097UiYXohG78WgicchU5z7WoDqkKZcdkkkPHUg==
X-Firefox-Spdy: h2
luvwhisper.com/lp-external/index.js
54.230.111.47200 OK 2.2 kB URL GET HTTP/2 luvwhisper.com/lp-external/index.js
IP 54.230.111.47:443
Requested by https://empirelayer.club/tds/interlayer/eb/s/dff2e7b6fc4daf66cf9e9ae54df7b42b?__t=1714002314299&__l=3600&__c=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&__u=
Certificate IssuerAmazon
Subjectluvwhisper.com
Fingerprint4D:EC:81:10:9E:C3:DA:0D:65:B1:D0:C2:7A:5E:0F:BE:3E:14:88:E3
ValidityTue, 09 Jan 2024 00:00:00 GMT - Thu, 06 Feb 2025 23:59:59 GMT
File type JavaScript source, ASCII text, with very long lines (2304), with no line terminators
Hash 6581cb890b9497166c13fa1122c88947
4632208a24f59f3b44a68ca77b130f4b6a661ded
19f631eaad330a3adac93c919803b30bc262991bb7db396bc9a4fbbae6cd5d3b
GET /lp-external/index.js HTTP/1.1
Host: luvwhisper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empirelayer.club/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
date: Wed, 24 Apr 2024 23:45:14 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
x-robots-tag: noindex
accept-ranges: bytes
cache-control: public, max-age=3600
last-modified: Mon, 15 Apr 2024 09:30:50 GMT
etag: W/"8b7-18ee1184d10"
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: wlt5WI0cXH6bbghHNNAw5sBpLm-R2Ww4fHDcz-Ykdoq7esWI0ebWIg==
X-Firefox-Spdy: h2
172.67.219.79302 Found 1.5 kB URL User Request GET HTTP/2 IP 172.67.219.79:443
Certificate IssuerGoogle Trust Services LLC
Subjectfansfan.co
Fingerprint2F:A7:BD:73:B3:89:A4:10:21:78:2C:99:B1:AF:15:AD:79:43:F1:09
ValidityMon, 11 Mar 2024 17:05:47 GMT - Sun, 09 Jun 2024 17:05:46 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: fansfan.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Wed, 24 Apr 2024 23:45:12 GMT
content-type: text/html; charset=UTF-8
location: https://go.gkrtmc.com/aff_f?h=NYwoYh&aff_sub5=free-social&click_id=376l60j140rcl&source=1220_1128
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: _subid=376l60j140rcl; expires=Sat, 25 May 2024 23:45:12 GMT; path=/
ae0fa=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjI0MzUwXCI6MTcxNDAwMjMxMixcIjI1MzEwXCI6MTcxNDAwMjMxMn0sXCJjYW1wYWlnbnNcIjp7XCIxMTI4XCI6MTcxNDAwMjMxMixcIjEyMjBcIjoxNzE0MDAyMzEyfSxcInRpbWVcIjoxNzE0MDAyMzEyfSJ9.1XFm_efPDEwZtDTESb3jKZlROHuplx6mMMpOdhcFCp0; expires=Thu, 18 Aug 2078 23:30:24 GMT; path=/
_token=uuid_376l60j140rcl_376l60j140rcl66299988163d44.56618609; expires=Sat, 25 May 2024 23:45:12 GMT; path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zah2jg37G3eeLx1iRNr8E0RfQjkVHh1Zn%2FCttlzZ5w27B4X8OlxrVCDUKHhRdC0quZBo3QT3IUp%2FoQ6LHnExJAN7KXR%2Fsv0nTE35JP8kHKy1GYGd%2FA0ucgh90Wdp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799f731f97a568e-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
queitho.com/client?camp=s9&aff_id=2&aff_sub=65195&source=65195&aff_sub2=free-social&click_id=32_65195_10000_89b094afc396d17a8d34c454e0d26a9d
172.67.169.237200 OK 6.1 kB URL User Request GET HTTP/2 queitho.com/client?camp=s9&aff_id=2&aff_sub=65195&source=65195&aff_sub2=free-social&click_id=32_65195_10000_89b094afc396d17a8d34c454e0d26a9d
IP 172.67.169.237:443
Certificate IssuerLet's Encrypt
Subjectqueitho.com
FingerprintF1:05:3E:9D:7A:6D:B6:57:58:D4:D8:E8:6E:81:69:2A:D3:2B:5C:D9
ValidityTue, 12 Mar 2024 19:42:25 GMT - Mon, 10 Jun 2024 19:42:24 GMT
File type JavaScript source, ASCII text, with very long lines (6169), with no line terminators
Hash a50d36c3f5fc88f77e852d0fcd382eaf
955361fc34b67496d65bc235c49ebd41ecea6649
bf4a79836a2d7d8c0a517660c9a431e91bfbbca0089862a116ed8adebcc75e5d
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /client?camp=s9&aff_id=2&aff_sub=65195&source=65195&aff_sub2=free-social&click_id=32_65195_10000_89b094afc396d17a8d34c454e0d26a9d HTTP/1.1
Host: queitho.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://go.gkrtmc.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Wed, 24 Apr 2024 23:45:13 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: default-src 'self' https://oacenom.com https://openfpcdn.io/fingerprintjs/v4; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://oacenom.com https://openfpcdn.io/fingerprintjs/v4
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
referrer-policy: no-referrer
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: no-store, no-store, no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lwALX5nSutlloIVuwZ1osiUJt031TIJMRWvXnJS9YzmWKOYcwdTyuvef2gnQYviExf3k7c1l6LRbId4qKkr1AjjvMcsKhvDgTWTkLwJpwHHZI%2FLxQ5ExmXXmeqeMtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8799f73a4d245691-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/285828/1704989181/images/49.png
88.221.27.128200 OK 4.5 kB URL GET HTTP/1.1 cdn-dimi.akamaized.net/landings/285828/1704989181/images/49.png
IP 88.221.27.128:443
ASN #20940 Akamai International B.V.
Requested by https://rgqval.awaitingdream.net/?s1=134504&click_id=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&j9=1&tds_cid=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&ban=other&s5=dit1558&s2=2005070&j1=1&utm_source=e2905f55ec3a568b&s3=sml_e1f18e7f
Certificate IssuerDigiCert Inc
Subjecta248.e.akamai.net
FingerprintA3:C7:B4:95:4E:16:BD:C5:8A:EE:85:53:5D:C1:C2:CD:43:E9:EC:B9
ValidityTue, 16 May 2023 00:00:00 GMT - Wed, 15 May 2024 23:59:59 GMT
File type PNG image data, 336 x 336, 8-bit/color RGB, non-interlaced
Hash 372e58a66b7d92e1dd903f32fb308d1e
40be5d7067b822dfed07e173acd11cfceaa9e329
82408edfa51c2d831b86658b6637a6950986c342195aa08fd1467ea1d71b9793
GET /landings/285828/1704989181/images/49.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://cdn-dimi.akamaized.net/landings/285828/1704989181/css/style.css?1704989181
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
x-amz-id-2: TvfZYk+pm5Zz325xPfObg2es/GmEVzAIzRuIVmx3nKuAv/O9ZvwCM3nOFYhcb4ziipfsmhOCb0k=
x-amz-request-id: PT5XEDG2GF4ENSAK
Last-Modified: Fri, 12 Jan 2024 08:41:17 GMT
ETag: "372e58a66b7d92e1dd903f32fb308d1e"
x-amz-server-side-encryption: AES256
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 4510
Date: Wed, 24 Apr 2024 23:45:15 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
empirelayer.club/tds/interlayer/eb/s/dff2e7b6fc4daf66cf9e9ae54df7b42b?__t=1714002314299&__l=3600&__c=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&__u=
143.204.55.80200 OK 1.2 kB URL User Request GET HTTP/2 empirelayer.club/tds/interlayer/eb/s/dff2e7b6fc4daf66cf9e9ae54df7b42b?__t=1714002314299&__l=3600&__c=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&__u=
IP 143.204.55.80:443
Certificate IssuerAmazon
Subjectempirelayer.club
FingerprintD0:9A:6A:E3:BC:1C:59:10:F7:F8:FD:8F:63:D3:56:1C:43:2C:75:EF
ValidityThu, 02 Nov 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
File type HTML document, ASCII text, with very long lines (1248), with no line terminators
Hash 26cbc8fc170a843e3256496ae6bc27cb
ade98431f7a623a453030b62bbb9a86f03943561
2333684e5103abff11f5a7cd95f60e41d6abcd079adba06204ee02662ba23fc0
GET /tds/interlayer/eb/s/dff2e7b6fc4daf66cf9e9ae54df7b42b?__t=1714002314299&__l=3600&__c=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&__u= HTTP/1.1
Host: empirelayer.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
content-type: text/html
date: Wed, 24 Apr 2024 23:45:14 GMT
server: nginx
access-control-allow-origin: *
p3p: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Platform, Sec-CH-UA-Wow64, Sec-CH-UA
vary: Accept-Encoding
content-encoding: gzip
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: Nb1A2V9Q1X2vw3VsfnacESGfIFa_Pi4tpuanXM7-kclPmHM8fPblsA==
X-Firefox-Spdy: h2
empirelayer.club/favicon.ico
0.0.0.0 0 B URL GET empirelayer.club/favicon.ico
IP 0.0.0.0:0
Requested by https://empirelayer.club/tds/interlayer/eb/s/dff2e7b6fc4daf66cf9e9ae54df7b42b?__t=1714002314299&__l=3600&__c=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&__u=
Certificate IssuerAmazon
Subjectempirelayer.club
FingerprintD0:9A:6A:E3:BC:1C:59:10:F7:F8:FD:8F:63:D3:56:1C:43:2C:75:EF
ValidityThu, 02 Nov 2023 00:00:00 GMT - Sat, 30 Nov 2024 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /favicon.ico HTTP/1.1
Host: empirelayer.club
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://empirelayer.club/tds/interlayer/eb/s/dff2e7b6fc4daf66cf9e9ae54df7b42b?__t=1714002314299&__l=3600&__c=c535c12398d71511e4a18e6fb0faf3a2a0891ff9&__u=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache