Report - oneshome.cc/

Report Overview

Visited public
2024-06-06 19:41:55
Tags
URL
oneshome.cc/
Finishing URL
ads34.name/?country=no&f=265753
IP / ASN
54.157.24.8
#14618 AMAZON-AES
Title
ads34.name/?country=no&f=265753

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
xml.xmladsystem.com	819991	2015-02-21	2015-03-24 11:43:08	2024-06-01 17:21:36	544 B	137 B	198.134.116.28
xml.rtbfactory.com	141066	2017-08-20	2017-09-07 20:39:42	2024-06-04 19:40:45	1.6 kB	580 B	173.239.53.18
t4.lowtid.com	unknown	2022-08-03	2022-08-03 15:42:14	2024-05-30 13:49:29	2.2 kB	521 B	51.161.115.163
www.animezeno.sbs	unknown	2022-11-30	2022-12-01 06:48:19	2024-05-30 13:49:29	472 B	1.9 kB	188.114.97.1
www.yahoo.com	1299	1995-01-18	2012-05-21 00:42:45	2024-06-05 18:12:29	506 B	1.4 kB	87.248.119.251
t.godopu.xyz	unknown	2024-04-08	2024-05-12 13:39:43	2024-06-01 17:21:37	1.0 kB	2.8 kB	172.67.161.150
xml.clickmi.net	unknown	2022-08-22	2022-11-17 01:09:57	2024-06-01 17:21:39	1.1 kB	428 B	174.137.133.17
xml.adflyer.media	unknown	2022-08-22	2022-10-10 09:20:21	2024-06-04 19:42:45	3.3 kB	3.2 kB	174.137.133.17
xml.adzgame.com	67328	2017-10-19	2017-11-07 22:51:26	2024-05-30 13:49:25	3.3 kB	988 B	173.239.53.18
yahoo.com	41	1995-01-18	2012-05-21 13:33:44	2024-06-04 18:23:33	502 B	428 B	98.137.11.163
animewatch.onionlive.workers.dev	unknown	2019-02-08	2023-07-29 03:19:18	2024-06-01 17:21:39	1.5 kB	5.3 kB	172.67.141.108
www.s2movies.pro	unknown	2023-12-29	2024-01-02 03:48:08	2024-05-30 13:49:31	471 B	1.9 kB	172.67.223.71
xml.zentrixads.com	unknown	2023-12-04	2023-12-26 08:47:59	2024-06-01 17:21:37	1.1 kB	274 B	173.239.53.20
xml.adtube.media	unknown	2022-08-22	2023-05-20 03:41:48	2024-06-04 14:19:41	2.7 kB	1.4 kB	173.239.53.20
xml.adxfactory.com	107207	2015-12-20	2016-02-03 12:58:51	2024-06-01 17:21:38	2.2 kB	827 B	173.239.53.17
xml.clixvista.com	103439	2017-10-19	2018-02-07 08:22:53	2024-06-01 17:21:38	2.2 kB	548 B	198.134.116.28
consent.yahoo.com	31016	1995-01-18	2019-02-20 13:07:06	2024-06-06 10:12:06	587 B	28 kB	52.213.56.248
becast.onionlive.workers.dev	unknown	2019-02-08	2023-07-11 03:51:52	2024-06-05 06:18:01	1.9 kB	7.7 kB	172.67.141.108
track-eu.trackingtraffo.com	unknown	2021-12-15	2023-08-09 22:11:09	2024-06-05 18:55:49	1.1 kB	0 B	0.0.0.0
xml.infinity-info.com	unknown	1996-04-17	2014-11-09 03:36:21	2024-06-03 08:23:31	2.8 kB	872 B	174.137.133.16
xml.eximdigital.com	92161	2016-09-21	2016-10-10 14:09:24	2024-06-01 17:21:36	3.4 kB	2.3 kB	173.239.53.22
click.mediacpc.com	241895	2012-12-25	2018-01-31 14:09:46	2024-06-01 17:21:36	1.1 kB	276 B	174.137.133.18
filter.rtbfactory.com	291372	unknown	2017-09-08 05:39:04	2022-12-26 20:19:08	539 B	13 kB	173.239.53.18
glaidekeemp.net	unknown	2024-03-25	2024-03-25 15:45:43	2024-06-01 17:21:41	516 B	1.2 kB	139.45.197.242
oneshome.cc	unknown	2024-02-07	2015-11-17 04:07:41	2024-02-24 06:06:30	466 B	442 B	54.157.24.8
redirect3.online	unknown	2021-09-17	2021-09-17 15:12:31	2024-06-04 04:55:46	7.2 kB	13 kB	104.21.55.170
xml.flurryad.com	187447	2017-06-10	2018-07-06 18:19:58	2024-06-01 17:21:38	4.4 kB	1.4 kB	174.137.133.16
xml.zaimads.com	311619	2020-06-23	2022-01-11 14:59:46	2024-06-04 14:29:07	549 B	220 B	174.137.133.17
thenetwork18.net	unknown	2022-05-03	2022-05-03 10:45:16	2024-06-04 04:55:46	10 kB	19 kB	188.114.96.1
votrackmo.com	unknown	2023-12-13	2023-12-13 16:12:47	2024-06-05 06:17:48	581 B	1.2 kB	54.240.174.102
guce.yahoo.com	2064	1995-01-18	2018-03-16 22:40:34	2024-06-06 08:15:00	581 B	293 B	34.246.21.121
meetbenjen.com	unknown	2024-01-25	2019-07-18 18:21:34	2024-05-15 17:58:52	5.1 kB	3.5 kB	109.206.163.116
us.vilitram.com	unknown	2022-11-28	2023-03-22 12:09:19	2024-04-30 08:12:00	560 B	0 B	0.0.0.0
ad-good.com	unknown	2020-10-27	2015-06-27 02:53:04	2024-06-04 04:55:46	4.3 kB	8.1 kB	188.114.97.1
xml.ctrtraffic.com	unknown	2012-05-01	2012-12-21 21:40:41	2024-06-04 14:26:51	1.1 kB	442 B	198.134.116.18
xml.trackifyy.com	unknown	2023-12-04	2024-05-12 13:37:52	2024-06-01 17:21:43	1.1 kB	326 B	173.239.53.20
smkezc.com	unknown	2024-02-05	2024-04-01 18:48:06	2024-06-01 17:21:38	565 B	910 B	185.162.85.19
syndication.realsrv.com	9112	2019-02-07	2019-07-03 23:39:52	2024-06-06 13:06:23	4.9 kB	4.7 kB	95.211.229.245
sub.votreimc.com	unknown	2017-04-12	2024-05-12 13:37:47	2024-06-04 04:55:46	6.8 kB	14 kB	172.67.222.136
ww8.good-trading.com	unknown	2020-06-18	2024-03-25 13:30:41	2024-03-25 13:30:41	1.4 kB	31 kB	188.114.96.1
www.googletagmanager.com	75	2011-11-11	2013-05-22 04:07:37	2024-06-06 12:43:47	1.8 kB	357 kB	142.250.74.72
click-v4.junmediadirect1.com	unknown	2019-01-31	2022-07-21 19:48:13	2024-06-03 18:13:28	539 B	191 B	198.134.116.17
twinrdsyn.com	332236	2021-12-16	2021-12-16 20:32:22	2024-06-06 15:45:05	1.6 kB	30 kB	172.64.153.186
s.optnx.com	20469	2020-01-27	2020-03-25 01:41:59	2024-06-06 14:11:00	1.8 kB	2.0 kB	95.211.229.245
allotraffic.site	unknown	2024-04-12	2024-04-12 13:01:49	2024-06-01 17:21:36	1.5 kB	28 kB	188.114.97.1
xml.thenetwork18.com	141545	2019-06-06	2019-07-02 23:26:49	2024-05-30 13:49:25	1.6 kB	2.2 kB	174.137.133.17
osfultrbriolenai.info	unknown	2023-12-31	2024-01-24 21:16:28	2024-06-05 06:18:51	494 B	2.9 kB	108.157.229.24
ctrtraffic.me	unknown	2022-05-05	2022-05-05 18:48:09	2024-06-04 04:55:46	1.9 kB	4.3 kB	188.114.96.1
ww99.oneshome.cc	unknown	unknown	No data	No data	1.4 kB	3.4 kB	72.52.179.174
cus.news24.media	unknown	2021-08-20	2023-07-19 05:32:59	2024-05-22 18:01:06	945 B	22 kB	188.114.96.1
u-11999.topduppy.info	unknown	unknown	No data	No data	643 B	1.1 kB	188.114.96.1
kv.outheelrelict.com	unknown	2023-06-26	2023-06-26 15:07:56	2024-06-01 17:21:40	498 B	0 B	0.0.0.0
ads34.name	unknown	unknown	2024-03-14 23:44:25	2024-06-01 17:21:39	967 B	12 kB	109.234.165.176
serveur-minecraft.com	unknown	2018-06-01	2019-08-03 23:06:56	2024-05-29 18:38:20	12 kB	91 kB	104.26.11.195
go.krkstrk.com	unknown	2022-07-05	2023-07-31 15:27:59	2024-05-31 20:25:50	665 B	0 B	0.0.0.0
u-40735.topduppy.info	unknown	unknown	No data	No data	713 B	1.4 kB	188.114.96.1
offmantiner.com	unknown	2023-10-17	2023-10-18 00:18:18	2024-06-05 06:18:01	528 B	1.4 kB	139.45.197.245

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2024-06-06 19:41:35	low	Client IP	172.67.141.108	ET INFO Observed Cloudflare workers.dev Domain in TLS SNI
2024-06-06 19:41:35	low	Client IP	172.67.141.108	ET INFO Observed Cloudflare workers.dev Domain in TLS SNI
2024-06-06 19:41:35	low	Client IP	172.67.141.108	ET INFO Observed Cloudflare workers.dev Domain in TLS SNI
2024-06-06 19:41:35	low	Client IP	172.67.141.108	ET INFO Observed Cloudflare workers.dev Domain in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

Scan Date	Severity	Indicator	Alert
2024-06-06	medium	glaidekeemp.net	Sinkholed
2024-06-06	medium	offmantiner.com	Sinkholed
2024-06-06	medium	outheelrelict.com	Sinkholed

ThreatFox

No alerts detected

JavaScript (16)

	URL	From	Size	First Seen	Last Seen
	allotraffic.site/redirect.php	ScriptElement	0 B	0001-01-01	2025-06-08
Pretty URL allotraffic.site/redirect.php IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-08 03:03 Times Seen4880677 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ww8.good-trading.com/index.php?good-j&f=265753	ScriptElement	188 B	2023-03-10	2024-11-04
Pretty URL ww8.good-trading.com/index.php?good-j&f=265753 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-10 17:35 Last Seen2024-11-04 19:11 Times Seen91 Hash 0f58cd0a03b2ea1ab6e0f91f1774c03e 4a046faed5205d8810d6083c0c01959ccb0a3a24 40a434ac1929c0240153c7a8469ecad4a6111808ab49fdf97c1c4123be81e257 Loading...

	ww8.good-trading.com/index.php?good-j&f=265753	ScriptElement	203 B	2024-06-06	2024-08-19
Pretty URL ww8.good-trading.com/index.php?good-j&f=265753 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-06-06 21:42 Last Seen2024-08-19 20:35 Times Seen3 Hash f045e894140368e5d4e6a7e3aa8354c9 1db0b5de5e0e6702f76eabef548c8838048c456a afcfdb3a998d54ab1e92ec897a750ca0d8aeeb1e844b95fd53eedeff97180f9c Loading...

	allotraffic.site/redirect.php	ScriptElement	0 B	0001-01-01	2025-06-08
Pretty URL allotraffic.site/redirect.php IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-08 03:03 Times Seen4880677 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ww8.good-trading.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	ScriptElement	1.2 kB	2023-03-07	2025-06-08
Pretty URL ww8.good-trading.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-06-08 03:01 Times Seen72434 Hash 9e8f56e8e1806253ba01a95cfc3d392c a8af90d7482e1e99d03de6bf88fed2315c5dd728 2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8 Loading...

	allotraffic.site/	ScriptElement	0 B	0001-01-01	2025-06-08
Pretty URL allotraffic.site/ IP 188.114.97.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen0001-01-01 00:00 Last Seen2025-06-08 03:03 Times Seen4880677 Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Loading...

	ww8.good-trading.com/index.php?good-j&f=265753	ScriptElement	1.6 kB	2023-03-08	2024-11-04
Pretty URL ww8.good-trading.com/index.php?good-j&f=265753 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-08 07:08 Last Seen2024-11-04 19:11 Times Seen98 Hash ceb2bae919780988a0bbbe1800d96a9d 9e224df9b3ccb17d3e8a73603e27db77ac407803 0858a247efdeb7fa63734fe7d2c5c0f5ba1852b3bd4a03832088f0d0bc7d0383 Loading...

	ww8.good-trading.com/index.php?good-j&f=265753	ScriptElement	2 B	2023-03-07	2025-06-07
Pretty URL ww8.good-trading.com/index.php?good-j&f=265753 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:03 Last Seen2025-06-07 23:53 Times Seen22018 Hash e1c06d85ae7b8b032bef47e42e4c08f9 71853c6197a6a7f222db0f1978c7cb232b87c5ee 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070 Loading...

	ww8.good-trading.com/index.php?good-j&f=265753	ScriptElement	372 B	2024-05-27	2024-08-19
Pretty URL ww8.good-trading.com/index.php?good-j&f=265753 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-27 09:05 Last Seen2024-08-19 21:37 Times Seen9 Hash bb6ed3392883bb35fcfdf0f68a18dac3 6a7aa84e7c9d5c32555310376b0e7dfa0ceeafbe c6ba4214bd574903e2554204255d1dc3ac3a09c73d3a9486db9e66ec6b9cc914 Loading...

	ww8.good-trading.com/index.php?good-j&f=265753	ScriptElement	130 B	2023-03-07	2024-11-04
Pretty URL ww8.good-trading.com/index.php?good-j&f=265753 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:37 Last Seen2024-11-04 19:11 Times Seen100 Hash 3692c84d14232abee7b35860eef3d206 3a09a0785e3509471907d885efff280df5c89e80 6086cc60ae44eb9adc664575f370f2c11eea4c00b631926811320a4a7bbbf8af Loading...

	unknown	ScriptElement	382 B	2024-08-19	2024-08-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2024-08-19 20:35 Last Seen2024-08-19 20:35 Times Seen1 Hash 742ca9d109378493143a227795704b09 ca9a9ec8d7e910082cb92a3e377caaadc37d529e b4a8f3e4d986512c5e5568bd43cbcf38079186e3fcb7e0635e1c92cc7354d31b Loading...

	ww8.good-trading.com/index.php?good-j&f=265753	ScriptElement	38 B	2023-03-07	2024-11-04
Pretty URL ww8.good-trading.com/index.php?good-j&f=265753 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:37 Last Seen2024-11-04 19:11 Times Seen100 Hash 789df5bfd44bdbfc950a924532877267 91fdd8fdb3d2d48b0a202751e7fc29ed84658319 fbd316f070fdf6a74ee74c1bf70f161ad134f29179bd4c8eb659342618669f8c Loading...

	ww8.good-trading.com/index.php?good-j&f=265753	ScriptElement	424 B	2023-03-07	2025-06-04
Pretty URL ww8.good-trading.com/index.php?good-j&f=265753 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 14:37 Last Seen2025-06-04 05:55 Times Seen103 Hash c9b8ba72421e794bca585f8293242a29 14258c9988b0a8170bd46f3b1cb80e3a18f44a1f 02c51e8cfaf9b805d1e9c5e6b373f76b1a9f286f3d35fc55a8d9403dadafe459 Loading...

	ww8.good-trading.com/index.php?good-j&f=265753	ScriptElement	111 B	2024-05-17	2024-10-11
Pretty URL ww8.good-trading.com/index.php?good-j&f=265753 IP 188.114.96.1 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2024-05-17 09:36 Last Seen2024-10-11 09:19 Times Seen60 Hash efce018de3cea0157f3da7511c04fc01 14104e89c3af2dd9b08ed3e4006e434e47cb4001 39d48661858eca9d6e1290385c7fa095434b0663fa790fe2a48baf9701a0edb0 Loading...

		Size	First Seen	Last Seen
	#1 Eval - 086893920de8e118e91dbff92f2241d8	607 B	2024-08-19 20:35	2024-08-19 20:35
Pretty Observations First Seen2024-08-19 20:35 Last Seen2024-08-19 20:35 Times Seen1 Hash 086893920de8e118e91dbff92f2241d8 c594d35a11824e33148c6c4cfab569b38b7c81b0 2388a083a8f7bd6d73618eb1b71446c912b837fe3da852a4c79a19b0c7274213 Loading...

		Size	First Seen	Last Seen
	#1 Write - 55baa5658c01df8b54440533ecdf9285	936 B	2024-08-19 20:35	2024-08-19 20:35
Pretty Observations First Seen2024-08-19 20:35 Last Seen2024-08-19 20:35 Times Seen1 Hash 55baa5658c01df8b54440533ecdf9285 4ba89871ea6dd4908765c21aa8a7719b2a21653a 0e860d7df92f23683df5e2b5650008919cbede9d5dde5eea000009ea9130e88c Loading...

HTTP Transactions (213)

URL IP Response Size

oneshome.cc/

54.157.24.8

142 B

URL
oneshome.cc/
IP
54.157.24.8:0
ASN
#14618 AMAZON-AES

File type
HTML document, ASCII text, with CRLF line terminators
Size
142 B (142 bytes)
Hash
82c98e8e012b79c922655461171cc2fa
0828d79135573276005b04be42d79a8a3291292b
745173bcc5c57ce9751dd019606e877e0aae13b60372fdb090f3db0470c3a43c

HTTP Headers

GET / HTTP/1.1
Host: oneshome.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: openresty
date: Thu, 06 Jun 2024 19:41:29 GMT
content-type: text/html
content-length: 142
location: http://ww99.oneshome.cc/
accept-ch: Sec-CH-UA, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile
cache-control: no-store, max-age=0
X-Firefox-Spdy: h2

ww99.oneshome.cc/

72.52.179.174

2.1 kB

URL
ww99.oneshome.cc/
IP
72.52.179.174:0
ASN
#32244 LIQUIDWEB

File type
HTML document, ASCII text, with very long lines (584)
Size
2.1 kB (2128 bytes)
Hash
e20c0b3375b3bdf38312c652423df90f
34d4252393922e87baa1b3b2cca6524482bc2056
c1dbef1c62cd16c25893bfc5e36596070037772fe4692c1a0c09b8fe3c4744ec

HTTP Headers

GET / HTTP/1.1
Host: ww99.oneshome.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 06 Jun 2024 19:41:29 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 2128
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

ww99.oneshome.cc/page/bouncy.php?&bpae=GbhGdCcmolx7j%2B%2BF4pluPt73aCG0ES8nkiqkXZLOHxPQ1BRodLy6ZhR3OuwVHBdSVELnqJCnCP6ggbftjS8JIPujcqZzoAO%2ByOjhZ5AEslyAYhPJ%2FDcTZOg0AD9R6rEu12KoXe9yM0GfXjPy9%2ByhpO3fJCuS%2BJ1TqS%2FMT%2BZqqTeeFoXjqNjc372TBSQ3r382Jx%2Fj3blnj9Z%2B2HlOU5Akcceap9%2Bwh0A%2B%2BXRlKyBHKeP8iZGG6Cw%2B1VINBI44kLV0oBs%2B%2F%2BrnOaEJRQxZNWVdZhEt080Q%2Fkt2QOPyotkJEmShhoZpV0qf6bnVI%2FsX61tGVE68NMKPJ8%2BpNEUONBP%2BHBje9lS%2FAo9CMNz3kV5csR%2FVY7dvDMIU6w4WcjVUTi6DaHHura4OeGnlBPGq%2FRTzpZjkSesPZRtg6gvW088CaEsEnW4lZt2ba6aizSo%3D&redirectType=js&inIframe=false&inPopUp=false

72.52.179.174

697 B

URL
ww99.oneshome.cc/page/bouncy.php?&bpae=GbhGdCcmolx7j%2B%2BF4pluPt73aCG0ES8nkiqkXZLOHxPQ1BRodLy6ZhR3OuwVHBdSVELnqJCnCP6ggbftjS8JIPujcqZzoAO%2ByOjhZ5AEslyAYhPJ%2FDcTZOg0AD9R6rEu12KoXe9yM0GfXjPy9%2ByhpO3fJCuS%2BJ1TqS%2FMT%2BZqqTeeFoXjqNjc372TBSQ3r382Jx%2Fj3blnj9Z%2B2HlOU5Akcceap9%2Bwh0A%2B%2BXRlKyBHKeP8iZGG6Cw%2B1VINBI44kLV0oBs%2B%2F%2BrnOaEJRQxZNWVdZhEt080Q%2Fkt2QOPyotkJEmShhoZpV0qf6bnVI%2FsX61tGVE68NMKPJ8%2BpNEUONBP%2BHBje9lS%2FAo9CMNz3kV5csR%2FVY7dvDMIU6w4WcjVUTi6DaHHura4OeGnlBPGq%2FRTzpZjkSesPZRtg6gvW088CaEsEnW4lZt2ba6aizSo%3D&redirectType=js&inIframe=false&inPopUp=false
IP
72.52.179.174:0
ASN
#32244 LIQUIDWEB

File type
HTML document, ASCII text
Size
697 B (697 bytes)
Hash
9419d94dbf97347c3bb2f00043c09210
a67e983854f316b925d5d5921c37a9d1308c3cad
7382f326766308f270c96e9a2f98e2cd614eb6e80ae23a1921a39f31c64cf398

HTTP Headers

GET /page/bouncy.php?&bpae=GbhGdCcmolx7j%2B%2BF4pluPt73aCG0ES8nkiqkXZLOHxPQ1BRodLy6ZhR3OuwVHBdSVELnqJCnCP6ggbftjS8JIPujcqZzoAO%2ByOjhZ5AEslyAYhPJ%2FDcTZOg0AD9R6rEu12KoXe9yM0GfXjPy9%2ByhpO3fJCuS%2BJ1TqS%2FMT%2BZqqTeeFoXjqNjc372TBSQ3r382Jx%2Fj3blnj9Z%2B2HlOU5Akcceap9%2Bwh0A%2B%2BXRlKyBHKeP8iZGG6Cw%2B1VINBI44kLV0oBs%2B%2F%2BrnOaEJRQxZNWVdZhEt080Q%2Fkt2QOPyotkJEmShhoZpV0qf6bnVI%2FsX61tGVE68NMKPJ8%2BpNEUONBP%2BHBje9lS%2FAo9CMNz3kV5csR%2FVY7dvDMIU6w4WcjVUTi6DaHHura4OeGnlBPGq%2FRTzpZjkSesPZRtg6gvW088CaEsEnW4lZt2ba6aizSo%3D&redirectType=js&inIframe=false&inPopUp=false HTTP/1.1
Host: ww99.oneshome.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://ww99.oneshome.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
Cache-Control: no-cache
Content-Type: text/html; charset=UTF-8
Date: Thu, 06 Jun 2024 19:41:30 GMT
Pragma: no-cache
Connection: Keep-Alive
X-Powered-By: PHP/5.4.16
Content-Length: 697

click-v4.junmediadirect1.com/click?i=W5d3PeRWbqo_0

198.134.116.17

302 Found

0 B

URL User Request GET HTTP/1.1
click-v4.junmediadirect1.com/click?i=W5d3PeRWbqo_0
IP
198.134.116.17:443
ASN
#27257 WEBAIR-INTERNET

Certificate
IssuerGlobalSign nv-sa
Subject*.junmediadirect1.com
FingerprintB7:72:5A:5B:72:AA:BF:61:4D:81:0E:5A:86:F3:06:6C:D0:09:D3:B3
ValidityWed, 16 Aug 2023 08:01:52 GMT - Mon, 16 Sep 2024 08:01:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /click?i=W5d3PeRWbqo_0 HTTP/1.1
Host: click-v4.junmediadirect1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ww99.oneshome.cc/
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:31 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://ads34.name/?country=no&f=265753

ads34.name/favicon.ico

109.234.165.176

404 Not Found

315 B

URL GET HTTP/2
ads34.name/favicon.ico
IP
109.234.165.176:443
ASN
#50474 O2switch SAS

Requested by
https://ads34.name/?country=no&f=265753
Certificate
IssuerLet's Encrypt
Subjectads34.name
Fingerprint5A:D0:28:B4:29:C0:2D:91:80:82:99:BE:E5:E6:E9:44:98:DF:56:27
ValidityThu, 30 May 2024 12:01:38 GMT - Wed, 28 Aug 2024 12:01:37 GMT

File type
HTML document, ASCII text
Size
315 B (315 bytes)
Hash
a34ac19f4afae63adc5d2f7bc970c07f
a82190fc530c265aa40a045c21770d967f4767b8
d5a89e26beae0bc03ad18a0b0d1d3d75f87c32047879d25da11970cb5c4662a3

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: ads34.name
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads34.name/?country=no&f=265753
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 404 Not Found
date: Thu, 06 Jun 2024 19:41:31 GMT
content-type: text/html; charset=iso-8859-1
content-length: 315
server: o2switch-PowerBoost-v3
X-Firefox-Spdy: h2

ads34.name/?country=no&f=265753

109.234.165.176

200 OK

12 kB

URL User Request GET HTTP/2
ads34.name/?country=no&f=265753
IP
109.234.165.176:443
ASN
#50474 O2switch SAS

Certificate
IssuerLet's Encrypt
Subjectads34.name
Fingerprint5A:D0:28:B4:29:C0:2D:91:80:82:99:BE:E5:E6:E9:44:98:DF:56:27
ValidityThu, 30 May 2024 12:01:38 GMT - Wed, 28 Aug 2024 12:01:37 GMT

File type
ASCII text, with CRLF line terminators
Size
12 kB (11830 bytes)
Hash
69197764ef079b61cf0e8658bdee4e22
c0e8174c4b40c9010d31fbdbb6d2787b23a625e3
2db6ea4cecefe85b7c474b912976bdfed8f5563bfa63627626301e1ec3ec71be

HTTP Headers

GET /?country=no&f=265753 HTTP/1.1
Host: ads34.name
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://ww99.oneshome.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:31 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
server: o2switch-PowerBoost-v3
content-encoding: br
X-Firefox-Spdy: h2

syndication.realsrv.com/splash.php?idzone=3981938

95.211.229.245

200 OK

3.0 kB

URL GET HTTP/1.1
syndication.realsrv.com/splash.php?idzone=3981938
IP
95.211.229.245:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectrealsrv.com
FingerprintD6:E9:CF:67:58:14:C0:E8:FF:A6:F9:E4:10:41:F9:BF:03:93:4D:1B
ValidityTue, 30 Apr 2024 07:54:23 GMT - Mon, 29 Jul 2024 07:54:22 GMT

File type
XML 1.0 document, ASCII text, with very long lines (1802)
Size
3.0 kB (2974 bytes)
Hash
5e443a92ad51145387958866710b874a
d509faf5842f62918c1382c38dd44e406634b2ad
312516fbeb64d6d2a23a25a9457716983e6d433a1a1088129c800ed1b56853b4

HTTP Headers

GET /splash.php?idzone=3981938 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
Origin: https://ww8.good-trading.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:33 GMT
Content-Type: text/xml;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: X-CH-VALUES
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22666210eda1ad24.490030723329109000%22%3B%7D; expires=Sat, 06 Jun 2026 19:41:33 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-video%22%3A%22v4%7C%7CNOR%7C3981938%7C94549550%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C%7C0%7Cww8.good-trading.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C1717702893%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cb61c02bdf2ab4fbc62bffef917b126db%7Cok%22%7D; expires=Fri, 07 Jun 2024 19:41:33 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Cache-Control: no-store
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: https://ww8.good-trading.com
Access-Control-Allow-Credentials: true
Accept-CH: 
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

ctrtraffic.me/mediam.html

188.114.96.1

200 OK

677 B

URL GET HTTP/2
ctrtraffic.me/mediam.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectctrtraffic.me
Fingerprint41:38:F8:F4:61:98:B3:5D:E4:DE:43:4D:62:6A:4F:8B:CF:2F:67:70
ValidityTue, 21 May 2024 17:05:39 GMT - Mon, 19 Aug 2024 17:05:38 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
677 B (677 bytes)
Hash
be54df701ad3c5ad47ba8ca14f6f0251
7070db630a5036bf11df3df33241c9318dd1d104
8b88b45453076a3003384a15953a403d0259ea85d83c19cafaf6853349a7549a

HTTP Headers

GET /mediam.html HTTP/1.1
Host: ctrtraffic.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: 877D4A7C:BF36_5762B65C:01BB_665F5720_42FDB35C:5793
x-iplb-instance: 51780
cf-cache-status: HIT
age: 178636
last-modified: Tue, 04 Jun 2024 18:04:16 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3fkvhX7FKJ8D3kHv523QLSER8nuwqt6GN5oBlp72wUEPdUM9bOUIYL5drtgqfthOGMu1EZc1vtvcTJrOu6V2XFgoZBn%2FjbtRa9LCjqz2J5sBnLqhJdhf7xuI%2BrPMrmWb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae163ea75b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sub.votreimc.com/adzgamebis.html

172.67.222.136

200 OK

664 B

URL GET HTTP/2
sub.votreimc.com/adzgamebis.html
IP
172.67.222.136:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectvotreimc.com
FingerprintA0:63:D6:21:9B:BF:4E:4B:16:71:5E:18:72:C2:54:E2:91:00:77:82
ValidityMon, 20 May 2024 01:52:50 GMT - Sun, 18 Aug 2024 01:52:49 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
664 B (664 bytes)
Hash
3a9be74718243b008fd4eb7b0db41dc7
946388196da6e51b1594ab4b4fdcc88dd4e3c398
4a06482f1d6b63a0b18b4dc548b1c478946526605d27c89dd4e2847f8c57eb74

HTTP Headers

GET /adzgamebis.html HTTP/1.1
Host: sub.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: A29EDE0B:9E3C_91EF25A2:0050_665F3E41_645A0:0B95
x-iplb-instance: 52295
cf-cache-status: HIT
age: 185003
last-modified: Tue, 04 Jun 2024 16:18:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bAgCjtbBhc99%2FhxczBRYBDz2XZS7BEd9C57InEJ%2Bhnqp%2FAZNn24GmNycsIv%2B31SX1Or%2BLBCidmhc4T9XWXKf9mwj9AYPr7BrOqCQksxm0%2FqVGjNpeamfU4gAeZaQvUtI18zb"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae164f94f56be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sub.votreimc.com/purem.html

172.67.222.136

200 OK

184 B

URL GET HTTP/2
sub.votreimc.com/purem.html
IP
172.67.222.136:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectvotreimc.com
FingerprintA0:63:D6:21:9B:BF:4E:4B:16:71:5E:18:72:C2:54:E2:91:00:77:82
ValidityMon, 20 May 2024 01:52:50 GMT - Sun, 18 Aug 2024 01:52:49 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
184 B (184 bytes)
Hash
26825bea4dc631093fdd1378c51a4ee4
2c78f57543585a0b7358fcf8a89cdf687d7a10f7
438d102d8bab5a11ca65be3dac91cf4bea3ca0a7615fcf25102633749564487b

HTTP Headers

GET /purem.html HTTP/1.1
Host: sub.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: A29EDEDF:9E6C_91EF25A2:0050_665F3E46_9667:47F1
x-iplb-instance: 52335
cf-cache-status: HIT
age: 184998
last-modified: Tue, 04 Jun 2024 16:18:14 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=svK3jMCtdGjrRZ3Zfy5mD%2BNm6PqvSxoCL72MY6xqW4L6oGtkpd3sPcmQuSjG0ecaEocBgUc6WeMPVAY2uhUwpEbvcF%2B7beI1fqtZPHXYOZ6LRC%2FtrK6rNK9QvvTauZGmEh4E"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1641f2556be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xml.trackifyy.com/redirect?feed=668767&auth=vObwDG&subid=tracki1&query=tracki1&url=trackifyy.com

173.239.53.20

302 Found

0 B

URL GET HTTP/1.1
xml.trackifyy.com/redirect?feed=668767&auth=vObwDG&subid=tracki1&query=tracki1&url=trackifyy.com
IP
173.239.53.20:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjecttrackifyy.com
FingerprintFB:CF:62:17:C5:D3:2F:54:A4:C7:B1:58:A0:AA:11:55:B9:07:C4:73
ValidityMon, 06 May 2024 12:11:52 GMT - Sun, 04 Aug 2024 12:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=668767&auth=vObwDG&subid=tracki1&query=tracki1&url=trackifyy.com HTTP/1.1
Host: xml.trackifyy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:34 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://becast.onionlive.workers.dev/

thenetwork18.net/adtu.html

188.114.96.1

200 OK

662 B

URL GET HTTP/3
thenetwork18.net/adtu.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
662 B (662 bytes)
Hash
000c9390cffa8c98199b49e870d5b118
55965a1711d7d22fe0f1a099c026b3e7e007db5e
ba8d526e9728cdbab689d90734da4471f2c08f8bba7c2832e7a517e0ad27cb30

HTTP Headers

GET /adtu.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 180889
last-modified: Tue, 04 Jun 2024 17:26:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4h9ezSLA85g8tsVyRvXtQGbo%2Fmfzwo%2BQaLJS%2BgqT9R%2BNryhfpvNQ7HeRFpboCxyfm6xLzppCUIzjJg0%2BEl7exqobsAJOfiWLUrw2W%2FKLwzA6pUmOejsRa6Hcts1FBiLGMEGo"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae169dd5a568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

cus.news24.media/ressources/img/css_sprites-min.png

188.114.96.1

16 kB

URL
cus.news24.media/ressources/img/css_sprites-min.png
IP
188.114.96.1:0
ASN
#13335 CLOUDFLARENET

File type
PNG image data, 476 x 312, 8-bit colormap, non-interlaced
Size
16 kB (16193 bytes)
Hash
774c0bb1ae6f837449ae2114370ac8b4
b5810643ccdb9755913180b3b2ef3eb34e30870b
52b1db2b49a335d5165d6b05c03234128e9818c0faab6c2da9c9758fbac4ffd1

HTTP Headers

GET /ressources/img/css_sprites-min.png HTTP/1.1
Host: cus.news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cus.news24.media/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:34 GMT
content-type: image/png
content-length: 16193
last-modified: Tue, 18 Jul 2023 17:49:42 GMT
cache-control: max-age=900, private
expires: Thu, 06 Jun 2024 19:56:34 GMT
x-iplb-request-id: 334B7709:522C_5762B65C:01BB_666210EE_43AED7D5:3974
x-iplb-instance: 51812
cf-cache-status: BYPASS
set-cookie: SERVERID108283=10451|ZmIQ8|ZmIQ8; path=/; HttpOnly
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6t5DOgLk19m%2FjF%2BkvwEpk036a%2BCjFtNrVt4bpdLa3QRsm9FaVdWeIAGtljGRzut1AisJkay1uSCqwCPMxgF6UBFFqe1IAH%2FtOpPQdcWL23eCXtKs0rMgLBKAp1A4ZRXo95iJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1736c265693-OSL
alt-svc: h3=":443"; ma=86400

xml.zentrixads.com/redirect?feed=624093&auth=TafyEu&subid=zentrix&query=zentrix&url=zentrixads.com

173.239.53.20

200 OK

0 B

URL GET HTTP/1.1
xml.zentrixads.com/redirect?feed=624093&auth=TafyEu&subid=zentrix&query=zentrix&url=zentrixads.com
IP
173.239.53.20:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectzentrixads.com
Fingerprint4D:F0:87:FF:D6:62:05:86:1F:73:63:A7:F6:5D:91:88:3F:4F:7A:2E
ValidityFri, 12 Apr 2024 06:40:33 GMT - Thu, 11 Jul 2024 06:40:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=624093&auth=TafyEu&subid=zentrix&query=zentrix&url=zentrixads.com HTTP/1.1
Host: xml.zentrixads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:34 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

xml.thenetwork18.com/redirect?feed=431558&auth=3q55aa&subid=pop&query=pop&url=pop.php

174.137.133.17

302 Found

0 B

URL GET HTTP/1.1
xml.thenetwork18.com/redirect?feed=431558&auth=3q55aa&subid=pop&query=pop&url=pop.php
IP
174.137.133.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectthenetwork18.com
FingerprintC2:F2:52:C6:1B:73:63:64:7D:D9:42:89:E1:5D:36:F4:55:7A:1B:CB
ValidityThu, 18 Apr 2024 06:41:10 GMT - Wed, 17 Jul 2024 06:41:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=431558&auth=3q55aa&subid=pop&query=pop&url=pop.php HTTP/1.1
Host: xml.thenetwork18.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:34 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://www.s2movies.pro/

xml.trackifyy.com/redirect?feed=668766&auth=i7tq29&subid=tracki&query=tracki&url=trackifyy.com

173.239.53.20

200 OK

0 B

URL GET HTTP/1.1
xml.trackifyy.com/redirect?feed=668766&auth=i7tq29&subid=tracki&query=tracki&url=trackifyy.com
IP
173.239.53.20:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjecttrackifyy.com
FingerprintFB:CF:62:17:C5:D3:2F:54:A4:C7:B1:58:A0:AA:11:55:B9:07:C4:73
ValidityMon, 06 May 2024 12:11:52 GMT - Sun, 04 Aug 2024 12:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=668766&auth=i7tq29&subid=tracki&query=tracki&url=trackifyy.com HTTP/1.1
Host: xml.trackifyy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

xml.zentrixads.com/redirect?feed=624096&auth=4Nn0T4&subid=zentrix1&query=zentrix1&url=zentrixads.com

173.239.53.20

200 OK

0 B

URL GET HTTP/1.1
xml.zentrixads.com/redirect?feed=624096&auth=4Nn0T4&subid=zentrix1&query=zentrix1&url=zentrixads.com
IP
173.239.53.20:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectzentrixads.com
Fingerprint4D:F0:87:FF:D6:62:05:86:1F:73:63:A7:F6:5D:91:88:3F:4F:7A:2E
ValidityFri, 12 Apr 2024 06:40:33 GMT - Thu, 11 Jul 2024 06:40:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=624096&auth=4Nn0T4&subid=zentrix1&query=zentrix1&url=zentrixads.com HTTP/1.1
Host: xml.zentrixads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

redirect3.online/adxgeo.html

104.21.55.170

200 OK

154 B

URL GET HTTP/3
redirect3.online/adxgeo.html
IP
104.21.55.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectredirect3.online
Fingerprint70:1D:49:04:18:5B:85:75:DF:E6:92:91:45:CD:4D:7D:5F:4E:67:73
ValidityWed, 08 May 2024 13:34:26 GMT - Tue, 06 Aug 2024 13:34:25 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
154 B (154 bytes)
Hash
e6fe5e2fbcf055bb6dcd2b03c877d210
5b86cf80ad51d678b3327051bd34473898851ab4
51799f981b84b6d3814ed54937c38f0a105293bc72e9bdef378ac4a65b2cee41

HTTP Headers

GET /adxgeo.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 180888
last-modified: Tue, 04 Jun 2024 17:26:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GqdWFKSxyoqRKkElIXCIMrw4lQqlQBgDop4Zi8MObwqP2Qyv74vj%2BGaSydu6fI90Lhi1k67OpiMkdQSni8rFw2dYNU0Ct34C5Mey0IozCKqp%2Fm3gMg%2Fg9YQLb0MBNcTKShmD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae168ee1256af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

xml.thenetwork18.com/redirect?feed=480554&auth=PFCO9K&subid=xxxcartoon1.com&query=sexporn1&url=xxxcartoon1.com

174.137.133.17

302 Found

0 B

URL GET HTTP/1.1
xml.thenetwork18.com/redirect?feed=480554&auth=PFCO9K&subid=xxxcartoon1.com&query=sexporn1&url=xxxcartoon1.com
IP
174.137.133.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectthenetwork18.com
FingerprintC2:F2:52:C6:1B:73:63:64:7D:D9:42:89:E1:5D:36:F4:55:7A:1B:CB
ValidityThu, 18 Apr 2024 06:41:10 GMT - Wed, 17 Jul 2024 06:41:09 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=480554&auth=PFCO9K&subid=xxxcartoon1.com&query=sexporn1&url=xxxcartoon1.com HTTP/1.1
Host: xml.thenetwork18.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://twinrdsyn.com/Redirect.eng?MediaSegmentId=32782&dcid=3_ctx_1803edcc-55f6-41a2-b833-82581a9a1385&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=Sq-pWbV1yJddti1E9O76fNfBfku7D023xVdq1P236p79lO_fkq0dsk4ZpqBMeu8ECWnDba4QR59A_KFEcvcxCz-KWTs0rgWLZUNhUJXK0GQbHujO2cp81rgbw1VsKGkei6KIZMIO9w9IDZLKM8-b5bsX-ovtE70q6FRzwrnY77hjDQpcbtPiwRUCL-00yYKeKnpkqFfIv59YT9KsOAY_uqrWh4jo29PoBg5EoGOoCbXMpLLOrGSWxnEd7WU_W6K84plLu10ual1jTNcgbis5-FQ1LraWJcHGLmHgXzyNhuY002879Os2iIdH1uQ02RTgbfRNvANhWHwofTi5PcN92dElU3sy6OvcVRujHN2ybLgrWtqsn33zrROYPw_y9-Kb9D-HNfeIH2ZNUAcUrhs4YgmzswVk1UDfl8viZccLW3NF-7E05TsRYAc8Ppl0HXpTJCb9-I2xEuUUPEXGGY6C0GThk3la0R7Qfd4UK4O55FuLSCp56mKQQnj3y06nzibvcolEqmOio_DnIpyUXYHx_Gcb-1L7dO6WvCWZIP4So_tC35RP6TLug7N3HROJKBFhmtfVYcRhPH3lnUMm7ANJMPuvqORx2gTRczZA87wwd3WDNuICFrz0sdkkk5OTeMBNrHuO1OoOqVzaQVtle0eWiOLFoen4UyHe197syrjyh88XGC7eFgNRkGZpspPUsqk73gow9l4Si4ALUJCBNcZ584n5cDyN3--Ig1mc07SG7zKTuSzMtYA8PlZASJMhm6XwWYoVAooo5TYx-AVEV5-M0nIbRfyqfpOUdzeHaC51brBwoQW4vZH4eNbMNakF6uzfDA9-OtgaX1MgvI-4HUV0UAKIZeTaLRxglO7R6-CrYcovKnJQxve5QnAZHGq-sA9CGC_R7iwl6It_lJ26KwQGWj_Nczjgjf_TEG1shjn_H7SFWuYAPI-d0AVW-zmo7d6e1c-k1LvmylI8pwLOwuviAg2&kw=sexporn1&mw=1024&mh=768&xml=1&at=

redirect3.online/flurry.html

104.21.55.170

200 OK

155 B

URL GET HTTP/2
redirect3.online/flurry.html
IP
104.21.55.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectredirect3.online
Fingerprint70:1D:49:04:18:5B:85:75:DF:E6:92:91:45:CD:4D:7D:5F:4E:67:73
ValidityWed, 08 May 2024 13:34:26 GMT - Tue, 06 Aug 2024 13:34:25 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
155 B (155 bytes)
Hash
0f29bd52f30b403bbb5378be0eda3266
220c47b47681ea4dc79e947c6d0ba37d2682ec89
0d4e9fff4a42356f92701a58dbad820ae10699b91853e5c487cd48fb58e365cf

HTTP Headers

GET /flurry.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 170957
last-modified: Tue, 04 Jun 2024 20:12:15 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JZAo9WZ3NvsdUDRkySH1fnqCM9zR3YsLd1jmmkdXfVWPTeH8x1QTnr855wfQynblq646rNbsgVqGWRCvpYTJJ7PLUVbk7mUQVUTHLbx1MX4TQRFbAwTfWDEY0V2iGagPApeS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae163ac0e56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xml.flurryad.com/redirect?feed=647219&auth=Ep6ImT&subid=flurryn1&query=flurryn1&url=flurryadn.com

174.137.133.16

200 OK

0 B

URL GET HTTP/1.1
xml.flurryad.com/redirect?feed=647219&auth=Ep6ImT&subid=flurryn1&query=flurryn1&url=flurryadn.com
IP
174.137.133.16:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectflurryad.com
Fingerprint1D:1D:69:90:EC:14:8C:A8:62:7B:9C:1C:56:4A:EA:D0:A0:82:8B:45
ValidityMon, 29 Apr 2024 06:46:17 GMT - Sun, 28 Jul 2024 06:46:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=647219&auth=Ep6ImT&subid=flurryn1&query=flurryn1&url=flurryadn.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

xml.adtube.media/redirect?feed=557469&auth=uclEev&subid=adtu&query=adtu&url=adtube.media

173.239.53.20

302 Found

0 B

URL GET HTTP/1.1
xml.adtube.media/redirect?feed=557469&auth=uclEev&subid=adtu&query=adtu&url=adtube.media
IP
173.239.53.20:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectadtube.media
FingerprintF6:CC:18:BD:F3:52:76:9B:A6:F2:68:C5:13:F4:DA:60:65:2B:FE:88
ValidityTue, 07 May 2024 06:37:19 GMT - Mon, 05 Aug 2024 06:37:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=557469&auth=uclEev&subid=adtu&query=adtu&url=adtube.media HTTP/1.1
Host: xml.adtube.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://www.animezeno.sbs/

xml.clickmi.net/redirect?feed=487260&auth=AaB5ql&subid=clickmia&query=clickmia&url=clickmi.net

174.137.133.17

302 Found

0 B

URL GET HTTP/1.1
xml.clickmi.net/redirect?feed=487260&auth=AaB5ql&subid=clickmia&query=clickmia&url=clickmi.net
IP
174.137.133.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectclickmi.net
Fingerprint84:4C:C8:7F:CD:1E:78:38:96:CA:39:AE:C4:6A:A6:23:AA:64:AA:96
ValidityMon, 29 Apr 2024 06:43:34 GMT - Sun, 28 Jul 2024 06:43:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=487260&auth=AaB5ql&subid=clickmia&query=clickmia&url=clickmi.net HTTP/1.1
Host: xml.clickmi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://votrackmo.com/52b75a1b-47bb-4b14-b811-74b95dbac763?banner=6431045&pubfeed=583790&siteid=608556&cost=0.0001&conversion=xNIoaaAXx0M

xml.adflyer.media/redirect?feed=474232&auth=yILiVK&subid=adfa&query=adfa&url=adflyer.media

174.137.133.17

302 Found

0 B

URL GET HTTP/1.1
xml.adflyer.media/redirect?feed=474232&auth=yILiVK&subid=adfa&query=adfa&url=adflyer.media
IP
174.137.133.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectadflyer.media
FingerprintD3:0F:01:68:69:2E:2F:BB:06:D0:88:D3:8D:C0:00:7E:79:16:CE:1A
ValidityThu, 18 Apr 2024 06:36:36 GMT - Wed, 17 Jul 2024 06:36:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=474232&auth=yILiVK&subid=adfa&query=adfa&url=adflyer.media HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://animewatch.onionlive.workers.dev/

xml.infinity-info.com/redirect?feed=594287&auth=g1ZSSA&subid=infinitya&query=infinitya&url=infoa.com

174.137.133.16

302 Found

0 B

URL GET HTTP/1.1
xml.infinity-info.com/redirect?feed=594287&auth=g1ZSSA&subid=infinitya&query=infinitya&url=infoa.com
IP
174.137.133.16:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGlobalSign nv-sa
Subject*.infinity-info.com
FingerprintA4:5F:10:F6:9C:72:06:B9:1C:6F:A9:87:5A:BE:07:61:F2:4F:B3:36
ValidityWed, 26 Jul 2023 11:21:50 GMT - Mon, 26 Aug 2024 11:21:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=594287&auth=g1ZSSA&subid=infinitya&query=infinitya&url=infoa.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://meetbenjen.com/in/p/?spot_id=558744&cat=25&sub_id=1614260298

thenetwork18.net/adf.html

188.114.96.1

200 OK

162 B

URL GET HTTP/3
thenetwork18.net/adf.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
813ce07cfa26d2bba73bf1ce872cd84a
75f614d83278fa6af7a366776db2d55f9246f167
3a575e5426b1009e750be6ccafb4dc10ab903cafc63f914b2b99f39d3b1df0d2

HTTP Headers

GET /adf.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 170978
last-modified: Tue, 04 Jun 2024 20:11:54 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mcmBMrQMCmPdDrVyHcu%2BscD0XXG1aSZ4ZiNk3sc9hz4mrLQYxkw21l%2FLlFRmsSlFrzBtgfhGg3BOJX3e4c6pBvfx2TnoaSD1Ec52csdZiPQCVqtwrhkf4FNA%2Bv61WXr1Zddn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1690c0c568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

thenetwork18.net/direct2.html

188.114.96.1

200 OK

262 B

URL GET HTTP/2
thenetwork18.net/direct2.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
262 B (262 bytes)
Hash
1099c77f88fc6d31856c8f711ce412a7
2ab165d2c06dce7af61325e4a6664086000956e5
d05f5fc074b0b7d8e5c35592bb4ef10d23f98a5a03ed760925be0a5926098974

HTTP Headers

GET /direct2.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 170972
last-modified: Tue, 04 Jun 2024 20:12:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D0CWd6qicdq%2B8fKMwyPm5WGSylVx%2F8r48fJ841TyYJnxI%2BahjX%2FZmYtNgs3PLscs9C80Dr60AfdxiajE%2BuWuXOndolMCxInPARFiKEGJD9QM26P%2BW4qlPiooAgGYAuzz3Kf7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1634bdb56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xml.flurryad.com/redirect?feed=437634&auth=bmMqba&subid=flurry&query=flurry&url=flurryad.com

174.137.133.16

302 Found

0 B

URL GET HTTP/1.1
xml.flurryad.com/redirect?feed=437634&auth=bmMqba&subid=flurry&query=flurry&url=flurryad.com
IP
174.137.133.16:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectflurryad.com
Fingerprint1D:1D:69:90:EC:14:8C:A8:62:7B:9C:1C:56:4A:EA:D0:A0:82:8B:45
ValidityMon, 29 Apr 2024 06:46:17 GMT - Sun, 28 Jul 2024 06:46:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=437634&auth=bmMqba&subid=flurry&query=flurry&url=flurryad.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://meetbenjen.com/in/p/?spot_id=818548&cat=25&sub_id=1445607428

xml.xmladsystem.com/redirect?feed=467489&auth=7cx4Dj&subid=purem&query=purem&url=pureads.com

198.134.116.28

200 OK

0 B

URL GET HTTP/1.1
xml.xmladsystem.com/redirect?feed=467489&auth=7cx4Dj&subid=purem&query=purem&url=pureads.com
IP
198.134.116.28:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectxmladsystem.com
Fingerprint77:CF:86:3D:A1:49:A6:8F:A2:6A:3A:70:D5:E5:B2:4F:7C:74:09:9D
ValidityMon, 15 Apr 2024 06:44:15 GMT - Sun, 14 Jul 2024 06:44:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=467489&auth=7cx4Dj&subid=purem&query=purem&url=pureads.com HTTP/1.1
Host: xml.xmladsystem.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

ad-good.com/clixvistam.html

188.114.97.1

200 OK

164 B

URL GET HTTP/2
ad-good.com/clixvistam.html
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectad-good.com
Fingerprint35:39:65:61:62:1C:C1:02:7C:D0:9B:C7:C7:E2:56:C9:04:49:DB:BC
ValidityTue, 16 Apr 2024 08:07:22 GMT - Mon, 15 Jul 2024 08:07:21 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
164 B (164 bytes)
Hash
20ac8d393e4bef5f9579e3b3c0775b5b
6de334f61a0d1d7697a4f221e3ba57fbed2f14b0
e5103e94ee50428520a243ba38c596a406ba5d62ddc02129052cf3b0b4d54c41

HTTP Headers

GET /clixvistam.html HTTP/1.1
Host: ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 170972
last-modified: Tue, 04 Jun 2024 20:12:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s6OFXUPdTwVBtlltjs4qiyhZZExzHPDALqSFTb5z09c5EtnudHQIUqzVDv6QJ%2Fcx2UH0Hfv7X3%2FpEuV5EIJK%2BZitQ%2BW1NPedggPOVsaBk0FmTreDW7kixnbPftCtTg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae16828b656ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xml.infinity-info.com/redirect?feed=443250&auth=8SxGcE&subid=infinitygeo&query=infinitygeo&url=infinity-info.com

174.137.133.16

302 Found

0 B

URL GET HTTP/1.1
xml.infinity-info.com/redirect?feed=443250&auth=8SxGcE&subid=infinitygeo&query=infinitygeo&url=infinity-info.com
IP
174.137.133.16:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGlobalSign nv-sa
Subject*.infinity-info.com
FingerprintA4:5F:10:F6:9C:72:06:B9:1C:6F:A9:87:5A:BE:07:61:F2:4F:B3:36
ValidityWed, 26 Jul 2023 11:21:50 GMT - Mon, 26 Aug 2024 11:21:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=443250&auth=8SxGcE&subid=infinitygeo&query=infinitygeo&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://becast.onionlive.workers.dev/

ad-good.com/infinitym.html

188.114.97.1

200 OK

179 B

URL GET HTTP/2
ad-good.com/infinitym.html
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectad-good.com
Fingerprint35:39:65:61:62:1C:C1:02:7C:D0:9B:C7:C7:E2:56:C9:04:49:DB:BC
ValidityTue, 16 Apr 2024 08:07:22 GMT - Mon, 15 Jul 2024 08:07:21 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
179 B (179 bytes)
Hash
80bce05134661cfa800dab09d49dc6fd
276dd8d87267f2cb3123fe0d4e4b46be1a29f835
85266dfb71e827ef5836821ba41041b8e159c0bbabbb8f76422b9138dcce84e9

HTTP Headers

GET /infinitym.html HTTP/1.1
Host: ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 170972
last-modified: Tue, 04 Jun 2024 20:12:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0E%2BOW8ydASfLGCRckOba6g%2Fdy4kPgvuWWKIToZfcsNX26iFR2ahEFIBDJk9G%2FX2fXjoo9fAfugOr56juFqekO%2Fe5Q5QdSHKA0BfkbmwGRjxv6Ka4ugNEQEx%2BKX46MA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae166de5456ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xml.infinity-info.com/redirect?feed=594286&auth=QquX5E&subid=infinitym&query=infinitym&url=info.com

174.137.133.16

302 Found

0 B

URL GET HTTP/1.1
xml.infinity-info.com/redirect?feed=594286&auth=QquX5E&subid=infinitym&query=infinitym&url=info.com
IP
174.137.133.16:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGlobalSign nv-sa
Subject*.infinity-info.com
FingerprintA4:5F:10:F6:9C:72:06:B9:1C:6F:A9:87:5A:BE:07:61:F2:4F:B3:36
ValidityWed, 26 Jul 2023 11:21:50 GMT - Mon, 26 Aug 2024 11:21:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=594286&auth=QquX5E&subid=infinitym&query=infinitym&url=info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://becast.onionlive.workers.dev/

xml.infinity-info.com/redirect?feed=441159&auth=kCy2hF&subid=infinityad&query=best+deals&url=infinity-info.com

174.137.133.16

200 OK

0 B

URL GET HTTP/1.1
xml.infinity-info.com/redirect?feed=441159&auth=kCy2hF&subid=infinityad&query=best+deals&url=infinity-info.com
IP
174.137.133.16:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGlobalSign nv-sa
Subject*.infinity-info.com
FingerprintA4:5F:10:F6:9C:72:06:B9:1C:6F:A9:87:5A:BE:07:61:F2:4F:B3:36
ValidityWed, 26 Jul 2023 11:21:50 GMT - Mon, 26 Aug 2024 11:21:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=441159&auth=kCy2hF&subid=infinityad&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

xml.adxfactory.com/redirect?feed=470044&auth=01aQpq&subid=adxa&query=adxa&url=adxfactory.com

173.239.53.17

200 OK

0 B

URL GET HTTP/1.1
xml.adxfactory.com/redirect?feed=470044&auth=01aQpq&subid=adxa&query=adxa&url=adxfactory.com
IP
173.239.53.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectadxfactory.com
FingerprintD9:B5:CC:E8:5D:7F:DB:8F:C9:8C:01:36:19:D5:C8:90:26:0F:1B:42
ValidityMon, 22 Apr 2024 06:36:41 GMT - Sun, 21 Jul 2024 06:36:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=470044&auth=01aQpq&subid=adxa&query=adxa&url=adxfactory.com HTTP/1.1
Host: xml.adxfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

xml.adzgame.com/redirect?feed=647207&auth=J7xEz2&subid=adzgamebis1&query=adzgameabis1&url=adzgame1.com

173.239.53.18

200 OK

0 B

URL GET HTTP/1.1
xml.adzgame.com/redirect?feed=647207&auth=J7xEz2&subid=adzgamebis1&query=adzgameabis1&url=adzgame1.com
IP
173.239.53.18:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGlobalSign nv-sa
Subject*.adzgame.com
Fingerprint1D:21:6B:BC:19:9A:BC:F9:C6:85:4A:6F:F0:9E:BF:A0:48:35:20:1A
ValidityWed, 26 Jul 2023 11:10:05 GMT - Mon, 26 Aug 2024 11:10:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=647207&auth=J7xEz2&subid=adzgamebis1&query=adzgameabis1&url=adzgame1.com HTTP/1.1
Host: xml.adzgame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

xml.adzgame.com/redirect?feed=553308&auth=qTKzx9&subid=adzgame&query=adzgame&url=adzgame.com

173.239.53.18

302 Found

0 B

URL GET HTTP/1.1
xml.adzgame.com/redirect?feed=553308&auth=qTKzx9&subid=adzgame&query=adzgame&url=adzgame.com
IP
173.239.53.18:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGlobalSign nv-sa
Subject*.adzgame.com
Fingerprint1D:21:6B:BC:19:9A:BC:F9:C6:85:4A:6F:F0:9E:BF:A0:48:35:20:1A
ValidityWed, 26 Jul 2023 11:10:05 GMT - Mon, 26 Aug 2024 11:10:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=553308&auth=qTKzx9&subid=adzgame&query=adzgame&url=adzgame.com HTTP/1.1
Host: xml.adzgame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://meetbenjen.com/in/p/?spot_id=818548&cat=25&sub_id=1445607428

redirect3.online/flurryad.html

104.21.55.170

200 OK

158 B

URL GET HTTP/2
redirect3.online/flurryad.html
IP
104.21.55.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectredirect3.online
Fingerprint70:1D:49:04:18:5B:85:75:DF:E6:92:91:45:CD:4D:7D:5F:4E:67:73
ValidityWed, 08 May 2024 13:34:26 GMT - Tue, 06 Aug 2024 13:34:25 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
158 B (158 bytes)
Hash
a49f79deb4941b80b99f97498bb17509
45320844c69315e2ca0050c0a010939ffe63b035
45de086e8c0893da72a911e315515046be42a1903a4d33356d11a4aa556cbcd1

HTTP Headers

GET /flurryad.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 185020
last-modified: Tue, 04 Jun 2024 16:17:52 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z6SWSWXoi4h6btGUML4EcD2Fc9HNmboZdpm3Ma%2FL6T4tDDOhzLV7kuMB4cG3fdhOc0ERVLp7n9vaKQH5ssKZKnJ5fo33CajRpEyKYLLHH8IU2uKjeaw38RbTupnBZVLFQnUJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae163bc3656af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

redirect3.online/flurry2.html

104.21.55.170

200 OK

158 B

URL GET HTTP/2
redirect3.online/flurry2.html
IP
104.21.55.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectredirect3.online
Fingerprint70:1D:49:04:18:5B:85:75:DF:E6:92:91:45:CD:4D:7D:5F:4E:67:73
ValidityWed, 08 May 2024 13:34:26 GMT - Tue, 06 Aug 2024 13:34:25 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
158 B (158 bytes)
Hash
1125350f2371e16db6f77b84365ca873
1467d0a53515532e0a5ea08b22691962efcbd685
146b9b8be91f5299e8d75b501e6f3f631603fc77106c039b1ab8d994938e73d0

HTTP Headers

GET /flurry2.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 176594
last-modified: Tue, 04 Jun 2024 18:38:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Cva7U4%2BNy1eq05XbO%2BBmRkdhz1QefM%2BLgiu%2FYI243wLekTVB1Ct29mBtEQQ%2BjyMoCVudVFa2I6zcnYtVsZSUS6WhIkXgoAO11ORmZ32%2BywYCeFcCxSkyokIsjIA3zYZI18h"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae163ac1f56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xml.adxfactory.com/redirect?feed=637932&auth=fLqghK&subid=adx1&query=adx1&url=adx.com

173.239.53.17

200 OK

0 B

URL GET HTTP/1.1
xml.adxfactory.com/redirect?feed=637932&auth=fLqghK&subid=adx1&query=adx1&url=adx.com
IP
173.239.53.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectadxfactory.com
FingerprintD9:B5:CC:E8:5D:7F:DB:8F:C9:8C:01:36:19:D5:C8:90:26:0F:1B:42
ValidityMon, 22 Apr 2024 06:36:41 GMT - Sun, 21 Jul 2024 06:36:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=637932&auth=fLqghK&subid=adx1&query=adx1&url=adx.com HTTP/1.1
Host: xml.adxfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

ctrtraffic.me/follow1.html

188.114.96.1

200 OK

172 B

URL GET HTTP/2
ctrtraffic.me/follow1.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectctrtraffic.me
Fingerprint41:38:F8:F4:61:98:B3:5D:E4:DE:43:4D:62:6A:4F:8B:CF:2F:67:70
ValidityTue, 21 May 2024 17:05:39 GMT - Mon, 19 Aug 2024 17:05:38 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
172 B (172 bytes)
Hash
0e5ff0b675fb1f836f96e50444b9b230
2acd2663bf7222e8b81adb73555844bad0234a6c
1fb981c63310c8e2a06e49b070b505e61bd7ac65a3c5ecfd1dae2ca60384441f

HTTP Headers

GET /follow1.html HTTP/1.1
Host: ctrtraffic.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: 334DDA9A:3202_5762B65C:01BB_665F4FB4_42FC44EF:5793
x-iplb-instance: 51780
cf-cache-status: HIT
age: 180536
last-modified: Tue, 04 Jun 2024 17:32:36 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PTf6wujoFp3nS%2BwdVdQlBL3QheLK9gUG17V5Pvh2iAIYmPOQpPOdhlBo3yi7UGPZHiHGTOxfDPgKxn3j9unU7D9ugOnZIhDLvdA6n7iPK5uLIX7c6qCCwuA7cMMN1oFu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae163ea89b50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xml.rtbfactory.com/redirect?feed=538480&auth=oBN7ws&subid=rtb&query=rtb&url=rtbfactory.com

173.239.53.18

200 OK

0 B

URL GET HTTP/1.1
xml.rtbfactory.com/redirect?feed=538480&auth=oBN7ws&subid=rtb&query=rtb&url=rtbfactory.com
IP
173.239.53.18:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectrtbfactory.com
Fingerprint78:24:9B:3E:6A:EF:94:08:E7:AE:E7:91:4D:C7:2C:61:52:EF:30:DA
ValiditySat, 04 May 2024 06:40:22 GMT - Fri, 02 Aug 2024 06:40:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=538480&auth=oBN7ws&subid=rtb&query=rtb&url=rtbfactory.com HTTP/1.1
Host: xml.rtbfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

xml.clixvista.com/redirect?feed=604310&auth=9ITZtu&subid=clixvistam1&query=clixvistam1&url=clixvista1.com

198.134.116.28

200 OK

0 B

URL GET HTTP/1.1
xml.clixvista.com/redirect?feed=604310&auth=9ITZtu&subid=clixvistam1&query=clixvistam1&url=clixvista1.com
IP
198.134.116.28:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectclixvista.com
FingerprintCA:9F:0E:8F:3E:E1:00:82:06:2E:88:6C:69:60:8F:31:1E:77:43:6D
ValiditySun, 19 May 2024 06:38:26 GMT - Sat, 17 Aug 2024 06:38:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=604310&auth=9ITZtu&subid=clixvistam1&query=clixvistam1&url=clixvista1.com HTTP/1.1
Host: xml.clixvista.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

yahoo.com/

98.137.11.163

301 Moved Permanently

8 B

URL GET HTTP/2
yahoo.com/
IP
98.137.11.163:443
ASN
#36647 YAHOO-GQ1

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerDigiCert Inc
Subjectyahoo.com
Fingerprint2C:3D:69:2F:18:D8:60:42:F4:5D:66:B5:11:C1:80:98:ED:45:9E:85
ValidityTue, 20 Feb 2024 00:00:00 GMT - Wed, 14 Aug 2024 23:59:59 GMT

File type
ASCII text, with no line terminators
Size
8 B (8 bytes)
Hash
f17ca2c829680ada2fec9fc87bc5f606
fb5ed1e8458cc7da71478ddab87136681cb0179e
093452239d0e2e43b06b9d5cd8ac735c26449e340e001f87904765bb30e2293e

HTTP Headers

GET / HTTP/1.1
Host: yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 06 Jun 2024 19:41:35 GMT
strict-transport-security: max-age=31536000
server: ATS
cache-control: no-store, no-cache
content-type: text/html
content-language: en
x-frame-options: SAMEORIGIN
referrer-policy: no-referrer-when-downgrade
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
location: https://www.yahoo.com/
content-length: 8
X-Firefox-Spdy: h2

redirect3.online/flurryad1.html

104.21.55.170

200 OK

159 B

URL GET HTTP/2
redirect3.online/flurryad1.html
IP
104.21.55.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectredirect3.online
Fingerprint70:1D:49:04:18:5B:85:75:DF:E6:92:91:45:CD:4D:7D:5F:4E:67:73
ValidityWed, 08 May 2024 13:34:26 GMT - Tue, 06 Aug 2024 13:34:25 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
159 B (159 bytes)
Hash
143f3794fb0d0ad003b2fa6fc8942bc3
03444f6dbcd952de3c2da36dbf36ff18636ee4fd
e098a7bd8272dbd983b88bfb37e1247c419091528761891e6c1df285051f4461

HTTP Headers

GET /flurryad1.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 180893
last-modified: Tue, 04 Jun 2024 17:26:39 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YVlh3zIibxHnEhPiB%2B8NMlJ81xeC9sBexRDh8MJtwtFrKinVrA%2BbH%2B4ZoGBVW%2BWD1DnCucXpgyiq0QPPQpshQVBfhgMM%2FNMnA2ct8asXK9GeTL1DqGDU5MNud7jP5VhGl67J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae163ac2856af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sub.votreimc.com/eximdigitala1.html

172.67.222.136

200 OK

170 B

URL GET HTTP/2
sub.votreimc.com/eximdigitala1.html
IP
172.67.222.136:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectvotreimc.com
FingerprintA0:63:D6:21:9B:BF:4E:4B:16:71:5E:18:72:C2:54:E2:91:00:77:82
ValidityMon, 20 May 2024 01:52:50 GMT - Sun, 18 Aug 2024 01:52:49 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
170 B (170 bytes)
Hash
7be69b360cee5c769d377f56592dbf23
adb3ae320a6001c7f38c83868285dca3d81bb386
1f91d74b6b53b1d1b4c7752dbc59c4c90e969881dbcd659dbeaed5e99877e42b

HTTP Headers

GET /eximdigitala1.html HTTP/1.1
Host: sub.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: A29EDF0C:8EDC_91EF25A2:0050_665F4E54_54805:2B4A
x-iplb-instance: 52335
cf-cache-status: HIT
age: 180888
last-modified: Tue, 04 Jun 2024 17:26:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q104R4oMoT%2FFVoGv%2Fgm%2BW2MQSg6ur%2Fjt1XtdZFXJgGrLqg9DoQE3AL64Ypa96Rv0CMxDxyF75yZ%2FYzFaoWqE8HDXOhlrLG04wtRftN8EUEJulO%2FWD%2FINeWVsG%2BZU802obDY8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae165eb2756be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xml.adzgame.com/redirect?feed=647205&auth=WYD00z&subid=adzgame1&query=adzgame1&url=adzgame1.com

173.239.53.18

200 OK

0 B

URL GET HTTP/1.1
xml.adzgame.com/redirect?feed=647205&auth=WYD00z&subid=adzgame1&query=adzgame1&url=adzgame1.com
IP
173.239.53.18:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGlobalSign nv-sa
Subject*.adzgame.com
Fingerprint1D:21:6B:BC:19:9A:BC:F9:C6:85:4A:6F:F0:9E:BF:A0:48:35:20:1A
ValidityWed, 26 Jul 2023 11:10:05 GMT - Mon, 26 Aug 2024 11:10:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=647205&auth=WYD00z&subid=adzgame1&query=adzgame1&url=adzgame1.com HTTP/1.1
Host: xml.adzgame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

ad-good.com/infinitya1.html

188.114.97.1

200 OK

173 B

URL GET HTTP/2
ad-good.com/infinitya1.html
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectad-good.com
Fingerprint35:39:65:61:62:1C:C1:02:7C:D0:9B:C7:C7:E2:56:C9:04:49:DB:BC
ValidityTue, 16 Apr 2024 08:07:22 GMT - Mon, 15 Jul 2024 08:07:21 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
173 B (173 bytes)
Hash
827b5de9b5a6287c5686bdde10ec0abe
7fd055420028ee4f35e50be3fc8c67f6212b8b13
9b477a3f62496ce026da54eb4815ccf14a6257afb3d7d77c066a68b666caa48e

HTTP Headers

GET /infinitya1.html HTTP/1.1
Host: ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 180881
last-modified: Tue, 04 Jun 2024 17:26:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IsR5owRTH1smQdGlYWLNC6DEh%2FbaaeRFTjv3Eml%2FHZ3HTmtYpArAALWIN0IDRZWvSP8FPttyarGpU%2BtweZamTwUUCQejCXXHAsbIGYd%2FHaoKpn3awsxzW17ZJwudUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1670ead56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xml.zaimads.com/redirect?feed=449092&auth=Rr6ulY&subid=zaimadsad&query=streamad&url=zaimadsad.com

174.137.133.17

302 Found

0 B

URL GET HTTP/1.1
xml.zaimads.com/redirect?feed=449092&auth=Rr6ulY&subid=zaimadsad&query=streamad&url=zaimadsad.com
IP
174.137.133.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGlobalSign nv-sa
Subject*.zaimads.com
Fingerprint35:9B:E2:0D:4B:C6:AF:A3:5A:9C:F9:0A:2A:75:9D:DE:60:25:92:AD
ValidityWed, 24 Jan 2024 10:07:47 GMT - Mon, 24 Feb 2025 10:07:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=449092&auth=Rr6ulY&subid=zaimadsad&query=streamad&url=zaimadsad.com HTTP/1.1
Host: xml.zaimads.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://meetbenjen.com/in/p/?spot_id=558744&cat=25&sub_id=1614260298

xml.adzgame.com/redirect?feed=436085&auth=r2BL6s&subid=adzgame&query=adzgame&url=adzgame.com

173.239.53.18

302 Found

0 B

URL GET HTTP/1.1
xml.adzgame.com/redirect?feed=436085&auth=r2BL6s&subid=adzgame&query=adzgame&url=adzgame.com
IP
173.239.53.18:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGlobalSign nv-sa
Subject*.adzgame.com
Fingerprint1D:21:6B:BC:19:9A:BC:F9:C6:85:4A:6F:F0:9E:BF:A0:48:35:20:1A
ValidityWed, 26 Jul 2023 11:10:05 GMT - Mon, 26 Aug 2024 11:10:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=436085&auth=r2BL6s&subid=adzgame&query=adzgame&url=adzgame.com HTTP/1.1
Host: xml.adzgame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://meetbenjen.com/in/p/?spot_id=818548&cat=25&sub_id=1445607428

thenetwork18.net/clickmi.html

188.114.96.1

200 OK

162 B

URL GET HTTP/3
thenetwork18.net/clickmi.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
162 B (162 bytes)
Hash
c987244fddf5c8500adc7c39a3deec70
e8874a2ff806c30692dff062e42d70135c8b2c8b
52c321870c4aa8f656dc9c4f23f73a0c0075ec70b6e6cf7c3df7de4e63f480e0

HTTP Headers

GET /clickmi.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 159655
last-modified: Tue, 04 Jun 2024 23:20:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lHGVFqrnRBJBhMIotg%2BG0ccyCgwF1x0Ixo0TrmdILlI2y%2F62l4MkJLxn985L7ehSTbMWbm4ipb4hvBHxH2AbS3sjsf2pf3NO6MMxRi7lJhzuzNacpUSND%2BrQ2kUY9Wx%2FUkXN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae169bd2a568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

twinrdsyn.com/Redirect.eng?MediaSegmentId=32782&dcid=3_ctx_1803edcc-55f6-41a2-b833-82581a9a1385&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=Sq-pWbV1yJddti1E9O76fNfBfku7D023xVdq1P236p79lO_fkq0dsk4ZpqBMeu8ECWnDba4QR59A_KFEcvcxCz-KWTs0rgWLZUNhUJXK0GQbHujO2cp81rgbw1VsKGkei6KIZMIO9w9IDZLKM8-b5bsX-ovtE70q6FRzwrnY77hjDQpcbtPiwRUCL-00yYKeKnpkqFfIv59YT9KsOAY_uqrWh4jo29PoBg5EoGOoCbXMpLLOrGSWxnEd7WU_W6K84plLu10ual1jTNcgbis5-FQ1LraWJcHGLmHgXzyNhuY002879Os2iIdH1uQ02RTgbfRNvANhWHwofTi5PcN92dElU3sy6OvcVRujHN2ybLgrWtqsn33zrROYPw_y9-Kb9D-HNfeIH2ZNUAcUrhs4YgmzswVk1UDfl8viZccLW3NF-7E05TsRYAc8Ppl0HXpTJCb9-I2xEuUUPEXGGY6C0GThk3la0R7Qfd4UK4O55FuLSCp56mKQQnj3y06nzibvcolEqmOio_DnIpyUXYHx_Gcb-1L7dO6WvCWZIP4So_tC35RP6TLug7N3HROJKBFhmtfVYcRhPH3lnUMm7ANJMPuvqORx2gTRczZA87wwd3WDNuICFrz0sdkkk5OTeMBNrHuO1OoOqVzaQVtle0eWiOLFoen4UyHe197syrjyh88XGC7eFgNRkGZpspPUsqk73gow9l4Si4ALUJCBNcZ584n5cDyN3--Ig1mc07SG7zKTuSzMtYA8PlZASJMhm6XwWYoVAooo5TYx-AVEV5-M0nIbRfyqfpOUdzeHaC51brBwoQW4vZH4eNbMNakF6uzfDA9-OtgaX1MgvI-4HUV0UAKIZeTaLRxglO7R6-CrYcovKnJQxve5QnAZHGq-sA9CGC_R7iwl6It_lJ26KwQGWj_Nczjgjf_TEG1shjn_H7SFWuYAPI-d0AVW-zmo7d6e1c-k1LvmylI8pwLOwuviAg2&kw=sexporn1&mw=1024&mh=768&xml=1&at=

172.64.153.186

200 OK

26 kB

URL GET HTTP/2
twinrdsyn.com/Redirect.eng?MediaSegmentId=32782&dcid=3_ctx_1803edcc-55f6-41a2-b833-82581a9a1385&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=Sq-pWbV1yJddti1E9O76fNfBfku7D023xVdq1P236p79lO_fkq0dsk4ZpqBMeu8ECWnDba4QR59A_KFEcvcxCz-KWTs0rgWLZUNhUJXK0GQbHujO2cp81rgbw1VsKGkei6KIZMIO9w9IDZLKM8-b5bsX-ovtE70q6FRzwrnY77hjDQpcbtPiwRUCL-00yYKeKnpkqFfIv59YT9KsOAY_uqrWh4jo29PoBg5EoGOoCbXMpLLOrGSWxnEd7WU_W6K84plLu10ual1jTNcgbis5-FQ1LraWJcHGLmHgXzyNhuY002879Os2iIdH1uQ02RTgbfRNvANhWHwofTi5PcN92dElU3sy6OvcVRujHN2ybLgrWtqsn33zrROYPw_y9-Kb9D-HNfeIH2ZNUAcUrhs4YgmzswVk1UDfl8viZccLW3NF-7E05TsRYAc8Ppl0HXpTJCb9-I2xEuUUPEXGGY6C0GThk3la0R7Qfd4UK4O55FuLSCp56mKQQnj3y06nzibvcolEqmOio_DnIpyUXYHx_Gcb-1L7dO6WvCWZIP4So_tC35RP6TLug7N3HROJKBFhmtfVYcRhPH3lnUMm7ANJMPuvqORx2gTRczZA87wwd3WDNuICFrz0sdkkk5OTeMBNrHuO1OoOqVzaQVtle0eWiOLFoen4UyHe197syrjyh88XGC7eFgNRkGZpspPUsqk73gow9l4Si4ALUJCBNcZ584n5cDyN3--Ig1mc07SG7zKTuSzMtYA8PlZASJMhm6XwWYoVAooo5TYx-AVEV5-M0nIbRfyqfpOUdzeHaC51brBwoQW4vZH4eNbMNakF6uzfDA9-OtgaX1MgvI-4HUV0UAKIZeTaLRxglO7R6-CrYcovKnJQxve5QnAZHGq-sA9CGC_R7iwl6It_lJ26KwQGWj_Nczjgjf_TEG1shjn_H7SFWuYAPI-d0AVW-zmo7d6e1c-k1LvmylI8pwLOwuviAg2&kw=sexporn1&mw=1024&mh=768&xml=1&at=
IP
172.64.153.186:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjecttwinrdsyn.com
FingerprintFB:B2:26:D7:31:58:05:8E:42:68:39:3B:C2:46:09:83:D4:E4:74:9B
ValidityTue, 04 Jun 2024 21:50:04 GMT - Mon, 02 Sep 2024 21:50:03 GMT

File type
HTML document, ASCII text, with very long lines (60658), with CRLF, LF line terminators
Size
26 kB (26401 bytes)
Hash
3dc6e5db090b196fe9e2554f8f5dfa65
1731cfa9e020af32ac25980484887fd6bd8135c7
eac8c14f4a529c7cae5f3a3a1ae004dfcaa390b7666acc0b9cc93dfa44070b4a

HTTP Headers

GET /Redirect.eng?MediaSegmentId=32782&dcid=3_ctx_1803edcc-55f6-41a2-b833-82581a9a1385&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=Sq-pWbV1yJddti1E9O76fNfBfku7D023xVdq1P236p79lO_fkq0dsk4ZpqBMeu8ECWnDba4QR59A_KFEcvcxCz-KWTs0rgWLZUNhUJXK0GQbHujO2cp81rgbw1VsKGkei6KIZMIO9w9IDZLKM8-b5bsX-ovtE70q6FRzwrnY77hjDQpcbtPiwRUCL-00yYKeKnpkqFfIv59YT9KsOAY_uqrWh4jo29PoBg5EoGOoCbXMpLLOrGSWxnEd7WU_W6K84plLu10ual1jTNcgbis5-FQ1LraWJcHGLmHgXzyNhuY002879Os2iIdH1uQ02RTgbfRNvANhWHwofTi5PcN92dElU3sy6OvcVRujHN2ybLgrWtqsn33zrROYPw_y9-Kb9D-HNfeIH2ZNUAcUrhs4YgmzswVk1UDfl8viZccLW3NF-7E05TsRYAc8Ppl0HXpTJCb9-I2xEuUUPEXGGY6C0GThk3la0R7Qfd4UK4O55FuLSCp56mKQQnj3y06nzibvcolEqmOio_DnIpyUXYHx_Gcb-1L7dO6WvCWZIP4So_tC35RP6TLug7N3HROJKBFhmtfVYcRhPH3lnUMm7ANJMPuvqORx2gTRczZA87wwd3WDNuICFrz0sdkkk5OTeMBNrHuO1OoOqVzaQVtle0eWiOLFoen4UyHe197syrjyh88XGC7eFgNRkGZpspPUsqk73gow9l4Si4ALUJCBNcZ584n5cDyN3--Ig1mc07SG7zKTuSzMtYA8PlZASJMhm6XwWYoVAooo5TYx-AVEV5-M0nIbRfyqfpOUdzeHaC51brBwoQW4vZH4eNbMNakF6uzfDA9-OtgaX1MgvI-4HUV0UAKIZeTaLRxglO7R6-CrYcovKnJQxve5QnAZHGq-sA9CGC_R7iwl6It_lJ26KwQGWj_Nczjgjf_TEG1shjn_H7SFWuYAPI-d0AVW-zmo7d6e1c-k1LvmylI8pwLOwuviAg2&kw=sexporn1&mw=1024&mh=768&xml=1&at= HTTP/1.1
Host: twinrdsyn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:35 GMT
content-type: text/html; charset=utf-8
content-length: 26401
cache-control: private, no-transform
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-origin: *
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=106f8f9e-85d1-4851-b6c5-a84e88671c57; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure
ISSH=73CEB7; path=/; SameSite=None; secure
VMI=00000000-0000-0000-0000-000000000000; path=/; SameSite=None; secure
IPLH=#{"64257":[{"SId":"73CEB7","D":"24/6/6T12:39:51"}]}; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[64257]; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Thu, 06-Jun-2024 23:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#1/1/0001 12:00:00 AM; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure
IOPT=#[]; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{"66134":[{"SId":"73CEB7","D":"24/6/6T12:39:51"}]}; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[66134]; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{"79559":[{"SId":"73CEB7","D":"24/6/6T12:39:51"}]}; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[79559]; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{}; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[]; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{"15734":[{"SId":"73CEB7","D":"24/6/6T12:39:51"}]}; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[15734]; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{"36016":[{"SId":"73CEB7","D":"24/6/6T12:39:51"}]}; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[36016]; expires=Tue, 06-Jun-2034 19:39:51 GMT; path=/; SameSite=None; secure; HttpOnly
p3p: CP="CAO PSA OUR IND"
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 88fae1781bce0b4d-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ww8.good-trading.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

188.114.96.1

200 OK

1.9 kB

URL GET HTTP/3
ww8.good-trading.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectgood-trading.com
Fingerprint59:DD:2C:C9:13:23:AC:32:93:BB:CF:20:AD:72:38:9F:17:4D:33:6E
ValiditySat, 13 Apr 2024 23:06:54 GMT - Fri, 12 Jul 2024 23:06:53 GMT

File type
gzip compressed data, from Unix
Size
1.9 kB (1900 bytes)
Hash
e89142e1ea7d7774b79ff77947b2b2b3
ef7a56bafa6c66578d9916713ed9e787191f8240
ca1eff0cbef61e7c2ffce2fe04a095f8ba5ee9af807eb4c959a450af01eacd60

HTTP Headers

GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1
Host: ww8.good-trading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:31 GMT
content-type: application/javascript
last-modified: Tue, 04 Jun 2024 12:27:30 GMT
etag: W/"665f0832-4d7"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=waM1BLtQl70Oo%2BU2tzJHWCzvxPUWkAqvtbfFSUcrGkcdr7%2Bl8XtdCoClvidz4OZ3w4k2wy7wwkBdPB%2BCtP5m989Gk44oGvqSvO8oSsMX5QDd3NBia1btENHFqOpIt8G31iMaouw5pg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae162ca580afe-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Sat, 08 Jun 2024 19:41:31 GMT
cache-control: max-age=172800, public
content-encoding: gzip

xml.ctrtraffic.com/redirect?feed=441588&auth=6H5Hgo&subid=adult&query=adult&url=adult.com

198.134.116.18

302 Found

0 B

URL GET HTTP/1.1
xml.ctrtraffic.com/redirect?feed=441588&auth=6H5Hgo&subid=adult&query=adult&url=adult.com
IP
198.134.116.18:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectctrtraffic.com
Fingerprint5E:89:08:C3:8A:AF:DF:FD:44:F4:61:6F:65:BF:BE:52:56:CD:B3:EF
ValiditySun, 02 Jun 2024 06:38:33 GMT - Sat, 31 Aug 2024 06:38:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=441588&auth=6H5Hgo&subid=adult&query=adult&url=adult.com HTTP/1.1
Host: xml.ctrtraffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://meetbenjen.com/in/p/?spot_id=808402&cat=25&sub_id=1804254931

xml.clixvista.com/redirect?feed=604308&auth=TKnqy8&subid=clixvista1&query=clixvista1&url=clixvista1.com

198.134.116.28

200 OK

0 B

URL GET HTTP/1.1
xml.clixvista.com/redirect?feed=604308&auth=TKnqy8&subid=clixvista1&query=clixvista1&url=clixvista1.com
IP
198.134.116.28:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectclixvista.com
FingerprintCA:9F:0E:8F:3E:E1:00:82:06:2E:88:6C:69:60:8F:31:1E:77:43:6D
ValiditySun, 19 May 2024 06:38:26 GMT - Sat, 17 Aug 2024 06:38:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=604308&auth=TKnqy8&subid=clixvista1&query=clixvista1&url=clixvista1.com HTTP/1.1
Host: xml.clixvista.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

xml.adflyer.media/redirect?feed=542697&auth=HDsoD3&subid=adf1&query=adf1&url=adflyer.media

174.137.133.17

302 Found

0 B

URL GET HTTP/1.1
xml.adflyer.media/redirect?feed=542697&auth=HDsoD3&subid=adf1&query=adf1&url=adflyer.media
IP
174.137.133.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectadflyer.media
FingerprintD3:0F:01:68:69:2E:2F:BB:06:D0:88:D3:8D:C0:00:7E:79:16:CE:1A
ValidityThu, 18 Apr 2024 06:36:36 GMT - Wed, 17 Jul 2024 06:36:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=542697&auth=HDsoD3&subid=adf1&query=adf1&url=adflyer.media HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://t4.lowtid.com/o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=gAVbrOrk59M_0&s=621006_542697

xml.adzgame.com/redirect?feed=436086&auth=7bONam&subid=adzgamea&query=adzgamea&url=adzgame.com

173.239.53.18

200 OK

0 B

URL GET HTTP/1.1
xml.adzgame.com/redirect?feed=436086&auth=7bONam&subid=adzgamea&query=adzgamea&url=adzgame.com
IP
173.239.53.18:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGlobalSign nv-sa
Subject*.adzgame.com
Fingerprint1D:21:6B:BC:19:9A:BC:F9:C6:85:4A:6F:F0:9E:BF:A0:48:35:20:1A
ValidityWed, 26 Jul 2023 11:10:05 GMT - Mon, 26 Aug 2024 11:10:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=436086&auth=7bONam&subid=adzgamea&query=adzgamea&url=adzgame.com HTTP/1.1
Host: xml.adzgame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

xml.adzgame.com/redirect?feed=647206&auth=T1loWp&subid=adzgameadu1&query=adzgameadu1&url=adzgame1.com

173.239.53.18

200 OK

0 B

URL GET HTTP/1.1
xml.adzgame.com/redirect?feed=647206&auth=T1loWp&subid=adzgameadu1&query=adzgameadu1&url=adzgame1.com
IP
173.239.53.18:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGlobalSign nv-sa
Subject*.adzgame.com
Fingerprint1D:21:6B:BC:19:9A:BC:F9:C6:85:4A:6F:F0:9E:BF:A0:48:35:20:1A
ValidityWed, 26 Jul 2023 11:10:05 GMT - Mon, 26 Aug 2024 11:10:04 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=647206&auth=T1loWp&subid=adzgameadu1&query=adzgameadu1&url=adzgame1.com HTTP/1.1
Host: xml.adzgame.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

redirect3.online/adxa.html

104.21.55.170

200 OK

153 B

URL GET HTTP/3
redirect3.online/adxa.html
IP
104.21.55.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectredirect3.online
Fingerprint70:1D:49:04:18:5B:85:75:DF:E6:92:91:45:CD:4D:7D:5F:4E:67:73
ValidityWed, 08 May 2024 13:34:26 GMT - Tue, 06 Aug 2024 13:34:25 GMT

File type
HTML document, ASCII text, with CRLF, LF line terminators
Size
153 B (153 bytes)
Hash
d727ac91adeb729c4f8ceef7d13d16ad
114d6ecba837f2f76a97e31b61e5a1ff5196d1db
537cbff43f4f269d2b492109e4b3e38268f671b386af7b83cfd5e39072d0bfa0

HTTP Headers

GET /adxa.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 181419
last-modified: Tue, 04 Jun 2024 17:17:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CGD1lz12YDbhOE2n1yI2eEJPX%2F2L21MmUi3JwvxKskKT%2F8T1hTuaQluN7D92c3D8tfC3HZNMkwuB438G1Tif%2BhiXM3WaZe6DY%2BvCZhNHNznKz8hi0IVPApxMs9ul2kngZoGL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1689d3256af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

xml.flurryad.com/redirect?feed=437642&auth=qKgbOv&subid=flurryad&query=flurryad&url=flurryad.com

174.137.133.16

302 Found

0 B

URL GET HTTP/1.1
xml.flurryad.com/redirect?feed=437642&auth=qKgbOv&subid=flurryad&query=flurryad&url=flurryad.com
IP
174.137.133.16:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectflurryad.com
Fingerprint1D:1D:69:90:EC:14:8C:A8:62:7B:9C:1C:56:4A:EA:D0:A0:82:8B:45
ValidityMon, 29 Apr 2024 06:46:17 GMT - Sun, 28 Jul 2024 06:46:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=437642&auth=qKgbOv&subid=flurryad&query=flurryad&url=flurryad.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://meetbenjen.com/in/p/?spot_id=808402&cat=25&sub_id=1804254931

smkezc.com/cuclc?aid=14932807365697815861&t=1717702895&s=833686

185.162.85.19

431 B

URL
smkezc.com/cuclc?aid=14932807365697815861&t=1717702895&s=833686
IP
185.162.85.19:0
ASN
#39572 DataWeb Global Group B.V.

File type
HTML document, ASCII text, with very long lines (431), with no line terminators
Size
431 B (431 bytes)
Hash
da215cf224c5d20833d10d3ad9ec2dfb
f442c95cd64084e749f4bd5b72f164629394b57b
1968ab924be15ac5a62bb0ef983ce295ae218f114e6535a2952388d41dede8b3

HTTP Headers

GET /cuclc?aid=14932807365697815861&t=1717702895&s=833686 HTTP/1.1
Host: smkezc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://cus.news24.media/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 302 Found
server: nginx/1.18.0
date: Thu, 06 Jun 2024 19:41:35 GMT
content-type: text/html; charset=utf-8
content-length: 431
location: https://ceigix.com/fp.html?rid=14932807365697815861_2&sd=aHR0cHM6Ly9zbWtlemMuY29t&ru=aHR0cHM6Ly9ycGxuZDc0LmNvbS9yb3RhdG9yLzY2Mi8zMzMzLzJmMWVlZWFmYzFjMWFhMGJhMDY4NTkwNGNmYWRhNDk1Lz9jbGlja19pZD1hMl8xNDkzMjgwNzM2NTY5NzgxNTg2MV81NzcyOTZfMl8wJnN1YjE9YTU3NzI5NiZzdWIyPSR7c3ViMn0mc3ViMz0ke3N1YjN9JmZ1bGxzY3JlZW49MQ==
X-Firefox-Spdy: h2

xml.eximdigital.com/redirect?feed=647204&auth=AiH31G&subid=eximdigitalbis1&query=eximdigitalbis1&url=eximdigital1.com

173.239.53.22

200 OK

0 B

URL GET HTTP/1.1
xml.eximdigital.com/redirect?feed=647204&auth=AiH31G&subid=eximdigitalbis1&query=eximdigitalbis1&url=eximdigital1.com
IP
173.239.53.22:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjecteximdigital.com
FingerprintD0:C3:5E:17:CF:08:9A:64:A8:AD:DA:D7:38:33:1F:91:3A:29:6E:AB
ValiditySat, 27 Apr 2024 06:37:39 GMT - Fri, 26 Jul 2024 06:37:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=647204&auth=AiH31G&subid=eximdigitalbis1&query=eximdigitalbis1&url=eximdigital1.com HTTP/1.1
Host: xml.eximdigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

xml.adxfactory.com/redirect?feed=470039&auth=iR4kYN&subid=adx&query=adx&url=adxfactory.com

173.239.53.17

302 Found

0 B

URL GET HTTP/1.1
xml.adxfactory.com/redirect?feed=470039&auth=iR4kYN&subid=adx&query=adx&url=adxfactory.com
IP
173.239.53.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectadxfactory.com
FingerprintD9:B5:CC:E8:5D:7F:DB:8F:C9:8C:01:36:19:D5:C8:90:26:0F:1B:42
ValidityMon, 22 Apr 2024 06:36:41 GMT - Sun, 21 Jul 2024 06:36:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=470039&auth=iR4kYN&subid=adx&query=adx&url=adxfactory.com HTTP/1.1
Host: xml.adxfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://u-11999.topduppy.info/api/rtb-pops/go?id=3069522170916610&sig=3430d7c72c244bdbe31db05f11467f&u=aHR0cHM6Ly9yaWNodG9tYXRvcy5jb20vaW4vcD9zcG90X2lkPTU3NDUxNiZjYXQ9MjUmc3ViX2lkPTE4NjI2OTY3MjI%3D

xml.rtbfactory.com/redirect?feed=538479&auth=yKffhA&subid=rtb&query=rtb&url=rtbfactory.com

173.239.53.18

302 Found

0 B

URL GET HTTP/1.1
xml.rtbfactory.com/redirect?feed=538479&auth=yKffhA&subid=rtb&query=rtb&url=rtbfactory.com
IP
173.239.53.18:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectrtbfactory.com
Fingerprint78:24:9B:3E:6A:EF:94:08:E7:AE:E7:91:4D:C7:2C:61:52:EF:30:DA
ValiditySat, 04 May 2024 06:40:22 GMT - Fri, 02 Aug 2024 06:40:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=538479&auth=yKffhA&subid=rtb&query=rtb&url=rtbfactory.com HTTP/1.1
Host: xml.rtbfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: x3329573=2014671883; Domain=.rtbfactory.com
Cache-Control: no-store
Location: https://filter.rtbfactory.com/filter?q=rtb&i=nCVMEPOrz48_0&ci=-4388342974507353047&t=1460401629

xml.flurryad.com/redirect?feed=480555&auth=NJW4rQ&subid=flurry1&query=flurry1&url=flurryad.com

174.137.133.16

302 Found

0 B

URL GET HTTP/1.1
xml.flurryad.com/redirect?feed=480555&auth=NJW4rQ&subid=flurry1&query=flurry1&url=flurryad.com
IP
174.137.133.16:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectflurryad.com
Fingerprint1D:1D:69:90:EC:14:8C:A8:62:7B:9C:1C:56:4A:EA:D0:A0:82:8B:45
ValidityMon, 29 Apr 2024 06:46:17 GMT - Sun, 28 Jul 2024 06:46:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=480555&auth=NJW4rQ&subid=flurry1&query=flurry1&url=flurryad.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://meetbenjen.com/in/p/?spot_id=818548&cat=25&sub_id=1445607428

serveur-minecraft.com/730

104.26.11.195

403 Forbidden

7.0 kB

URL GET HTTP/2
serveur-minecraft.com/730
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type
HTML document, ASCII text, with very long lines (15537), with no line terminators
Size
7.0 kB (6975 bytes)
Hash
9da4943892a64ea94124d8a8b967b0ff
2b4955e7f96923d0b0a2b69ccd76febea95e887b
dfbfa316acf2fdf91e4b7022bc706943f5ac6de3c5ba53772a13aba143caa14d

HTTP Headers

GET /730 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:35 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 0ji1U2HtVYwQsyvyOP+lWQKZiMNxMVwECRU4FvEANpF/hDvi8JCNO3DO7R2UP6XXLWy4Z3sZnNqs/emfr/+jZFEbQ5IPKTJaB3RBlS4ed8dUb8e6tWiZPNb1NuXfwv6Y7djEWJvJhSheOL7WUS5xIg==$ubUuYNhAy8Uj+sTmd+A2IQ==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OZKu5Ezrtrvuusk0xOtRMqy0YOYTmxq0IKwVB19OEZijVtKNNERcwowZm2HmU3Idp2T49SbrEiXK2QnRWQ3YHETN0woailvNAJDV%2BFIlqgIQ0y18avWZTMFRI8lngBdMQFfrNGF1qA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1779b4456b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

xml.adflyer.media/redirect?feed=554839&auth=kUyNIH&subid=adf&query=adf&url=adflyer.media

174.137.133.17

302 Found

0 B

URL GET HTTP/1.1
xml.adflyer.media/redirect?feed=554839&auth=kUyNIH&subid=adf&query=adf&url=adflyer.media
IP
174.137.133.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectadflyer.media
FingerprintD3:0F:01:68:69:2E:2F:BB:06:D0:88:D3:8D:C0:00:7E:79:16:CE:1A
ValidityThu, 18 Apr 2024 06:36:36 GMT - Wed, 17 Jul 2024 06:36:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=554839&auth=kUyNIH&subid=adf&query=adf&url=adflyer.media HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://t4.lowtid.com/o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=XfST1P1PXO8_0&s=621006_554839

click.mediacpc.com/redirect?feed=441597&auth=K62AKr&subid=mediamain&query=main&url=media.com

174.137.133.18

200 OK

0 B

URL GET HTTP/1.1
click.mediacpc.com/redirect?feed=441597&auth=K62AKr&subid=mediamain&query=main&url=media.com
IP
174.137.133.18:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectmediacpc.com
Fingerprint48:45:39:98:2A:E1:04:9F:C6:EF:EC:81:26:CD:FA:18:CF:99:85:8C
ValidityThu, 11 Apr 2024 06:39:47 GMT - Wed, 10 Jul 2024 06:39:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=441597&auth=K62AKr&subid=mediamain&query=main&url=media.com HTTP/1.1
Host: click.mediacpc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:36 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

xml.eximdigital.com/redirect?feed=553310&auth=LU3rE4&subid=eximdigital&query=eximdigital&url=eximdigital.com

173.239.53.22

302 Found

0 B

URL GET HTTP/1.1
xml.eximdigital.com/redirect?feed=553310&auth=LU3rE4&subid=eximdigital&query=eximdigital&url=eximdigital.com
IP
173.239.53.22:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjecteximdigital.com
FingerprintD0:C3:5E:17:CF:08:9A:64:A8:AD:DA:D7:38:33:1F:91:3A:29:6E:AB
ValiditySat, 27 Apr 2024 06:37:39 GMT - Fri, 26 Jul 2024 06:37:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=553310&auth=LU3rE4&subid=eximdigital&query=eximdigital&url=eximdigital.com HTTP/1.1
Host: xml.eximdigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:36 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://becast.onionlive.workers.dev/

thenetwork18.net/direct.html

188.114.96.1

200 OK

1.1 kB

URL GET HTTP/2
thenetwork18.net/direct.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
1.1 kB (1069 bytes)
Hash
7011dc3ea1cd14d27ea128fafdeb0c2e
af9248d60eb222f833cb0be9631b9fbf700b74d5
e1299d6623a11523bb47ecd7435508d0e5540fff7edaa57bb18a01850e3489c1

HTTP Headers

GET /direct.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 176585
last-modified: Tue, 04 Jun 2024 18:38:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DyTn6O%2FzTrtMU5TocwMbuFDrMHlNbzHv0j2qck0zMEOKOy5skhY0C%2FOg4BK1TNES4U0i%2BJmk3JcnvYlAIw1f1l8RCH%2BdzikS%2BHex9zcO1x7pzOH4s%2BX%2FoUZtIH5CwSQ2cDXL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1634be956c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

thenetwork18.net/adtu3.html

188.114.96.1

200 OK

167 B

URL GET HTTP/3
thenetwork18.net/adtu3.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
167 B (167 bytes)
Hash
271cfd56c612c4fd596fbd7af102e955
1593f065492d3b367986cb09786b493dacf9c0ba
a57fa6d0a5385633daa1107c50874e299c27faffbe61db174eac2927ae9dd3d2

HTTP Headers

GET /adtu3.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 176595
last-modified: Tue, 04 Jun 2024 18:38:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nuvj4uCUJFDs4nMFJlCJS242qC3szOgUMAGr3ipNAwqJcZ2P1dNGy0%2F3MxyeFVdJsZnNueMcbAk7aNcKytiM%2BtSj%2FA5ObNiutDLwBCQ8t76syc2UL0b1NwV%2BLcYK98nGuhX7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae169dd66568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

xml.infinity-info.com/redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com

174.137.133.16

200 OK

0 B

URL GET HTTP/1.1
xml.infinity-info.com/redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com
IP
174.137.133.16:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGlobalSign nv-sa
Subject*.infinity-info.com
FingerprintA4:5F:10:F6:9C:72:06:B9:1C:6F:A9:87:5A:BE:07:61:F2:4F:B3:36
ValidityWed, 26 Jul 2023 11:21:50 GMT - Mon, 26 Aug 2024 11:21:49 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=441157&auth=lxC8VR&subid=infinitymain&query=best+deals&url=infinity-info.com HTTP/1.1
Host: xml.infinity-info.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:36 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

xml.eximdigital.com/redirect?feed=647203&auth=EC06VD&subid=eximdigitala1&query=eximdigitala1&url=eximdigital1.com

173.239.53.22

302 Found

0 B

URL GET HTTP/1.1
xml.eximdigital.com/redirect?feed=647203&auth=EC06VD&subid=eximdigitala1&query=eximdigitala1&url=eximdigital1.com
IP
173.239.53.22:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjecteximdigital.com
FingerprintD0:C3:5E:17:CF:08:9A:64:A8:AD:DA:D7:38:33:1F:91:3A:29:6E:AB
ValiditySat, 27 Apr 2024 06:37:39 GMT - Fri, 26 Jul 2024 06:37:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=647203&auth=EC06VD&subid=eximdigitala1&query=eximdigitala1&url=eximdigital1.com HTTP/1.1
Host: xml.eximdigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:36 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://animewatch.onionlive.workers.dev/

xml.clixvista.com/redirect?feed=536488&auth=j6mN1x&subid=clixvista&query=clixvista&url=clixvista.com

198.134.116.28

200 OK

0 B

URL GET HTTP/1.1
xml.clixvista.com/redirect?feed=536488&auth=j6mN1x&subid=clixvista&query=clixvista&url=clixvista.com
IP
198.134.116.28:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectclixvista.com
FingerprintCA:9F:0E:8F:3E:E1:00:82:06:2E:88:6C:69:60:8F:31:1E:77:43:6D
ValiditySun, 19 May 2024 06:38:26 GMT - Sat, 17 Aug 2024 06:38:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=536488&auth=j6mN1x&subid=clixvista&query=clixvista&url=clixvista.com HTTP/1.1
Host: xml.clixvista.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:36 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

syndication.realsrv.com/vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLpt4dtvDtq49fXTj6589dlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPxw5dOXTXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59ePfx258tcDdrFMDFcE0ufnp16eevXhrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nx3cAdvXXPYzHBU.5SvSxW5n34a57GY4Kn3KV2rKaXJWsMwUTtbTEk7ED0q7VlNLkrWGaJ4Gty9p9iV5xeuZeexmOCp9ynPhu88uWty9p9iV5xeuZeVyu6amLPjrYbXrwncz58dbs1MjFeeuBuVyu6amLPjramslrpwXmpgeglYjzKLO1v11zr3ruzU3MUtuNruzU564G56Zm7Gq12mK3HpqcM.PjXPTA1BK8vJM25Hn41v11z1Z8ddTVLjkq9LlU0dlcE0ueuypyleBvPhrspjXfYqfzaYd8tOc.3Hhwcd6M.G2G2vLHR3s6537uNO64JJ6XKqoJpV6q2K7Ks.OuCSelyqqCaVeCW1iOBtelxiqaXPhrpcdcpcpXqgrcXfmqrlYkczuu8bnppm9tdLDcEr25qaTWw2zHM1Fnw1wNzOuuU58NcDcbErcEry87DzmfDXbA25Mu5a5LXnrcppmpambcz1wNtsVsNOS1uU58tcDbTFNMDlK9U1lLTmfDXLNU1TBPXnw1wStTPSwVzLyTNuZ8NdblVa8kzbmfDXS49BNKu85NKxI4vA3nw1z0zX4L1VsV2VZ7eOuBudimuVynPhragrwXecmlYkcXgbz58enPl06a5XK2GrIK8F56Zr8F68J3M9crlbDVkFeC89M1.C7blTVME9cE0uethtmOZqJe1ynPXBJPS5VVBNKuxHGvBLaxHA2vS4xVNLVnw11WM8s.Guqxnnnw11NUwT1r14TuZ66mqYJ615WJHM9dTVME9a9rlOetmma6pyle1ynPhrtpz4a4Ja3KZWI8.GuWZd2yVurPhrgbpcqnmlqgtcXjYwmsrz4a4G5LI64MZpXM.GtyRiCNeCqfPhrqapgnrXbcrYgjz7a6mqYJ617XKaoJpc.OuBthu1ymuCpyldhtevCdzPlx1wNz0zX4Z8NcDcrld01MS9eE7mfHXA20xJOxA9KvXhO5nw101srwS2uS1zU4LwN566a2V4JbXJa5qcF5WJHM9cTmC9rEdji_HPhricwXtYjscX5Z8NcTmC9rEdji_PPhricwXtYjscX6Z8NcTmC9rEdji_XPhricwXtYjscX7Z8NcTmC9rEdji_fPhricwXtYjscX8Z8NcTmC9rEdji_nPhricwXtYjscX48M.Gu2yyBvPj349._Dl488.PLv389u3bp27duXHg42x08dW9dcEjlVbEk.fHvx79.HLx5562ppooHGppanJa8.M-

95.211.229.245

200 OK

20 B

URL GET HTTP/1.1
syndication.realsrv.com/vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLpt4dtvDtq49fXTj6589dlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPxw5dOXTXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59ePfx258tcDdrFMDFcE0ufnp16eevXhrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nx3cAdvXXPYzHBU.5SvSxW5n34a57GY4Kn3KV2rKaXJWsMwUTtbTEk7ED0q7VlNLkrWGaJ4Gty9p9iV5xeuZeexmOCp9ynPhu88uWty9p9iV5xeuZeVyu6amLPjrYbXrwncz58dbs1MjFeeuBuVyu6amLPjramslrpwXmpgeglYjzKLO1v11zr3ruzU3MUtuNruzU564G56Zm7Gq12mK3HpqcM.PjXPTA1BK8vJM25Hn41v11z1Z8ddTVLjkq9LlU0dlcE0ueuypyleBvPhrspjXfYqfzaYd8tOc.3Hhwcd6M.G2G2vLHR3s6537uNO64JJ6XKqoJpV6q2K7Ks.OuCSelyqqCaVeCW1iOBtelxiqaXPhrpcdcpcpXqgrcXfmqrlYkczuu8bnppm9tdLDcEr25qaTWw2zHM1Fnw1wNzOuuU58NcDcbErcEry87DzmfDXbA25Mu5a5LXnrcppmpambcz1wNtsVsNOS1uU58tcDbTFNMDlK9U1lLTmfDXLNU1TBPXnw1wStTPSwVzLyTNuZ8NdblVa8kzbmfDXS49BNKu85NKxI4vA3nw1z0zX4L1VsV2VZ7eOuBudimuVynPhragrwXecmlYkcXgbz58enPl06a5XK2GrIK8F56Zr8F68J3M9crlbDVkFeC89M1.C7blTVME9cE0uethtmOZqJe1ynPXBJPS5VVBNKuxHGvBLaxHA2vS4xVNLVnw11WM8s.Guqxnnnw11NUwT1r14TuZ66mqYJ615WJHM9dTVME9a9rlOetmma6pyle1ynPhrtpz4a4Ja3KZWI8.GuWZd2yVurPhrgbpcqnmlqgtcXjYwmsrz4a4G5LI64MZpXM.GtyRiCNeCqfPhrqapgnrXbcrYgjz7a6mqYJ617XKaoJpc.OuBthu1ymuCpyldhtevCdzPlx1wNz0zX4Z8NcDcrld01MS9eE7mfHXA20xJOxA9KvXhO5nw101srwS2uS1zU4LwN566a2V4JbXJa5qcF5WJHM9cTmC9rEdji_HPhricwXtYjscX5Z8NcTmC9rEdji_PPhricwXtYjscX6Z8NcTmC9rEdji_XPhricwXtYjscX7Z8NcTmC9rEdji_fPhricwXtYjscX8Z8NcTmC9rEdji_nPhricwXtYjscX48M.Gu2yyBvPj349._Dl488.PLv389u3bp27duXHg42x08dW9dcEjlVbEk.fHvx79.HLx5562ppooHGppanJa8.M-
IP
95.211.229.245:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectrealsrv.com
FingerprintD6:E9:CF:67:58:14:C0:E8:FF:A6:F9:E4:10:41:F9:BF:03:93:4D:1B
ValidityTue, 30 Apr 2024 07:54:23 GMT - Mon, 29 Jul 2024 07:54:22 GMT

File type
gzip compressed data, max speed, from Unix
Size
20 B (20 bytes)
Hash
a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf

HTTP Headers

GET /vregister.php?a=vview&tracking_event=progress&progress=00:00:10.000&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLpt4dtvDtq49fXTj6589dlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPxw5dOXTXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59ePfx258tcDdrFMDFcE0ufnp16eevXhrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nx3cAdvXXPYzHBU.5SvSxW5n34a57GY4Kn3KV2rKaXJWsMwUTtbTEk7ED0q7VlNLkrWGaJ4Gty9p9iV5xeuZeexmOCp9ynPhu88uWty9p9iV5xeuZeVyu6amLPjrYbXrwncz58dbs1MjFeeuBuVyu6amLPjramslrpwXmpgeglYjzKLO1v11zr3ruzU3MUtuNruzU564G56Zm7Gq12mK3HpqcM.PjXPTA1BK8vJM25Hn41v11z1Z8ddTVLjkq9LlU0dlcE0ueuypyleBvPhrspjXfYqfzaYd8tOc.3Hhwcd6M.G2G2vLHR3s6537uNO64JJ6XKqoJpV6q2K7Ks.OuCSelyqqCaVeCW1iOBtelxiqaXPhrpcdcpcpXqgrcXfmqrlYkczuu8bnppm9tdLDcEr25qaTWw2zHM1Fnw1wNzOuuU58NcDcbErcEry87DzmfDXbA25Mu5a5LXnrcppmpambcz1wNtsVsNOS1uU58tcDbTFNMDlK9U1lLTmfDXLNU1TBPXnw1wStTPSwVzLyTNuZ8NdblVa8kzbmfDXS49BNKu85NKxI4vA3nw1z0zX4L1VsV2VZ7eOuBudimuVynPhragrwXecmlYkcXgbz58enPl06a5XK2GrIK8F56Zr8F68J3M9crlbDVkFeC89M1.C7blTVME9cE0uethtmOZqJe1ynPXBJPS5VVBNKuxHGvBLaxHA2vS4xVNLVnw11WM8s.Guqxnnnw11NUwT1r14TuZ66mqYJ615WJHM9dTVME9a9rlOetmma6pyle1ynPhrtpz4a4Ja3KZWI8.GuWZd2yVurPhrgbpcqnmlqgtcXjYwmsrz4a4G5LI64MZpXM.GtyRiCNeCqfPhrqapgnrXbcrYgjz7a6mqYJ617XKaoJpc.OuBthu1ymuCpyldhtevCdzPlx1wNz0zX4Z8NcDcrld01MS9eE7mfHXA20xJOxA9KvXhO5nw101srwS2uS1zU4LwN566a2V4JbXJa5qcF5WJHM9cTmC9rEdji_HPhricwXtYjscX5Z8NcTmC9rEdji_PPhricwXtYjscX6Z8NcTmC9rEdji_XPhricwXtYjscX7Z8NcTmC9rEdji_fPhricwXtYjscX8Z8NcTmC9rEdji_nPhricwXtYjscX48M.Gu2yyBvPj349._Dl488.PLv389u3bp27duXHg42x08dW9dcEjlVbEk.fHvx79.HLx5562ppooHGppanJa8.M- HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:36 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: 
Access-Control-Allow-Credentials: true
Accept-CH: 
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

ctrtraffic.me/following.html

188.114.96.1

200 OK

173 B

URL GET HTTP/2
ctrtraffic.me/following.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectctrtraffic.me
Fingerprint41:38:F8:F4:61:98:B3:5D:E4:DE:43:4D:62:6A:4F:8B:CF:2F:67:70
ValidityTue, 21 May 2024 17:05:39 GMT - Mon, 19 Aug 2024 17:05:38 GMT

File type
HTML document, ASCII text, with CRLF line terminators
Size
173 B (173 bytes)
Hash
b44b3f1f62aec1bd5372462e0065eda3
adfb0ff8470603b853f6f3b2e5bde94b710f4e1c
5f20ccd81842d410c9b61c59afa0675b5dcbb3a9846f4f085abf1d24563b1390

HTTP Headers

GET /following.html HTTP/1.1
Host: ctrtraffic.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: 877D4A7C:C238_5762B65C:01BB_665F6F9A_43036F89:5793
x-iplb-instance: 51780
cf-cache-status: HIT
age: 172370
last-modified: Tue, 04 Jun 2024 19:48:42 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DN5lFEvmnm6Xp8spWqLCFgcEVsorID0NBkYRm%2FDTY4eebRYc9ZgiFRJRQePB2gIg5ySkefChiZHt%2Fupc6fzJyHMJEyyrAtpDQWoz51xDKyC65xFCOOrBKbzbq%2BNvMOYB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae163ea7ab50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xml.eximdigital.com/redirect?feed=445013&auth=umnz4X&subid=eximdigital&query=eximdigital&url=eximdigital.com

173.239.53.22

302 Found

0 B

URL GET HTTP/1.1
xml.eximdigital.com/redirect?feed=445013&auth=umnz4X&subid=eximdigital&query=eximdigital&url=eximdigital.com
IP
173.239.53.22:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjecteximdigital.com
FingerprintD0:C3:5E:17:CF:08:9A:64:A8:AD:DA:D7:38:33:1F:91:3A:29:6E:AB
ValiditySat, 27 Apr 2024 06:37:39 GMT - Fri, 26 Jul 2024 06:37:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=445013&auth=umnz4X&subid=eximdigital&query=eximdigital&url=eximdigital.com HTTP/1.1
Host: xml.eximdigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:36 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://kv.outheelrelict.com/injYADTshJ0jHhYKc/QrOEQ

xml.eximdigital.com/redirect?feed=445008&auth=AK9QGh&subid=eximdigital&query=eximdigital&url=eximdigital.com

173.239.53.22

302 Found

0 B

URL GET HTTP/1.1
xml.eximdigital.com/redirect?feed=445008&auth=AK9QGh&subid=eximdigital&query=eximdigital&url=eximdigital.com
IP
173.239.53.22:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjecteximdigital.com
FingerprintD0:C3:5E:17:CF:08:9A:64:A8:AD:DA:D7:38:33:1F:91:3A:29:6E:AB
ValiditySat, 27 Apr 2024 06:37:39 GMT - Fri, 26 Jul 2024 06:37:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=445008&auth=AK9QGh&subid=eximdigital&query=eximdigital&url=eximdigital.com HTTP/1.1
Host: xml.eximdigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:36 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://s.optnx.com/cimp.php?data=TVRjeE56Y3dNamc1Tlh4aU1HWmlNR1l5TWpabE5qazRaVFl3WVRFd09XTXpaRGcyWWpjeU1ETXlZUS0tfGh0dHBzOi8vZGVzc2VkY3VyZXNzaW9uLmNvbS84NGZhYWFkNy1kZDc1LTQ4YWYtOTlhMy05NTk0YzQzMjZhNGQ_Y2FtcGlkPTYzMTc4NjAmdmFyaWQ9OTA3NzM0MDQmc291cmNlPWZtbGFicy5jb20ma2V5d29yZD0lJnRhZ3M9ZXhpbWRpZ2l0YWwsY29tJnNpdGVpZD05Nzc3MzQmem9uZWlkPTQ4NDg2NDAmY2F0aWQ9NTExJmNvdW50cnk9Tk9SJmZvcm1hdD0mY29zdD0wLjAwMDEmdGFnPW9wZGROSGRMSFRQSE5WUzRBU09wdHB0cnBsZGRMWlpSVExTNlZ6cXBwblV6T29kTlU2VjBycFhUMVVVMHVvbXBvbnBuZFJOVFJQVFM2VjB6cFhTdWxkSzZaMHJwWFRPb3RycXFvdG10ZHBWVlZYVmJMVlhUTmRuYlpUbmRiWGJMUnhyUFRaVFZZNnVxYXU2dDI2dV85dS5lelpfUjZoX2M1MHJwWFN1bGRLNlYwcnBYU3Vtc21zc2xudHVxYzUwcnBYU3VsZEs2VjBycFhTdWxkcE54ZHhybmJ2cE5WWkxiTHhwcHJkdkxweFZWcFhwTlE0UHN8aHR0cHN8OTEuOTAuNDIuMTU0fE5PUnw0MXxmbWxhYnMuY29tfDg0NDI0NHw4MTA5OTJ8OTc3NzM0fDQ4NDg2NDB8NTExfDYzMTc4NjB8OTA3NzM0MDR8MTV8M3wwfDB8MjUzNDR8NjUxNjk2fDEwfDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8NzR8NHwxfHwzODY1NTM4MTh8YjU1NTY1ODA1NjQxOWE4NzRhOTg2ODAzZmMyNDc0NTd8MXwwfGV4aW1kaWdpdGFsLmNvbXwwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfC0xfDB8MzE0MzI0NHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8fDI0fDd8MHwxfDB8fHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8T0t8ZGM0MGQ1MzZlZWQyNjAyM2M5MzA1YmI4YjA0Yzg2OGU-

votrackmo.com/52b75a1b-47bb-4b14-b811-74b95dbac763?banner=6431045&pubfeed=583790&siteid=608556&cost=0.0001&conversion=xNIoaaAXx0M

54.240.174.102

302 Found

0 B

URL GET HTTP/2
votrackmo.com/52b75a1b-47bb-4b14-b811-74b95dbac763?banner=6431045&pubfeed=583790&siteid=608556&cost=0.0001&conversion=xNIoaaAXx0M
IP
54.240.174.102:443
ASN
#16509 AMAZON-02

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerAmazon
Subjectvotrackmo.com
Fingerprint65:07:44:01:9D:C4:25:93:29:42:5B:1E:0B:30:53:F3:B0:FD:4E:C5
ValidityWed, 24 Apr 2024 00:00:00 GMT - Fri, 23 May 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /52b75a1b-47bb-4b14-b811-74b95dbac763?banner=6431045&pubfeed=583790&siteid=608556&cost=0.0001&conversion=xNIoaaAXx0M HTTP/1.1
Host: votrackmo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-length: 0
location: https://cosmicmos.com/mica?mica=https://clcktrck.com/no/s/red_u_plain.php?t=direct&s=22168&d=dekkonline.com&pub=22168&ctrl_scid=80&ctrl_offerid=6e6f5f64656b6b6f6e6c696e652e636f6d&ctrl_offerid=6e6f5f64656b6b6f6e6c696e652e636f6d&ctrl_aff=noc&ctrl_aff=noc&ctrl_vol_oid=15f3bb87-ed0c-414c-9e16-f5e748f53e66&uid=wiaar2tidks0p3r1jralllc8
date: Thu, 06 Jun 2024 19:41:37 GMT
server: nginx
cache-control: no-store, no-cache, pre-check=0, post-check=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
set-cookie: 52b75a1b-47bb-4b14-b811-74b95dbac763-v4=B8BYSkt5nVGE9DrfNJpRhx7vCtEc8M3cW5PKctsgImQ; Max-Age=86400; Expires=Fri, 07-Jun-2024 19:41:37 GMT; Domain=votrackmo.com; Path=/; Secure; HttpOnly;SameSite=None
voluum-cid-v4=%7B%22cid%22%3A%22wiaar2tidks0p3r1jralllc8%22%2C%22caid%22%3A%2252b75a1b-47bb-4b14-b811-74b95dbac763%22%7D; Max-Age=31536000; Expires=Fri, 06-Jun-2025 19:41:37 GMT; Domain=votrackmo.com; Path=/; Secure; HttpOnly;SameSite=None
x-cache: Miss from cloudfront
via: 1.1 09ae414c9d6c5323d5147457ada70ec6.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: yHnSlhxHYUgVqr6cPFOn_a5HNAJe_n_Z-U-s1qFIrOwF8DabBnQNYw==
X-Firefox-Spdy: h2

xml.clixvista.com/redirect?feed=536493&auth=cZSlEi&subid=clixvistaa&query=clixvistaa&url=clixvista.com

198.134.116.28

200 OK

0 B

URL GET HTTP/1.1
xml.clixvista.com/redirect?feed=536493&auth=cZSlEi&subid=clixvistaa&query=clixvistaa&url=clixvista.com
IP
198.134.116.28:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectclixvista.com
FingerprintCA:9F:0E:8F:3E:E1:00:82:06:2E:88:6C:69:60:8F:31:1E:77:43:6D
ValiditySun, 19 May 2024 06:38:26 GMT - Sat, 17 Aug 2024 06:38:25 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=536493&auth=cZSlEi&subid=clixvistaa&query=clixvistaa&url=clixvista.com HTTP/1.1
Host: xml.clixvista.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:37 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

osfultrbriolenai.info/redirect?tid=1038172

108.157.229.24

302 Found

0 B

URL GET HTTP/2
osfultrbriolenai.info/redirect?tid=1038172
IP
108.157.229.24:443
ASN
#16509 AMAZON-02

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerAmazon
Subjectosfultrbriolenai.info
FingerprintE8:90:AE:34:1B:B2:20:2B:58:74:F4:F0:E3:EC:1D:7A:0F:D5:9E:42
ValidityWed, 24 Jan 2024 00:00:00 GMT - Fri, 21 Feb 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?tid=1038172 HTTP/1.1
Host: osfultrbriolenai.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://mgcrs.fp3eo.com?feedid=pp103&subid=1038172&uuid=46831d53-1867-4eba-9db0-200f0f81d78d&ep=MEUOQA7H375SFFRAHWCSV5JN3UQ4WEDNPRX54ZWX727TUO5ZUFT7MGC2FGXVEAPL6WDHJYOYDPWHDUOS3IWOGJD5YWOMCVWAJROFPFPPPUHXVGYP6NTCRO2WJFAMKNBBT6DREMYA7QRLEJSULLG2IQK5RIZXBD5H2KPUEYWPPLJSLUWLQP37CO7R2Z6XAQIZN5UB7DXO2KLW5KPSH26IT6BY4SZOIRG6S7JF4HSNEBTR2WXK5HGGTHNOSZOILOPOF4F4ZHC6BPTMPKC63C5GGMK7BRPBS2WQI4WGNFXRXQHQ63SUTLM4OLFI5KITWKFUBQHWOFQCYNIWY6PUJEZ7LSBJVE6UH7WDR5DXJ5DHYXWVFXJP24QQNI3MTOGDR55PNMNNXICV63ETXT5PICJOQW2R65JWRXBWZ445W5YF5N4K67J4OZ346OUZGII642R4WYR4HNQUWKKKIVNNEKCN24BM5GAZI2RLYJYG6BWNPMELWGVPXXTCJD3ZUDRP323JOI3NXHM6R7G7QOL4GOWOPJKNMXS4EO2ALPN2A27MVYCWY3FHFXJAEIZNRST2XQM6HML73HHI4WHFXSHIOQI2QIWFKSCWLOQS2ZA3C6MP6VQ5IXJJTZBXL6PY6QKTPLDIAZS2USYTRNI4VK5YWGUHJB2QIV3RYM7RJNR3N7LYPQIH7GKUHQN3GKCZUXBIWM6KE27KVED2XCTA5SDIXGFW5IAJSKR3T3JA2WAOUAVQQCNZ55AWLWUHZOVSGL4WJLDY4HUY35HGQ7DPJFXB62JYZXBPMWNX5L7JC5DMZRMVA2EWXF5ABBDXZQLOK7VHBCRFVL5GNKH63P3F63LRNIJ62QS3YAKWMGEHGEQGUCSCNRK2MNY7PAFPER4L5LA5RIAOFL4ARWRBPWOSKPCSW6ZHYAUIMEQHPUKJ5W4B2YLDTGWYHQYXIMMRAR4PU7HOGZK3IZD5XB5T76GK4NR4VULGO6PBDG2JI3CSISBTE67KXQJOCR2LXL2LEG5Z5B6NL5MBD7EKKHAHGNWHSNUUJYEF4TPCXDL5W2G6I52IVB47R62SP2K5YVAYF5DQDXIYB35CS3U7H2KVQQQ7ERCF22D3MELSSWEJQO76TYVYY2E2FBZPDFZCQIQYGIG4B5DVYVABSGXKWMIFYB3PPC2FQE67SE7IEIUG35CZBNBCQOAHWL4YXGDUBUF33IHUK2HX5WMGJLY7AUJ2DIR3D2GNPKGU4W6KONGVRVBZN5ULCGBIPCI6NYSSQWGCKTRFXWZ5NUNRVFOKNFEBD4DDFKHDJCTSVMJWLUUWKALFBOSGCRTPDHIIFVOVJS4XYMOU4DXAXWZLFTHLT6G4AVIAOFB5PD5ZVYRUT2FKQEQQ5TYRQXGGNVP3VSN4N23GQ3DG43OQNAYHJW5GHEJ5UUOIUH2JVGSPMBZH7KC44CY726RMS3H4NMFMW3NWMQ7MDGFP2ZA4QEE2DHBUYWOSDBLUPB7D5QEJC5QILAT3CRK4FQG5UABIWANVST3CH5SIQ356I7GIR56OJUSVIHPDBBMWT2GT4SN3FY7DXMHIJPEBHAAS2YMWHOCHSSQNCWIDI4BHYFAGASRW5BRD4SOESTZXWLEO3ESRFGLFPPCIV33VFFR3BA426WGP7AXZDWJHZ23PSCU5WVJKRIO2FJSYZPKTBOVEH6RLNCGNLKUPAKSNYNXBQX4O3YWZI3GIPCQDWFMHSZTGZVTUSYN6STC6PAOGAEBBGXULXQZTFMD6QXXBES73EGXPHLY24YU24P6H3LQQRUXFSYCVCTPKQTYLPHRQ6OD3WFEYSKFM7GYUMBQLBP5DYJXUFNG3NMHJ73NSXT6U5GSZT3UT77IYMYBNFI57TLG566NST4FCIIGRT67F2X7ZKYMEOL6XB2TBUIZLK4QCDDWFWQGSKB6CVFIBBZILS4ZPYABGCYPPBGIBSQZAIWKLLFSKHIQL5QSOLXQ5RLUZVVYP5SW75EKXY52K3ZSK6DXAA62V2XL3KLUQFCNOYEE42OT6ZS2V3TCSGZVXBWOGS7AWTSO5ZTR2CIOD6NY4ZN6E6UW7CFRCNY4NPPQL4OUM7USOFCRE5V56WT62DQIPN3NIZ4FOWZEZBP3EYZNSY%3D%3D%3D
date: Thu, 06 Jun 2024 19:41:37 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=56dcf0fa-5782-4bf3-8276-b344c1cdfb82
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List
x-cache: Miss from cloudfront
via: 1.1 ff51bc3614c373d274030fe4ca1a34fc.cloudfront.net (CloudFront)
x-amz-cf-pop: ARN56-P2
x-amz-cf-id: KhNFL0AoMCxUV2BoPIlXnN88adAxjBLoaC2LrZCM3aBKBQctOJzqlA==
X-Firefox-Spdy: h2

www.yahoo.com/

87.248.119.251

307 Temporary Redirect

0 B

URL GET HTTP/2
www.yahoo.com/
IP
87.248.119.251:443
ASN
#203220 Yahoo-UK Limited

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerDigiCert Inc
Subject*.fantasysports.yahoo.com
FingerprintF3:6A:4E:6C:29:1F:F3:08:47:C0:5F:A2:7F:D3:D5:C0:01:B5:B7:3F
ValidityThu, 30 May 2024 00:00:00 GMT - Wed, 17 Jul 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: www.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww8.good-trading.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 307 Temporary Redirect
date: Thu, 06 Jun 2024 19:41:37 GMT
strict-transport-security: max-age=31536000
server: ATS
cache-control: no-store
content-type: text/html; charset=utf-8
content-language: en
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
location: https://guce.yahoo.com/consent?brandType=nonEu&gcrumb=VVLbWlI&done=https%3A%2F%2Fwww.yahoo.com%2F
set-cookie: GUCS=AVVS21pS; Max-Age=1800; Domain=.yahoo.com; Path=/; Secure
content-security-policy: frame-ancestors 'self' https://*.builtbygirls.com https://*.rivals.com https://*.engadget.com https://*.intheknow.com https://*.autoblog.com https://*.techcrunch.com https://*.yahoo.com https://*.aol.com https://*.huffingtonpost.com https://*.oath.com https://*.search.yahoo.com https://*.pnr.ouryahoo.com https://pnr.ouryahoo.com https://*.search.aol.com https://*.search.huffpost.com https://*.onesearch.com https://*.verizonmedia.com https://*.publishing.oath.com https://*.autoblog.com; sandbox allow-forms allow-same-origin allow-scripts allow-popups allow-popups-to-escape-sandbox allow-presentation; report-uri https://csp.yahoo.com/beacon/csp?src=ats&site=news&region=US&lang=en-US&device=desktop&yrid=6o9nr8tivmg0j&partner=;
content-length: 0
X-Firefox-Spdy: h2

filter.rtbfactory.com/filter?q=rtb&i=nCVMEPOrz48_0&ci=-4388342974507353047&t=1460401629

173.239.53.18

200 OK

13 kB

URL GET HTTP/1.1
filter.rtbfactory.com/filter?q=rtb&i=nCVMEPOrz48_0&ci=-4388342974507353047&t=1460401629
IP
173.239.53.18:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectrtbfactory.com
Fingerprint78:24:9B:3E:6A:EF:94:08:E7:AE:E7:91:4D:C7:2C:61:52:EF:30:DA
ValiditySat, 04 May 2024 06:40:22 GMT - Fri, 02 Aug 2024 06:40:21 GMT

File type
HTML document, ASCII text, with very long lines (524)
Size
13 kB (12909 bytes)
Hash
b554dcd0986b2717e2e6cc83325c01a6
93063bf6532aa669bd01689e63f6e9a900e16622
21d203254ff62a46fb2eb6b7b2ce4b74f7b216304592cbb99d647429821aa9c3

HTTP Headers

GET /filter?q=rtb&i=nCVMEPOrz48_0&ci=-4388342974507353047&t=1460401629 HTTP/1.1
Host: filter.rtbfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:37 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12909
Connection: keep-alive
Referrer-Policy: unsafe-url
Cache-Control: no-store
Set-Cookie: c-429458061=-2014671883
x3329573=2014671883; Domain=.rtbfactory.com

s.optnx.com/cimp.php?data=TVRjeE56Y3dNamc1Tlh4aU1HWmlNR1l5TWpabE5qazRaVFl3WVRFd09XTXpaRGcyWWpjeU1ETXlZUS0tfGh0dHBzOi8vZGVzc2VkY3VyZXNzaW9uLmNvbS84NGZhYWFkNy1kZDc1LTQ4YWYtOTlhMy05NTk0YzQzMjZhNGQ_Y2FtcGlkPTYzMTc4NjAmdmFyaWQ9OTA3NzM0MDQmc291cmNlPWZtbGFicy5jb20ma2V5d29yZD0lJnRhZ3M9ZXhpbWRpZ2l0YWwsY29tJnNpdGVpZD05Nzc3MzQmem9uZWlkPTQ4NDg2NDAmY2F0aWQ9NTExJmNvdW50cnk9Tk9SJmZvcm1hdD0mY29zdD0wLjAwMDEmdGFnPW9wZGROSGRMSFRQSE5WUzRBU09wdHB0cnBsZGRMWlpSVExTNlZ6cXBwblV6T29kTlU2VjBycFhUMVVVMHVvbXBvbnBuZFJOVFJQVFM2VjB6cFhTdWxkSzZaMHJwWFRPb3RycXFvdG10ZHBWVlZYVmJMVlhUTmRuYlpUbmRiWGJMUnhyUFRaVFZZNnVxYXU2dDI2dV85dS5lelpfUjZoX2M1MHJwWFN1bGRLNlYwcnBYU3Vtc21zc2xudHVxYzUwcnBYU3VsZEs2VjBycFhTdWxkcE54ZHhybmJ2cE5WWkxiTHhwcHJkdkxweFZWcFhwTlE0UHN8aHR0cHN8OTEuOTAuNDIuMTU0fE5PUnw0MXxmbWxhYnMuY29tfDg0NDI0NHw4MTA5OTJ8OTc3NzM0fDQ4NDg2NDB8NTExfDYzMTc4NjB8OTA3NzM0MDR8MTV8M3wwfDB8MjUzNDR8NjUxNjk2fDEwfDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8NzR8NHwxfHwzODY1NTM4MTh8YjU1NTY1ODA1NjQxOWE4NzRhOTg2ODAzZmMyNDc0NTd8MXwwfGV4aW1kaWdpdGFsLmNvbXwwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfC0xfDB8MzE0MzI0NHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8fDI0fDd8MHwxfDB8fHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8T0t8ZGM0MGQ1MzZlZWQyNjAyM2M5MzA1YmI4YjA0Yzg2OGU-

95.211.229.245

200 OK

1.4 kB

URL GET HTTP/1.1
s.optnx.com/cimp.php?data=TVRjeE56Y3dNamc1Tlh4aU1HWmlNR1l5TWpabE5qazRaVFl3WVRFd09XTXpaRGcyWWpjeU1ETXlZUS0tfGh0dHBzOi8vZGVzc2VkY3VyZXNzaW9uLmNvbS84NGZhYWFkNy1kZDc1LTQ4YWYtOTlhMy05NTk0YzQzMjZhNGQ_Y2FtcGlkPTYzMTc4NjAmdmFyaWQ9OTA3NzM0MDQmc291cmNlPWZtbGFicy5jb20ma2V5d29yZD0lJnRhZ3M9ZXhpbWRpZ2l0YWwsY29tJnNpdGVpZD05Nzc3MzQmem9uZWlkPTQ4NDg2NDAmY2F0aWQ9NTExJmNvdW50cnk9Tk9SJmZvcm1hdD0mY29zdD0wLjAwMDEmdGFnPW9wZGROSGRMSFRQSE5WUzRBU09wdHB0cnBsZGRMWlpSVExTNlZ6cXBwblV6T29kTlU2VjBycFhUMVVVMHVvbXBvbnBuZFJOVFJQVFM2VjB6cFhTdWxkSzZaMHJwWFRPb3RycXFvdG10ZHBWVlZYVmJMVlhUTmRuYlpUbmRiWGJMUnhyUFRaVFZZNnVxYXU2dDI2dV85dS5lelpfUjZoX2M1MHJwWFN1bGRLNlYwcnBYU3Vtc21zc2xudHVxYzUwcnBYU3VsZEs2VjBycFhTdWxkcE54ZHhybmJ2cE5WWkxiTHhwcHJkdkxweFZWcFhwTlE0UHN8aHR0cHN8OTEuOTAuNDIuMTU0fE5PUnw0MXxmbWxhYnMuY29tfDg0NDI0NHw4MTA5OTJ8OTc3NzM0fDQ4NDg2NDB8NTExfDYzMTc4NjB8OTA3NzM0MDR8MTV8M3wwfDB8MjUzNDR8NjUxNjk2fDEwfDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8NzR8NHwxfHwzODY1NTM4MTh8YjU1NTY1ODA1NjQxOWE4NzRhOTg2ODAzZmMyNDc0NTd8MXwwfGV4aW1kaWdpdGFsLmNvbXwwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfC0xfDB8MzE0MzI0NHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8fDI0fDd8MHwxfDB8fHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8T0t8ZGM0MGQ1MzZlZWQyNjAyM2M5MzA1YmI4YjA0Yzg2OGU-
IP
95.211.229.245:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectoptnx.com
Fingerprint4C:79:56:70:DF:A7:AE:B3:DC:F6:3F:C4:AA:4C:A3:98:85:22:D2:4B
ValidityTue, 30 Apr 2024 07:52:49 GMT - Mon, 29 Jul 2024 07:52:48 GMT

File type
HTML document, ASCII text, with very long lines (1960)
Size
1.4 kB (1416 bytes)
Hash
2cd34251565fc9b62dd1ffc6e34877fa
a9c64c155c68b2344d7b67cd060c070f1be98594
79089e3a55094800065f86aa622069d06fbd738f6a20af7a6db9a739f4f7a2d0

HTTP Headers

GET /cimp.php?data=TVRjeE56Y3dNamc1Tlh4aU1HWmlNR1l5TWpabE5qazRaVFl3WVRFd09XTXpaRGcyWWpjeU1ETXlZUS0tfGh0dHBzOi8vZGVzc2VkY3VyZXNzaW9uLmNvbS84NGZhYWFkNy1kZDc1LTQ4YWYtOTlhMy05NTk0YzQzMjZhNGQ_Y2FtcGlkPTYzMTc4NjAmdmFyaWQ9OTA3NzM0MDQmc291cmNlPWZtbGFicy5jb20ma2V5d29yZD0lJnRhZ3M9ZXhpbWRpZ2l0YWwsY29tJnNpdGVpZD05Nzc3MzQmem9uZWlkPTQ4NDg2NDAmY2F0aWQ9NTExJmNvdW50cnk9Tk9SJmZvcm1hdD0mY29zdD0wLjAwMDEmdGFnPW9wZGROSGRMSFRQSE5WUzRBU09wdHB0cnBsZGRMWlpSVExTNlZ6cXBwblV6T29kTlU2VjBycFhUMVVVMHVvbXBvbnBuZFJOVFJQVFM2VjB6cFhTdWxkSzZaMHJwWFRPb3RycXFvdG10ZHBWVlZYVmJMVlhUTmRuYlpUbmRiWGJMUnhyUFRaVFZZNnVxYXU2dDI2dV85dS5lelpfUjZoX2M1MHJwWFN1bGRLNlYwcnBYU3Vtc21zc2xudHVxYzUwcnBYU3VsZEs2VjBycFhTdWxkcE54ZHhybmJ2cE5WWkxiTHhwcHJkdkxweFZWcFhwTlE0UHN8aHR0cHN8OTEuOTAuNDIuMTU0fE5PUnw0MXxmbWxhYnMuY29tfDg0NDI0NHw4MTA5OTJ8OTc3NzM0fDQ4NDg2NDB8NTExfDYzMTc4NjB8OTA3NzM0MDR8MTV8M3wwfDB8MjUzNDR8NjUxNjk2fDEwfDcwfFVTRHxVU0R8MXwxfDIyfHwxfE5PUnx8NzR8NHwxfHwzODY1NTM4MTh8YjU1NTY1ODA1NjQxOWE4NzRhOTg2ODAzZmMyNDc0NTd8MXwwfGV4aW1kaWdpdGFsLmNvbXwwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwzMTQzMjQyfC0xfDB8MzE0MzI0NHx8fDJ8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8fDI0fDd8MHwxfDB8fHwwfDB8MHwwfDB8MHwwfDB8MHwwfDB8T0t8ZGM0MGQ1MzZlZWQyNjAyM2M5MzA1YmI4YjA0Yzg2OGU- HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%22666210f251a8e0.34860742288527511%22%3B%7D; expires=Sat, 06 Jun 2026 19:41:38 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Accept-Ch: Sec-Ch-Ua,Sec-Ch-Ua-Mobile,Sec-Ch-Ua-Full-Version,Sec-Ch-Ua-Full-Version-list,Sec-Ch-Ua-Platform,Sec-Ch-Ua-Platform-Version,Sec-Ch-Ua-Bitness,Sec-Ch-Ua-Arch
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

www.googletagmanager.com/gtag/js?id=G-HJ5MMKB9WK

142.250.74.72

105 kB

URL
www.googletagmanager.com/gtag/js?id=G-HJ5MMKB9WK
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
105 kB (104601 bytes)
Hash
6f09093b7f930e473f6b7058da44e8fb
68683606a7b374a659e2aef31291f1cae36827ad
98f102a2e68ea154885c6c9ed40a424c6b690a6ee904d872e947736187d7337f

HTTP Headers

GET /gtag/js?id=G-HJ5MMKB9WK HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://animewatch.onionlive.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 06 Jun 2024 19:41:38 GMT
expires: Thu, 06 Jun 2024 19:41:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 104601
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

t4.lowtid.com/o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=hy2tPky4lj0_0&s=621006_553006

51.161.115.163

302 Found

0 B

URL GET HTTP/1.1
t4.lowtid.com/o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=hy2tPky4lj0_0&s=621006_553006
IP
51.161.115.163:443
ASN
#16276 OVH SAS

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectburned-koala.landingtrack.com
FingerprintD0:D2:34:45:06:82:3A:FE:D9:C6:8C:F7:AF:B1:F6:04:0F:5E:4C:EC
ValidityWed, 24 Apr 2024 22:35:38 GMT - Tue, 23 Jul 2024 22:35:37 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=hy2tPky4lj0_0&s=621006_553006 HTTP/1.1
Host: t4.lowtid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:38 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 0
Connection: keep-alive
Round: 12sdrz1osp
Raund: 2ql
Location: https://go.savethereef.xyz/redirect?feed=491151&url=t4.lowtid.com&subid=custom_123j1djb25.no.linux.firefox&query=621006_553006&pub_clickid=666210f221ca2506e926fb3a&default_url=https%3A%2F%2Ft5.hightid.com%2Fl.php%3Fp%3Dc%3Ata9_53qhga_rsxmy1%26d%3D63c8043c495b371a0335667c%26s%3Ddu.%7Bpubfeed%7D%26d2%3D%7Breferrer_domain%7D

www.googletagmanager.com/gtag/js?id=UA-119774978-7

142.250.74.72

73 kB

URL
www.googletagmanager.com/gtag/js?id=UA-119774978-7
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
73 kB (72725 bytes)
Hash
ab89bb6563b8e2e655d50b30de701db7
f2c39e9c7bbb130b2c521a5a61d360a38ed97166
ae4c63a2ed68bc9fe85152c8e68a2681f5df36a870003506c82a0e9cdd4e4e58

HTTP Headers

GET /gtag/js?id=UA-119774978-7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://animewatch.onionlive.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 06 Jun 2024 19:41:38 GMT
expires: Thu, 06 Jun 2024 19:41:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 72725
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=UA-119774978-7

142.250.74.72

73 kB

URL
www.googletagmanager.com/gtag/js?id=UA-119774978-7
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (1822)
Size
73 kB (72690 bytes)
Hash
49b7c23e16718098a34271a16ee073ba
a517a7b244784b48f3dad45e0832e2f7922bf4c4
5ff225bce8ea8efa07cc3af787b06c4f76c930328b3b3394f72f718527c3bd95

HTTP Headers

GET /gtag/js?id=UA-119774978-7 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://animewatch.onionlive.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 06 Jun 2024 19:41:38 GMT
expires: Thu, 06 Jun 2024 19:41:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 72690
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

www.googletagmanager.com/gtag/js?id=G-HJ5MMKB9WK

142.250.74.72

104 kB

URL
www.googletagmanager.com/gtag/js?id=G-HJ5MMKB9WK
IP
142.250.74.72:0
ASN
#15169 GOOGLE

File type
JavaScript source, ASCII text, with very long lines (5945)
Size
104 kB (104500 bytes)
Hash
cc1914ef58b90f61a8e003aeb6819939
792f36e52f4ce3617ca6e975ec369d159d99335f
ddcd82ff6435e38f5dce1c16c089c050f59659de414833b2339595d0ad9df4a4

HTTP Headers

GET /gtag/js?id=G-HJ5MMKB9WK HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://animewatch.onionlive.workers.dev/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 06 Jun 2024 19:41:38 GMT
expires: Thu, 06 Jun 2024 19:41:38 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 104500
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

guce.yahoo.com/consent?brandType=nonEu&gcrumb=VVLbWlI&done=https%3A%2F%2Fwww.yahoo.com%2F

34.246.21.121

302 Found

0 B

URL GET HTTP/1.1
guce.yahoo.com/consent?brandType=nonEu&gcrumb=VVLbWlI&done=https%3A%2F%2Fwww.yahoo.com%2F
IP
34.246.21.121:443
ASN
#16509 AMAZON-02

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerDigiCert Inc
Subjectguce.oath.com
Fingerprint2F:DD:80:46:59:94:25:7E:16:92:8A:41:57:EF:0A:73:49:20:DA:A2
ValidityTue, 16 Jan 2024 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /consent?brandType=nonEu&gcrumb=VVLbWlI&done=https%3A%2F%2Fwww.yahoo.com%2F HTTP/1.1
Host: guce.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Connection: keep-alive
Server: guce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Location: https://consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_0507c9f2-a8b3-47d0-841b-bd96b8084c5f
Content-Length: 0
Date: Thu, 06 Jun 2024 19:41:39 GMT

consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_0507c9f2-a8b3-47d0-841b-bd96b8084c5f

52.213.56.248

200 OK

28 kB

URL GET HTTP/1.1
consent.yahoo.com/v2/collectConsent?sessionId=3_cc-session_0507c9f2-a8b3-47d0-841b-bd96b8084c5f
IP
52.213.56.248:443
ASN
#16509 AMAZON-02

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerDigiCert Inc
Subjectconsent.oath.com
FingerprintD8:8F:D3:53:E7:90:AA:C0:0D:5B:CA:F9:0D:21:AA:2F:10:75:AF:8F
ValidityTue, 16 Jan 2024 00:00:00 GMT - Wed, 10 Jul 2024 23:59:59 GMT

File type
HTML document, ASCII text, with very long lines (64999)
Size
28 kB (27534 bytes)
Hash
f4eb6e7e7e4a9bcc4dfb3942a19b7d1e
4e29018276d70442f78368f884adff393d32e87d
d73e64225a1cceb2dde51c52cb1fdc895ef95843171ae61f1b160fe2703bdcb9

HTTP Headers

GET /v2/collectConsent?sessionId=3_cc-session_0507c9f2-a8b3-47d0-841b-bd96b8084c5f HTTP/1.1
Host: consent.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Encoding: gzip
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy-Report-Only: default-src 'none'; block-all-mixed-content; connect-src 'self'; frame-ancestors 'none'; img-src 'self' https://s.yimg.com; media-src 'none'; script-src 'self' 'nonce-eATvtNU/m3ocVea0P7lFQpprAhCXKske' https://s.yimg.com; style-src 'self' 'nonce-eATvtNU/m3ocVea0P7lFQpprAhCXKske' https://s.yimg.com; font-src 'self'; object-src 'none'; frame-src 'none'; report-uri https://csp.yahoo.com/beacon/csp?src=guce
Server: guce
X-XSS-Protection: 1; mode=block
Pragma: no-cache
X-Frame-Options: DENY
Referrer-Policy: strict-origin-when-cross-origin
Date: Thu, 06 Jun 2024 19:41:39 GMT
Connection: keep-alive
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Transfer-Encoding: chunked
Content-Type: text/html;charset=UTF-8

serveur-minecraft.com/2651

104.26.11.195

403 Forbidden

27 kB

URL GET HTTP/2
serveur-minecraft.com/2651
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type
HTML document, ASCII text, with very long lines (15543), with no line terminators
Size
27 kB (27146 bytes)
Hash
0e69b02985d9b197acdb703485e025a7
a4f610bc1c5898f055ba1c8ea5ec4b176ee52390
249d6e55c7cedf9dfa2eaf95debc9048bc4c0eda7455278a205e8545e4e228bb

HTTP Headers

GET /2651 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: V8XcyzhPyuuYMbpFPV+Lk4X8AD9DVxKgbrqYTGen3e/HKyxOAWeYCUi9eamRAg1k3OlTn9ynf0HNRoeIAaLlZalNWwzBENYBw4UDmgco9U9Vx1YEgP2tAyg2W2FM2MTwb6AO70mT4dQSe9//LBt5SA==$3DFRfwIy/+f3+fp8vrjByg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7wVnfT9K59FXsQUYDcj9DwTPdoeupl%2BA9hx3zcuPAEA0BuN9ij9hk37DZcuq68bXgsRLxk1dYXoZtnLCj7RDZ%2BQl9RZZqb%2FyFjQgjh5kn7ejFOAAyfIY%2B8%2BZaD9rpHuz3OsF3kFmkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae190fda756b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

serveur-minecraft.com/940

104.26.11.195

403 Forbidden

6.7 kB

URL GET HTTP/2
serveur-minecraft.com/940
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type
HTML document, ASCII text, with very long lines (15537), with no line terminators
Size
6.7 kB (6678 bytes)
Hash
069c0dce6a30e6e1f796c9c2da321814
76b6597369563085738f18b543e4c6d48e85040b
eb2b018720b23ea1ddf22fbd960630c0d1017797673c54a1b250da21ac80746a

HTTP Headers

GET /940 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: nA18NRiIbEY8riBavGywbFSQ7bW8qQBjg4/tFLc6DBTXcuwjh47OxzQraElu4IWlnNxxqJQ1WSaLKUIEJGq+HupO4xdT8y3KUvjPwUODDdj2Tpp40Ui2RsC+IeB4yZgb6k0Wzo7NAvzgPOwVktCi7A==$r9yLyoGwQaUEUqBXGhP1rA==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kTL4uBMfrJQtMLEK1o69SJ1r1I9MazYq1UEC5GlfTLnvb6mykzzj4glGEBneS8t4ehxTpbGcAt3z4obCTJUaQQNftx1J6EUX%2FN%2F4VQiR7mdPbnLp3E2wyT3pXWaOjWkBNmgQ8gI3zQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae18f9b6f56b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

allotraffic.site/redirect.php

188.114.97.1

200 OK

15 kB

URL GET HTTP/3
allotraffic.site/redirect.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectallotraffic.site
Fingerprint6E:B4:22:78:33:32:7C:61:0A:25:4D:F5:B2:B6:C3:2C:DD:FA:2A:BF
ValidityFri, 19 Apr 2024 08:34:31 GMT - Thu, 18 Jul 2024 08:34:30 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
15 kB (14861 bytes)
Hash
25bf3a8c3d0db2b7b4703455f7392d50
7b55d988ec314e4e21627c381d305e1f4f9ee7e2
a1292dd50c6bb5b83be6c2d22a9ec2407a9c7228a5b67f80b400f58d6fb7a852

HTTP Headers

GET /redirect.php HTTP/1.1
Host: allotraffic.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
referrer-policy: no-referrer
vary: Accept-Encoding
x-request-id: bf547358f4d2d37f11417708de72c2e1
last-modified: Thu, 06 Jun 2024 19:14:59 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 1539
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Ue6ykQbYq7dCSHDv5%2F79agRKqXARAZRfQIfvv52E5SdaHEF6X2a0CFykzo%2F1PfMbGhWw%2F0lcA3kaiG1A4xEreKQLhF0y5u0Y%2Fd%2BQpqv0K7hW8mEHLmrxAfrX3W%2Fa094qNBz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae18fe9fbb523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

allotraffic.site/redirect.php

188.114.97.1

200 OK

8.9 kB

URL GET HTTP/3
allotraffic.site/redirect.php
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectallotraffic.site
Fingerprint6E:B4:22:78:33:32:7C:61:0A:25:4D:F5:B2:B6:C3:2C:DD:FA:2A:BF
ValidityFri, 19 Apr 2024 08:34:31 GMT - Thu, 18 Jul 2024 08:34:30 GMT

File type
HTML document, Unicode text, UTF-8 text
Size
8.9 kB (8865 bytes)
Hash
25bf3a8c3d0db2b7b4703455f7392d50
7b55d988ec314e4e21627c381d305e1f4f9ee7e2
a1292dd50c6bb5b83be6c2d22a9ec2407a9c7228a5b67f80b400f58d6fb7a852

HTTP Headers

GET /redirect.php HTTP/1.1
Host: allotraffic.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
referrer-policy: no-referrer
vary: Accept-Encoding
x-request-id: bf547358f4d2d37f11417708de72c2e1
last-modified: Thu, 06 Jun 2024 19:14:59 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 1539
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dWANL8pgZb5kFgT69LH%2FRa0t4WpT40q65bg92VztzPqy8RGEdZlSrjL7LjHln1dt%2F1xf8t19a%2FlB4UIWDuXT8d6ucyW3NgQmTG9ERIfI3jk2hjm%2FodmpCSrQaZKHK59TpPEI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae18f9965b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

xml.adtube.media/redirect?feed=561765&auth=L0SJGK&subid=adtub2&query=adtub2&url=pubi.com

173.239.53.20

200 OK

0 B

URL GET HTTP/1.1
xml.adtube.media/redirect?feed=561765&auth=L0SJGK&subid=adtub2&query=adtub2&url=pubi.com
IP
173.239.53.20:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectadtube.media
FingerprintF6:CC:18:BD:F3:52:76:9B:A6:F2:68:C5:13:F4:DA:60:65:2B:FE:88
ValidityTue, 07 May 2024 06:37:19 GMT - Mon, 05 Aug 2024 06:37:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=561765&auth=L0SJGK&subid=adtub2&query=adtub2&url=pubi.com HTTP/1.1
Host: xml.adtube.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

serveur-minecraft.com/2996

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/2996
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2996 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: fBkZ9Sd1ZXJ3p3R4QSelnc+56j6P9Nen960wSr5LvORdaKHVfK4KCRWp/MEZAa69YnO5fbDCuTjBLWfv9192wH2CrVhkSBQ5Xc/zYuPby/nRn/12FMiHV92p6ok+cpNG9sxH6ypqw9D2dK9jLCBFSg==$/SEmyaMFzGmvmer2I2CeZA==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8eLgdcGMjZ8hZbAMsJyH2DbidhPD1ZpjIeiW1RgqqnJQ0FuS3oEao0qP3giYlHx0Lk%2B3Xsg%2BWv3RrozpQClUifmaqK3RelqPBGwe%2F%2BFmCT9pj%2FWmQRemAvx2wCOBJTFBbIMZLA8itQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1941b2956b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

xml.adflyer.media/redirect?feed=474231&auth=YyannI&subid=adf&query=adf&url=adflyer.media

174.137.133.17

302 Found

1.8 kB

URL GET HTTP/1.1
xml.adflyer.media/redirect?feed=474231&auth=YyannI&subid=adf&query=adf&url=adflyer.media
IP
174.137.133.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectadflyer.media
FingerprintD3:0F:01:68:69:2E:2F:BB:06:D0:88:D3:8D:C0:00:7E:79:16:CE:1A
ValidityThu, 18 Apr 2024 06:36:36 GMT - Wed, 17 Jul 2024 06:36:35 GMT

File type

Size
1.8 kB (1769 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=474231&auth=YyannI&subid=adf&query=adf&url=adflyer.media HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://animewatch.onionlive.workers.dev/

meetbenjen.com/in/p/?spot_id=818548&cat=25&sub_id=1445607428

109.206.163.116

200 OK

0 B

URL GET HTTP/2
meetbenjen.com/in/p/?spot_id=818548&cat=25&sub_id=1445607428
IP
109.206.163.116:443
ASN
#50245 Serverel Inc.

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectmeetbenjen.com
Fingerprint6F:0E:74:E5:CA:A4:DB:42:D9:1B:66:1B:AB:A6:18:A4:80:FA:E1:32
ValidityTue, 09 Apr 2024 22:46:15 GMT - Mon, 08 Jul 2024 22:46:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/p/?spot_id=818548&cat=25&sub_id=1445607428 HTTP/1.1
Host: meetbenjen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 06 Jun 2024 19:41:36 GMT
content-type: text/html; charset=UTF-8
pragma: no-cache
vary: Accept-Encoding, *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 1095.0=1; expires=Fri, 07 Jun 2024 19:41:38 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

thenetwork18.net/adtub.html

188.114.96.1

200 OK

248 B

URL GET HTTP/3
thenetwork18.net/adtub.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with no line terminators
Size
248 B (248 bytes)
Hash
22a372463f7faf626a65563f672b5935
ffc13ecdf2286ce0826d140bd033225784c54f58
b29a487b7afdab5ab6bb4d8429ea3e3dd041b15e3c4926044dc4f3c04015912b

HTTP Headers

GET /adtub.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 180889
last-modified: Tue, 04 Jun 2024 17:26:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=k9NnCG0ob1nbF2kOQXRsXwyXL0VVcIgrbdAeVeawkL7abXqca7cVorw61QKi%2BbF3QtGSY6qvMaV8sfKTkPnqhvelFZpfAqML0nIRHAflfUT7XDk%2B8aMtPqSEkxUqXcEFkL%2BZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae169dd60568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

meetbenjen.com/in/p/?spot_id=558744&cat=25&sub_id=1614260298

109.206.163.116

200 OK

0 B

URL GET HTTP/2
meetbenjen.com/in/p/?spot_id=558744&cat=25&sub_id=1614260298
IP
109.206.163.116:443
ASN
#50245 Serverel Inc.

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectmeetbenjen.com
Fingerprint6F:0E:74:E5:CA:A4:DB:42:D9:1B:66:1B:AB:A6:18:A4:80:FA:E1:32
ValidityTue, 09 Apr 2024 22:46:15 GMT - Mon, 08 Jul 2024 22:46:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/p/?spot_id=558744&cat=25&sub_id=1614260298 HTTP/1.1
Host: meetbenjen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 06 Jun 2024 19:41:36 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding, *
set-cookie: 1095.0=1; expires=Fri, 07 Jun 2024 19:41:37 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

serveur-minecraft.com/3583

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/3583
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /3583 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 1wU25ilgQ7NRb8VsCXv0qf3Jezi/Dg7uDsWjYt8VqXlq2q2YMuMlYavGHOKc04IMQJgGS8VRCFNP/7V8TLdFCA5WX2kYN1LoK9tPJW95y6dCBvW4v1EHod3+55Fa7JlXJD58P3aSnjYf9OldEBsAlA==$CTAUxzPbWU+WA2bEIM5foQ==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4NqswC8HA%2FY%2FJNI%2FW5WUx%2Bt6%2Bej865eGcJwOuwV3rXM9EdP3N1UqOlGC1R3ibJAC2TzZ%2Futg%2BB9J5O0u1Qanw9wXuDhJp9DgGyVYYNr65Chk1T2G%2F3V5OiOCpt4cgen%2B7qkIHql0yA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae190cd3e56b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

redirect3.online/adx1.html

104.21.55.170

200 OK

236 B

URL GET HTTP/3
redirect3.online/adx1.html
IP
104.21.55.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectredirect3.online
Fingerprint70:1D:49:04:18:5B:85:75:DF:E6:92:91:45:CD:4D:7D:5F:4E:67:73
ValidityWed, 08 May 2024 13:34:26 GMT - Tue, 06 Aug 2024 13:34:25 GMT

File type
HTML document, ASCII text, with no line terminators
Size
236 B (236 bytes)
Hash
898fd06aa56be1636bfcc373523caa25
0e841c2ab4b47eb98e44850239a8406916483589
fef74ad233dc0d80c5bd1b79eb52301c574d2a4f91e4cc10c64a3532ef8cff2c

HTTP Headers

GET /adx1.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 170978
last-modified: Tue, 04 Jun 2024 20:11:54 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IMeaiH6Pb%2FQkshlU6ELP1EKM%2B%2ByNPcaFkXnLRi9AjSPnJQN8fIWfODx8AyLnRGWXf349CxBAkc7Oj2ch%2FWFsNS7KuZ%2BszY1iZNxIaL%2Byk9Kx846ujCwWP9RfBZ92rXgoWBW7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae168cdca56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

serveur-minecraft.com/3612

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/3612
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /3612 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: /bPX7sM8ESHQby1XH6Jab1afomT5YPrD7Tsb/cv8G1OgINIlkLsDzMhNelUPbNmVwEf66ftQBnH5jgxCBhM7r+wF/riuZEwrz1cY6lOljmZ10xPcWI6EscwXhm0yGmI+wwHUwryKA6P+TiAKBA32/A==$xc+Q6arhdQZA3qpEcv+TNQ==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=difCU%2FGVMaL1T6qDjzz2QIYpVwbPnLziOtyMcJ1A6z8ti5D28qOZeSZTzfODgB59u%2ByCykQaBD9cL41yfGZSLyrhFUMmMea882WC0WU799cuF19TjjXZU0iWw3FKYPYHKBPPaaEW2w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae18fdbd056b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

xml.flurryad.com/redirect?feed=486026&auth=kWHJi8&subid=flurry2&query=flurry2&url=flurryad.com

174.137.133.16

200 OK

0 B

URL GET HTTP/1.1
xml.flurryad.com/redirect?feed=486026&auth=kWHJi8&subid=flurry2&query=flurry2&url=flurryad.com
IP
174.137.133.16:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectflurryad.com
Fingerprint1D:1D:69:90:EC:14:8C:A8:62:7B:9C:1C:56:4A:EA:D0:A0:82:8B:45
ValidityMon, 29 Apr 2024 06:46:17 GMT - Sun, 28 Jul 2024 06:46:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=486026&auth=kWHJi8&subid=flurry2&query=flurry2&url=flurryad.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

serveur-minecraft.com/2919

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/2919
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2919 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: jHXbKkZXEl2Czkv98kQWwfd8ygMGmlhDLqgiqROg5wIPO/HSOTE1sWdmoVxEndy7pvkAOq1u7Cm3xHjBuucyPFrJBsQyFQihAgwimCYNbgVvqAtW3ZAsPkSQl20MKn0U/L5VaLKzOj7+Dvrmnpb2AQ==$aemwnGHyGS3nzPQIFfbS+g==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=al9D3hHjuINAlXZhdUqyJDiw0CFVrPJ4XIhAz3I9LVh0jGhGvyc9Xfuz0pisJcBYBHibzf15P4%2BZ4zkOqY4DqJwyCyq3BWYSH1J2sPqQb7NCG51kaRInnjGnD6R%2BW%2F4K5YF8wjryGA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1904c9f56b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

thenetwork18.net/adfa1.html

188.114.96.1

200 OK

250 B

URL GET HTTP/3
thenetwork18.net/adfa1.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with no line terminators
Size
250 B (250 bytes)
Hash
969729c58d5430327cc15790a7848844
e08d56b856761d5bfcf8f43dc5f3ac50f7604d4d
40f3364c2d76eff4509797e6f2c5cd84e6b1e4a7f53cb1e7c0b01d38e9c4f2f0

HTTP Headers

GET /adfa1.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 180890
last-modified: Tue, 04 Jun 2024 17:26:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZqFU8ccl9U2vkDK1dZPhuZJRvQZvihzUQRyYL1dWy7%2FQlgN1yzdNmacDQ%2B7T18mW05GKrcR%2B8nnNgGTnrQnJtdiYefjVhf8Sg%2B9pOXzPw7LLViz50E3eyjZKFKeHYQENxu3q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1697cbc568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

xml.clickmi.net/redirect?feed=487259&auth=Phj71x&subid=clickmi&query=clickmi&url=clickmi.net

174.137.133.17

200 OK

0 B

URL GET HTTP/1.1
xml.clickmi.net/redirect?feed=487259&auth=Phj71x&subid=clickmi&query=clickmi&url=clickmi.net
IP
174.137.133.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectclickmi.net
Fingerprint84:4C:C8:7F:CD:1E:78:38:96:CA:39:AE:C4:6A:A6:23:AA:64:AA:96
ValidityMon, 29 Apr 2024 06:43:34 GMT - Sun, 28 Jul 2024 06:43:33 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=487259&auth=Phj71x&subid=clickmi&query=clickmi&url=clickmi.net HTTP/1.1
Host: xml.clickmi.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

meetbenjen.com/in/p/?spot_id=818548&cat=25&sub_id=1445607428

109.206.163.116

200 OK

0 B

URL GET HTTP/2
meetbenjen.com/in/p/?spot_id=818548&cat=25&sub_id=1445607428
IP
109.206.163.116:443
ASN
#50245 Serverel Inc.

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectmeetbenjen.com
Fingerprint6F:0E:74:E5:CA:A4:DB:42:D9:1B:66:1B:AB:A6:18:A4:80:FA:E1:32
ValidityTue, 09 Apr 2024 22:46:15 GMT - Mon, 08 Jul 2024 22:46:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/p/?spot_id=818548&cat=25&sub_id=1445607428 HTTP/1.1
Host: meetbenjen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 06 Jun 2024 19:41:36 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding, *
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
set-cookie: 1095.0=1; expires=Fri, 07 Jun 2024 19:41:37 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

meetbenjen.com/in/p/?spot_id=818548&cat=25&sub_id=1445607428

109.206.163.116

200 OK

0 B

URL GET HTTP/2
meetbenjen.com/in/p/?spot_id=818548&cat=25&sub_id=1445607428
IP
109.206.163.116:443
ASN
#50245 Serverel Inc.

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectmeetbenjen.com
Fingerprint6F:0E:74:E5:CA:A4:DB:42:D9:1B:66:1B:AB:A6:18:A4:80:FA:E1:32
ValidityTue, 09 Apr 2024 22:46:15 GMT - Mon, 08 Jul 2024 22:46:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/p/?spot_id=818548&cat=25&sub_id=1445607428 HTTP/1.1
Host: meetbenjen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 06 Jun 2024 19:41:36 GMT
content-type: text/html; charset=UTF-8
pragma: no-cache
vary: Accept-Encoding, *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 1095.0=1; expires=Fri, 07 Jun 2024 19:41:36 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

sub.votreimc.com/adzgameadu.html

172.67.222.136

200 OK

252 B

URL GET HTTP/2
sub.votreimc.com/adzgameadu.html
IP
172.67.222.136:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectvotreimc.com
FingerprintA0:63:D6:21:9B:BF:4E:4B:16:71:5E:18:72:C2:54:E2:91:00:77:82
ValidityMon, 20 May 2024 01:52:50 GMT - Sun, 18 Aug 2024 01:52:49 GMT

File type
HTML document, ASCII text, with no line terminators
Size
252 B (252 bytes)
Hash
e67247a64e651f2ed1eabd0fcc743331
b4df8634b2200e575aef7ca47b25fa8ac594f901
f8582309c5526c62c9099f284d757675ec0f1f1802ef48a6916000a16e293254

HTTP Headers

GET /adzgameadu.html HTTP/1.1
Host: sub.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: A29EDE66:5A9A_91EF25A2:0050_665F3E41_22E8E:74A1
x-iplb-instance: 52360
cf-cache-status: HIT
age: 185003
last-modified: Tue, 04 Jun 2024 16:18:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aDwzWoy%2BGpGCR%2FifUS2ymOsLQQXZYXxpYpgvf1h9S33dcqrqVUJWXQ436ZNNBKG01hKzqQ3TxIsB1Kz9qK1B2ltERfPPuMF2sSQ%2B6gzXEe34A8ZOEaB6okbnbw335c3gJcEA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae164c8b956be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xml.eximdigital.com/redirect?feed=647202&auth=6SL1vm&subid=eximdigital1&query=eximdigital1&url=eximdigital1.com

173.239.53.22

200 OK

0 B

URL GET HTTP/1.1
xml.eximdigital.com/redirect?feed=647202&auth=6SL1vm&subid=eximdigital1&query=eximdigital1&url=eximdigital1.com
IP
173.239.53.22:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjecteximdigital.com
FingerprintD0:C3:5E:17:CF:08:9A:64:A8:AD:DA:D7:38:33:1F:91:3A:29:6E:AB
ValiditySat, 27 Apr 2024 06:37:39 GMT - Fri, 26 Jul 2024 06:37:38 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=647202&auth=6SL1vm&subid=eximdigital1&query=eximdigital1&url=eximdigital1.com HTTP/1.1
Host: xml.eximdigital.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:36 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

serveur-minecraft.com/1666

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/1666
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1666 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: FKQ6M4iHsDud6+Y6DtR1jRoVIFqC7MZzYGzIqJMPCeOyR+kfKvalt8XQgPuoks6AXY6QMyrpUJS0D4WDcR9+TMqnhPyEKsGEP4A1cXntKU5EY/u2Tx9G+tS8Ywmwa2dR9kWRs2W02QAyRvZ3QX8sWQ==$RBr2ApgVeDRnr2gG55MPeA==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sshp8Z9Dy168vBMi75MVyICs8E0hfx9TQl%2FsRYHQU7obe3eMig1zRJwTIWuh680TWdh9yj%2B2gNMeeeizfurHjYX6JMEofOoPxtZvsAcye4IWvzo%2F9n%2FjehK7ttvpsHgnevSr2D8D2A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1901c4b56b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

meetbenjen.com/in/p/?spot_id=558744&cat=25&sub_id=1614260298

109.206.163.116

200 OK

0 B

URL GET HTTP/2
meetbenjen.com/in/p/?spot_id=558744&cat=25&sub_id=1614260298
IP
109.206.163.116:443
ASN
#50245 Serverel Inc.

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectmeetbenjen.com
Fingerprint6F:0E:74:E5:CA:A4:DB:42:D9:1B:66:1B:AB:A6:18:A4:80:FA:E1:32
ValidityTue, 09 Apr 2024 22:46:15 GMT - Mon, 08 Jul 2024 22:46:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/p/?spot_id=558744&cat=25&sub_id=1614260298 HTTP/1.1
Host: meetbenjen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 06 Jun 2024 19:41:36 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding, *
set-cookie: 1095.0=1; expires=Fri, 07 Jun 2024 19:41:37 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

ww8.good-trading.com/index.php?good-j&f=265753

188.114.96.1

200 OK

19 kB

URL GET HTTP/2
ww8.good-trading.com/index.php?good-j&f=265753
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ads34.name/?country=no&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectgood-trading.com
Fingerprint59:DD:2C:C9:13:23:AC:32:93:BB:CF:20:AD:72:38:9F:17:4D:33:6E
ValiditySat, 13 Apr 2024 23:06:54 GMT - Fri, 12 Jul 2024 23:06:53 GMT

File type

Size
19 kB (18694 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /index.php?good-j&f=265753 HTTP/1.1
Host: ww8.good-trading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ads34.name/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:31 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/8.2
expires: Sun, 01 Jan 2014 00:00:00 GMT
pragma: no-cache
cache-control: no-cache, must-revalidate
referrer-policy: origin
set-cookie: goodtrading=1; expires=Fri, 07 Jun 2024 19:41:31 GMT; Max-Age=86400; path=/; domain=good-trading.com
vary: Accept-Encoding
x-iplb-request-id: A29EDEE5:569C_91EF25A2:0050_666210EB_64413:48D3
x-iplb-instance: 52295
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SW4PybZn9t%2BKRv9rbxCxYpmWI2j2L47z%2F8TBzIVGB7%2FGoNXJ9uMQEmNW65cmIrf1DDiYWLaCgPtmslUuUAv3SLB%2BztShK3Jtt%2B8h0x%2FTicPL9oq%2FlJ5Wcpfkk0uNu9ZmnCrSL2%2BVAw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae161ac45b523-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sub.votreimc.com/eximdigitala.html

172.67.222.136

200 OK

266 B

URL GET HTTP/2
sub.votreimc.com/eximdigitala.html
IP
172.67.222.136:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectvotreimc.com
FingerprintA0:63:D6:21:9B:BF:4E:4B:16:71:5E:18:72:C2:54:E2:91:00:77:82
ValidityMon, 20 May 2024 01:52:50 GMT - Sun, 18 Aug 2024 01:52:49 GMT

File type
HTML document, ASCII text, with no line terminators
Size
266 B (266 bytes)
Hash
c0174d001a22a4947b403b62f5721551
e6c2938dc00a11ee8d97cbd6db44cdcf28a24261
0326eb11805a6e7e5ac8382f2440fa5db5a1c4660e4f09779d807aadba8ea874

HTTP Headers

GET /eximdigitala.html HTTP/1.1
Host: sub.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: A29EDE47:5328_91EF25A2:0050_665F4E53_6FD1A:68EB
x-iplb-instance: 52324
cf-cache-status: HIT
age: 180889
last-modified: Tue, 04 Jun 2024 17:26:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6MNdZ5ZpGvNZLO8b0V3aC1kcScw2OOO4aKWVPjsyL96IAwrpqibmkR8r854f6cG8NtpIcTShAjZwlFLhnJAfAeAOPCxwoQxlJ%2F5Bm2yw6adADUqB2903xdQYYDGWiGidINj9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae16549ef56be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sub.votreimc.com/eximdigitalbis.html

172.67.222.136

200 OK

270 B

URL GET HTTP/2
sub.votreimc.com/eximdigitalbis.html
IP
172.67.222.136:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectvotreimc.com
FingerprintA0:63:D6:21:9B:BF:4E:4B:16:71:5E:18:72:C2:54:E2:91:00:77:82
ValidityMon, 20 May 2024 01:52:50 GMT - Sun, 18 Aug 2024 01:52:49 GMT

File type
HTML document, ASCII text, with no line terminators
Size
270 B (270 bytes)
Hash
3eb3ddf2f259df8450d2d7ff04cc4485
a445013109b692643382d88ed1c7dfd9b349e1ce
abf40691c6be352b0bf749c04a163908e6153e903c7bd370c7730a684f16345b

HTTP Headers

GET /eximdigitalbis.html HTTP/1.1
Host: sub.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: A29EDE45:B9C8_91EF25A2:0050_665F5F23_C6B66:3E4B
x-iplb-instance: 52360
cf-cache-status: HIT
age: 176585
last-modified: Tue, 04 Jun 2024 18:38:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aNmgIIWkHSJ4s6nDawtr1BPw1BPMpbacM0N2wpdYaR8cjfWYKRdapbEwU5dn%2BUwKOpKjoXF0ruNhnHbyvCgEvAAYXlGiev4P7V8Jo4rAeWIKKGMM5YCXHBUBFJINUiIqC1xe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1655a0956be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

serveur-minecraft.com/662

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/662
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /662 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:35 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: hOShsjgqTUL96DbALwOVV3WTl7nmFBAfOw+XYl08wQFM1ijPA89Wzk3WpLQZrekNUCW6vhbvZtimEDio7eQkXqonX8Md14J+WpZDbQJFnDJD0AZDCVnSH8T18cB+dbLgRSiOw3S4sTmwvl0t7+p8jA==$H7DBYbMbjYPfn53XuWStKA==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sROZiyQqFsiFkmNGJ2hXHqKNuIriQx10gREzUAZBzdR33mS8hNdwrtB%2FXaGKhXAgnDFkTJKGlK%2BNUZrncWBY5rrIWoofc9hN08diNVWtia5dvaUddTP38ZGfD4U%2Bui%2BsJdJU%2FCNk9g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae177ebbf56b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

xml.rtbfactory.com/redirect?feed=637931&auth=qGwRRI&subid=rtb1&query=rtb1&url=rtb.com

173.239.53.18

200 OK

0 B

URL GET HTTP/1.1
xml.rtbfactory.com/redirect?feed=637931&auth=qGwRRI&subid=rtb1&query=rtb1&url=rtb.com
IP
173.239.53.18:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectrtbfactory.com
Fingerprint78:24:9B:3E:6A:EF:94:08:E7:AE:E7:91:4D:C7:2C:61:52:EF:30:DA
ValiditySat, 04 May 2024 06:40:22 GMT - Fri, 02 Aug 2024 06:40:21 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=637931&auth=qGwRRI&subid=rtb1&query=rtb1&url=rtb.com HTTP/1.1
Host: xml.rtbfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

serveur-minecraft.com/259

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/259
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /259 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: dGa7mZNnYL4w4zwyE7Z+vXcP+6Z45PViTgjqepSUUjxuuMKoPG3dyfviUO1GHnn5kDkBcuFn0BXd/c4VH3c3jlGoM93Nspi3cwJm6p6YDwjxbZ4EzUZraqyJjgmnb+yx6MxoZql5ZmyXNZeSZrnFdg==$SE5upJc0m0b6HzgkZUQurg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PszonwBj5xNkgbMllKIKFpWvBImC9Ucn4KxGDTc4BvwJy0NMU3bAa8iMZ6L0yMoT2G49dUkTjSI6X7vfke%2F9akUex5AU5RJwhVrYcJsuP4DZpPp2C342SD58i7qPInt%2BtWNxF3E6ug%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1913e1656b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

thenetwork18.net/trackif1.html

188.114.96.1

200 OK

261 B

URL GET HTTP/2
thenetwork18.net/trackif1.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with no line terminators
Size
261 B (261 bytes)
Hash
d415faa0e67e7d73aa58eb5a0de51e09
a65b6e12d07f23f68b5e1b17020674b2912c86cb
7f0bf35d75c98364d89368e05c1f7664a32631d32a2d137d5e19fc23e3021da1

HTTP Headers

GET /trackif1.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 25054
last-modified: Thu, 06 Jun 2024 12:43:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uQDTSJhn0%2FG%2FhcyuZSs2ZZuRbffaj2sOZTPrxMLSZvO3vxS62OcF9%2F%2B6nlflWhhBpzpp%2FoCGgguJ%2FcsSrZCaVtqU5zexRHsISHnbq%2BJR5fcTd0jJuPonb9uphibGLJocUj2D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1638c4c56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

thenetwork18.net/adtub2.html

188.114.96.1

200 OK

246 B

URL GET HTTP/3
thenetwork18.net/adtub2.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with no line terminators
Size
246 B (246 bytes)
Hash
a1facf031a5a63332cecc6dd21c24af2
e7046cb2e87aa10a8a6f5d0e3d8189c16044d7f1
e41730d1f83151f2257c584c2af837c0d9d3d0dee430a8322cc7fdaf60a36b63

HTTP Headers

GET /adtub2.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 180889
last-modified: Tue, 04 Jun 2024 17:26:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CGzCOhejjCOjk61ukBXtX8bh2XqMdWKIScz9cIlB2fXdVpSwTywrg%2FIlGSnQzNAIfe9TRrV1c2DYbTiQ2SeiNNVITJwBruoIOTx3HIGe8maalpLIlKwBvlmMHbwPTZoNIi9M"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae169dd63568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

animewatch.onionlive.workers.dev/

172.67.141.108

200 OK

1.8 kB

URL GET HTTP/2
animewatch.onionlive.workers.dev/
IP
172.67.141.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectonionlive.workers.dev
Fingerprint47:76:5D:C5:12:3C:C2:68:72:9E:1E:79:C9:B5:09:72:24:11:B4:C0
ValidityThu, 02 May 2024 00:33:08 GMT - Wed, 31 Jul 2024 00:33:07 GMT

File type
HTML document, ASCII text, with very long lines (1795), with no line terminators
Size
1.8 kB (1769 bytes)
Hash
9dc1e04cc7affd8cf80ad5feefa89210
4c11c71a6f83138bd24602a1c996ad82364573b1
654082713403f7d1acc1d1fdfb9fca90222fd0a411be1fb02f64e973cdf054b5

HTTP Headers

GET / HTTP/1.1
Host: animewatch.onionlive.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:35 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TtsuBt%2Flhmy1huWCCI95CW2Qk1ScF6J9l7PLehjYJW3VVMMq9uLh5cL0YdCEfpiEFF1C5J4rsc8PIF%2FnS4lDB7c9ODD7MQEC9fq8rlFZ28UTzwge%2BjP6J%2FHhwtwEUXV07CPC9Um516VMb6O30HjOCNNVjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1780ca55693-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

syndication.realsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLpt4dtvDtq49fXTj6589dlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPxw5dOXTXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59ePfx258tcDdrFMDFcE0ufnp16eevXhrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nx3cAdvXXPYzHBU.5SvSxW5n34a57GY4Kn3KV2rKaXJWsMwUTtbTEk7ED0q7VlNLkrWGaJ4Gty9p9iV5xeuZeexmOCp9ynPhu88uWty9p9iV5xeuZeVyu6amLPjrYbXrwncz58dbs1MjFeeuBuVyu6amLPjramslrpwXmpgeglYjzKLO1v11zr3ruzU3MUtuNruzU564G56Zm7Gq12mK3HpqcM.PjXPTA1BK8vJM25Hn41v11z1Z8ddTVLjkq9LlU0dlcE0ueuypyleBvPhrspjXfYqfzaYd8tOc.3Hhwcd6M.G2G2vLHR3s6537uNO64JJ6XKqoJpV6q2K7Ks.OuCSelyqqCaVeCW1iOBtelxiqaXPhrpcdcpcpXqgrcXfmqrlYkczuu8bnppm9tdLDcEr25qaTWw2zHM1Fnw1wNzOuuU58NcDcbErcEry87DzmfDW5e41ZXBNKvXBI5nw3cOOuBttithpyWtynPlrgbaYppgcpXqmspacz4a5ZqmqYJ68.GuCVqZ6WCuZeSZtzPhrrcqrXkmbcz4a6XHoJpV3nJpWJHF4G8.Guema_BeqtiuyrPbx1wNzsU1yuU58NbUFeC7zk0rEji8DefPj058unTXK5Ww1ZBXgvPTNfgvXhO5nrlcrYasgrwXnpmvwXbcqapgnrgmlz1sNsxzNRL2uU564JJ6XKqoJpV2I414JbWI4G16XGKppas.Guqxnlnw11WM88.GupqmCetevCdzPXU1TBPWvKxI5nrqapgnrXtcpz1s0zXVOUr2uU58NdtOfDXBLW5TKxHnw1yzLu2St1Z8NcDdLlU80tUFri8bGE1lefDXA3JZHXBjNK5nw1uSMQRrwVT58NdTVME9a7blbEEefbXU1TBPWva5TVBNLnx1wNsN2uU1wVOUrsNr14TuZ8uOuBuema_DPhrgblcrumpiXrwncz464G2mJJ2IHpV68J3M.GumtleCW1yWuanBeBvPXTWyvBLa5LXNTgvKxI5nricwXtYjscX458NcTmC9rEdji_LPhricwXtYjscX558NcTmC9rEdji_TPhricwXtYjscX658NcTmC9rEdji_bPhricwXtYjscX758NcTmC9rEdji_jPhricwXtYjscX858NcTmC9rEdji_Hhnw1tNyr2VMPOZ9uXTprZspjz12VOUrtMTzwSvZ67KnKV2mJ54JXl3aXKLHJWsM9dtlkDefHvx79.HLx558.nDhy6cuXHt27cuPBxtjo31a11wSOVVsST58e_Hv34cvHnnrammigcamlqclrz4w

95.211.229.245

200 OK

0 B

URL GET HTTP/1.1
syndication.realsrv.com/vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLpt4dtvDtq49fXTj6589dlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPxw5dOXTXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59ePfx258tcDdrFMDFcE0ufnp16eevXhrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nx3cAdvXXPYzHBU.5SvSxW5n34a57GY4Kn3KV2rKaXJWsMwUTtbTEk7ED0q7VlNLkrWGaJ4Gty9p9iV5xeuZeexmOCp9ynPhu88uWty9p9iV5xeuZeVyu6amLPjrYbXrwncz58dbs1MjFeeuBuVyu6amLPjramslrpwXmpgeglYjzKLO1v11zr3ruzU3MUtuNruzU564G56Zm7Gq12mK3HpqcM.PjXPTA1BK8vJM25Hn41v11z1Z8ddTVLjkq9LlU0dlcE0ueuypyleBvPhrspjXfYqfzaYd8tOc.3Hhwcd6M.G2G2vLHR3s6537uNO64JJ6XKqoJpV6q2K7Ks.OuCSelyqqCaVeCW1iOBtelxiqaXPhrpcdcpcpXqgrcXfmqrlYkczuu8bnppm9tdLDcEr25qaTWw2zHM1Fnw1wNzOuuU58NcDcbErcEry87DzmfDW5e41ZXBNKvXBI5nw3cOOuBttithpyWtynPlrgbaYppgcpXqmspacz4a5ZqmqYJ68.GuCVqZ6WCuZeSZtzPhrrcqrXkmbcz4a6XHoJpV3nJpWJHF4G8.Guema_BeqtiuyrPbx1wNzsU1yuU58NbUFeC7zk0rEji8DefPj058unTXK5Ww1ZBXgvPTNfgvXhO5nrlcrYasgrwXnpmvwXbcqapgnrgmlz1sNsxzNRL2uU564JJ6XKqoJpV2I414JbWI4G16XGKppas.Guqxnlnw11WM88.GupqmCetevCdzPXU1TBPWvKxI5nrqapgnrXtcpz1s0zXVOUr2uU58NdtOfDXBLW5TKxHnw1yzLu2St1Z8NcDdLlU80tUFri8bGE1lefDXA3JZHXBjNK5nw1uSMQRrwVT58NdTVME9a7blbEEefbXU1TBPWva5TVBNLnx1wNsN2uU1wVOUrsNr14TuZ8uOuBuema_DPhrgblcrumpiXrwncz464G2mJJ2IHpV68J3M.GumtleCW1yWuanBeBvPXTWyvBLa5LXNTgvKxI5nricwXtYjscX458NcTmC9rEdji_LPhricwXtYjscX558NcTmC9rEdji_TPhricwXtYjscX658NcTmC9rEdji_bPhricwXtYjscX758NcTmC9rEdji_jPhricwXtYjscX858NcTmC9rEdji_Hhnw1tNyr2VMPOZ9uXTprZspjz12VOUrtMTzwSvZ67KnKV2mJ54JXl3aXKLHJWsM9dtlkDefHvx79.HLx558.nDhy6cuXHt27cuPBxtjo31a11wSOVVsST58e_Hv34cvHnnrammigcamlqclrz4w
IP
95.211.229.245:443
ASN
#60781 LeaseWeb Netherlands B.V.

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectrealsrv.com
FingerprintD6:E9:CF:67:58:14:C0:E8:FF:A6:F9:E4:10:41:F9:BF:03:93:4D:1B
ValidityTue, 30 Apr 2024 07:54:23 GMT - Mon, 29 Jul 2024 07:54:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /vregister.php?a=vimp&tracking_event=impression&idzone=3981938&2f0c2af9d35a1a2cdde21db2fe9eb7be=tsVuZ8uHLpt4dtvDtq49fXTj6589dlTlK8E.fnju88N3Tlu49emtqayWunDMos7XA3GxK9Yw85n0466oK3F35qq5WJHM2G7I65JmYI3K6WHXYGtzU0muBthu1ymuCpynPxw5dOXTXA3PYzHBU.5Tn34dOnPprgbqgrcz8d.vnj41wN4zSuZ8_Pjj55.NcDbTFbj01OGfXh41wNtMSTsQPS59ePfx258tcDdrFMDFcE0ufnp16eevXhrgbmqz49dcDbNM11TlOfPXA225bA05nw1wNtMU0wOU58NcDcFU.fLrz6dNdVjOfDXaxHY5nx3cAdvXXPYzHBU.5SvSxW5n34a57GY4Kn3KV2rKaXJWsMwUTtbTEk7ED0q7VlNLkrWGaJ4Gty9p9iV5xeuZeexmOCp9ynPhu88uWty9p9iV5xeuZeVyu6amLPjrYbXrwncz58dbs1MjFeeuBuVyu6amLPjramslrpwXmpgeglYjzKLO1v11zr3ruzU3MUtuNruzU564G56Zm7Gq12mK3HpqcM.PjXPTA1BK8vJM25Hn41v11z1Z8ddTVLjkq9LlU0dlcE0ueuypyleBvPhrspjXfYqfzaYd8tOc.3Hhwcd6M.G2G2vLHR3s6537uNO64JJ6XKqoJpV6q2K7Ks.OuCSelyqqCaVeCW1iOBtelxiqaXPhrpcdcpcpXqgrcXfmqrlYkczuu8bnppm9tdLDcEr25qaTWw2zHM1Fnw1wNzOuuU58NcDcbErcEry87DzmfDW5e41ZXBNKvXBI5nw3cOOuBttithpyWtynPlrgbaYppgcpXqmspacz4a5ZqmqYJ68.GuCVqZ6WCuZeSZtzPhrrcqrXkmbcz4a6XHoJpV3nJpWJHF4G8.Guema_BeqtiuyrPbx1wNzsU1yuU58NbUFeC7zk0rEji8DefPj058unTXK5Ww1ZBXgvPTNfgvXhO5nrlcrYasgrwXnpmvwXbcqapgnrgmlz1sNsxzNRL2uU564JJ6XKqoJpV2I414JbWI4G16XGKppas.Guqxnlnw11WM88.GupqmCetevCdzPXU1TBPWvKxI5nrqapgnrXtcpz1s0zXVOUr2uU58NdtOfDXBLW5TKxHnw1yzLu2St1Z8NcDdLlU80tUFri8bGE1lefDXA3JZHXBjNK5nw1uSMQRrwVT58NdTVME9a7blbEEefbXU1TBPWva5TVBNLnx1wNsN2uU1wVOUrsNr14TuZ8uOuBuema_DPhrgblcrumpiXrwncz464G2mJJ2IHpV68J3M.GumtleCW1yWuanBeBvPXTWyvBLa5LXNTgvKxI5nricwXtYjscX458NcTmC9rEdji_LPhricwXtYjscX558NcTmC9rEdji_TPhricwXtYjscX658NcTmC9rEdji_bPhricwXtYjscX758NcTmC9rEdji_jPhricwXtYjscX858NcTmC9rEdji_Hhnw1tNyr2VMPOZ9uXTprZspjz12VOUrtMTzwSvZ67KnKV2mJ54JXl3aXKLHJWsM9dtlkDefHvx79.HLx558.nDhy6cuXHt27cuPBxtjo31a11wSOVVsST58e_Hv34cvHnnrammigcamlqclrz4w HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:34 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: 
Access-Control-Allow-Credentials: true
Accept-CH: 
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

serveur-minecraft.com/999

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/999
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /999 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:35 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: xi6jFYvX2nInXMoEd2gnlLvm0reW7dfqieW3k4p3lJZdzXJzH1qHAIZoaYhutHRIo3nb7k08iUL3WhnUkPFZwLcYq/yGpHHTepYPIWCRigRIG1ZV/+GH91LMJnfsd2Ywh8tIyo6sjAXhLkYejBEE+Q==$FPkMdIlsLs/7FCI1ma90Fg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w1TA07Va4e9elhAXyd6fAl3NoaubZ%2BrAbFx0AuIVcTpVe8BJstkkd9p0IStI%2BVwSnLSp8m1PjVltrKUX9Tgp9%2BSTa1BnbYUO2plRJHloqzUUFK1UA%2BjjDnLNjC5twDOqxN8y8CTkag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1777b1456b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

glaidekeemp.net/4/7218943/

139.45.197.242

200 OK

0 B

URL GET HTTP/2
glaidekeemp.net/4/7218943/
IP
139.45.197.242:443
ASN
#9002 RETN Limited

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectglaidekeemp.net
Fingerprint2B:62:66:07:B3:F1:C4:1C:F3:D6:54:28:CC:B1:E2:AE:47:05:C0:67
ValidityMon, 25 Mar 2024 13:08:24 GMT - Sun, 23 Jun 2024 13:08:23 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4/7218943/ HTTP/1.1
Host: glaidekeemp.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.s2movies.pro/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 06 Jun 2024 19:41:37 GMT
content-type: text/html; charset=utf8
x-trace-id: 64618382273e08ffba98f61d94813ede
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00807337ccc14278e25d6150b36ea0af; expires=Fri, 06 Jun 2025 19:41:37 GMT; path=/; secure; SameSite=None
oaidts=1717702897; expires=Fri, 06 Jun 2025 19:41:37 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

xml.flurryad.com/redirect?feed=480556&auth=7VgrMJ&subid=flurryad1&query=flurryad1&url=flurryad.com

174.137.133.16

200 OK

0 B

URL GET HTTP/1.1
xml.flurryad.com/redirect?feed=480556&auth=7VgrMJ&subid=flurryad1&query=flurryad1&url=flurryad.com
IP
174.137.133.16:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectflurryad.com
Fingerprint1D:1D:69:90:EC:14:8C:A8:62:7B:9C:1C:56:4A:EA:D0:A0:82:8B:45
ValidityMon, 29 Apr 2024 06:46:17 GMT - Sun, 28 Jul 2024 06:46:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=480556&auth=7VgrMJ&subid=flurryad1&query=flurryad1&url=flurryad.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

serveur-minecraft.com/576

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/576
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /576 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:36 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: SsAUavJ16zOVZrtky0gWj7sSJDckFLP7XCzzLS/pc8Pd4GocM01dk4GVoRgJhk0XnefSW4q09cJStq1Q8KAiWoDPYA0VhNZzzma9w+Q7PyM+G/c2rTJ8U/octiracCuA0uwhx+XgAZ4tGfAnxiPRlA==$pAJfQWCkEGFa3IMMe9vGgA==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1e0EPC5lDaWybBCvxC075GGq0h44g8uE8iK9cLYhpXkssJfYFRr7IJ6CwnjTKttc%2F%2F2eiMUYIfx2Ngc6qO7zw7MnwpTr%2FybHWV6LJSWKkIgI%2BMfSOULCOoTabswOW8TIMFG5FDwFww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1808a6c56b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

redirect3.online/flurry1.html

104.21.55.170

200 OK

245 B

URL GET HTTP/2
redirect3.online/flurry1.html
IP
104.21.55.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectredirect3.online
Fingerprint70:1D:49:04:18:5B:85:75:DF:E6:92:91:45:CD:4D:7D:5F:4E:67:73
ValidityWed, 08 May 2024 13:34:26 GMT - Tue, 06 Aug 2024 13:34:25 GMT

File type
HTML document, ASCII text, with no line terminators
Size
245 B (245 bytes)
Hash
fb3ccf2a2be3110c78ee1a3ba11745ec
ed4cb774b057a28735ce9bac3a5a4f0ca1ab742d
0113baf4355bf43c67725ab03658e69b2781ae721e3d03267f43ac7863f7fee6

HTTP Headers

GET /flurry1.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 185021
last-modified: Tue, 04 Jun 2024 16:17:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aOGHuhZDE52NF6TbBbKOQETYnQn2ACvPFx7KuzgXwuWI%2F%2Bw7Y%2FrFMgEiaTtzzV4Qd2Ml0AOIA3ukus%2F0SdDa9KDIu0tWCWHUxhrK034TkjArPk6MWOCgPPFIFfW5Tw0WZyqH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae163ac2a56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

meetbenjen.com/in/p/?spot_id=808402&cat=25&sub_id=1804254931

109.206.163.116

200 OK

0 B

URL GET HTTP/2
meetbenjen.com/in/p/?spot_id=808402&cat=25&sub_id=1804254931
IP
109.206.163.116:443
ASN
#50245 Serverel Inc.

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectmeetbenjen.com
Fingerprint6F:0E:74:E5:CA:A4:DB:42:D9:1B:66:1B:AB:A6:18:A4:80:FA:E1:32
ValidityTue, 09 Apr 2024 22:46:15 GMT - Mon, 08 Jul 2024 22:46:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/p/?spot_id=808402&cat=25&sub_id=1804254931 HTTP/1.1
Host: meetbenjen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 06 Jun 2024 19:41:36 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding, *
set-cookie: 1095.0=1; expires=Fri, 07 Jun 2024 19:41:37 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

serveur-minecraft.com/2112

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/2112
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2112 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: WTDcwBqnMpK3yV4ghzHeDrRQfMT2LKGXruoLEEhoLCdFYzAopZRWfB1JNpMj/vnYPsGDfavmUb3Do3/Bf8F/ndTeMS6oG9vdkkhhxZ13i9eGinbeSfSo+QiqF2ebNWojhqQ2GEjWZqOsXym4IHbyDw==$Az7npc47sNj4EwSgjbDMsw==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I7P6LMZEM9hFio7YDOYLoPggW2Ffstqt4lc8by3WO0xFiJ3o9AaCwqxfoxE0Z6VY8EeC1Te5klEe7dg1fAQlAzkyGn4T8of7%2Fi1BQOoFgGH3tV2ExHa53BCBmfkPVoOUaxtecBQnjA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae193dabd56b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

sub.votreimc.com/eximdigitalm.html

172.67.222.136

200 OK

266 B

URL GET HTTP/2
sub.votreimc.com/eximdigitalm.html
IP
172.67.222.136:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectvotreimc.com
FingerprintA0:63:D6:21:9B:BF:4E:4B:16:71:5E:18:72:C2:54:E2:91:00:77:82
ValidityMon, 20 May 2024 01:52:50 GMT - Sun, 18 Aug 2024 01:52:49 GMT

File type
HTML document, ASCII text, with no line terminators
Size
266 B (266 bytes)
Hash
fdbd993bd0042172f38e90d0e52cfede
461203823fe1f98d14a5408b886daa385d00c4a1
2d841296f9c6c64cee93a96aa13abc6d04d14c6fa6312578adce771484aa237e

HTTP Headers

GET /eximdigitalm.html HTTP/1.1
Host: sub.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: A29EDE41:EA42_91EF25A2:0050_665F3E41_22EFC:74A1
x-iplb-instance: 52360
cf-cache-status: HIT
age: 185003
last-modified: Tue, 04 Jun 2024 16:18:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VJJuo%2BEQI9hMF%2FrInKYyLZdEGbmQ3IkgSi8RQ8pASrDcEfx0KmaXCaS4L4fHbXJ6TNuBX2iaYvbjVD%2BWr1GPmAsoM6ShEyoHJ%2FRKHjZDc3cAv6ITRSlZuKfbpwlKR7FA2U6a"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae16549df56be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

redirect3.online/rtbm.html

104.21.55.170

200 OK

241 B

URL GET HTTP/3
redirect3.online/rtbm.html
IP
104.21.55.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectredirect3.online
Fingerprint70:1D:49:04:18:5B:85:75:DF:E6:92:91:45:CD:4D:7D:5F:4E:67:73
ValidityWed, 08 May 2024 13:34:26 GMT - Tue, 06 Aug 2024 13:34:25 GMT

File type
HTML document, ASCII text, with no line terminators
Size
241 B (241 bytes)
Hash
36cd71def46f44b8f97c32306ffaa235
da6a43e22cedd9b110a0bca1ca0fee8d07997d82
8664d799b3fd656226524586bfd0c27695ff217b4780b83873713b1560db92c0

HTTP Headers

GET /rtbm.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 176594
last-modified: Tue, 04 Jun 2024 18:38:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RL%2BdrR3dUtu8STZHw97uWyRhG%2Bze4XX6d5Ci0I5VsxTjwgfEK6Aj%2B0zfzpnQTOOT5BfR2plTytzitQa5Dl2uboOQ7P9Lz97ueHwItGxWSsYcZuW37dPqGhH%2FjR%2F4sx4Z0%2FDv"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae168ee2456af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

t.godopu.xyz/2/?zid=7108

172.67.161.150

200 OK

958 B

URL GET HTTP/2
t.godopu.xyz/2/?zid=7108
IP
172.67.161.150:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services
Subjectgodopu.xyz
Fingerprint80:56:59:AE:75:49:14:E6:CD:79:68:99:7A:30:EF:4F:61:7F:48:0D
ValidityThu, 06 Jun 2024 08:38:45 GMT - Wed, 04 Sep 2024 08:38:44 GMT

File type
HTML document, ASCII text, with very long lines (976), with no line terminators
Size
958 B (958 bytes)
Hash
7b828c4ff9d249e765a4d5227fda7f75
979dad514edefadd21f22372d5764acbb8cef9fb
fba5d5e89854d7701d17173730120643cb8dbccbd01f3b7861063d1e7071e096

HTTP Headers

GET /2/?zid=7108 HTTP/1.1
Host: t.godopu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ww8.good-trading.com
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:33 GMT
content-type: text/html
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-origin: https://ww8.good-trading.com
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSFIsCCGeutzkK7ewV7H2xz4wTxGKz09ni185DKd6jAuJDMHFo3TOeq%2BE%2FSnmI6qN%2Foycd5KjV8PbN04tGYMdpsoy39bg9q%2FF0d0kctzFkU4gtSp0K3ni57FEL1uajo%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae16d6ba47129-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

us.vilitram.com/nty/postback/click?key=v2-1717702894982-4-6925-999800-33a2e0b5-ac62-3155-f762-1aec9c9b4a0d

0.0.0.0

0 B

URL GET
us.vilitram.com/nty/postback/click?key=v2-1717702894982-4-6925-999800-33a2e0b5-ac62-3155-f762-1aec9c9b4a0d
IP
0.0.0.0:0
ASN
#0

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /nty/postback/click?key=v2-1717702894982-4-6925-999800-33a2e0b5-ac62-3155-f762-1aec9c9b4a0d HTTP/1.1
Host: us.vilitram.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

serveur-minecraft.com/280

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/280
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /280 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: dRzTov5oU1lcRP4a+x/GO/WcS5h2RYK1wEiJfkBtpZUoDvflV/XO5COjtNjlEG3hMDl1QVBmXJvipO7KKbzcgD5siVCfQynDSPtOtyPtDUSMpzyU8zy8sO4Er2f3AyFWYGJV3CVFQI5+NPfR0bXzmg==$mijdERUSJyMdcBXCZjYi3w==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yF63HNMcPDJXCX2qeW6VzwNZFJwf3tS8wrNEjWR206B633rjEQrtrDbHUofgE87DhXdEkVkSv3MqApxW2X6GPNWhz8ABBuNp4arUshjZE8eUaiXBb4DM1O9IK6N%2FOIm%2Bt7%2BXfBUWyw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1921f8356b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

serveur-minecraft.com/875

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/875
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /875 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:35 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: sAgVRk/H/Y2wZEx06fCkkGbfw8O1ophG9p8/QonKbvesaa3t96szGZZudjb1dovVf5objLU7/XnSJvRRtzok30v3PJezqFRtnDXAGHkjqkfxn646z8CG2tEmm+knxo9VZ488I/j2Jw+igTuXeiNcaA==$MFOHTQABy9qshwPQSZJaDw==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OZkfq9MuGKe1HfhJzgujm5nL41AsXT4I8NJTd6XzCesDjPUMRT0gtRi9ICfvi17s3i8qvIv9WrLvTuxsgnQWL%2BSG6H6lHBh6QY3EnTorel8%2Bam7d3%2FEwztQihbu7TfYUMC6lxOOG8A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1780bef56b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

t4.lowtid.com/o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=gAVbrOrk59M_0&s=621006_542697

0.0.0.0

0 B

URL GET
t4.lowtid.com/o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=gAVbrOrk59M_0&s=621006_542697
IP
0.0.0.0:0
ASN
#0

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectburned-koala.landingtrack.com
FingerprintD0:D2:34:45:06:82:3A:FE:D9:C6:8C:F7:AF:B1:F6:04:0F:5E:4C:EC
ValidityWed, 24 Apr 2024 22:35:38 GMT - Tue, 23 Jul 2024 22:35:37 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=gAVbrOrk59M_0&s=621006_542697 HTTP/1.1
Host: t4.lowtid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

xml.thenetwork18.com/redirect?feed=417207&auth=WBnpsR&subid=main&query=main&url=main.com

174.137.133.17

302 Found

303 B

URL GET HTTP/1.1
xml.thenetwork18.com/redirect?feed=417207&auth=WBnpsR&subid=main&query=main&url=main.com
IP
174.137.133.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectthenetwork18.com
FingerprintC2:F2:52:C6:1B:73:63:64:7D:D9:42:89:E1:5D:36:F4:55:7A:1B:CB
ValidityThu, 18 Apr 2024 06:41:10 GMT - Wed, 17 Jul 2024 06:41:09 GMT

File type

Size
303 B (303 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=417207&auth=WBnpsR&subid=main&query=main&url=main.com HTTP/1.1
Host: xml.thenetwork18.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://u-40735.topduppy.info/api/rtb-pops/go?id=3061522176558959&sig=36e18c918e36720aa2ff5e32b8a857&u=aHR0cHM6Ly91cy52aWxpdHJhbS5jb20vbnR5L3Bvc3RiYWNrL2NsaWNrP2tleT12Mi0xNzE3NzAyODk0OTgyLTQtNjkyNS05OTk4MDAtMzNhMmUwYjUtYWM2Mi0zMTU1LWY3NjItMWFlYzljOWI0YTBk&redirect=js

t4.lowtid.com/o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=U-fxOuHjZXM_0&s=621006_542700

0.0.0.0

0 B

URL GET
t4.lowtid.com/o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=U-fxOuHjZXM_0&s=621006_542700
IP
0.0.0.0:0
ASN
#0

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectburned-koala.landingtrack.com
FingerprintD0:D2:34:45:06:82:3A:FE:D9:C6:8C:F7:AF:B1:F6:04:0F:5E:4C:EC
ValidityWed, 24 Apr 2024 22:35:38 GMT - Tue, 23 Jul 2024 22:35:37 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=U-fxOuHjZXM_0&s=621006_542700 HTTP/1.1
Host: t4.lowtid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

becast.onionlive.workers.dev/

172.67.141.108

200 OK

1.4 kB

URL GET HTTP/3
becast.onionlive.workers.dev/
IP
172.67.141.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectonionlive.workers.dev
Fingerprint47:76:5D:C5:12:3C:C2:68:72:9E:1E:79:C9:B5:09:72:24:11:B4:C0
ValidityThu, 02 May 2024 00:33:08 GMT - Wed, 31 Jul 2024 00:33:07 GMT

File type
HTML document, ASCII text, with very long lines (1382), with no line terminators
Size
1.4 kB (1370 bytes)
Hash
f00afc8448987fa11d44221fa5292cae
9f4c400dce037e70bcb6db008b9419b99bdcb42e
1363ed26fa6dfa94a18ffef1fc03bf9e8be0ea9e769c641dd052bc8b77fc6891

HTTP Headers

GET / HTTP/1.1
Host: becast.onionlive.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:37 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2fna4vsZNiSS9tFNYUbkT%2FoRQQeVMAvHal2nqQ3auf1Xgk06au9Zc6Ms5PCdqd6C23zJYDtOcef%2F9POMVBDo6ucFmyNFrdoL3nFSEo%2Bck7IE51Io77oR%2B06%2F1Xr8p8%2F4m3PHW55W4X9MpE39IHsu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1855cb65690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

xml.adflyer.media/redirect?feed=542700&auth=QqtgIx&subid=adfa1&query=adfa1&url=adflyer.media

174.137.133.17

302 Found

0 B

URL GET HTTP/1.1
xml.adflyer.media/redirect?feed=542700&auth=QqtgIx&subid=adfa1&query=adfa1&url=adflyer.media
IP
174.137.133.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectadflyer.media
FingerprintD3:0F:01:68:69:2E:2F:BB:06:D0:88:D3:8D:C0:00:7E:79:16:CE:1A
ValidityThu, 18 Apr 2024 06:36:36 GMT - Wed, 17 Jul 2024 06:36:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=542700&auth=QqtgIx&subid=adfa1&query=adfa1&url=adflyer.media HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://t4.lowtid.com/o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=U-fxOuHjZXM_0&s=621006_542700

t4.lowtid.com/o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=XfST1P1PXO8_0&s=621006_554839

0.0.0.0

0 B

URL GET
t4.lowtid.com/o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=XfST1P1PXO8_0&s=621006_554839
IP
0.0.0.0:0
ASN
#0

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=XfST1P1PXO8_0&s=621006_554839 HTTP/1.1
Host: t4.lowtid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

animewatch.onionlive.workers.dev/

172.67.141.108

200 OK

0 B

URL GET HTTP/3
animewatch.onionlive.workers.dev/
IP
172.67.141.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectonionlive.workers.dev
Fingerprint47:76:5D:C5:12:3C:C2:68:72:9E:1E:79:C9:B5:09:72:24:11:B4:C0
ValidityThu, 02 May 2024 00:33:08 GMT - Wed, 31 Jul 2024 00:33:07 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET / HTTP/1.1
Host: animewatch.onionlive.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:37 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gnddIKkJHsRWdn8Dofi6AJ2VQ%2BLfJrS3KrDMkIQNI4K%2F2rsQ%2BKMKPmqyPjR27E433BYFzYKt71tn1CHvUwjjgHhEOk0CxAsHYioI6ennL%2BOWfzEMcfyH%2FPL9wlOP9JIjggTVFFjM6cXcKEZYd%2BlRAFlagA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae186f85a5690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

xml.ctrtraffic.com/redirect?feed=599081&auth=vXd348&subid=popm1&query=popm1&url=popm1.com

198.134.116.18

302 Found

0 B

URL GET HTTP/1.1
xml.ctrtraffic.com/redirect?feed=599081&auth=vXd348&subid=popm1&query=popm1&url=popm1.com
IP
198.134.116.18:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectctrtraffic.com
Fingerprint5E:89:08:C3:8A:AF:DF:FD:44:F4:61:6F:65:BF:BE:52:56:CD:B3:EF
ValiditySun, 02 Jun 2024 06:38:33 GMT - Sat, 31 Aug 2024 06:38:32 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=599081&auth=vXd348&subid=popm1&query=popm1&url=popm1.com HTTP/1.1
Host: xml.ctrtraffic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://meetbenjen.com/in/p/?spot_id=558744&cat=25&sub_id=1614260298

sub.votreimc.com/adzgame1.html

172.67.222.136

200 OK

254 B

URL GET HTTP/2
sub.votreimc.com/adzgame1.html
IP
172.67.222.136:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectvotreimc.com
FingerprintA0:63:D6:21:9B:BF:4E:4B:16:71:5E:18:72:C2:54:E2:91:00:77:82
ValidityMon, 20 May 2024 01:52:50 GMT - Sun, 18 Aug 2024 01:52:49 GMT

File type
HTML document, ASCII text, with no line terminators
Size
254 B (254 bytes)
Hash
95601952aeb01f2189218dd042964f14
d41c44e9882e7525d7cb1b760915818e6fd7601b
85a85a1dbfb4ba52a2e1073ff898b2673830f141e586f2968faeee62cdc12953

HTTP Headers

GET /adzgame1.html HTTP/1.1
Host: sub.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: A29EDE65:FCF8_91EF25A2:0050_665F5F2D_AFBE:7975
x-iplb-instance: 52295
cf-cache-status: HIT
age: 176575
last-modified: Tue, 04 Jun 2024 18:38:37 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tBAUlCBdDcy1jcCCph9Ry1FfgqJ1Qg5V41kWbVyU6nEII69QKmrLxUH4WOjQADN1mdQz4HhoO0jEkzs2tYCc2h7VmjMB%2F8WIgyyYNsFZ8ERsKKZnkgL2%2BFJ5eY3OWTYJvApS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae165095d56be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ad-good.com/infinitym1.html

188.114.97.1

200 OK

256 B

URL GET HTTP/2
ad-good.com/infinitym1.html
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectad-good.com
Fingerprint35:39:65:61:62:1C:C1:02:7C:D0:9B:C7:C7:E2:56:C9:04:49:DB:BC
ValidityTue, 16 Apr 2024 08:07:22 GMT - Mon, 15 Jul 2024 08:07:21 GMT

File type
HTML document, ASCII text, with no line terminators
Size
256 B (256 bytes)
Hash
b45da26ef76669f4d0eb140a90aa38cf
c1f3f26c8d88fa1aeff97c1c169ada81c389c695
2b0cde5306e6650fa52b1e314f3678aa0d8549640ff8cfca13fcb42ced6d673e

HTTP Headers

GET /infinitym1.html HTTP/1.1
Host: ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 176594
last-modified: Tue, 04 Jun 2024 18:38:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aZ0qjPAr%2BENXUzwQObHpoJE0T0E%2F8g5fOKha2xxYuAWbzgsMS9PLxkfJ0aexftotllEGN33S4qpxm7mNsji4uafz%2BWaeTOWfRfaVW952vmvRBnLTUA2D8pgM6wD5fQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1670ea656ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xml.flurryad.com/redirect?feed=647220&auth=1c6u8H&subid=flurryn2&query=flurryn2&url=flurryadn.com

174.137.133.16

200 OK

0 B

URL GET HTTP/1.1
xml.flurryad.com/redirect?feed=647220&auth=1c6u8H&subid=flurryn2&query=flurryn2&url=flurryadn.com
IP
174.137.133.16:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectflurryad.com
Fingerprint1D:1D:69:90:EC:14:8C:A8:62:7B:9C:1C:56:4A:EA:D0:A0:82:8B:45
ValidityMon, 29 Apr 2024 06:46:17 GMT - Sun, 28 Jul 2024 06:46:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=647220&auth=1c6u8H&subid=flurryn2&query=flurryn2&url=flurryadn.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

xml.adtube.media/redirect?feed=581061&auth=WpL9mU&subid=adtu&query=adtu&url=advert.media

173.239.53.20

302 Found

0 B

URL GET HTTP/1.1
xml.adtube.media/redirect?feed=581061&auth=WpL9mU&subid=adtu&query=adtu&url=advert.media
IP
173.239.53.20:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectadtube.media
FingerprintF6:CC:18:BD:F3:52:76:9B:A6:F2:68:C5:13:F4:DA:60:65:2B:FE:88
ValidityTue, 07 May 2024 06:37:19 GMT - Mon, 05 Aug 2024 06:37:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=581061&auth=WpL9mU&subid=adtu&query=adtu&url=advert.media HTTP/1.1
Host: xml.adtube.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:36 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://track-eu.trackingtraffo.com/pop/imp?auth=5g3u78g&c=zHlAOmqhc0DHsRxkEm4JdZ5KlSkQ4TgOYPZwBXf0QIAAyomeEjGlfrslg06iS32UVWe05COoxj3iA6GxmjU54ZMI1GnXSpxUzzWtu26mpV68cGp1dkmIkUZ8ZkjvPX6Efa-7pruvkHthxBXm6oYkLFsG0p9srr5is3DrdvNTO9OWU2_LbSfl2s1C3rUdwLyPhylVT2uS16tDBAtBboe9y068s-APeLLvA3vRjok07onOfyaeopDDobsn0eikkxnQkfNDlD4d_lRKwTJgFNYEo0xPY-vq9wpBy-vWq1S-lDrogPgw6Es0V_FaN0pMsipCB0FOgJnH_iqPOJpj7727dMQTKHyvMgr4Rf9PVDBu05gFZUzg0FaYn1qTSm551SFl6FLyveAh4daDyhxiWc4lrV9dt6YFyIJTt9kcMe9QqlhrHczzZigrRstX2igpXzN6-rKIcxNGqyk0pfnOHUfD26vqEYEOYFsDhv3oOvBH3-9up1sFtHO67ZpGBG7Tn1JbXBmfPcAdR7GmpdpCjBBaAHuoonZJzRLwatJ3Nc2h7ghuD8IZfT9Qm3bPPQuS5hUH84mhtbjZ-60s_hh8

www.s2movies.pro/

172.67.223.71

200 OK

1.4 kB

URL GET HTTP/2
www.s2movies.pro/
IP
172.67.223.71:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjects2movies.pro
Fingerprint5B:59:0E:58:5A:14:A6:67:E6:1B:15:E3:A5:7E:9C:4D:63:DE:FE:11
ValidityMon, 29 Apr 2024 00:56:58 GMT - Sun, 28 Jul 2024 00:56:57 GMT

File type
HTML document, ASCII text, with very long lines (1383), with no line terminators
Size
1.4 kB (1371 bytes)
Hash
a9268fed5ceebd0abb8ba4cbb911714c
599f1446379c43099de865832a07a5bcf33d87bc
9bf523e687a8d5fc56f0e400b27ca7a95df41f337e15d029ff1f327b96d7d82b

HTTP Headers

GET / HTTP/1.1
Host: www.s2movies.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:35 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nf2oVztDgrIvX%2FPYBseB8dVvxCOWXAR70GEop2H9yIbKQ4RPBnfndjpGfNTXothTqYKqay8UVa1T%2Bn476KSEsOtnQfP1DJnRd6GMwMDuwCJCVM5h33OCwVm6XQYJdPovF6j5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae177ebacb4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

serveur-minecraft.com/2415

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/2415
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2415 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:38 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: OpRAAGyvONCIeM6GxFmjhPM4eLDwzALKdUWbdtRw0A6EO1cB4tYRHilUAZ2c6FNLfIl4KkA7lp8dWVIlFmWxPfByK4eLXwKupCJLVhGz4ODpZGJFw4hSpJCRbXb9EukwEtYC0Xj64kYH6Ihi612n+w==$6ENWaybtIFGzQFdiDK+mZg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dLZAqTXLp574B1r%2FoDPZYejNo1udja9LVookGs1Q%2Bsp0ynLEfC8jbPB%2FydS9aHUYyK7d3tMC%2FfVU%2FK93NfYaFAKmDCoK31iEhWIxfGnNO7ypBEISKPSVQRiXEgBH8tW%2BTNsQA4C%2F4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae189593956b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

thenetwork18.net/zentrix1.html

188.114.96.1

200 OK

265 B

URL GET HTTP/2
thenetwork18.net/zentrix1.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with no line terminators
Size
265 B (265 bytes)
Hash
506446d3a81f1fb8de84cecac5e571e6
ebda2a0bc9e05bc2a12aaf5fefb228bf37e4a6c1
20f3cf085741477d0862918c692bd826a21696b1a629148c848ca7ad9577003f

HTTP Headers

GET /zentrix1.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 180889
last-modified: Tue, 04 Jun 2024 17:26:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6NDRHq61ALIgVpz6DkkM9%2FtZpL2PjmKa%2F%2Fz5eKBcpfP2oc%2BxCJVpMwMcOOzSPMg3ubPDQM6n1qylv4cTlPfCBDENy9OYmbX5RTrpg3hjB2rCedneEoJayYI12n%2FmgS28N%2F%2BO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1635bea56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

sub.votreimc.com/adzgame.html

172.67.222.136

200 OK

250 B

URL GET HTTP/2
sub.votreimc.com/adzgame.html
IP
172.67.222.136:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectvotreimc.com
FingerprintA0:63:D6:21:9B:BF:4E:4B:16:71:5E:18:72:C2:54:E2:91:00:77:82
ValidityMon, 20 May 2024 01:52:50 GMT - Sun, 18 Aug 2024 01:52:49 GMT

File type
HTML document, ASCII text, with no line terminators
Size
250 B (250 bytes)
Hash
ff783313859dde7d84e84f663b082abd
b3d347c7be360c99d8ad29b5fdb03459c6bf4d3a
43c1887e2fc3f39b3bd84de5d2ef6df0ea6350e21b8290c1f6e8dbf2b774b42c

HTTP Headers

GET /adzgame.html HTTP/1.1
Host: sub.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: A29EDE55:5EDE_91EF25A2:0050_665F7510_35F1F:6B70
x-iplb-instance: 52324
cf-cache-status: HIT
age: 170972
last-modified: Tue, 04 Jun 2024 20:12:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oGx%2BKzS6aUvvv11gLii2qOx3lgnpO7Tck%2Fqvmd3LN%2FCWFTeBPPvYtbZblDzCh1nu0PrYYR5oYIKoNKkg0icvQ6Kx3wocNp8C%2BGaWGTOIVGifsHbYyLHE90N%2B0FXlBG6Vo7U%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae164c8b356be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ad-good.com/infinitygeo.html

188.114.97.1

200 OK

273 B

URL GET HTTP/2
ad-good.com/infinitygeo.html
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectad-good.com
Fingerprint35:39:65:61:62:1C:C1:02:7C:D0:9B:C7:C7:E2:56:C9:04:49:DB:BC
ValidityTue, 16 Apr 2024 08:07:22 GMT - Mon, 15 Jul 2024 08:07:21 GMT

File type
HTML document, ASCII text, with very long lines (301), with no line terminators
Size
273 B (273 bytes)
Hash
ad1d130c3b4bb589803f5530dcbbdc46
4b16d38fd3f38065af32aa63e712973088576614
24cde747a431ad00cc99a4b3f16a0ca91c81965c68776dd41d5d6250fad0c668

HTTP Headers

GET /infinitygeo.html HTTP/1.1
Host: ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 180881
last-modified: Tue, 04 Jun 2024 17:26:51 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BaB8%2BmQV3m%2BCxa%2BVv7erckK6HrR0RXaUuc6dwNOEeC01GOCaYFEQ62MK6Z8rLW2IRu93%2Bh4gWskNM5B8wZAxv4KRd6kkawjNZrX29L58JLqhMiEYYblqW1W2svB%2FiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae16828a956ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xml.adflyer.media/redirect?feed=553006&auth=HDsoD3&subid=adf&query=adf&url=adflyer.media

174.137.133.17

302 Found

0 B

URL GET HTTP/1.1
xml.adflyer.media/redirect?feed=553006&auth=HDsoD3&subid=adf&query=adf&url=adflyer.media
IP
174.137.133.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectadflyer.media
FingerprintD3:0F:01:68:69:2E:2F:BB:06:D0:88:D3:8D:C0:00:7E:79:16:CE:1A
ValidityThu, 18 Apr 2024 06:36:36 GMT - Wed, 17 Jul 2024 06:36:35 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=553006&auth=HDsoD3&subid=adf&query=adf&url=adflyer.media HTTP/1.1
Host: xml.adflyer.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://t4.lowtid.com/o.php?p=c:4ljkfd1stuas5a3tw&d=61b87b159bd23420f125f716&pid=hy2tPky4lj0_0&s=621006_553006

becast.onionlive.workers.dev/

172.67.141.108

200 OK

1.4 kB

URL GET HTTP/3
becast.onionlive.workers.dev/
IP
172.67.141.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectonionlive.workers.dev
Fingerprint47:76:5D:C5:12:3C:C2:68:72:9E:1E:79:C9:B5:09:72:24:11:B4:C0
ValidityThu, 02 May 2024 00:33:08 GMT - Wed, 31 Jul 2024 00:33:07 GMT

File type
HTML document, ASCII text, with very long lines (1382), with no line terminators
Size
1.4 kB (1370 bytes)
Hash
f00afc8448987fa11d44221fa5292cae
9f4c400dce037e70bcb6db008b9419b99bdcb42e
1363ed26fa6dfa94a18ffef1fc03bf9e8be0ea9e769c641dd052bc8b77fc6891

HTTP Headers

GET / HTTP/1.1
Host: becast.onionlive.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:37 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cXe2QMRcDTLWrnP4BnvE1xq%2BwPUbg1buFVap0hsLpcYBpBEKowHY5vsDNwP6VGHeeyqVe%2FTzHVxN1i5djCiljE7wcV%2BK9pQMmR2F2wsDZPmlzylCwSnV07ag6LHRUTnUHupx0%2FzbwlGbMI4VG4ED"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1829ee15690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

serveur-minecraft.com/2960

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/2960
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2960 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 9fP2+bByW0gmj/VeuTlPpO1UXTKL2m38gPa0xrgB+X98enWtGO0LPOQFyzCpSu2nWg+Y0biApJ+x3xg9Nb6739Fb/fOVvlWgFnJ6gyMxSRaldrRoza61YCfDl6CIqjJ/FzyCiP+DGcfVgLXMUrdKNQ==$5355xf0prkX3S6aQXFEFhQ==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NghnlhdmW0KFXJyihbzjd%2Fm%2BbopbUGPrfCnkuQkgzmbxP5gRB3HWsYvw0DLNdLXyMk8XFEbm3ZiqZrOt9lyKP6na5m1rexTWbe92f4dIQ7JP%2BvRD8zueQYO9AxfBRDh5jUP8aw6JqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1919ebf56b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

serveur-minecraft.com/246

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/246
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /246 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: N0k6SB2Vf5YWMdIJXZDpcSV7RhTYj77YzJvJfBChD+hqlHaSH49HJlsAtrk8CU/jBLo6pYKSW7+tY29zCACdz7R+gl/mM62ZMw2wAXu/sSnu5IpV3wrI/2ymGrGqUn4jnPowPy+i4dxlmew/Y/bTrg==$ga50J8yr72YY8VNCYgNBUw==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kM4hsgzmjUy33JYZU3oR7t9ojf%2FC10GIYG5yl3zJPUTevMNNZoHxOlhnbSp9ChSo2MiEkLexMOdFMAVvQGq4KzMAzhkrJpg89KLsV3SaYDbMyiL1VWxIgjRaSlEqy%2F93%2BmQzmVkh2g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1925fda56b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

ad-good.com/infinitya.html

188.114.97.1

200 OK

267 B

URL GET HTTP/2
ad-good.com/infinitya.html
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectad-good.com
Fingerprint35:39:65:61:62:1C:C1:02:7C:D0:9B:C7:C7:E2:56:C9:04:49:DB:BC
ValidityTue, 16 Apr 2024 08:07:22 GMT - Mon, 15 Jul 2024 08:07:21 GMT

File type
HTML document, ASCII text, with no line terminators
Size
267 B (267 bytes)
Hash
d0acdea572f47363488407cf4e30b5db
f7df756b84d7027c893bc322778b1d972eadcc29
bfa5bc87e5efcf78cc8df8e8b0408331e8f10c3e9650a533261f41a668588be1

HTTP Headers

GET /infinitya.html HTTP/1.1
Host: ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 116534
last-modified: Wed, 05 Jun 2024 11:19:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l%2BAP3DnytGKi8qVUm5xHAuqZymHE0WV1w5gkV2ePFfZobQsBbwZfR%2Fn6VUpjoUPThEaM1rMwU7Z7Kxl5ZHIgQIEwepp9FgNgTKxAPnL49YBhyl%2BDUIvE9SC9WQHOLA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1670e9f56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

meetbenjen.com/in/p/?spot_id=808402&cat=25&sub_id=1804254931

109.206.163.116

200 OK

0 B

URL GET HTTP/2
meetbenjen.com/in/p/?spot_id=808402&cat=25&sub_id=1804254931
IP
109.206.163.116:443
ASN
#50245 Serverel Inc.

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectmeetbenjen.com
Fingerprint6F:0E:74:E5:CA:A4:DB:42:D9:1B:66:1B:AB:A6:18:A4:80:FA:E1:32
ValidityTue, 09 Apr 2024 22:46:15 GMT - Mon, 08 Jul 2024 22:46:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/p/?spot_id=808402&cat=25&sub_id=1804254931 HTTP/1.1
Host: meetbenjen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 06 Jun 2024 19:41:36 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding, *
set-cookie: 1095.0=1; expires=Fri, 07 Jun 2024 19:41:37 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

thenetwork18.net/zentrix.html

188.114.96.1

200 OK

263 B

URL GET HTTP/2
thenetwork18.net/zentrix.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with no line terminators
Size
263 B (263 bytes)
Hash
4488dc425ee21c0d1df1486f16b63f64
fc8ad3870ae9b5d1a5c533cc0aa5c3f1b9bea4e9
a4a9f8289b23f8a4ad406bb3e51daa34c476cb3e2c15687a2fa848495b0e6706

HTTP Headers

GET /zentrix.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 472091
last-modified: Sat, 01 Jun 2024 08:33:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oxiv2lwqLO1ITzexJdovc8szpdjdAswO65%2BOXvcnYRcKsqvMhXLpaFWjTLKpH6sqPsawZka1TFA0Folk1ntX4wzSOPvxeknTtVuVQyirYRlan3aXJJgNqx3eOBWL4KU2JmO0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1633bd156c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

thenetwork18.net/adf3.html

188.114.96.1

200 OK

246 B

URL GET HTTP/3
thenetwork18.net/adf3.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with no line terminators
Size
246 B (246 bytes)
Hash
8a6be47a4e7efea28a80d74ccbb2047b
20e0afbb9bf6a8f414934b7521453be9deef00ef
ef890c797332b264943c30985b5025badb28d860fa60b511f371a27145a2347d

HTTP Headers

GET /adf3.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 180890
last-modified: Tue, 04 Jun 2024 17:26:43 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GLqtV%2BaAl9yFv9%2Fpa33rtkuLOOeGi92W%2BdzDHbsKLHaoxiZ5nQXdBz0Jj2oF0nr3SlkSOMFJgfuMBVlXqos5okLXCWnaVSRcZE8Tt%2FqXKxV9tiq5qouimm40DE011Abo6Su7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae169bd24568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

xml.adtube.media/redirect?feed=557469&auth=uclEev&subid=adtumedia&query=adtumedia&url=advertland.media

173.239.53.20

200 OK

0 B

URL GET HTTP/1.1
xml.adtube.media/redirect?feed=557469&auth=uclEev&subid=adtumedia&query=adtumedia&url=advertland.media
IP
173.239.53.20:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectadtube.media
FingerprintF6:CC:18:BD:F3:52:76:9B:A6:F2:68:C5:13:F4:DA:60:65:2B:FE:88
ValidityTue, 07 May 2024 06:37:19 GMT - Mon, 05 Aug 2024 06:37:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=557469&auth=uclEev&subid=adtumedia&query=adtumedia&url=advertland.media HTTP/1.1
Host: xml.adtube.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

xml.adtube.media/redirect?feed=561765&auth=L0SJGK&subid=adtub&query=adtub&url=adtube.media

173.239.53.20

200 OK

0 B

URL GET HTTP/1.1
xml.adtube.media/redirect?feed=561765&auth=L0SJGK&subid=adtub&query=adtub&url=adtube.media
IP
173.239.53.20:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectadtube.media
FingerprintF6:CC:18:BD:F3:52:76:9B:A6:F2:68:C5:13:F4:DA:60:65:2B:FE:88
ValidityTue, 07 May 2024 06:37:19 GMT - Mon, 05 Aug 2024 06:37:18 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=561765&auth=L0SJGK&subid=adtub&query=adtub&url=adtube.media HTTP/1.1
Host: xml.adtube.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:36 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

serveur-minecraft.com/2642

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/2642
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2642 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: 8OXPNQ477LnOKjDWEL3h3RQ0LRlBoQfRvKW96NxysfJbGvvkNYHrI+mbd2KG1CkUHM7CYXLSdl5Cj+NCCIlweiLyf/9e5bmf5iJY0kL8PjK7bV5Ithe/aQEYjDDPRsSB4KF7RWYRCkhUCGcG7Xlk9g==$fnsz34tFviuyDhQu4To4Vg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ExztRHKmkoKYDwvL7U1Xovyq2KC8SfNhe8GG0XgQxfANwW%2FhZHZIZctvBw8jintibfYpqzq62HH%2BhIP7v2Gt2qYDK6yzZQbbLGUyvWjFZxWYSYl80T%2Bq5JHJF7kXrdrEi7LwzIB7Jw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae194ac0956b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

sub.votreimc.com/adu.html

172.67.222.136

200 OK

250 B

URL GET HTTP/2
sub.votreimc.com/adu.html
IP
172.67.222.136:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectvotreimc.com
FingerprintA0:63:D6:21:9B:BF:4E:4B:16:71:5E:18:72:C2:54:E2:91:00:77:82
ValidityMon, 20 May 2024 01:52:50 GMT - Sun, 18 Aug 2024 01:52:49 GMT

File type
HTML document, ASCII text, with no line terminators
Size
250 B (250 bytes)
Hash
85da239ef5b17289ab57e13056a3d224
795afc3ad2727cee9f27f9e10bca92bbdf64242f
f014bd64e415c92a38df031957464d48e5c8595b69d2e2dee23a79eaaaddd8f2

HTTP Headers

GET /adu.html HTTP/1.1
Host: sub.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: A29EDE1A:BE6C_91EF25A2:0050_665F4E5D_1B6A5:08A0
x-iplb-instance: 52295
cf-cache-status: HIT
age: 180879
last-modified: Tue, 04 Jun 2024 17:26:53 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ZOThyTdK46aTmF1%2Fs6QvAo6oTGTqbRTklzNRywmE1KZ%2Fs8gnj14Y40y4zGDkBX1s3hgNbOMx7wSMAY64lUS6ea2Y8XtOpQFQ6mgXaILY%2B0RgVfMSguVbhjFGPqsM8wH9Dlt"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae164c89256be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ad-good.com/clixvistaa1.html

188.114.97.1

200 OK

266 B

URL GET HTTP/2
ad-good.com/clixvistaa1.html
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectad-good.com
Fingerprint35:39:65:61:62:1C:C1:02:7C:D0:9B:C7:C7:E2:56:C9:04:49:DB:BC
ValidityTue, 16 Apr 2024 08:07:22 GMT - Mon, 15 Jul 2024 08:07:21 GMT

File type
HTML document, ASCII text, with no line terminators
Size
266 B (266 bytes)
Hash
8b4184a2b89fd55be76b6f48fba2bb3f
f68366fe6932f4c23576b6c7697967b4710828fe
b3ded46ea4f5786b3e62871ad528e1178891547f518823505084d87492427e4a

HTTP Headers

GET /clixvistaa1.html HTTP/1.1
Host: ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 184991
last-modified: Tue, 04 Jun 2024 16:18:21 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B9XF3%2Fj3M2knhjoebkpDtzyaKi7%2F63KAfDpjAAIcKn6F7DBuqKjhoCLOYaOzONS9nL%2BMY%2Fl5Ev0aXfaOCH4okgZ61pBcRU4ZNLKrmW%2BXc%2BS06yZFT8CkEP5VnCKFsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae168895356ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

allotraffic.site/

188.114.97.1

200 OK

2.0 kB

URL GET HTTP/2
allotraffic.site/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectallotraffic.site
Fingerprint6E:B4:22:78:33:32:7C:61:0A:25:4D:F5:B2:B6:C3:2C:DD:FA:2A:BF
ValidityFri, 19 Apr 2024 08:34:31 GMT - Thu, 18 Jul 2024 08:34:30 GMT

File type
HTML document, Unicode text, UTF-8 text, with very long lines (2022), with no line terminators
Size
2.0 kB (1956 bytes)
Hash
8111941504e1bf2f6146473573811f67
41c3ee464efdd189e40fd5e760567eb6bd9585aa
8daa55e7c8050d273dcd87772d3b68a72bca9bd79ad5a9f14920e319f7b58591

HTTP Headers

GET / HTTP/1.1
Host: allotraffic.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:33 GMT
content-type: text/html; charset=UTF-8
referrer-policy: no-referrer
vary: Accept-Encoding
x-request-id: a1265503ed14e929035ea61a1e8c0a04
last-modified: Thu, 06 Jun 2024 19:14:58 GMT
cache-control: max-age=120
cf-cache-status: HIT
age: 1585
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=II5b7YZzmbx1u1WKNIKHHnXTBl%2BNmSfitGTFhG9JIZBZ3g3IKd%2Fi3yqrOMuwiWXS52SX%2BKArqHqZRS%2B6MXA1zP6oprb1iJuDPxik9Us1qzInPV6ZeOgUP2g54JgvSWVEFv6z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae16b0af7b512-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

t.godopu.xyz/2/?zid=7108&key2=431721333&c=pmrgqir2gqytanjzg43dsmbsfqrgszbchirg2it5pr6hy6zcoqrdumjxge3tombsha4tclbcomrduircpu&mode=1

172.67.161.150

302 Found

0 B

URL GET HTTP/3
t.godopu.xyz/2/?zid=7108&key2=431721333&c=pmrgqir2gqytanjzg43dsmbsfqrgszbchirg2it5pr6hy6zcoqrdumjxge3tombsha4tclbcomrduircpu&mode=1
IP
172.67.161.150:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services
Subjectgodopu.xyz
Fingerprint80:56:59:AE:75:49:14:E6:CD:79:68:99:7A:30:EF:4F:61:7F:48:0D
ValidityThu, 06 Jun 2024 08:38:45 GMT - Wed, 04 Sep 2024 08:38:44 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2/?zid=7108&key2=431721333&c=pmrgqir2gqytanjzg43dsmbsfqrgszbchirg2it5pr6hy6zcoqrdumjxge3tombsha4tclbcomrduircpu&mode=1 HTTP/1.1
Host: t.godopu.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://ww8.good-trading.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Thu, 06 Jun 2024 19:41:34 GMT
content-type: text/html
location: https://yahoo.com
set-cookie: _trd_=10ca673edf184a; Expires=Fri, 06-Jun-25 19:41:32 GMT; Domain=.godopu.xyz; Path=/; Secure; SameSite=None
_uqt3157949621=1; Expires=Fri, 07-Jun-24 00:00:00 GMT; Domain=.godopu.xyz; Path=/; Secure; SameSite=None
_uqp684912129=1; Expires=Fri, 07-Jun-24 00:00:00 GMT; Domain=.godopu.xyz; Path=/; Secure; SameSite=None
accept-ch: Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7BNwM075blVU324Dwty7th2mP5%2F2dPZR8%2B8Zax35uuYWbYvVIqVZM2aMMVlm5ioBZUcUyipjaShna7mZ83ZHWyaMiWr5pyK9tcV7syA5xxfBm3vxXHonwYFuFDQWGG4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae171c861569a-OSL
alt-svc: h3=":443"; ma=86400

track-eu.trackingtraffo.com/pop/imp?auth=5g3u78g&c=zHlAOmqhc0DHsRxkEm4JdZ5KlSkQ4TgOYPZwBXf0QIAAyomeEjGlfrslg06iS32UVWe05COoxj3iA6GxmjU54ZMI1GnXSpxUzzWtu26mpV68cGp1dkmIkUZ8ZkjvPX6Efa-7pruvkHthxBXm6oYkLFsG0p9srr5is3DrdvNTO9OWU2_LbSfl2s1C3rUdwLyPhylVT2uS16tDBAtBboe9y068s-APeLLvA3vRjok07onOfyaeopDDobsn0eikkxnQkfNDlD4d_lRKwTJgFNYEo0xPY-vq9wpBy-vWq1S-lDrogPgw6Es0V_FaN0pMsipCB0FOgJnH_iqPOJpj7727dMQTKHyvMgr4Rf9PVDBu05gFZUzg0FaYn1qTSm551SFl6FLyveAh4daDyhxiWc4lrV9dt6YFyIJTt9kcMe9QqlhrHczzZigrRstX2igpXzN6-rKIcxNGqyk0pfnOHUfD26vqEYEOYFsDhv3oOvBH3-9up1sFtHO67ZpGBG7Tn1JbXBmfPcAdR7GmpdpCjBBaAHuoonZJzRLwatJ3Nc2h7ghuD8IZfT9Qm3bPPQuS5hUH84mhtbjZ-60s_hh8

0.0.0.0

0 B

URL GET
track-eu.trackingtraffo.com/pop/imp?auth=5g3u78g&c=zHlAOmqhc0DHsRxkEm4JdZ5KlSkQ4TgOYPZwBXf0QIAAyomeEjGlfrslg06iS32UVWe05COoxj3iA6GxmjU54ZMI1GnXSpxUzzWtu26mpV68cGp1dkmIkUZ8ZkjvPX6Efa-7pruvkHthxBXm6oYkLFsG0p9srr5is3DrdvNTO9OWU2_LbSfl2s1C3rUdwLyPhylVT2uS16tDBAtBboe9y068s-APeLLvA3vRjok07onOfyaeopDDobsn0eikkxnQkfNDlD4d_lRKwTJgFNYEo0xPY-vq9wpBy-vWq1S-lDrogPgw6Es0V_FaN0pMsipCB0FOgJnH_iqPOJpj7727dMQTKHyvMgr4Rf9PVDBu05gFZUzg0FaYn1qTSm551SFl6FLyveAh4daDyhxiWc4lrV9dt6YFyIJTt9kcMe9QqlhrHczzZigrRstX2igpXzN6-rKIcxNGqyk0pfnOHUfD26vqEYEOYFsDhv3oOvBH3-9up1sFtHO67ZpGBG7Tn1JbXBmfPcAdR7GmpdpCjBBaAHuoonZJzRLwatJ3Nc2h7ghuD8IZfT9Qm3bPPQuS5hUH84mhtbjZ-60s_hh8
IP
0.0.0.0:0
ASN
#0

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerSectigo Limited
Subjecttrackingtraffo.com
Fingerprint66:CE:68:F3:6C:8A:98:F0:D8:02:5B:C4:5E:2E:C7:B0:C7:73:5B:A8
ValidityThu, 23 Nov 2023 00:00:00 GMT - Fri, 22 Nov 2024 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /pop/imp?auth=5g3u78g&c=zHlAOmqhc0DHsRxkEm4JdZ5KlSkQ4TgOYPZwBXf0QIAAyomeEjGlfrslg06iS32UVWe05COoxj3iA6GxmjU54ZMI1GnXSpxUzzWtu26mpV68cGp1dkmIkUZ8ZkjvPX6Efa-7pruvkHthxBXm6oYkLFsG0p9srr5is3DrdvNTO9OWU2_LbSfl2s1C3rUdwLyPhylVT2uS16tDBAtBboe9y068s-APeLLvA3vRjok07onOfyaeopDDobsn0eikkxnQkfNDlD4d_lRKwTJgFNYEo0xPY-vq9wpBy-vWq1S-lDrogPgw6Es0V_FaN0pMsipCB0FOgJnH_iqPOJpj7727dMQTKHyvMgr4Rf9PVDBu05gFZUzg0FaYn1qTSm551SFl6FLyveAh4daDyhxiWc4lrV9dt6YFyIJTt9kcMe9QqlhrHczzZigrRstX2igpXzN6-rKIcxNGqyk0pfnOHUfD26vqEYEOYFsDhv3oOvBH3-9up1sFtHO67ZpGBG7Tn1JbXBmfPcAdR7GmpdpCjBBaAHuoonZJzRLwatJ3Nc2h7ghuD8IZfT9Qm3bPPQuS5hUH84mhtbjZ-60s_hh8 HTTP/1.1
Host: track-eu.trackingtraffo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

serveur-minecraft.com/724

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/724
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /724 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: CMQeGx/lvr+xAq2fHF2yFd1JSvcdgJP4N1VCAyLxcd4EKnb6rIVqPZV+xSJTLG+yf9t9hLFgie0tSRDPLtuEX/DL+wEJETjPRB8SXmqIY8cB6jYgmtQiIW5PlkX2hHVxLySLpMsbXR09gqKDGRPTMQ==$NwAXGmrrjYHsYiA+FPZi3g==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GOUcXiESpahlrd9IJqNAr0%2BTxCRyyrvKyyo4G8HH8Wkbn3ukiUHoA%2FeJMZaEatvMRsA8UZACtgjXRAD3niygNpTBw1PPuVJeaSPoRyv88RwL0umMG0k6PN6PhaRop1iBkMZodkSvUA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1908cf656b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

redirect3.online/rtb1.html

104.21.55.170

200 OK

236 B

URL GET HTTP/3
redirect3.online/rtb1.html
IP
104.21.55.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectredirect3.online
Fingerprint70:1D:49:04:18:5B:85:75:DF:E6:92:91:45:CD:4D:7D:5F:4E:67:73
ValidityWed, 08 May 2024 13:34:26 GMT - Tue, 06 Aug 2024 13:34:25 GMT

File type
HTML document, ASCII text, with no line terminators
Size
236 B (236 bytes)
Hash
b8debba54afc99921c1d6b3e259e8741
f62d88fa8e9c3af426e45d51401fa282a19ac875
dfbe0e77475fc1b732ca38074d42470623bd2c79d8eaba363f4cb00ecea7b59d

HTTP Headers

GET /rtb1.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 170972
last-modified: Tue, 04 Jun 2024 20:12:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XV2jZasNQl%2F0CqLMLYkVT%2Bhe%2BCHtEtyPr3JucPB7Y47PcYKyQp9mnvZ5e2vxsTB7pPOGvBdJGvaiq6QR3GOtT%2FsM5QVIHrQ6n%2B9kH4E6NzoHn%2B3Jq2jFk9U4%2B5T43D8AIq3s"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae168ee2756af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

meetbenjen.com/in/p/?spot_id=558744&cat=25&sub_id=1614260298

109.206.163.116

200 OK

0 B

URL GET HTTP/2
meetbenjen.com/in/p/?spot_id=558744&cat=25&sub_id=1614260298
IP
109.206.163.116:443
ASN
#50245 Serverel Inc.

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectmeetbenjen.com
Fingerprint6F:0E:74:E5:CA:A4:DB:42:D9:1B:66:1B:AB:A6:18:A4:80:FA:E1:32
ValidityTue, 09 Apr 2024 22:46:15 GMT - Mon, 08 Jul 2024 22:46:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/p/?spot_id=558744&cat=25&sub_id=1614260298 HTTP/1.1
Host: meetbenjen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 06 Jun 2024 19:41:36 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding, *
set-cookie: 1095.0=1; expires=Fri, 07 Jun 2024 19:41:36 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

redirect3.online/flurryn2.html

104.21.55.170

200 OK

247 B

URL GET HTTP/2
redirect3.online/flurryn2.html
IP
104.21.55.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectredirect3.online
Fingerprint70:1D:49:04:18:5B:85:75:DF:E6:92:91:45:CD:4D:7D:5F:4E:67:73
ValidityWed, 08 May 2024 13:34:26 GMT - Tue, 06 Aug 2024 13:34:25 GMT

File type
HTML document, ASCII text, with no line terminators
Size
247 B (247 bytes)
Hash
0f83a3df484af2f15b0eea58369d216e
4df178543cc549dfb8e49348eefff0da03761b80
834b21814758344f8c31b8b92474440c222c8beecc3540057483d7256e51ec3d

HTTP Headers

GET /flurryn2.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 184980
last-modified: Tue, 04 Jun 2024 16:18:32 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hiwSURiLuuwGXpVcLVQ93jfakHgXw2SbqYrz6ala2s75FiJlq9eziejLPTusXG%2FVlKl8231JLgvKcBywG0qESGv3WM2STZuCAsQxESwF36tJkDGuyoXxS8NbByVWb%2BDbofoJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae163ac1856af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

serveur-minecraft.com/700

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/700
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /700 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:35 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: Qnql0kSvBmVqPx5ogog8p1+FEdEvnHdjQeqR2TcRD3jU5KN77jgnkmG5KIRBngNpXT7O7j6QfKys6/k7xII2tQSFivAOYKRcAZ20TlWh4gf62LMw1himNK/LALfR99wYLWikl+wYTw8y1qwEobOKKw==$c4RNo5gXBqTJpBu6sYfTuQ==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0jhoWvLAQaq5n5StcyJE4z41Q1q5FqcizQbCIy8Xt7kbH%2B9eT6Xv0jyF0No%2F8Tv3VVXRrDcrX42OSIlioOwOEjDpCYPRJit6oNHkfs%2FkHee21XVJUgEg8iVuZuFDvyfAJbe5coS2%2Bg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae177ab6756b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

cus.news24.media/index.php?d&g

188.114.96.1

200 OK

4.2 kB

URL GET HTTP/2
cus.news24.media/index.php?d&g
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectnews24.media
Fingerprint67:9C:A1:7F:83:B4:43:50:62:7E:BD:75:B6:1D:CE:D8:F0:B4:D8:AC
ValiditySat, 13 Apr 2024 21:49:30 GMT - Fri, 12 Jul 2024 21:49:29 GMT

File type
HTML document, ASCII text, with very long lines (4431), with no line terminators
Size
4.2 kB (4181 bytes)
Hash
3d205075973b116e5a43e195d7dea099
ca6bbca5e4bada8e00d77b0dbfc45d567b15d5aa
55b8e37d8a56655ad4f44305c75f59f240c0fda724d5456e292f45d6cb739267

HTTP Headers

GET /index.php?d&g HTTP/1.1
Host: cus.news24.media
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1
referrer-policy: origin
vary: Accept-Encoding
x-iplb-request-id: 33530A42:3F88_5762B65C:01BB_666210EC_43AED73A:3974
x-iplb-instance: 51812
set-cookie: SERVERID108283=10454|ZmIQ7|ZmIQ7; path=/; HttpOnly
cache-control: private
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0WSDCQBDmbuLCNCY2Fa80ruIlY61BGn%2BwTut9aEJkBm%2BV7ZJZC1Qo4M7eEJbTglR2DI9ODr5XzUPpkjIZBrEt3q6hVjGYB0GoMi9StTUDb5J2Fel0MCG%2BlO%2B2bwboJ08A75Z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1637f1c56cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

redirect3.online/flurryn.html

104.21.55.170

200 OK

245 B

URL GET HTTP/2
redirect3.online/flurryn.html
IP
104.21.55.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectredirect3.online
Fingerprint70:1D:49:04:18:5B:85:75:DF:E6:92:91:45:CD:4D:7D:5F:4E:67:73
ValidityWed, 08 May 2024 13:34:26 GMT - Tue, 06 Aug 2024 13:34:25 GMT

File type
HTML document, ASCII text, with no line terminators
Size
245 B (245 bytes)
Hash
49a344fb5eebd40be6afda27648192e1
7726f75d3cb7513f4fc2c14b4ef74ba8d207720f
8be16ceb16f314d5ccfe590d74e95c0bd9f0784734ccb8e5a2dcde2350c133fd

HTTP Headers

GET /flurryn.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 170964
last-modified: Tue, 04 Jun 2024 20:12:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=isDaAC1o5pxLPA%2BA5eOlFYplNBZpOvmNc5IofgSuTeom%2BndpLOWcZuFN10dvOvswD9swTi8tYxf1okkFboLLx%2FMSlvQW3ZvFF2XTecz3I1UYsy3VchF9GMBkLWiR%2B8up1H5Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae163ac1b56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xml.adxfactory.com/redirect?feed=472841&auth=wtoFWi&subid=adxgeo&query=adxgeo&url=adxfactory.com

173.239.53.17

302 Found

0 B

URL GET HTTP/1.1
xml.adxfactory.com/redirect?feed=472841&auth=wtoFWi&subid=adxgeo&query=adxgeo&url=adxfactory.com
IP
173.239.53.17:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectadxfactory.com
FingerprintD9:B5:CC:E8:5D:7F:DB:8F:C9:8C:01:36:19:D5:C8:90:26:0F:1B:42
ValidityMon, 22 Apr 2024 06:36:41 GMT - Sun, 21 Jul 2024 06:36:40 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=472841&auth=wtoFWi&subid=adxgeo&query=adxgeo&url=adxfactory.com HTTP/1.1
Host: xml.adxfactory.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://osfultrbriolenai.info/redirect?tid=1038172

thenetwork18.net/adf2.html

188.114.96.1

200 OK

246 B

URL GET HTTP/3
thenetwork18.net/adf2.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with no line terminators
Size
246 B (246 bytes)
Hash
16554a2bcd94dc7134fb7c019b04fe40
554850a75fe7859f6ec2d58248ae8a8a1fe40489
1c4521dbd8a1f2645769fe05c773e7036d632569cbe7f5394d9136699bc16805

HTTP Headers

GET /adf2.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 176595
last-modified: Tue, 04 Jun 2024 18:38:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tDp%2FPBCD4KeGdH8IczOWeX%2FwAU62z0x2HwGOXfw6nw8rV7221JHmdVOoKzHlp6%2F%2F2MWGFHDsleZMHn2CW8mLV%2FmXHhz4UO0j8Iq7o69A%2FVvZvxNY8NvuXBnlV7jcVw%2Bq1nHi"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae169bd15568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

sub.votreimc.com/eximdigitalm1.html

172.67.222.136

200 OK

269 B

URL GET HTTP/2
sub.votreimc.com/eximdigitalm1.html
IP
172.67.222.136:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectvotreimc.com
FingerprintA0:63:D6:21:9B:BF:4E:4B:16:71:5E:18:72:C2:54:E2:91:00:77:82
ValidityMon, 20 May 2024 01:52:50 GMT - Sun, 18 Aug 2024 01:52:49 GMT

File type
HTML document, ASCII text, with no line terminators
Size
269 B (269 bytes)
Hash
33c27f254b09173792eb326926127987
589eed942ef71bca0dfd358c7b2e6f75c93a4940
99d640d50a437a9d501e52219814c971ee5c91526d4ac16ec3b192551a148bc7

HTTP Headers

GET /eximdigitalm1.html HTTP/1.1
Host: sub.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: A29EDE66:E1AE_91EF25A2:0050_665F5F23_A943C:1041
x-iplb-instance: 52335
cf-cache-status: HIT
age: 176585
last-modified: Tue, 04 Jun 2024 18:38:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tB9ZgYgVcn3s%2BVAkGG%2FjpSWwKpx1efnEvKsf%2Bg4w5M6SWUJdQXp6s6aXx6ivU75NUcyvcgbTj2yiLPCchbAHKyUo8l1vDDyeJ68zIcLIkATtnOs4xqF0PEl7l0YQtH%2B2EK07"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae165eb1c56be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

becast.onionlive.workers.dev/

172.67.141.108

200 OK

1.4 kB

URL GET HTTP/2
becast.onionlive.workers.dev/
IP
172.67.141.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectonionlive.workers.dev
Fingerprint47:76:5D:C5:12:3C:C2:68:72:9E:1E:79:C9:B5:09:72:24:11:B4:C0
ValidityThu, 02 May 2024 00:33:08 GMT - Wed, 31 Jul 2024 00:33:07 GMT

File type
HTML document, ASCII text, with very long lines (1382), with no line terminators
Size
1.4 kB (1370 bytes)
Hash
f00afc8448987fa11d44221fa5292cae
9f4c400dce037e70bcb6db008b9419b99bdcb42e
1363ed26fa6dfa94a18ffef1fc03bf9e8be0ea9e769c641dd052bc8b77fc6891

HTTP Headers

GET / HTTP/1.1
Host: becast.onionlive.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:35 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n98kMNyScx6iDt3LKJPrRHsM2MjZ2IyWRrJ%2BnNeEq60n%2B%2BBwxobZQCvgvyLHReAzD6xxzonBhDKKwMSlRsyDm%2BC%2FML%2B9uwxQw968pjkHxZf%2BiEzbhzvmmwEtFUwq935YJfFZeyoaXaCNitonxzmZ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae177ec745693-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

animewatch.onionlive.workers.dev/

172.67.141.108

200 OK

1.8 kB

URL GET HTTP/3
animewatch.onionlive.workers.dev/
IP
172.67.141.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectonionlive.workers.dev
Fingerprint47:76:5D:C5:12:3C:C2:68:72:9E:1E:79:C9:B5:09:72:24:11:B4:C0
ValidityThu, 02 May 2024 00:33:08 GMT - Wed, 31 Jul 2024 00:33:07 GMT

File type
HTML document, ASCII text, with very long lines (1795), with no line terminators
Size
1.8 kB (1769 bytes)
Hash
9dc1e04cc7affd8cf80ad5feefa89210
4c11c71a6f83138bd24602a1c996ad82364573b1
654082713403f7d1acc1d1fdfb9fca90222fd0a411be1fb02f64e973cdf054b5

HTTP Headers

GET / HTTP/1.1
Host: animewatch.onionlive.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:36 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0ABis59HPAK%2BTKQdsqInQZa9MSTckkocDldukQ9WuSHmwYL%2B8Lvm65GYWE%2FbjuE7Pq1vRskABoUuh0UpjrFOsBHLF7IJhJv55gHBgYN2wDOCSEueZ9jJQ3zf4NgnPrLjYIghqhshje7FTOmON7d0psmIKg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae181fda15690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

redirect3.online/flurryn1.html

104.21.55.170

200 OK

247 B

URL GET HTTP/2
redirect3.online/flurryn1.html
IP
104.21.55.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectredirect3.online
Fingerprint70:1D:49:04:18:5B:85:75:DF:E6:92:91:45:CD:4D:7D:5F:4E:67:73
ValidityWed, 08 May 2024 13:34:26 GMT - Tue, 06 Aug 2024 13:34:25 GMT

File type
HTML document, ASCII text, with no line terminators
Size
247 B (247 bytes)
Hash
f40ce66e2552aded08420b10779c681f
e68b9378502459f5cf43995706913acace1339dd
3f0f6061362432681354ebf5fb3783e08a73083ad36dd22a7078ddac66a7d22c

HTTP Headers

GET /flurryn1.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 176594
last-modified: Tue, 04 Jun 2024 18:38:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BShxRKDvGM2gxXYCQO8h99%2BuGeV66JLt1Wbmk2zsz4foQPWtZo5gilnhCcILwZF8sf2JvHeHt1q0rMkLfQ3HgCnW%2BCS6kwAEHRBk8xqw3%2F0maz%2F7ouPy1GcGidZTsPAgj6YH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae163ac1256af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

thenetwork18.net/adtu2.html

188.114.96.1

200 OK

260 B

URL GET HTTP/3
thenetwork18.net/adtu2.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with no line terminators
Size
260 B (260 bytes)
Hash
3003b48144f86da375ba22f24a2ab080
9360365acf5416742708bdf6c682602a97297e80
928d0b584f26f5e71dcaa7c5a379f3db78ad4e857c8106d5cf1295c31673e517

HTTP Headers

GET /adtu2.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 180889
last-modified: Tue, 04 Jun 2024 17:26:44 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8guw3TEnzi5pTSJcmCaVbLUBOoIB8XnPkCRlVAloHnc0%2B462KNmjZjBVei5b7G9K7qHRUaHA%2FIu4vKdZJCrQAFUhSAvsFu%2FPAIe8xTXermBVT3j8Tk5J6R8mtgxg4XD0kQup"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae169dd62568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

go.krkstrk.com/?userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&targetDomain=cambaddies.com&memberId=33e737aa-ec4d-4467-90cb-f53d523fb241&sourceId=15734&p1=64257&p2=79559&p3=36016&no_bb=1

0.0.0.0

0 B

URL GET
go.krkstrk.com/?userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&targetDomain=cambaddies.com&memberId=33e737aa-ec4d-4467-90cb-f53d523fb241&sourceId=15734&p1=64257&p2=79559&p3=36016&no_bb=1
IP
0.0.0.0:0
ASN
#0

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectkrkstrk.com
Fingerprint8D:CB:30:C3:0F:2D:75:7D:7C:B1:3E:DF:39:33:C6:C1:E9:B5:8A:CE
ValidityThu, 23 May 2024 20:49:59 GMT - Wed, 21 Aug 2024 20:49:58 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /?userId=a29e4fa1023dd45be975c4ab2c3f63fc721842490735020a0d0703eb57f7300d&targetDomain=cambaddies.com&memberId=33e737aa-ec4d-4467-90cb-f53d523fb241&sourceId=15734&p1=64257&p2=79559&p3=36016&no_bb=1 HTTP/1.1
Host: go.krkstrk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

ww8.good-trading.com/images/logo.png

188.114.96.1

200 OK

7.8 kB

URL GET HTTP/3
ww8.good-trading.com/images/logo.png
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectgood-trading.com
Fingerprint59:DD:2C:C9:13:23:AC:32:93:BB:CF:20:AD:72:38:9F:17:4D:33:6E
ValiditySat, 13 Apr 2024 23:06:54 GMT - Fri, 12 Jul 2024 23:06:53 GMT

File type
PNG image data, 228 x 75, 8-bit/color RGBA, non-interlaced
Size
7.8 kB (7752 bytes)
Hash
9c908bdd523d99b87f5c78a0f967558b
fc5553e0bdfaefcbf074920f27f2021fcc660eab
9ed55d1c02a973f42b56ee7bea32394cdf62984179b4e2b7b86ab2fdfe9e669f

HTTP Headers

GET /images/logo.png HTTP/1.1
Host: ww8.good-trading.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:31 GMT
content-type: image/png
content-length: 7752
last-modified: Sun, 07 May 2023 09:29:44 GMT
cache-control: public, max-age=86400
expires: Fri, 07 Jun 2024 14:23:54 GMT
x-iplb-request-id: A29EDE21:9922_91EF25A2:0050_66311AAA_2A23A:6737
x-iplb-instance: 52295
cf-cache-status: HIT
age: 19057
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FEzNrNMXZbxFkRfEUe9AReZ5wvuk5rhqV0NSDQ5iGSxFna7cAdmup2r69PUkhHPNz%2FGbe%2BzOu7rP2A2qP%2F%2FFw7N7cxmRXS%2B0W6hRabnsApFekWs%2F9jOgHtsY9T8GCEJxI9wKPzpvAA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae162ca520afe-OSL
alt-svc: h3=":443"; ma=86400

thenetwork18.net/trackif.html

188.114.96.1

200 OK

259 B

URL GET HTTP/2
thenetwork18.net/trackif.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with no line terminators
Size
259 B (259 bytes)
Hash
676f6e3656c08b45fd592bfbf791038e
ff935a58582a9ed92aae5044f05f86de4248284e
2d6c0972838242947554a0e9da39a1ff8cd6e852c6ec79f65ba37e28eb5b2dd2

HTTP Headers

GET /trackif.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 25054
last-modified: Thu, 06 Jun 2024 12:43:58 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=umFSFJ32XfSpdV1BwK0T%2BcVm4kk3abNPKuznPxLXRi9BZ7031Q95MtX4qe5j%2BDfycSwmkR7lVoS8%2FllEGCDjv6OaNSixY6V9yg%2BEmXs%2FUokLFZaJ9pa9NzIE2Cs5Kc%2B2t6Tu"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1637c2756c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

serveur-minecraft.com/3013

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/3013
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /3013 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:35 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: aqwRAgulPHoBMslpNfGzVMNKjJljKFp2DoirkzyLIfojDxY9TcAnVK+Ode2LkJxcYfvu9uldUHnAQ6YK1ZdvQSU2bCBvsfpTLN98+tdJGKEwKZZ2Uf66IgSXnj4ib5sONk2ml/oAOR1JsbEmgjL6HA==$HwcKZf3GBZfXPKGUdPKCKg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tvuByE%2BLPVj1y3v5pgSTwtq%2BhWWpxK4JXQYfJdprvx85RI6YvHlpPV0%2BUHASwlepJll9%2BCzlB%2BYarbl9GzYspOdsYte4buPp4nzusZQDOQmMeHYgC3M1OM%2FtKOJ2gbsUwAUeUly6qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1780beb56b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

serveur-minecraft.com/1816

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/1816
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1816 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: UYn/mq7jQLdaqTOMW0nCvaft0JL+TFNqxcC80FBHI7AVVpfT9/RlyskgQ15JbXGU4EIBSYdtu6F/36sqWmu54fpwlfLj0dRHMaJLYWGHaZ9f61L+3EuDUUlsNm0pS1z89BHlOKqbnGoPKiMDcuKSEw==$3QZYlOkzxhXkUnVoNj5q9w==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bhz9pMPPGKL3XqQejpXCTWxNe5%2F2bJe%2FBF1Resd7DW8JaGZcM6Zp1YYap%2FFwPKE44KevxNkNNqCUQlXLZUbTgtSIQGpii%2BYia5yTWyYpPKcHsRsCFq7j5fqu1KUjRiJW50vlPTGujA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae191df2756b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

u-40735.topduppy.info/api/rtb-pops/go?id=3061522176558959&sig=36e18c918e36720aa2ff5e32b8a857&u=aHR0cHM6Ly91cy52aWxpdHJhbS5jb20vbnR5L3Bvc3RiYWNrL2NsaWNrP2tleT12Mi0xNzE3NzAyODk0OTgyLTQtNjkyNS05OTk4MDAtMzNhMmUwYjUtYWM2Mi0zMTU1LWY3NjItMWFlYzljOWI0YTBk&redirect=js

188.114.96.1

200 OK

303 B

URL GET HTTP/2
u-40735.topduppy.info/api/rtb-pops/go?id=3061522176558959&sig=36e18c918e36720aa2ff5e32b8a857&u=aHR0cHM6Ly91cy52aWxpdHJhbS5jb20vbnR5L3Bvc3RiYWNrL2NsaWNrP2tleT12Mi0xNzE3NzAyODk0OTgyLTQtNjkyNS05OTk4MDAtMzNhMmUwYjUtYWM2Mi0zMTU1LWY3NjItMWFlYzljOWI0YTBk&redirect=js
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjecttopduppy.info
Fingerprint22:39:87:A0:B7:0E:D5:BB:69:DF:ED:85:37:DD:6A:6C:C7:25:E2:FF
ValiditySun, 19 May 2024 12:44:23 GMT - Sat, 17 Aug 2024 12:44:22 GMT

File type
JavaScript source, ASCII text, with very long lines (319), with no line terminators
Size
303 B (303 bytes)
Hash
8039aa7e564b71fc18edf008b5bbc95d
b53caba17f79bcf6fe0b3188f0da5c2a08b5a113
310e21692e793a3855b2ca7b29aa4916a47172ed4ab4d34e357bd8c5e650e421

HTTP Headers

GET /api/rtb-pops/go?id=3061522176558959&sig=36e18c918e36720aa2ff5e32b8a857&u=aHR0cHM6Ly91cy52aWxpdHJhbS5jb20vbnR5L3Bvc3RiYWNrL2NsaWNrP2tleT12Mi0xNzE3NzAyODk0OTgyLTQtNjkyNS05OTk4MDAtMzNhMmUwYjUtYWM2Mi0zMTU1LWY3NjItMWFlYzljOWI0YTBk&redirect=js HTTP/1.1
Host: u-40735.topduppy.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:35 GMT
content-type: text/html; charset=UTF-8
set-cookie: pop-u-id=a5ed0a6e450ab6228bdda831b9f31632a%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22pop-u-id%22%3Bi%3A1%3Bs%3A33%3A%22dc26782a937912f526d0857215db6ed83%22%3B%7D; expires=Tue, 05-Jun-2029 19:41:35 GMT; Max-Age=157680000; path=/; HttpOnly; SameSite=None
pop-u-uni-dc2678=d868806d8b779204f967f45534c862b0a%3A2%3A%7Bi%3A0%3Bs%3A16%3A%22pop-u-uni-dc2678%22%3Bi%3A1%3Bs%3A2%3A%22no%22%3B%7D; expires=Fri, 07-Jun-2024 19:41:35 GMT; Max-Age=86400; path=/; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w6mASV0hn7qou17kitFhgGirfxK%2F%2F9nYbfZdENWz5Kql0erKEyI58Umemeda60Rz8XMTPCC1C4J4xIuXzplWj2HjO3QvsESinJ5cNKZ42c8QdZBQAj%2FEdHj5wrVTdJnWc%2Fq7cnUmhgU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1781d200b06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

meetbenjen.com/in/p/?spot_id=808402&cat=25&sub_id=1804254931

109.206.163.116

200 OK

0 B

URL GET HTTP/2
meetbenjen.com/in/p/?spot_id=808402&cat=25&sub_id=1804254931
IP
109.206.163.116:443
ASN
#50245 Serverel Inc.

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectmeetbenjen.com
Fingerprint6F:0E:74:E5:CA:A4:DB:42:D9:1B:66:1B:AB:A6:18:A4:80:FA:E1:32
ValidityTue, 09 Apr 2024 22:46:15 GMT - Mon, 08 Jul 2024 22:46:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/p/?spot_id=808402&cat=25&sub_id=1804254931 HTTP/1.1
Host: meetbenjen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 06 Jun 2024 19:41:36 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding, *
set-cookie: 1095.0=1; expires=Fri, 07 Jun 2024 19:41:37 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

redirect3.online/adx.html

104.21.55.170

200 OK

241 B

URL GET HTTP/3
redirect3.online/adx.html
IP
104.21.55.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectredirect3.online
Fingerprint70:1D:49:04:18:5B:85:75:DF:E6:92:91:45:CD:4D:7D:5F:4E:67:73
ValidityWed, 08 May 2024 13:34:26 GMT - Tue, 06 Aug 2024 13:34:25 GMT

File type
HTML document, ASCII text, with no line terminators
Size
241 B (241 bytes)
Hash
cc9561e64199e10a3abf420c1d27a6f3
2c75b5508398b8aa3662bc22d134f92fad2d3b48
858cb4015d75fec2aa32947be9c0d82cabb3d63378d3a4a176919e4e014abe26

HTTP Headers

GET /adx.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 176594
last-modified: Tue, 04 Jun 2024 18:38:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oop6f0yU0OiJ9bnd%2F%2BJ6uYHAixFWEk1ZUhirDbcJhQ3i5rLZ6DrlxqM9SrgbS6SaCk3PfunRHEi3EqQhSPfzIMuCxIHUf%2BT3QKRY4BwcZ7fH%2BdkwU6qU0W4XhOTCdOUO%2BLuR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1689d2e56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

thenetwork18.net/clickmia.html

188.114.96.1

200 OK

252 B

URL GET HTTP/3
thenetwork18.net/clickmia.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with no line terminators
Size
252 B (252 bytes)
Hash
f0f9d17e9cb0433a8333b142898241dd
bb050cf7f925812cbb03cc40b121ee19a60cc7c9
28fff621fc5340411871d42c4b83a005d89f33e8b0ccc6abbb1758d4d5277305

HTTP Headers

GET /clickmia.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 180900
last-modified: Tue, 04 Jun 2024 17:26:33 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EvxA6LJmZQsx%2BoQRerAECvWEfM4Yo%2BHgw1PUKlwm6YZu0Ae0CSjeWEXxrx9CJasMpezpcMuqhzQN6CZRJtZ4lp3vpBCGorlXw16V9drE6BAcLg1ihgvTPsSSgYkFVsv0nmwq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae169dd56568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

becast.onionlive.workers.dev/

172.67.141.108

200 OK

1.4 kB

URL GET HTTP/3
becast.onionlive.workers.dev/
IP
172.67.141.108:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectonionlive.workers.dev
Fingerprint47:76:5D:C5:12:3C:C2:68:72:9E:1E:79:C9:B5:09:72:24:11:B4:C0
ValidityThu, 02 May 2024 00:33:08 GMT - Wed, 31 Jul 2024 00:33:07 GMT

File type
HTML document, ASCII text, with very long lines (1382), with no line terminators
Size
1.4 kB (1370 bytes)
Hash
f00afc8448987fa11d44221fa5292cae
9f4c400dce037e70bcb6db008b9419b99bdcb42e
1363ed26fa6dfa94a18ffef1fc03bf9e8be0ea9e769c641dd052bc8b77fc6891

HTTP Headers

GET / HTTP/1.1
Host: becast.onionlive.workers.dev
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:37 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zUVK72xJ7h6HV4BOwviHjsR4LBIlf9NEwH7agjaeH8p9ieJJm%2BsfspJqFWbRrmYPAouX9BXZPYL87AUKg9Zs1pmiIiZhBQEtpX3Ii%2B0b%2BeXv8irnpFkjkDcxgmkI2YyACaD9LF9wQaqxUnS3PfYn"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1827ea85690-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

offmantiner.com/4/6120639/

139.45.197.245

200 OK

0 B

URL GET HTTP/2
offmantiner.com/4/6120639/
IP
139.45.197.245:443
ASN
#9002 RETN Limited

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectoffmantiner.com
FingerprintD7:99:54:4F:68:91:39:12:41:98:52:CC:F1:74:C6:3C:1F:93:F3:04
ValidityMon, 25 Mar 2024 05:10:58 GMT - Sun, 23 Jun 2024 05:10:57 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /4/6120639/ HTTP/1.1
Host: offmantiner.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://becast.onionlive.workers.dev/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
date: Thu, 06 Jun 2024 19:41:37 GMT
content-type: text/html; charset=utf8
x-trace-id: 422849fd24ae107922dc40240ab2faf7
link: <https://yonmewon.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://adserving.unibet.com>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00807344485d4961ef825e41e5221302; expires=Fri, 06 Jun 2025 19:41:37 GMT; path=/; secure; SameSite=None
oaidts=1717702897; expires=Fri, 06 Jun 2025 19:41:37 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2

sub.votreimc.com/adzgameadu1.html

172.67.222.136

200 OK

260 B

URL GET HTTP/2
sub.votreimc.com/adzgameadu1.html
IP
172.67.222.136:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectvotreimc.com
FingerprintA0:63:D6:21:9B:BF:4E:4B:16:71:5E:18:72:C2:54:E2:91:00:77:82
ValidityMon, 20 May 2024 01:52:50 GMT - Sun, 18 Aug 2024 01:52:49 GMT

File type
HTML document, ASCII text, with no line terminators
Size
260 B (260 bytes)
Hash
fa50339bd08e4dcd47f223c1a8be50a8
bafc96d2e2aff92303f6a33ba626cc58d9c21fd0
b0fd1bb8a5a562dcd480e4c3ffceaa6c60b630e097a777c4546fd840b51a23d6

HTTP Headers

GET /adzgameadu1.html HTTP/1.1
Host: sub.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: A29EDE43:3B2E_91EF25A2:0050_665F7510_360A7:6B70
x-iplb-instance: 52324
cf-cache-status: HIT
age: 170972
last-modified: Tue, 04 Jun 2024 20:12:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2rcCwmgD5Pqh1NSuiB91AFDGsWEwyD7Zeh6gzwAhOcvhrhFK6LibzNiZ5wlCnQfKyqFfOyWfSTziUy9ygnfH18whNs1xdo7%2FMp7EdH39g7CCmOobsaRMRXLdTtH%2BRz8xxkh2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae165096c56be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

u-11999.topduppy.info/api/rtb-pops/go?id=3069522170916610&sig=3430d7c72c244bdbe31db05f11467f&u=aHR0cHM6Ly9yaWNodG9tYXRvcy5jb20vaW4vcD9zcG90X2lkPTU3NDUxNiZjYXQ9MjUmc3ViX2lkPTE4NjI2OTY3MjI%3D

188.114.96.1

302 Found

0 B

URL GET HTTP/3
u-11999.topduppy.info/api/rtb-pops/go?id=3069522170916610&sig=3430d7c72c244bdbe31db05f11467f&u=aHR0cHM6Ly9yaWNodG9tYXRvcy5jb20vaW4vcD9zcG90X2lkPTU3NDUxNiZjYXQ9MjUmc3ViX2lkPTE4NjI2OTY3MjI%3D
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjecttopduppy.info
Fingerprint22:39:87:A0:B7:0E:D5:BB:69:DF:ED:85:37:DD:6A:6C:C7:25:E2:FF
ValiditySun, 19 May 2024 12:44:23 GMT - Sat, 17 Aug 2024 12:44:22 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /api/rtb-pops/go?id=3069522170916610&sig=3430d7c72c244bdbe31db05f11467f&u=aHR0cHM6Ly9yaWNodG9tYXRvcy5jb20vaW4vcD9zcG90X2lkPTU3NDUxNiZjYXQ9MjUmc3ViX2lkPTE4NjI2OTY3MjI%3D HTTP/1.1
Host: u-11999.topduppy.info
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 302 Found
date: Thu, 06 Jun 2024 19:41:37 GMT
content-type: text/html; charset=UTF-8
location: https://richtomatos.com/in/p?spot_id=574516&cat=25&sub_id=1862696722
referrer-policy: no-referrer
set-cookie: pop-u-id=a5ed0a6e450ab6228bdda831b9f31632a%3A2%3A%7Bi%3A0%3Bs%3A8%3A%22pop-u-id%22%3Bi%3A1%3Bs%3A33%3A%22dc26782a937912f526d0857215db6ed83%22%3B%7D; expires=Tue, 05-Jun-2029 19:41:37 GMT; Max-Age=157680000; path=/; HttpOnly; SameSite=None
pop-u-uni-dc2678=d868806d8b779204f967f45534c862b0a%3A2%3A%7Bi%3A0%3Bs%3A16%3A%22pop-u-uni-dc2678%22%3Bi%3A1%3Bs%3A2%3A%22no%22%3B%7D; expires=Fri, 07-Jun-2024 19:41:37 GMT; Max-Age=86400; path=/; HttpOnly; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FWC9ZStxocEnOCbNQw4KAU0g2qlkMtmHstr5pc24XCgzpAfZwFUM89rn9xRdU99Rv5YFXQ8Vp8uyn8zIbWbe80PwHo%2BziFnloK3oz1P76BaRmb58y9Ran5HMspx%2F%2BlQHQq%2FXSH1dl6E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1844f51b518-OSL
alt-svc: h3=":443"; ma=86400

meetbenjen.com/in/p/?spot_id=818548&cat=25&sub_id=1445607428

109.206.163.116

200 OK

0 B

URL GET HTTP/2
meetbenjen.com/in/p/?spot_id=818548&cat=25&sub_id=1445607428
IP
109.206.163.116:443
ASN
#50245 Serverel Inc.

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectmeetbenjen.com
Fingerprint6F:0E:74:E5:CA:A4:DB:42:D9:1B:66:1B:AB:A6:18:A4:80:FA:E1:32
ValidityTue, 09 Apr 2024 22:46:15 GMT - Mon, 08 Jul 2024 22:46:14 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /in/p/?spot_id=818548&cat=25&sub_id=1445607428 HTTP/1.1
Host: meetbenjen.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.20.1
date: Thu, 06 Jun 2024 19:41:36 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
vary: Accept-Encoding, *
set-cookie: 1095.0=1; expires=Fri, 07 Jun 2024 19:41:37 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2

thenetwork18.net/adfa.html

188.114.96.1

200 OK

248 B

URL GET HTTP/3
thenetwork18.net/adfa.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with no line terminators
Size
248 B (248 bytes)
Hash
676b4b3cf64885b970df3b326c238072
a5b6007f44271cc213f329bcb8f26aa7c9d87d04
037457d8c17ebb41e696bea61c94cc9279d2598dd4bfc840f94184175cbedbd5

HTTP Headers

GET /adfa.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 185008
last-modified: Tue, 04 Jun 2024 16:18:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z6%2BptB%2Fn0YfvgdS0lcndR3nAWjz4Q6vWcBXbXr%2FiO%2BjQSLj3P72nsnlPWzosxEbesgYJHdK7tOz1S1kad0ZcrKlvmMlRxBqqHMR9og1jbE25j5Vd40hWqxHIMeRhQyV%2F8cXq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1690c15568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

kv.outheelrelict.com/injYADTshJ0jHhYKc/QrOEQ

0.0.0.0

0 B

URL GET
kv.outheelrelict.com/injYADTshJ0jHhYKc/QrOEQ
IP
0.0.0.0:0
ASN
#0

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Detections

Analyzer	Verdict	Alert
Quad9 DNS	malicious	Sinkholed

HTTP Headers

GET /injYADTshJ0jHhYKc/QrOEQ HTTP/1.1
Host: kv.outheelrelict.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

serveur-minecraft.com/2419

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/2419
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /2419 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: SrFMHUft9WCIr2/ATZ645dwC+wF8RRE72gBdAn7xt4SRX3mFd4d9yu/p7DEzH+URMVgHhstlM06q6tvJPwau+vhTFs0PRuAfpDg0nHYqm1ZpiG/d5gg3LcMECRGT2D4r49KXRL8xba+w1HJwG15VAg==$zs5mgIZbnkcoxYXPgvlxUg==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8AUg2x9S%2BL2vw54VqcNauU50nVfjiWPILeVcHsvpRVCV7ip%2FobOa47srjwPxLLg3Q%2F101ha%2F47VletwWX8KfFL8oCVb%2FakMAYVpq8ZanlqOaT3NQfr7BM96GUS6g2x2v8pQqAi9n9A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1945b8556b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

sub.votreimc.com/eximdigitalbis1.html

172.67.222.136

200 OK

275 B

URL GET HTTP/2
sub.votreimc.com/eximdigitalbis1.html
IP
172.67.222.136:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectvotreimc.com
FingerprintA0:63:D6:21:9B:BF:4E:4B:16:71:5E:18:72:C2:54:E2:91:00:77:82
ValidityMon, 20 May 2024 01:52:50 GMT - Sun, 18 Aug 2024 01:52:49 GMT

File type
HTML document, ASCII text, with no line terminators
Size
275 B (275 bytes)
Hash
4be7b5bb7cc29981469c348bc8e0eb6e
7e478c578b050f804201f5a6e14060eb1bd9d040
e3fbadf0af8e829e4467e94598f6787ff2051ad632016a99cdf000c30db14804

HTTP Headers

GET /eximdigitalbis1.html HTTP/1.1
Host: sub.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: A29EDE16:3162_91EF25A2:0050_665F5F23_A9453:1041
x-iplb-instance: 52335
cf-cache-status: HIT
age: 176585
last-modified: Tue, 04 Jun 2024 18:38:27 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dKPS269ruL0EmTqxoylIdesJP1psugDolv0C4GGTVSmZYymsvF6zyhn1MpvOLMR9r5ySQidwwd%2B45t8J7qPK1Aka8eESBDbuZ4TCsCqM0Avk2Rwh1TYGllvKT65cgbnvJ9dk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1668c6556be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

redirect3.online/rtba.html

104.21.55.170

200 OK

241 B

URL GET HTTP/3
redirect3.online/rtba.html
IP
104.21.55.170:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectredirect3.online
Fingerprint70:1D:49:04:18:5B:85:75:DF:E6:92:91:45:CD:4D:7D:5F:4E:67:73
ValidityWed, 08 May 2024 13:34:26 GMT - Tue, 06 Aug 2024 13:34:25 GMT

File type
HTML document, ASCII text, with no line terminators
Size
241 B (241 bytes)
Hash
d740c3f589d8011f9dd2c264789de848
7bc8aa03f0b106d8d56c7de95cb60176b9abaf1e
e81f7f20e447d14f2536f2059cfad2422efce20ea56d1bc5b2f4ca4058564f9b

HTTP Headers

GET /rtba.html HTTP/1.1
Host: redirect3.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 170973
last-modified: Tue, 04 Jun 2024 20:11:59 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sYaPSGf8N1G0BnY%2FTtQgJicYaIQ7nt1Fxwd%2FKpuZgVDPov0lgjGCqVGhHVSZakiTBlZTqvFJCd4GHNNZGtKvcHlk8HY3kPshrhxggiD%2Bx7ZQb8jJMy71zz1Cn19x7Qw5lYfl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae168ee1856af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

www.animezeno.sbs/

188.114.97.1

200 OK

1.4 kB

URL GET HTTP/2
www.animezeno.sbs/
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectanimezeno.sbs
FingerprintD1:88:3B:4F:6E:24:62:91:E5:7C:D7:4B:24:7E:37:2C:B4:E6:81:07
ValidityFri, 12 Apr 2024 00:39:53 GMT - Thu, 11 Jul 2024 00:39:52 GMT

File type
HTML document, ASCII text, with very long lines (1380), with no line terminators
Size
1.4 kB (1368 bytes)
Hash
be42cb30510e54f37a69e2c5f244a5fd
982132974a70f7fbb26f4de4f0d29f78fc960c4c
ff4814e83aad096af9d3ddfb373f00d40d170c57169edff731511efa661063f9

HTTP Headers

GET / HTTP/1.1
Host: www.animezeno.sbs
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:37 GMT
content-type: text/html;charset=UTF-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dlvaGmdBn0ATg8JzXe3K4p4MPOIG0mgxqreyEs3YxZ4JwTpAfmQF6Mh%2B1C0Xwu0K%2Bp0Yujse%2BfiuSlki7Dhy8eDwiUUm3%2Bjcl0c%2B%2ForGo4a8mhIljQIKcvP9dP%2BLCj7D%2Bv%2Fmgw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1827f095694-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

serveur-minecraft.com/1751

104.26.11.195

403 Forbidden

0 B

URL GET HTTP/2
serveur-minecraft.com/1751
IP
104.26.11.195:443
ASN
#13335 CLOUDFLARENET

Requested by
https://allotraffic.site/
Certificate
IssuerGoogle Trust Services LLC
Subjectserveur-minecraft.com
Fingerprint29:2C:5D:41:8F:D8:FC:96:C2:35:C7:39:CA:61:E1:FD:25:3B:EC:3A
ValidityTue, 21 May 2024 17:11:52 GMT - Mon, 19 Aug 2024 17:11:51 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /1751 HTTP/1.1
Host: serveur-minecraft.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 403 Forbidden
date: Thu, 06 Jun 2024 19:41:39 GMT
content-type: text/html; charset=UTF-8
accept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
critical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: same-origin
origin-agent-cluster: ?1
permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()
referrer-policy: same-origin
x-content-options: nosniff
x-frame-options: SAMEORIGIN
cf-mitigated: challenge
cf-chl-out: HCRvjxhv958ORQ63CHM7cMyhxidGSk2SiCKOBoayhaA2vr8xohTTS18Cn3vebO7PFQlsdiZAXJt9i1QXc4YkD+e59sjaB2VKBIJ+kRhw4ySJOoj4CVXSbxtvM4uPjJCWi6WMmcU/yJrMtwnWNq2/Iw==$AEVpm8k7OEaRskim75kPOA==
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nqQGbRkR%2FGr2%2FZBJAfdG7VnDaWQqP2dYalBzeWg%2BkMA9SMexJWManxpPBaEq94UoKx1jpeEOjORcpK4SsEQdCORMksbawh1JbmJB%2BY50Tr4OhWP9oZ9RHutoS%2FWUhntAjJXUQABq4g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 88fae1916e6056b7-OSL
content-encoding: br
X-Firefox-Spdy: h2

thenetwork18.net/adf1.html

188.114.96.1

200 OK

248 B

URL GET HTTP/3
thenetwork18.net/adf1.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with no line terminators
Size
248 B (248 bytes)
Hash
ab658f556be01dcd15dc530c96819083
9a3e77b04356ad5ccca63d03a7bbb492c634ab6e
6e81875b493a7ca887edb71fae104fe87557678bb940a85be484ba714abe9a3a

HTTP Headers

GET /adf1.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ww8.good-trading.com/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/3 200 OK
date: Thu, 06 Jun 2024 19:41:33 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 185009
last-modified: Tue, 04 Jun 2024 16:18:04 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PNNHSwwIa8WiiaA2wLvutkcEQaNrDLjvuEfU9oSzgV8eUx59i2e%2FspG4i0v2I4uMINZ4wiSXHCu6%2FINk2jK%2Bxa4KBTYUPJYjEuenDB1Cs7XIWfgBlqQnAGpd6Ug%2FNc1aBafk"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1697cb7568a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400

ad-good.com/clixvistam1.html

188.114.97.1

200 OK

264 B

URL GET HTTP/2
ad-good.com/clixvistam1.html
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectad-good.com
Fingerprint35:39:65:61:62:1C:C1:02:7C:D0:9B:C7:C7:E2:56:C9:04:49:DB:BC
ValidityTue, 16 Apr 2024 08:07:22 GMT - Mon, 15 Jul 2024 08:07:21 GMT

File type
HTML document, ASCII text, with no line terminators
Size
264 B (264 bytes)
Hash
17a6cc2a9b69da6e623bb0fc49e23835
dfff386beb8bd8b56cb7d88c7216e5cecf35003f
bcddd0cee34ea5598924edf6d2983df8ca84a72668b68e5f4235e1ae8a7a4961

HTTP Headers

GET /clixvistam1.html HTTP/1.1
Host: ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 170972
last-modified: Tue, 04 Jun 2024 20:12:00 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QO8rl%2FCMD1vKEuI0BsjTww%2BnqXi84UiZRPhffK%2FEBq33o76jRRWRbikKte3IlxeTfhJ38IIeHJUw8EeZKwW%2BDkbgaHFbkrDyhAeWZ%2FNCzYQ4Xd%2F%2Bgp8KHjxZa3uGvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae168895756ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

thenetwork18.net/direct1.html

188.114.96.1

200 OK

443 B

URL GET HTTP/2
thenetwork18.net/direct1.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectthenetwork18.net
Fingerprint5E:F3:A7:71:BF:73:2C:89:DC:E4:BF:1C:49:44:63:AD:01:B2:FE:8C
ValiditySun, 19 May 2024 07:02:58 GMT - Sat, 17 Aug 2024 07:02:57 GMT

File type
HTML document, ASCII text, with very long lines (475), with no line terminators
Size
443 B (443 bytes)
Hash
ef98bf58e1d4c34e01b886836b004d5f
d1db9f67a4079eeac8e380bd1c6bccea9b60c28b
afa86642c7a3f9bc01dd563c424481ddf251ec3e70a22e559f72881b8ae4a800

HTTP Headers

GET /direct1.html HTTP/1.1
Host: thenetwork18.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 180894
last-modified: Tue, 04 Jun 2024 17:26:38 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8at83yL6Vyq6kxczFfN5UQH9ZGuteAaVCIj%2BvC7%2B4clEDpYK0HGalqSIwbShN8ip44vzD0Y4pFM71NQIb48C3BPg4aCikRepx8VDsQ7css0agvMb1e8i7a9eYe4bj9AWno9Z"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae1633bce56c5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ctrtraffic.me/media1.html

188.114.96.1

200 OK

262 B

URL GET HTTP/2
ctrtraffic.me/media1.html
IP
188.114.96.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectctrtraffic.me
Fingerprint41:38:F8:F4:61:98:B3:5D:E4:DE:43:4D:62:6A:4F:8B:CF:2F:67:70
ValidityTue, 21 May 2024 17:05:39 GMT - Mon, 19 Aug 2024 17:05:38 GMT

File type
HTML document, ASCII text, with no line terminators
Size
262 B (262 bytes)
Hash
e54d92b39e5456dbfe0efe2ef80ffdee
bc05a0ef67c49b849b4b6d7956fba50b66a58202
cb08464b825935db8446e2cfebc34b4cc7c5239f78f60b75d6a2c12152d7b88d

HTTP Headers

GET /media1.html HTTP/1.1
Host: ctrtraffic.me
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: 334B76A4:598C_5762B65C:01BB_665F41EC_42F9D310:5793
x-iplb-instance: 51780
cf-cache-status: HIT
age: 184064
last-modified: Tue, 04 Jun 2024 16:33:48 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ty1q8iH1PAHSCgdeGjv0zKzIGwpkLPn%2FuxaG9pRLOSjCenCt6KxFvNCuUy8OjmuKEcrxeoRRAQDg7NLOwUr8hoW4%2BQJJjfkhhCKyiheynfQ4k5kBe%2BvoIEIeYWYLbzql"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae163ea7fb50b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

xml.flurryad.com/redirect?feed=647218&auth=bVOVbk&subid=flurryn&query=flurryn&url=flurryadn.com

174.137.133.16

302 Found

0 B

URL GET HTTP/1.1
xml.flurryad.com/redirect?feed=647218&auth=bVOVbk&subid=flurryn&query=flurryn&url=flurryadn.com
IP
174.137.133.16:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectflurryad.com
Fingerprint1D:1D:69:90:EC:14:8C:A8:62:7B:9C:1C:56:4A:EA:D0:A0:82:8B:45
ValidityMon, 29 Apr 2024 06:46:17 GMT - Sun, 28 Jul 2024 06:46:16 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=647218&auth=bVOVbk&subid=flurryn&query=flurryn&url=flurryadn.com HTTP/1.1
Host: xml.flurryad.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 302 Found
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://meetbenjen.com/in/p/?spot_id=808402&cat=25&sub_id=1804254931

sub.votreimc.com/adzgamebis1.html

172.67.222.136

200 OK

261 B

URL GET HTTP/2
sub.votreimc.com/adzgamebis1.html
IP
172.67.222.136:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectvotreimc.com
FingerprintA0:63:D6:21:9B:BF:4E:4B:16:71:5E:18:72:C2:54:E2:91:00:77:82
ValidityMon, 20 May 2024 01:52:50 GMT - Sun, 18 Aug 2024 01:52:49 GMT

File type
HTML document, ASCII text, with no line terminators
Size
261 B (261 bytes)
Hash
9ad82899f9eff4a0da7c326ee73d5d28
56d7533c50de211799562421e3204c984fe9e9f0
c8bfb3a28a8ee9c08a2fdff29056c3b0f638bb6f43397ceddde7ebfa7a9221ae

HTTP Headers

GET /adzgamebis1.html HTTP/1.1
Host: sub.votreimc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
x-iplb-request-id: A29EDECC:D328_91EF25A2:0050_665F3E41_22ED4:74A1
x-iplb-instance: 52360
cf-cache-status: HIT
age: 185003
last-modified: Tue, 04 Jun 2024 16:18:09 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VsTjR70bZxrg56lS0TfiHQWLMdi8Bc5GKIJNTytqZd5V1IEDwT%2FJngI3bq05XfYhCb674pzMri5Mso9nWXeA6pvp67CYYrTe%2BuiL%2B7sdJQPKOjnJ5AGUfkvmPwPo15sIVbHs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae16539c756be-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ad-good.com/clixvistaa.html

188.114.97.1

200 OK

263 B

URL GET HTTP/2
ad-good.com/clixvistaa.html
IP
188.114.97.1:443
ASN
#13335 CLOUDFLARENET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerGoogle Trust Services LLC
Subjectad-good.com
Fingerprint35:39:65:61:62:1C:C1:02:7C:D0:9B:C7:C7:E2:56:C9:04:49:DB:BC
ValidityTue, 16 Apr 2024 08:07:22 GMT - Mon, 15 Jul 2024 08:07:21 GMT

File type
HTML document, ASCII text, with no line terminators
Size
263 B (263 bytes)
Hash
8a4caacf5ba17d8b8696c9bbcde6f18a
a183dc1a002ce3db04a078fd3e1f5882a86a5486
d98b58b3eccfa298ebb7f530ce81994647422545da2b5cd21352e09562348674

HTTP Headers

GET /clixvistaa.html HTTP/1.1
Host: ad-good.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 06 Jun 2024 19:41:32 GMT
content-type: text/html
vary: Accept-Encoding
cache-control: public, max-age=604800
cf-cache-status: HIT
age: 176594
last-modified: Tue, 04 Jun 2024 18:38:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9rem%2FFoJ%2B1LhRGli2AMU0QdZd%2F9SKDG8QKEaElEQ4T8LockEaB3wtPM5nKdxogOh%2Bj57t9n7D3Q6XNpmAlrRnkksDPFThYJyS5nFIXWgRnl0jv9CGjsEzZ7b9Nv02A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 88fae16828ab56ca-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

click.mediacpc.com/redirect?feed=599083&auth=0OICJo&subid=adult1&query=adult1&url=adult1.com

174.137.133.18

200 OK

0 B

URL GET HTTP/1.1
click.mediacpc.com/redirect?feed=599083&auth=0OICJo&subid=adult1&query=adult1&url=adult1.com
IP
174.137.133.18:443
ASN
#27257 WEBAIR-INTERNET

Requested by
https://ww8.good-trading.com/index.php?good-j&f=265753
Certificate
IssuerLet's Encrypt
Subjectmediacpc.com
Fingerprint48:45:39:98:2A:E1:04:9F:C6:EF:EC:81:26:CD:FA:18:CF:99:85:8C
ValidityThu, 11 Apr 2024 06:39:47 GMT - Wed, 10 Jul 2024 06:39:46 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /redirect?feed=599083&auth=0OICJo&subid=adult1&query=adult1&url=adult1.com HTTP/1.1
Host: click.mediacpc.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 06 Jun 2024 19:41:35 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (16)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by