8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

18.158.88.249:443

GET /e7e6d84d-dd64-4aa4-8f0f-5bdfaa2f4241?c2=26233199&c1=affC1627173381afffd2af35354513a069a251 HTTP/2.0
host: frookshop-winsive.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

HTTP/2.0 200
server: nginx
date: Fri, 12 Jan 2024 15:02:53 GMT
content-type: text/html;charset=UTF-8
content-length: 956
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: e7e6d84d-dd64-4aa4-8f0f-5bdfaa2f4241-v4=DZ_O4-I0P_amZcYrFVICOzA_67P4NuwOwStQIz1ow9w; Max-Age=86400; Expires=Sat, 13-Jan-2024 15:02:53 GMT; Domain=frookshop-winsive.com; Path=/; Secure; HttpOnly;SameSite=None
set-cookie: cc-v4=hHkpCDgMnbe4REisHPd3Sm5dZJH%2FeWn5ghzqYNn7%2FsLX1qZ%2FeOH1l661Bwgs6FzKNceAuNJ9jMbCNAEVGDPv18%2B8wDJSPIjYg7ULSRhwndFPMkluTN0QL%2FOsVX7GPTzmQ0wnutGi9qAD4SIUoEXRKg%3D%3D; Max-Age=31536000; Expires=Sat, 11-Jan-2025 15:02:53 GMT; Domain=frookshop-winsive.com; Path=/; Secure; HttpOnly;SameSite=None

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

18.158.88.249:443

GET /redirect?target=BASE64aHR0cHM6Ly8xLmV3amZ3Zi5jby8_dXRtX21lZGl1bT1jMmI2YzBkMDhiNWIwN2Y1MzhmODBiYTU4NTc4YTQxMzk0N2U5MTBiJnV0bV9jYW1wYWlnbj1qYW4yNG1haW5lciYxPTI2MjMzMTk5JmNpZD13ODgxb3AyY2F1N3JtZmR1aXBpMmI2NnM&ts=1705071773272&hash=R-6DRrbnP-0sgIuaHo1ZXmiflEzHuT-FGb6qDe0zjbM&rm=DJ HTTP/2.0
host: reletinglablets.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

HTTP/2.0 200
server: nginx
date: Fri, 12 Jan 2024 15:02:56 GMT
content-type: text/html;charset=UTF-8
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

69.175.103.179:443

GET /?utm_medium=c2b6c0d08b5b07f538f80ba58578a413947e910b&utm_campaign=jan24mainer&1=26233199&cid=w881op2cau7rmfduipi2b66s HTTP/2.0
host: 1.ewjfwf.co
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

HTTP/2.0 200
server: nginx
date: Fri, 12 Jan 2024 15:02:56 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-powered-by: PHP/8.3.1
cache-control: no-store, no-cache, must-revalidate, max-age=0
pragma: no-cache
expires: Thu, 01 Jan 1970 00:00:00 GMT
accept-ch: Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version
content-encoding: gzip

69.175.103.179:443

GET /favicon.ico HTTP/2.0
host: 1.ewjfwf.co
accept: */*
accept-encoding: gzip, deflate
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko

HTTP/2.0 200
server: nginx
date: Fri, 12 Jan 2024 15:02:56 GMT
content-type: image/x-icon
content-length: 1150
last-modified: Fri, 11 Aug 2023 10:37:02 GMT
etag: "64d60f4e-47e"
expires: Sat, 13 Jan 2024 15:02:56 GMT
cache-control: max-age=86400
strict-transport-security: max-age=31536000; includeSubdomains
accept-ranges: bytes

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

51.68.85.158:443

GET /?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7323227515269414993&website=909-d3ba45d7&placement=909 HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: https://1.ewjfwf.co/?utm_medium=c2b6c0d08b5b07f538f80ba58578a413947e910b&utm_campaign=jan24mainer&1=26233199&cid=w881op2cau7rmfduipi2b66s
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.tropbikewall.art
Connection: Keep-Alive

HTTP/1.1 200 OK
Date: Fri, 12 Jan 2024 15:03:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-transform
Accept-CH: Sec-CH-UA-Platform-Version

51.68.85.158:443

GET /?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7323227515269414993&website=909-d3ba45d7&placement=909&eyeg=41a20156a7ca5697b6b32aa65a967a7d&eyer=0.15275071974661536&eyei=0&eyew=1280&eyeh=602&eyetd=220&eyef=1.ewjfwf.co HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.tropbikewall.art
Connection: Keep-Alive

HTTP/1.1 302 Found
Date: Fri, 12 Jan 2024 15:03:00 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://www.tropbikewall.art/?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7323227515269414993&website=909-d3ba45d7&placement=909&eyeg=3&eyer=0.15275071974661536&eyei=0&eyew=1280&eyeh=602&eyetd=220&eyef=1.ewjfwf.co

51.68.85.158:443

GET /?sl=5706540-e4d07&data1=Track1&data2=Track2&tag=M7323227515269414993&website=909-d3ba45d7&placement=909&eyeg=3&eyer=0.15275071974661536&eyei=0&eyew=1280&eyeh=602&eyetd=220&eyef=1.ewjfwf.co HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.tropbikewall.art
Connection: Keep-Alive

HTTP/1.1 302 Found
Date: Fri, 12 Jan 2024 15:03:00 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-transform
Location: https://admoustache.media-412.com/sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000f66c59e66b4d203950e4816cb09e1f1d0112-202401-flb*5706540-e4d07*M7323227515269414993*sl_5706540-e4d07*0529d95f90ba4954921b4acfe3e32dab9a0970c8*909-d3ba45d7*909

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

204.79.197.200:443

GET /th?id=OADD2.10239340418547_1N5DXBL93QHFGMSRD&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

HTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 330528
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1DE61E04DB9544CC9A8CBD90AB0D59B7 Ref B: LON04EDGE0720 Ref C: 2024-01-12T15:03:00Z
date: Fri, 12 Jan 2024 15:03:00 GMT

204.79.197.200:443

GET /th?id=OADD2.10239340418543_1PQIQEA9PYCCTOZ9T&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

HTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 490296
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: F6A7027D762B4F6B9AF9A47A63BA1C7D Ref B: LON04EDGE0720 Ref C: 2024-01-12T15:03:00Z
date: Fri, 12 Jan 2024 15:03:00 GMT

204.79.197.200:443

GET /th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

HTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 148138
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8C63C67B7FFD4385958D1E48B507C2D0 Ref B: LON04EDGE0720 Ref C: 2024-01-12T15:03:01Z
date: Fri, 12 Jan 2024 15:03:00 GMT

204.79.197.200:443

GET /th?id=OADD2.10239340418548_1UEU8RPM3S7H7G0D8&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

HTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 274584
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 0849634087F14126BC9D6EB12CB6E1F1 Ref B: LON04EDGE0720 Ref C: 2024-01-12T15:03:01Z
date: Fri, 12 Jan 2024 15:03:01 GMT

204.79.197.200:443

GET /th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

HTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 125455
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 26449A47BEB84F1A84D864A0E0A63666 Ref B: LON04EDGE0720 Ref C: 2024-01-12T15:03:03Z
date: Fri, 12 Jan 2024 15:03:03 GMT

204.79.197.200:443

GET /th?id=OADD2.10239340418544_1U65HGUXV07UFEU5B&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

HTTP/2.0 200
cache-control: public, max-age=2592000
content-length: 506638
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AAFD36ABFCEB441FB7BE0D225F71F10D Ref B: LON04EDGE0720 Ref C: 2024-01-12T15:03:03Z
date: Fri, 12 Jan 2024 15:03:03 GMT

8.8.8.8:53

8.8.8.8:53

34.90.46.36:443

GET /sl?id=63ef5a2a8dec34873b6049c7&pid=503&sub1=33000f66c59e66b4d203950e4816cb09e1f1d0112-202401-flb*5706540-e4d07*M7323227515269414993*sl_5706540-e4d07*0529d95f90ba4954921b4acfe3e32dab9a0970c8*909-d3ba45d7*909 HTTP/2.0
host: admoustache.media-412.com
accept: text/html, application/xhtml+xml, image/jxr, */*
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
accept-encoding: gzip, deflate

HTTP/2.0 302
server: nginx
date: Fri, 12 Jan 2024 15:03:01 GMT
content-length: 0
location: https://hixastump.com/?cat=2&groupds=157&clientId=168&productId=1907&publisher_id=503&tracking=65a154a55980a000010dc966
x-adjust-use-original-forwarded-for: 1
referer:
referrer-policy: no-referrer
set-cookie: afclick=65a154a55980a000010dc966; expires=Sat, 11 Jan 2025 15:03:01 GMT; secure; SameSite=None
access-control-allow-origin: *

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

185.32.28.133:443

GET /?cat=2&groupds=157&clientId=168&productId=1907&publisher_id=503&tracking=65a154a55980a000010dc966 HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: hixastump.com

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 12 Jan 2024 15:02:57 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
Set-Cookie: redirect_user_data=%7B%22country%22%3A%22GB%22%2C%22city%22%3Anull%2C%22isp%22%3A%22ines+group%22%2C%22netspeed%22%3A%22%22%7D; expires=Fri, 12-Jan-2024 15:12:57 GMT; Max-Age=600
Set-Cookie: _tracker_ikangoo=a%3A5%3A%7Bs%3A4%3A%22_key%22%3Bs%3A7%3A%22IKPANEL%22%3Bs%3A6%3A%22_subid%22%3Bs%3A16%3A%225002171366410749%22%3Bs%3A8%3A%22_country%22%3Bs%3A2%3A%22GB%22%3Bs%3A4%3A%22_isp%22%3Bs%3A10%3A%22ines+group%22%3Bs%3A5%3A%22_time%22%3Bi%3A1705071777%3B%7D; expires=Fri, 12-Jan-2024 15:04:57 GMT; Max-Age=120
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff

185.32.28.133:443

GET /assets/js/backlink_back_button.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://hixastump.com/?cat=2&groupds=157&clientId=168&productId=1907&publisher_id=503&tracking=65a154a55980a000010dc966
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: hixastump.com
Connection: Keep-Alive
Cookie: redirect_user_data=%7B%22country%22%3A%22GB%22%2C%22city%22%3Anull%2C%22isp%22%3A%22ines+group%22%2C%22netspeed%22%3A%22%22%7D; _tracker_ikangoo=a%3A5%3A%7Bs%3A4%3A%22_key%22%3Bs%3A7%3A%22IKPANEL%22%3Bs%3A6%3A%22_subid%22%3Bs%3A16%3A%225002171366410749%22%3Bs%3A8%3A%22_country%22%3Bs%3A2%3A%22GB%22%3Bs%3A4%3A%22_isp%22%3Bs%3A10%3A%22ines+group%22%3Bs%3A5%3A%22_time%22%3Bi%3A1705071777%3B%7D

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 12 Jan 2024 15:02:57 GMT
Content-Type: application/javascript
Content-Length: 632
Last-Modified: Mon, 28 Nov 2022 14:36:48 GMT
Connection: keep-alive
ETag: "6384c780-278"
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Accept-Ranges: bytes

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

8.8.8.8:53

185.32.28.133:443

GET /?groupds=157&productId=1907&clientId=168&af=5002171366410749&tracking=65a154a55980a000010dc966&tim2=1705071777.351 HTTP/1.1
Accept: text/html, application/xhtml+xml, image/jxr, */*
Referer: https://hixastump.com/?cat=2&groupds=157&clientId=168&productId=1907&publisher_id=503&tracking=65a154a55980a000010dc966
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: d.ridunvallin.top
Connection: Keep-Alive

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 12 Jan 2024 15:04:04 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: c2s_step_des=%5B8%2C2%2C4%5D; expires=Fri, 12-Jan-2024 15:19:04 GMT; Max-Age=900
Set-Cookie: c2s_step_limit=3; expires=Fri, 12-Jan-2024 15:19:04 GMT; Max-Age=900
Set-Cookie: c2s_user_data=%7B%22isp%22%3A%22ines+group%22%2C%22country%22%3A%22GB%22%2C%22lang%22%3A%22en%22%2C%22clientId%22%3A%22168%22%2C%22operator%22%3Anull%2C%22action%22%3Anull%2C%22valid_products%22%3A%5B1414%2C1415%2C1416%2C1417%2C1418%2C1422%2C1732%2C1896%2C1897%2C1898%2C1899%2C1904%2C2563%2C1870%2C1981%2C1831%2C1814%2C2661%2C2666%2C1907%2C2665%2C2670%2C2664%2C2669%2C2663%2C2668%2C1676%2C1829%2C1815%2C2662%2C2667%2C1847%2C1722%2C1738%2C1749%2C1748%2C1874%2C1843%2C1724%2C1827%2C1718%2C1872%2C1913%2C1970%2C1717%2C2024%2C1727%2C1909%2C1825%2C1750%2C2562%2C1849%2C1721%2C1863%2C1747%2C1853%2C1720%2C1971%2C1768%2C1767%2C1857%2C1855%2C2774%2C1902%2C1697%2C1763%2C1839%2C1764%2C1845%2C1723%2C1968%2C1972%2C1769%2C1716%2C1728%2C1726%2C1725%2C1835%2C1711%2C1851%2C1719%2C1841%2C1741%2C1911%2C2001%2C1861%2C1859%2C1837%2C1733%2C1715%2C1900%2C1766%2C1823%2C1821%2C1765%2C1964%2C1963%2C1890%2C1889%2C1892%2C1891%2C1680%2C1967%2C1966%2C2509%2C2508%2C1868%2C2510%2C2513%2C1866%2C1975%2C2511%2C2514%2C2512%2C2515%2C1710%2C2771%2C2772%2C2773%2C1713%2C1714%2C1983%2C1969%2C1988%2C2071%2C1658%2C1657%2C1977%2C1591%2C1592%2C1593%2C1594%2C1595%2C1596%2C1974%2C1997%2C1752%2C1411%2C1706%2C1701%2C1665%2C1405%2C1404%2C1406%2C1503%2C1502%2C1504%2C1505%2C1908%2C1943%2C1942%2C1702%2C1547%2C1635%2C1627%2C1628%2C1629%2C1630%2C1631%2C1632%2C1633%2C1675%2C1941%2C1940%2C1906%2C2609%2C1616%2C1744%2C1705%2C1672%2C1667%2C2072%2C1699%2C1673%2C1599%2C1481%2C2250%2C1651%2C1662%2C1650%2C1654%2C1656%2C1655%2C1647%2C1648%2C1649%2C1660%2C1663%2C2028%2C1668%2C1666%2C1408%2C1407%2C1409%2C2023%2C1597%2C1659%2C1559%2C2070%2C1598%2C1536%2C1540%2C1652%2C1653%2C1901%2C1987%2C1637%2C1674%2C1537%2C1538%2C1539%2C1961%2C1413%2C1420%2C1421%2C1412%2C1499%2C1679%2C1696%2C1483%2C1661%2C1579%2C1484%2C1570%2C1553%2C1581%2C1490%2C1546%2C1580%2C1485%2C1550%2C1569%2C1486%2C1541%2C1712%2C1833%2C1803%2C1482%2C1636%2C1487%2C1551%2C1556%2C1568%2C1535%2C1488%2C1554%2C1552%2C1555%2C1489%2C1340%2C1460%2C1366%2C1367%2C1368%2C1341%2C1342%2C1449%2C1450%2C1451%2C1369%2C1370%2C1371%2C1372%2C1373%2C1425%2C1423%2C1424%2C1343%2C1344%2C1345%2C1354%2C1617%2C1626%2C1618%2C1619%2C1620%2C1621%2C1622%2C1623%2C1624%2C1625%2C1664%2C2002%2C2776%5D%2C%22invalid_product%22%3A%221744%22%2C%22successRate%22%3A0.11%7D; expires=Fri, 12-Jan-2024 15:07:04 GMT; Max-Age=180
Set-Cookie: actual_step=1; expires=Fri, 12-Jan-2024 15:07:04 GMT; Max-Age=180
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff

185.32.28.133:443

GET /groupds/assets/js/backlink_back_button.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://d.ridunvallin.top/?groupds=157&productId=1907&clientId=168&af=5002171366410749&tracking=65a154a55980a000010dc966&tim2=1705071777.351
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: d.ridunvallin.top
Connection: Keep-Alive
Cookie: c2s_step_des=%5B8%2C2%2C4%5D; c2s_step_limit=3; c2s_user_data=%7B%22isp%22%3A%22ines+group%22%2C%22country%22%3A%22GB%22%2C%22lang%22%3A%22en%22%2C%22clientId%22%3A%22168%22%2C%22operator%22%3Anull%2C%22action%22%3Anull%2C%22valid_products%22%3A%5B1414%2C1415%2C1416%2C1417%2C1418%2C1422%2C1732%2C1896%2C1897%2C1898%2C1899%2C1904%2C2563%2C1870%2C1981%2C1831%2C1814%2C2661%2C2666%2C1907%2C2665%2C2670%2C2664%2C2669%2C2663%2C2668%2C1676%2C1829%2C1815%2C2662%2C2667%2C1847%2C1722%2C1738%2C1749%2C1748%2C1874%2C1843%2C1724%2C1827%2C1718%2C1872%2C1913%2C1970%2C1717%2C2024%2C1727%2C1909%2C1825%2C1750%2C2562%2C1849%2C1721%2C1863%2C1747%2C1853%2C1720%2C1971%2C1768%2C1767%2C1857%2C1855%2C2774%2C1902%2C1697%2C1763%2C1839%2C1764%2C1845%2C1723%2C1968%2C1972%2C1769%2C1716%2C1728%2C1726%2C1725%2C1835%2C1711%2C1851%2C1719%2C1841%2C1741%2C1911%2C2001%2C1861%2C1859%2C1837%2C1733%2C1715%2C1900%2C1766%2C1823%2C1821%2C1765%2C1964%2C1963%2C1890%2C1889%2C1892%2C1891%2C1680%2C1967%2C1966%2C2509%2C2508%2C1868%2C2510%2C2513%2C1866%2C1975%2C2511%2C2514%2C2512%2C2515%2C1710%2C2771%2C2772%2C2773%2C1713%2C1714%2C1983%2C1969%2C1988%2C2071%2C1658%2C1657%2C1977%2C1591%2C1592%2C1593%2C1594%2C1595%2C1596%2C1974%2C1997%2C1752%2C1411%2C1706%2C1701%2C1665%2C1405%2C1404%2C1406%2C1503%2C1502%2C1504%2C1505%2C1908%2C1943%2C1942%2C1702%2C1547%2C1635%2C1627%2C1628%2C1629%2C1630%2C1631%2C1632%2C1633%2C1675%2C1941%2C1940%2C1906%2C2609%2C1616%2C1744%2C1705%2C1672%2C1667%2C2072%2C1699%2C1673%2C1599%2C1481%2C2250%2C1651%2C1662%2C1650%2C1654%2C1656%2C1655%2C1647%2C1648%2C1649%2C1660%2C1663%2C2028%2C1668%2C1666%2C1408%2C1407%2C1409%2C2023%2C1597%2C1659%2C1559%2C2070%2C1598%2C1536%2C1540%2C1652%2C1653%2C1901%2C1987%2C1637%2C1674%2C1537%2C1538%2C1539%2C1961%2C1413%2C1420%2C1421%2C1412%2C1499%2C1679%2C1696%2C1483%2C1661%2C1579%2C1484%2C1570%2C1553%2C1581%2C1490%2C1546%2C1580%2C1485%2C1550%2C1569%2C1486%2C1541%2C1712%2C1833%2C1803%2C1482%2C1636%2C1487%2C1551%2C1556%2C1568%2C1535%2C1488%2C1554%2C1552%2C1555%2C1489%2C1340%2C1460%2C1366%2C1367%2C1368%2C1341%2C1342%2C1449%2C1450%2C1451%2C1369%2C1370%2C1371%2C1372%2C1373%2C1425%2C1423%2C1424%2C1343%2C1344%2C1345%2C1354%2C1617%2C1626%2C1618%2C1619%2C1620%2C1621%2C1622%2C1623%2C1624%2C1625%2C1664%2C2002%2C2776%5D%2C%22invalid_product%22%3A%221744%22%2C%22successRate%22%3A0.11%7D; actual_step=1

HTTP/1.1 200 OK
Server: nginx
Date: Fri, 12 Jan 2024 15:04:05 GMT
Content-Type: application/javascript
Content-Length: 620
Last-Modified: Wed, 05 Oct 2022 15:26:27 GMT
Connection: keep-alive
ETag: "633da223-26c"
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Accept-Ranges: bytes

8.8.8.8:53

8.8.8.8:53