URL: https://trojan.iamvip.us.kg/
Submission: On October 04 via api from US — Scanned from US

Summary

This website contacted 79 IPs in 5 countries across 64 domains to perform 245 HTTP transactions. The main IP is 2606:4700:3035::ac43:d95a, located in United States and belongs to CLOUDFLARENET, US. The main domain is trojan.iamvip.us.kg.
TLS certificate: Issued by WE1 on September 19th 2024. Valid for: 3 months.
This is the only time trojan.iamvip.us.kg was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
25 2606:4700:303... 13335 (CLOUDFLAR...)
2 2607:f8b0:400... 15169 (GOOGLE)
6 172.67.217.90 13335 (CLOUDFLAR...)
3 2600:9000:251... 16509 (AMAZON-02)
1 34.117.39.86 396982 (GOOGLE-CL...)
1 2600:1901:0:d... 15169 (GOOGLE)
1 18.238.80.6 16509 (AMAZON-02)
1 2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2620:1ec:bdf::40 8075 (MICROSOFT...)
1 2001:4860:480... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2 20.110.205.119 8075 (MICROSOFT...)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
8 13.249.91.97 16509 (AMAZON-02)
14 34 18.164.96.65 16509 (AMAZON-02)
3 20.231.53.73 8075 (MICROSOFT...)
9 142.251.40.194 15169 (GOOGLE)
6 2606:4700:10:... 13335 (CLOUDFLAR...)
2 108.138.115.149 16509 (AMAZON-02)
1 108.139.29.24 16509 (AMAZON-02)
1 2 2600:9000:280... 16509 (AMAZON-02)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
1 9 34.209.157.212 16509 (AMAZON-02)
5 9 68.67.161.208 29990 (ASN-APPNEX)
7 8 35.71.131.137 16509 (AMAZON-02)
1 2 69.173.151.100 26667 (RUBICONPR...)
5 6 34.111.113.62 396982 (GOOGLE-CL...)
1 3 142.251.32.98 15169 (GOOGLE)
2 6 3.228.185.44 14618 (AMAZON-AES)
2 51.222.239.232 16276 (OVH)
1 1 74.214.194.131 19189 (PULSEPOINT)
3 2606:4700:10:... 13335 (CLOUDFLAR...)
3 2607:f8b0:400... 15169 (GOOGLE)
1 142.251.41.8 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
3 23.51.57.13 16625 (AKAMAI-AS)
2 3 34.98.64.218 396982 (GOOGLE-CL...)
1 1 2600:9000:251... 16509 (AMAZON-02)
1 2600:9000:280... 16509 (AMAZON-02)
1 184.73.7.244 14618 (AMAZON-AES)
2 142.251.40.162 15169 (GOOGLE)
8 142.251.41.2 15169 (GOOGLE)
1 2620:116:800b... 14618 (AMAZON-AES)
6 6 35.211.202.130 19527 (GOOGLE-2)
1 35.214.249.203 15169 (GOOGLE)
2 2 172.64.151.101 13335 (CLOUDFLAR...)
14 18.173.132.46 16509 (AMAZON-02)
2 2 52.223.22.214 16509 (AMAZON-02)
2 2 3.225.218.10 14618 (AMAZON-AES)
2 2 2600:1f18:612... 14618 (AMAZON-AES)
1 1 23.199.48.23 16625 (AKAMAI-AS)
2 3 44.197.253.82 14618 (AMAZON-AES)
1 1 63.251.28.230 26558 (FREEWHEEL)
1 1 80.77.87.163 46636 (NATCOWEB)
1 1 216.22.16.4 30633 (LEASEWEB-...)
1 37.157.2.229 198622 (ADFORM)
3 3 54.224.103.108 14618 (AMAZON-AES)
7 7 69.194.240.13 26120 (RHYTHMONE)
1 1 2620:112:f008... 26120 (RHYTHMONE)
1 1 147.182.130.98 14061 (DIGITALOC...)
1 2600:9000:251... 16509 (AMAZON-02)
1 142.251.40.163 15169 (GOOGLE)
4 3.135.116.123 16509 (AMAZON-02)
2 207.65.37.179 62713 (AS-PUBMATIC)
2 69.194.240.11 26120 (RHYTHMONE)
2 147.75.195.55 54825 (PACKET)
5 147.135.119.114 16276 (OVH)
5 2602:803:c002... 26667 (RUBICONPR...)
2 2607:f350:3:2... 27630 (AS-XFERNET)
4 2607:f8b0:400... 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
2 2 67.202.105.24 32748 (STEADFAST)
1 2 67.202.105.32 32748 (STEADFAST)
1 67.202.105.31 32748 (STEADFAST)
3 146.190.160.59 14061 (DIGITALOC...)
4 162.19.138.120 16276 (OVH)
1 2 3.229.119.146 14618 (AMAZON-AES)
1 3 2620:100:a00b... 19750 (AS-CRITEO)
1 142.251.40.164 15169 (GOOGLE)
2 172.67.170.105 13335 (CLOUDFLAR...)
3 23.219.161.150 20940 (AKAMAI-ASN1)
2 68.67.160.24 29990 (ASN-APPNEX)
2 141.95.33.120 16276 (OVH)
1 35.244.193.51 396982 (GOOGLE-CL...)
2 74.119.117.17 19750 (AS-CRITEO)
2 2606:4700:20:... 13335 (CLOUDFLAR...)
3 157.245.223.249 14061 (DIGITALOC...)
1 8.28.7.92 62713 (AS-PUBMATIC)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 51.222.239.230 16276 (OVH)
1 147.28.129.37 54825 (PACKET)
1 23.56.163.106 16625 (AKAMAI-AS)
2 2 34.36.216.150 396982 (GOOGLE-CL...)
1 5 2607:f350:3:2... 27630 (AS-XFERNET)
5 23.105.14.105 30633 (LEASEWEB-...)
1 1 2600:1f18:4e9... 14618 (AMAZON-AES)
1 1 199.38.167.131 54312 (ROCKETFUEL)
2 2 172.240.127.130 7979 (SERVERS-COM)
1 1 54.209.225.147 14618 (AMAZON-AES)
245 79
Apex Domain
Subdomains
Transfer
39 primis.tech
live.primis.tech — Cisco Umbrella Rank: 1721
video.primis.tech — Cisco Umbrella Rank: 6860
rtb.primis.tech — Cisco Umbrella Rank: 6119
878 KB
31 us.kg
trojan.iamvip.us.kg
214 KB
18 intentiq.com
api.intentiq.com — Cisco Umbrella Rank: 2329
sync.intentiq.com — Cisco Umbrella Rank: 993
14 KB
18 ad.gt
a.ad.gt — Cisco Umbrella Rank: 1552
p.ad.gt — Cisco Umbrella Rank: 1739
ids.ad.gt — Cisco Umbrella Rank: 1464
id.hadron.ad.gt — Cisco Umbrella Rank: 1450
seg.ad.gt — Cisco Umbrella Rank: 1970
pixels.ad.gt — Cisco Umbrella Rank: 1626
proton.ad.gt — Cisco Umbrella Rank: 8121
21 KB
16 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 136
td.doubleclick.net — Cisco Umbrella Rank: 192
securepubads.g.doubleclick.net — Cisco Umbrella Rank: 215
cm.g.doubleclick.net — Cisco Umbrella Rank: 283
pubads.g.doubleclick.net — Cisco Umbrella Rank: 441
403 KB
15 googlesyndication.com
pagead2.googlesyndication.com — Cisco Umbrella Rank: 116
tpc.googlesyndication.com — Cisco Umbrella Rank: 163
8e52cbf225f3b0141167904da14fac96.safeframe.googlesyndication.com
107 KB
14 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 479
ib.adnxs.com — Cisco Umbrella Rank: 267
acdn.adnxs.com — Cisco Umbrella Rank: 613
cdn.adnxs.com — Cisco Umbrella Rank: 1763
nym1-ib.adnxs.com — Cisco Umbrella Rank: 1425
45 KB
11 smartadserver.com
ssbsync-global.smartadserver.com — Cisco Umbrella Rank: 1767
prg.smartadserver.com — Cisco Umbrella Rank: 1960
rtb-csync.smartadserver.com — Cisco Umbrella Rank: 739
12 KB
9 sellwild.com
widget.sellwild.com — Cisco Umbrella Rank: 68672
cache.sellwild.com — Cisco Umbrella Rank: 72274
376 KB
8 rubiconproject.com
token.rubiconproject.com — Cisco Umbrella Rank: 486
pixel.rubiconproject.com — Cisco Umbrella Rank: 413
fastlane.rubiconproject.com — Cisco Umbrella Rank: 492
eus.rubiconproject.com — Cisco Umbrella Rank: 600
5 KB
8 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 373
6 KB
7 sonobi.com
apex.go.sonobi.com — Cisco Umbrella Rank: 2708
sync.go.sonobi.com — Cisco Umbrella Rank: 922
6 KB
7 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 634
c.clarity.ms — Cisco Umbrella Rank: 1236
q.clarity.ms — Cisco Umbrella Rank: 6903
30 KB
6 bidstreamserver.com
ads.bidstreamserver.com — Cisco Umbrella Rank: 43821
prebid.bidstreamserver.com — Cisco Umbrella Rank: 47166
126 KB
6 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 399
2 KB
6 360yield.com
ad.360yield.com — Cisco Umbrella Rank: 734
1 KB
6 tapad.com
pixel.tapad.com — Cisco Umbrella Rank: 446
1 KB
6 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 867 Failed
ads.pubmatic.com — Cisco Umbrella Rank: 557
hbopenbid.pubmatic.com — Cisco Umbrella Rank: 480
t.pubmatic.com — Cisco Umbrella Rank: 2729
77 KB
5 criteo.com
gum.criteo.com — Cisco Umbrella Rank: 461
mug.criteo.com — Cisco Umbrella Rank: 3626
2 KB
5 1rx.io
sync.1rx.io — Cisco Umbrella Rank: 503
3 KB
4 id5-sync.com
id5-sync.com — Cisco Umbrella Rank: 522
3 KB
4 amspbs.com
amspbs.com — Cisco Umbrella Rank: 23218
31 KB
4 unrulymedia.com
sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1136
targeting.unrulymedia.com — Cisco Umbrella Rank: 827
1 KB
4 onetag-sys.com
onetag-sys.com — Cisco Umbrella Rank: 691
616 B
3 tynt.com
de.tynt.com — Cisco Umbrella Rank: 1465
hde.tynt.com — Cisco Umbrella Rank: 3448
724 B
3 33across.com
ssc-cms.33across.com — Cisco Umbrella Rank: 902
lexicon.33across.com — Cisco Umbrella Rank: 1340
2 KB
3 a-mo.net
prebid.a-mo.net — Cisco Umbrella Rank: 777
sync.a-mo.net — Cisco Umbrella Rank: 1710
2 KB
3 sharethrough.com
match.sharethrough.com — Cisco Umbrella Rank: 521
1 KB
3 lijit.com
ap.lijit.com — Cisco Umbrella Rank: 774
1 KB
3 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 495
pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 512
1 KB
3 openx.net
u.openx.net — Cisco Umbrella Rank: 743
728 B
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 34
23 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
279 KB
2 betweendigital.com
ads.betweendigital.com — Cisco Umbrella Rank: 2124
2 KB
2 sitescout.com
pixel-sync.sitescout.com — Cisco Umbrella Rank: 661
1 KB
2 4dex.io
script.4dex.io — Cisco Umbrella Rank: 3596
21 KB
2 eu-1-id5-sync.com
lb.eu-1-id5-sync.com — Cisco Umbrella Rank: 917
581 B
2 bidgx.com
media.bidgx.com — Cisco Umbrella Rank: 21714
srv.bidgx.com — Cisco Umbrella Rank: 19871
18 KB
2 crwdcntrl.net
id.crwdcntrl.net — Cisco Umbrella Rank: 2543
sync.crwdcntrl.net — Cisco Umbrella Rank: 891
1 KB
2 tremorhub.com
mb9eo.publishers.tremorhub.com — Cisco Umbrella Rank: 7175
721 B
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 415
1019 B
2 casalemedia.com
ssum-sec.casalemedia.com — Cisco Umbrella Rank: 506
1 KB
2 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 345
83 KB
2 google.com
analytics.google.com — Cisco Umbrella Rank: 147
www.google.com — Cisco Umbrella Rank: 3
2 unpkg.com
unpkg.com — Cisco Umbrella Rank: 797
4 KB
2 whatismyip.com
api.whatismyip.com — Cisco Umbrella Rank: 227756
apiv6.whatismyip.com — Cisco Umbrella Rank: 275229
cf.whatismyip.com Failed
466 B
1 stackadapt.com
sync.srv.stackadapt.com — Cisco Umbrella Rank: 587
227 B
1 rfihub.com
p.rfihub.com — Cisco Umbrella Rank: 800
744 B
1 script.ac
cadmus.script.ac — Cisco Umbrella Rank: 1583
239 B
1 gstatic.com
fonts.gstatic.com
18 KB
1 kueezrtb.com
sync.kueezrtb.com — Cisco Umbrella Rank: 3461
570 B
1 turn.com
ad.turn.com — Cisco Umbrella Rank: 928
435 B
1 adform.net
cm.adform.net — Cisco Umbrella Rank: 1528
484 B
1 admanmedia.com
cs.admanmedia.com — Cisco Umbrella Rank: 1012
586 B
1 stickyadstv.com
ads.stickyadstv.com — Cisco Umbrella Rank: 576
548 B
1 media.net
cs.media.net — Cisco Umbrella Rank: 1030
hbx.media.net Failed
798 B
1 loopme.me
csync.loopme.me — Cisco Umbrella Rank: 857
24 B
1 quantserve.com
pixel.quantserve.com — Cisco Umbrella Rank: 1044
582 B
1 yellowblue.io
cs-server-s2s.yellowblue.io — Cisco Umbrella Rank: 1657
1 contextweb.com
bh.contextweb.com — Cisco Umbrella Rank: 541
852 B
1 hadronid.net
cdn.hadronid.net — Cisco Umbrella Rank: 1601
12 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30 Failed
834 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 190
770 B
0 rlcdn.com Failed
api.rlcdn.com Failed
245 64
Domain Requested by
37 live.primis.tech 15 redirects trojan.iamvip.us.kg
live.primis.tech
31 trojan.iamvip.us.kg trojan.iamvip.us.kg
17 sync.intentiq.com 1 redirects trojan.iamvip.us.kg
live.primis.tech
9 ids.ad.gt 1 redirects
9 securepubads.g.doubleclick.net widget.sellwild.com
securepubads.g.doubleclick.net
trojan.iamvip.us.kg
pagead2.googlesyndication.com
8 pagead2.googlesyndication.com live.primis.tech
securepubads.g.doubleclick.net
pagead2.googlesyndication.com
8 match.adsrvr.org 7 redirects live.primis.tech
8 cache.sellwild.com widget.sellwild.com
6 x.bidswitch.net 6 redirects
6 ad.360yield.com 2 redirects cache.sellwild.com
6 pixel.tapad.com 5 redirects
6 secure.adnxs.com 4 redirects securepubads.g.doubleclick.net
secure.adnxs.com
5 rtb-csync.smartadserver.com
5 sync.go.sonobi.com 1 redirects
5 fastlane.rubiconproject.com cache.sellwild.com
ads.bidstreamserver.com
5 prg.smartadserver.com cache.sellwild.com
ads.bidstreamserver.com
5 sync.1rx.io 5 redirects
4 id5-sync.com live.primis.tech
ads.pubmatic.com
4 tpc.googlesyndication.com live.primis.tech
securepubads.g.doubleclick.net
tpc.googlesyndication.com
4 amspbs.com cache.sellwild.com
4 onetag-sys.com cache.sellwild.com
ads.bidstreamserver.com
3 prebid.bidstreamserver.com ads.bidstreamserver.com
3 gum.criteo.com 1 redirects secure.adnxs.com
3 ads.bidstreamserver.com trojan.iamvip.us.kg
3 8e52cbf225f3b0141167904da14fac96.safeframe.googlesyndication.com securepubads.g.doubleclick.net
3 match.sharethrough.com 3 redirects
3 ap.lijit.com 2 redirects ads.bidstreamserver.com
3 ib.adnxs.com 1 redirects cache.sellwild.com
ads.bidstreamserver.com
3 u.openx.net 2 redirects cache.sellwild.com
3 ads.pubmatic.com live.primis.tech
trojan.iamvip.us.kg
cache.sellwild.com
3 www.google-analytics.com p.ad.gt
www.google-analytics.com
3 cm.g.doubleclick.net 1 redirects trojan.iamvip.us.kg
3 q.clarity.ms www.clarity.ms
3 www.googletagmanager.com trojan.iamvip.us.kg
www.googletagmanager.com
p.ad.gt
2 ads.betweendigital.com 2 redirects
2 pixel-sync.sitescout.com 2 redirects
2 script.4dex.io ads.bidstreamserver.com
script.4dex.io
2 mug.criteo.com
2 lb.eu-1-id5-sync.com live.primis.tech
ads.pubmatic.com
2 nym1-ib.adnxs.com trojan.iamvip.us.kg
cdn.adnxs.com
2 acdn.adnxs.com secure.adnxs.com
cache.sellwild.com
2 de.tynt.com 1 redirects ads.bidstreamserver.com
2 ssc-cms.33across.com 2 redirects
2 apex.go.sonobi.com cache.sellwild.com
ads.bidstreamserver.com
2 prebid.a-mo.net cache.sellwild.com
ads.bidstreamserver.com
2 targeting.unrulymedia.com cache.sellwild.com
2 hbopenbid.pubmatic.com cache.sellwild.com
ads.bidstreamserver.com
2 sync.targeting.unrulymedia.com 2 redirects
2 mb9eo.publishers.tremorhub.com 2 redirects
2 ups.analytics.yahoo.com 2 redirects
2 eb2.3lift.com 2 redirects
2 ssum-sec.casalemedia.com 2 redirects
2 pubads.g.doubleclick.net live.primis.tech
2 seg.ad.gt p.ad.gt
2 id.hadron.ad.gt cdn.hadronid.net
2 c.amazon-adsystem.com live.primis.tech
c.amazon-adsystem.com
2 a.ad.gt trojan.iamvip.us.kg
p.ad.gt
2 c.clarity.ms 1 redirects
2 www.clarity.ms trojan.iamvip.us.kg
www.clarity.ms
2 unpkg.com 1 redirects
1 sync.srv.stackadapt.com 1 redirects
1 p.rfihub.com 1 redirects
1 pr-bh.ybp.yahoo.com 1 redirects
1 sync.crwdcntrl.net 1 redirects
1 eus.rubiconproject.com cache.sellwild.com
1 sync.a-mo.net cache.sellwild.com
1 cadmus.script.ac script.4dex.io
1 t.pubmatic.com ads.pubmatic.com
1 lexicon.33across.com ads.pubmatic.com
1 srv.bidgx.com media.bidgx.com
1 cdn.adnxs.com secure.adnxs.com
1 media.bidgx.com secure.adnxs.com
1 www.google.com tpc.googlesyndication.com
1 id.crwdcntrl.net live.primis.tech
1 hde.tynt.com cache.sellwild.com
1 rtb.primis.tech live.primis.tech
1 proton.ad.gt p.ad.gt
1 fonts.gstatic.com fonts.googleapis.com
1 video.primis.tech
1 sync.kueezrtb.com 1 redirects
1 ad.turn.com 1 redirects
1 cm.adform.net trojan.iamvip.us.kg
1 ssbsync-global.smartadserver.com 1 redirects
1 cs.admanmedia.com 1 redirects
1 ads.stickyadstv.com 1 redirects
1 cs.media.net 1 redirects
1 pixel.rubiconproject.com 1 redirects
1 csync.loopme.me trojan.iamvip.us.kg
1 pixel.quantserve.com trojan.iamvip.us.kg
1 cs-server-s2s.yellowblue.io live.primis.tech
1 pixels.ad.gt p.ad.gt
1 bh.contextweb.com 1 redirects
1 token.rubiconproject.com
1 p.ad.gt a.ad.gt
1 cdn.hadronid.net a.ad.gt
1 api.intentiq.com live.primis.tech
1 fonts.googleapis.com widget.sellwild.com
live.primis.tech
1 c.bing.com 1 redirects
1 td.doubleclick.net www.googletagmanager.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 analytics.google.com www.googletagmanager.com
1 widget.sellwild.com trojan.iamvip.us.kg
1 apiv6.whatismyip.com trojan.iamvip.us.kg
1 api.whatismyip.com trojan.iamvip.us.kg
0 hbx.media.net Failed
0 api.rlcdn.com Failed live.primis.tech
0 image2.pubmatic.com Failed
0 cf.whatismyip.com Failed trojan.iamvip.us.kg
245 108
Subject Issuer Validity Valid
iamvip.us.kg
WE1
2024-09-19 -
2024-12-18
3 months crt.sh
*.google-analytics.com
WR2
2024-09-16 -
2024-12-09
3 months crt.sh
*.primis.tech
Amazon RSA 2048 M03
2024-08-24 -
2025-09-22
a year crt.sh
*.whatismyip.com
Go Daddy Secure Certificate Authority - G2
2024-06-06 -
2025-07-04
a year crt.sh
*.sellwild.com
Amazon RSA 2048 M03
2024-01-23 -
2025-02-19
a year crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1
2024-09-04 -
2025-09-04
a year crt.sh
*.google.com
WR2
2024-09-16 -
2024-12-09
3 months crt.sh
*.g.doubleclick.net
WR2
2024-09-16 -
2024-12-09
3 months crt.sh
*.doubleclick.net
WR2
2024-09-16 -
2024-12-09
3 months crt.sh
a.clarity.ms
Microsoft Azure RSA TLS Issuing CA 08
2024-06-23 -
2025-06-18
a year crt.sh
a.ad.gt
WE1
2024-08-07 -
2024-11-05
3 months crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01
2023-12-30 -
2024-12-04
a year crt.sh
*.intentiq.com
Amazon RSA 2048 M03
2024-03-26 -
2025-04-24
a year crt.sh
hadronid.net
WE1
2024-09-24 -
2024-12-23
3 months crt.sh
p.ad.gt
Cloudflare Inc ECC CA-3
2023-11-09 -
2024-11-07
a year crt.sh
*.ad.gt
Amazon RSA 2048 M02
2024-03-10 -
2025-04-08
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2024-07-30 -
2025-04-03
8 months crt.sh
*.onetag-sys.com
DigiCert Global G3 TLS ECC SHA384 2020 CA1
2024-01-23 -
2025-01-29
a year crt.sh
id.hadron.ad.gt
WE1
2024-09-20 -
2024-12-19
3 months crt.sh
seg.ad.gt
WE1
2024-09-05 -
2024-12-04
3 months crt.sh
pixels.ad.gt
WE1
2024-09-05 -
2024-12-04
3 months crt.sh
upload.video.google.com
WR2
2024-09-16 -
2024-12-09
3 months crt.sh
*.pubmatic.com
DigiCert TLS RSA SHA256 2020 CA1
2023-11-26 -
2024-11-26
a year crt.sh
*.yellowblue.io
Amazon ECDSA 256 M03
2024-03-18 -
2025-04-16
a year crt.sh
quantserve.com
R11
2024-08-23 -
2024-11-21
3 months crt.sh
loopme.com
R11
2024-09-02 -
2024-12-01
3 months crt.sh
*.adform.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-05-27 -
2025-06-18
a year crt.sh
*.gstatic.com
WR2
2024-09-16 -
2024-12-09
3 months crt.sh
proton.ad.gt
WE1
2024-09-07 -
2024-12-06
3 months crt.sh
amspbs.com
Amazon RSA 2048 M03
2024-05-20 -
2025-06-19
a year crt.sh
*.360yield.com
Amazon RSA 2048 M02
2024-06-15 -
2025-07-14
a year crt.sh
*.targeting.unrulymedia.com
Sectigo RSA Domain Validation Secure Server CA
2024-04-30 -
2025-05-31
a year crt.sh
*.a-mo.net
R11
2024-09-02 -
2024-12-01
3 months crt.sh
*.smartadserver.com
DigiCert Global G3 TLS ECC SHA384 2020 CA1
2024-01-17 -
2025-01-16
a year crt.sh
*.adnxs.com
GeoTrust ECC CA 2018
2024-02-14 -
2025-03-16
a year crt.sh
*.go.sonobi.com
Go Daddy Secure Certificate Authority - G2
2023-12-07 -
2025-01-07
a year crt.sh
tpc.googlesyndication.com
WR2
2024-09-16 -
2024-12-09
3 months crt.sh
*.openx.net
RapidSSL TLS RSA CA G1
2024-08-14 -
2025-08-18
a year crt.sh
*.tynt.com
Sectigo RSA Domain Validation Secure Server CA
2024-09-05 -
2025-09-30
a year crt.sh
admin.bidstreamserver.com
R10
2024-08-29 -
2024-11-27
3 months crt.sh
*.id5-sync.com
E5
2024-09-01 -
2024-11-30
3 months crt.sh
*.crwdcntrl.net
Amazon RSA 2048 M02
2024-09-07 -
2025-10-07
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2024-04-23 -
2025-05-25
a year crt.sh
*.criteo.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-09-24 -
2024-12-25
3 months crt.sh
bidgx.com
WE1
2024-09-15 -
2024-12-14
3 months crt.sh
cdn.adnxs.com
R11
2024-08-20 -
2024-11-18
3 months crt.sh
*.eu-1-id5-sync.com
R10
2024-09-01 -
2024-11-30
3 months crt.sh
lexicon.33across.com
WR3
2024-09-06 -
2024-12-05
3 months crt.sh
script.4dex.io
WE1
2024-09-21 -
2024-12-21
3 months crt.sh
prebid.advertserve.com
Go Daddy Secure Certificate Authority - G2
2024-05-15 -
2025-06-16
a year crt.sh
*.lijit.com
Amazon RSA 2048 M03
2024-02-11 -
2025-03-12
a year crt.sh
script.ac
E6
2024-08-21 -
2024-11-19
3 months crt.sh

This page contains 28 frames:

Primary Page: https://trojan.iamvip.us.kg/
Frame ID: EC022C36E06FC0116593959DAAA96084
Requests: 131 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-4T6GFV4RYJ&gacid=1385255044.1728041092&gtm=45je4a20v881200953z877384308za200zb77384308&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101529665~101671035~101747727&z=813647385
Frame ID: 2B179A349908C12D4438DADCA2A614EC
Requests: 1 HTTP requests in this frame

Frame: https://live.primis.tech/live/liveView.php?s=116800&cbuster=1728041092&pubUrlAuto=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Frame ID: 26647AD724AFB82853B9FEB29BFD0015
Requests: 51 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Frame ID: 5678FE50199557CDF0AD795866CFE728
Requests: 1 HTTP requests in this frame

Frame: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1486637409&3rdpcid=31320967-e111-4871-aab1-fcc40a0daa10
Frame ID: 6298C5032A428E481C5C96BACCD60C76
Requests: 1 HTTP requests in this frame

Frame: https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr={{gdpr}}&gdpr_consent={{gdpr_consent}}&redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D150%26advUuid%3D%7BpartnerId%7D
Frame ID: 73DA75658AE4BF0602AB7F8B356754F0
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Frame ID: 160A3B8BE8A206A16BAF31B96D4D8D32
Requests: 1 HTTP requests in this frame

Frame: https://proton.ad.gt/join-ad-interest-groups.html
Frame ID: D2227563AADD80E92C63E373A093570C
Requests: 1 HTTP requests in this frame

Frame: https://u.openx.net/w/1.0/cm?id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=&gdpr_consent=&r=https%3A%2F%2Famspbs.com%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%7BOPENX_ID%7D
Frame ID: A2739DCB005F8E85DD7EFA143EB6FAD9
Requests: 1 HTTP requests in this frame

Frame: https://8e52cbf225f3b0141167904da14fac96.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: 1AA55587F838B427E0A5F226BAD5AB65
Requests: 1 HTTP requests in this frame

Frame: https://hde.tynt.com/deb/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Famspbs.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D33XUSERID33X&id=zzz000000000002zzz&b=1
Frame ID: 858B4CF4AC03D8D026B8A9FC2CDB1703
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvzn26LB8pCJSlb-0RC_GXDel7J84VQG0wrgxdQRBy8ABHusFPxoG9tSPvRrgDPQDUQHs2GsKlFlOTgkbfLC4U0gtjyxm9sPV6Gs-W1I3Au13ZE37Xano_UULt-G1xoQyUfSvlY5Nzof0Tkuet3DV28uog3YYv_6kRsbQdkO69NWLxwfIUC3SzlAN1iZhJabj887Lrpx1WBXvpkDTi_9AG8ToMs-pjEyqzGGwD6WH9QlhaRH69ImhmzlsFTZFuxvhJSypHD5O9Z3nBUcxmIquCXT25-euFcScLDpVnNSKkXFVncuskQLe8Qx2-NvGDreKvw1_R6s2I13YTdo76_lsYuJb7OMQqrcorr0nztLfLXc48JRWLCLlKjhxsbZaPi11dcJARnN9aTWzd3noQqMhblybHRdQrGkuDoHe6Gr5z-NS_RiCeXNlcPKUxuMHv9Up6R3faLFRsriTgkFo-odojwN57GXA&sai=AMfl-YSir9uNhjMnq4xCza_7XPky9OMhzfrPGs2Ej_s1ZHj9Jhd4bpfKjPVIt0o7LYtshy25e6Sc3A-3jpXwcv70KJne8A7Hgy0R-7bXk6ji7495RR44-d2UkpXBCiA&sig=Cg0ArKJSzA7JqNg_Sya7EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 70D5F704A8CB4737B437074EFBD2B5F2
Requests: 13 HTTP requests in this frame

Frame: https://8e52cbf225f3b0141167904da14fac96.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: A2C63E65AA0885A390BB23110E9697A3
Requests: 1 HTTP requests in this frame

Frame: https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssAtx0xXw5kgcRQtnCL4CavHhJDh6oeAbQTjzuRsSgZCetdIMEHhHF-iXzmGqmMcQClNGAcFhJg72WrKBAbo4qVfWoySP_5JtzFnOdkxmHXmvZ7ycIWXomR0-KVAGMBlExQJO9an2ecS9MuDb69_LEURDeh7W46Dkug3VMzTt_Egp-u_UFpv4u0aE0qIv4tQc49RJbG62LSr8AkMMcCGfHSelTwN3z_sZbgcH9njlg8To7BxbsumzEvji9W7LHyYDYCmFA63CcDXS3osmc_r5zNieEACqmytTUvib87WYm_kP68y5iuFHnp8kjr8C-56883GAtuHZLzhwq1dxXp7znZK2tB0hIO07KUiSTvC_TA9I91CG7U-ePQi9o8aW_UIjriZceUV3Y85XdPrlgU1f4k7CpmTmhm5UHrPV9MYRB62IZmPyT7tOjDpncZZS47VlO0rOd0&sai=AMfl-YS0dZ-VIJ1fFbWU_AvHJmkUYve4v5zs8cW5ccLvahMSxX0ig-3aCMTfOzd3W36_fwkR26spbS2wi1UWHGH5IQGUIcntaMmikOTtsSye3ZwdDFeEynZIbz4gFg4&sig=Cg0ArKJSzPKM7Hcxge0SEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Frame ID: 1F238CA5ED68CF059992099F47FC6D32
Requests: 6 HTTP requests in this frame

Frame: https://8e52cbf225f3b0141167904da14fac96.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Frame ID: F62BEC7CE1435824140C0360D278C61A
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/LVEN46HQ.html
Frame ID: F92189B1C132EE4298FDAA4F92257E61
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/232/runner.html
Frame ID: 5840FD0736054FD7830C3204A5160A18
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 347B5DFF94A03BCBE09FFF97FFD81C48
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=1922&pub_id=2465685
Frame ID: DAAF966860500268BD5C6E85DBB04368
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/pwt/161217/10689/1/pwt.js
Frame ID: D05FBE90685DA808D596CA13AFF98467
Requests: 20 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebid.bidstreamserver.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D&gdpr=&gdpr_consent=&us_privacy=
Frame ID: 8D09493E6C97125B948D018DC5D999BE
Requests: 1 HTTP requests in this frame

Frame: https://ads.bidstreamserver.com/servlet/view/banner/javascript/zone?pid=1&zid=347&fcid=471&uuid=d2465fc49a81244c6b808a34d9533969&viewable=false&random=45300336&millis=20241004072455&hb_request=28308877&hb_error=timeout&friendly=friendly_45300336&language=en&resolution=unspecified&txid=21999073&rmpid=true&sid=19&encode=1&referrer=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&cturl=
Frame ID: FEC8FA2F358A9CEB015AB06E4C391C30
Requests: 1 HTTP requests in this frame

Frame: https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=Cu8BShN0cm9qYW4uaWFtdmlwLnVzLmtnUgthYXMtOTE0YWNhY1oIcGJhMS4zLjRqE3Ryb2phbi5pYW12aXAudXMua2f6AQY4LjQ5LjDoAgGIA4ah_7cGqAM86gMkMWQ3ZmNhZDEtODZkNS00NjY0LWFkNzQtZDk1OTE5ODBkYzk2ogQcaHR0cHM6Ly90cm9qYW4uaWFtdmlwLnVzLmtnL6oEA0RDSLIFA1VTROoFB2Rlc2t0b3D6BQNueTXABgDIBgGqBwN3ZWLKBwxpYW12aXAudXMua2fgBwGCCAxpYW12aXAudXMua2eKCAZjaHJvbWU
Frame ID: C8C13B4A34CDFDDBD9CA1C9F7C1147F4
Requests: 1 HTTP requests in this frame

Frame: https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=160587
Frame ID: 6A2DAAE3E4C48AB064EC879C65E89106
Requests: 1 HTTP requests in this frame

Frame: https://acdn.adnxs.com/dmp/async_usersync.html
Frame ID: DBB93F41BD4DE36E8955D92AB4D81BA7
Requests: 1 HTTP requests in this frame

Frame: https://onetag-sys.com/usync/?cb=1728041094316
Frame ID: B96DE97CD92A1A880336BE024EDF4F10
Requests: 1 HTTP requests in this frame

Frame: https://eus.rubiconproject.com/usync.html
Frame ID: 1D320E7E3DFA837AD053276FC8B32160
Requests: 1 HTTP requests in this frame

Frame: https://de.tynt.com/deb/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fprebid.bidstreamserver.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D33XUSERID33X&id=0010b00002QJmSBAA1
Frame ID: D46165C576B35D3CD1E94903CD772FB4
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

What Is My IP? Best Way To Check Your Public IP Address

Detected technologies

Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)

Overall confidence: 100%
Detected patterns
  • googlesyndication\.com/

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net

Overall confidence: 100%
Detected patterns
  • adnxs\.com/[^"]*(?:prebid|/pb\.js)

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com

Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com

Page Statistics

245
Requests

81 %
HTTPS

31 %
IPv6

64
Domains

108
Subdomains

79
IPs

5
Countries

2797 kB
Transfer

6956 kB
Size

249
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 39
  • https://unpkg.com/web-vitals/dist/web-vitals.iife.js HTTP 302
  • https://unpkg.com/web-vitals@4.2.3/dist/web-vitals.iife.js
Request Chain 47
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=2DA3891D34954E1B9D8CA18F5A664B3C&RedC=c.clarity.ms&MXFR=1BFF0FBE48DB603212CE1AB04CDB6E39 HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=2DA3891D34954E1B9D8CA18F5A664B3C&MUID=3D939885A31669EE12428D8BA2ED68F3
Request Chain 71
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=793790479&rnd=813258&iiqidtype=2&iiqpcid=65eff8db-bba4-463a-82fe-5b9df64a20bb&iiqpciddate=1728041093376&tsrnd=6_1728041093379&vrref=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&jsver=5.09 HTTP 302
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=793790479&rnd=813258&iiqidtype=2&iiqpcid=65eff8db-bba4-463a-82fe-5b9df64a20bb&iiqpciddate=1728041093376&tsrnd=6_1728041093379&vrref=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&jsver=5.09&ckls=true&ci=vesUi3M2sl&nc=false&trid=-1997232528
Request Chain 75
  • https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&adnxs_id=$UID&gdpr=0 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmatch%3Fid%3DAU1D-0100-001728041093-QDRU72U7-2DJ2%26adnxs_id%3D%24UID%26gdpr%3D0 HTTP 302
  • https://ids.ad.gt/api/v1/match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&adnxs_id=6178791637038509278&gdpr=0
Request Chain 76
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001728041093-QDRU72U7-2DJ2&gdpr=0 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001728041093-QDRU72U7-2DJ2&gdpr=0 HTTP 302
  • https://ids.ad.gt/api/v1/t_match?tdid=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&id=AU1D-0100-001728041093-QDRU72U7-2DJ2
Request Chain 77
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001728041093-QDRU72U7-2DJ2 HTTP 302
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001728041093-QDRU72U7-2DJ2
Request Chain 79
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3185&partner_device_id=AU1D-0100-001728041093-QDRU72U7-2DJ2&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001728041093-QDRU72U7-2DJ2%26tapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3185&partner_device_id=AU1D-0100-001728041093-QDRU72U7-2DJ2&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001728041093-QDRU72U7-2DJ2%26tapad_id%3D%24%7BTA_DEVICE_ID%7D HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=5bafec98-3d73-47cc-a82d-69fb264ec6a3%252Chttps%25253A%25252F%25252Fids.ad.gt%25252Fapi%25252Fv1%25252Ftapad_match%25253Fid%25253DAU1D-0100-001728041093-QDRU72U7-2DJ2%252526tapad_id%25253D5bafec98-3d73-47cc-a82d-69fb264ec6a3%252C&gdpr=0&gdpr_consent= HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&ttd_puid=5bafec98-3d73-47cc-a82d-69fb264ec6a3%2Chttps%253A%252F%252Fids.ad.gt%252Fapi%252Fv1%252Ftapad_match%253Fid%253DAU1D-0100-001728041093-QDRU72U7-2DJ2%2526tapad_id%253D5bafec98-3d73-47cc-a82d-69fb264ec6a3%2C HTTP 302
  • https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&tapad_id=5bafec98-3d73-47cc-a82d-69fb264ec6a3
Request Chain 80
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=AU1D-0100-001728041093-QDRU72U7-2DJ2 HTTP 302
  • https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&google_error=15
Request Chain 81
  • https://ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001728041093-QDRU72U7-2DJ2 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTcyODA0MTA5My1RRFJVNzJVNy0yREoy
Request Chain 82
  • https://ad.360yield.com/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001728041093-QDRU72U7-2DJ2%26impr_uid%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ad.360yield.com/ul_cb/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001728041093-QDRU72U7-2DJ2%26impr_uid%3D%7BPUB_USER_ID%7D HTTP 302
  • https://ids.ad.gt/api/v1/impr_match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&impr_uid=226c37da-df1d-4543-8e9c-83b9633bbf4b
Request Chain 84
  • https://bh.contextweb.com/bh/rtset?pid=562316&ev=1&rurl=https://ids.ad.gt/api/v1/ppnt_match?uid=%%VGUID%%&id=AU1D-0100-001728041093-QDRU72U7-2DJ2 HTTP 302
  • https://ids.ad.gt/api/v1/ppnt_match?uid=SybANM77rTlT&ev=1&pid=562316&id=AU1D-0100-001728041093-QDRU72U7-2DJ2
Request Chain 97
  • https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26gdpr%3D0%26gdpr_consent%3D%26advId%3D98%26advUuid%3D HTTP 302
  • https://u.openx.net/w/1.0/cm?cc=1&gdpr=0&gdpr_consent=&id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26gdpr%3D0%26gdpr_consent%3D%26advId%3D98%26advUuid%3D HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&gdpr=0&gdpr_consent=&advId=98&advUuid=31320967-e111-4871-aab1-fcc40a0daa10 HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1486637409&3rdpcid=31320967-e111-4871-aab1-fcc40a0daa10
Request Chain 104
  • https://x.bidswitch.net/sync?ssp=sekindo&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&gdpr=0&gdpr_consent= HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sekindo&bsw_param=c1f356b7-7783-49ce-9cb6-6119f8cbfea9&google_hm=YzFmMzU2YjctNzc4My00OWNlLTljYjYtNjExOWY4Y2JmZWE5&gdpr_consent=&gdpr=0
Request Chain 105
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=6gvshk1&ttd_tpi=1&ttd_puid=66ffd084466d7&gdpr=0&gdpr_consent= HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=149&advUuid=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&csuuid=66ffd084466d7&gdpr=0&gdpr_consent=
Request Chain 107
  • https://ssum-sec.casalemedia.com/usermatchredir?s=191923&gdpr=0&gdpr_consent=&cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D99%26advUuid%3D HTTP 302
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D99%26advUuid%3D&gdpr=0&gdpr_consent=&s=191923&C=1 HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=99&advUuid=Zv-QhsAoI78AAEdQAMPGQwAA%262299 HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=2120880633&3rdpcid=Zv-QhsAoI78AAEdQAMPGQwAA%262299
Request Chain 108
  • https://eb2.3lift.com/getuid?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D121%26advUuid%3D%24UID HTTP 302
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D121%26advUuid%3D%24UID HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=121&advUuid=1595236621141695270647 HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=259151345&3rdpcid=1595236621141695270647
Request Chain 109
  • https://pixel.rubiconproject.com/exchange/sync.php?p=primis&gdpr=0&gdpr_consent= HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=M1UN1TJS-24-BCQN&gdpr=0 HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=M1UN1TJS-24-BCQN
Request Chain 110
  • https://ups.analytics.yahoo.com/ups/58818/sync?redir=true&gdpr=0&gdpr_consent= HTTP 302
  • https://ups.analytics.yahoo.com/ups/58818/sync?redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=128&advUuid=y-WGcX.0tE2uKF7JU5fMSuyiZoeKiSFc02~A HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1028935272&3rdpcid=y-WGcX.0tE2uKF7JU5fMSuyiZoeKiSFc02~A
Request Chain 111
  • https://ib.adnxs.com/getuid?https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D105%26advUuid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=105&advUuid=6178791637038509278&gdpr=0&gdpr_consent= HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1186917411&3rdpcid=6178791637038509278
Request Chain 112
  • https://mb9eo.publishers.tremorhub.com/pubsync?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D126%26advUuid%3D%5Btvid%5D HTTP 302
  • https://mb9eo.publishers.tremorhub.com/pubsync/verify?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D126%26advUuid%3D%5Btvid%5D HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=126&advUuid=1964d31643b344fcaf5b341c04f0f9ff HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=584182936&3rdpcid=1964d31643b344fcaf5b341c04f0f9ff
Request Chain 113
  • https://cs.media.net/cksync?gdpr=0&gdpr_consent=&cs=34&type=pri&ovsid=66ffd084466d7&redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D127%26advUuid%3D%3Cvsid%3E%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=127&advUuid=&gdpr=0&gdpr_consent= HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1723987475&3rdpcid=
Request Chain 114
  • https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D130%26advUuid%3D%24UID HTTP 307
  • https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D130%26advUuid%3D%24UID&sovrn_retry=true HTTP 307
  • https://live.primis.tech/live/liveCS.php?source=external&advId=130&advUuid=JcJsALZHJ7KS5nsVT06ycUSb HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=396218182&3rdpcid=JcJsALZHJ7KS5nsVT06ycUSb
Request Chain 115
  • https://ads.stickyadstv.com/user-matching?id=3586&gdpr=0&gdpr_consent= HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=134&advUuid=ca92f4f0c1ef7dbf58fbcc3bdeac242&gdpr_consent=&gdpr=0 HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=484859127&3rdpcid=ca92f4f0c1ef7dbf58fbcc3bdeac242
Request Chain 116
  • https://cs.admanmedia.com/3613a31b6329d1c17d5663d05b080db1.gif?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D138%26advUuid%3D%5BUID%5D HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=138&advUuid=210c1e62-1141-42eb-b7d7-72bbf4095336 HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=2136778551&3rdpcid=210c1e62-1141-42eb-b7d7-72bbf4095336
Request Chain 117
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=21&redirectUri=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D140%26advUuid%3D%5Bssb_sync_pid%5D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=140&advUuid=3436013565888359446&gdpr=0&gdpr_consent= HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1881119486&3rdpcid=3436013565888359446
Request Chain 119
  • https://match.sharethrough.com/universal/v1?supply_id=Wog2sp89&gdpr=0&gdpr_consent= HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=144&advUuid=73aba2f8-05d0-40b3-a6d2-3e99555528ea&gdpr=0 HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=2011327056&3rdpcid=73aba2f8-05d0-40b3-a6d2-3e99555528ea
Request Chain 120
  • https://sync.1rx.io/usersync2/rmpssp?sub=primis&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.1rx.io/usersync2/rmpssp?sub=primis&zcc=1&cb=1728041099008 HTTP 302
  • https://ad.turn.com/r/cs?pid=45&id=RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005&rndcb=7509472897 HTTP 302
  • https://sync.1rx.io/usersync/turn/8693763434019593167?dspret=1&gdpr=&gdpr_consent=&us_privacy= HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D119%26advUuid%3DRX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005 HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=119&advUuid=RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005 HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=541745869&3rdpcid=RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005
Request Chain 121
  • https://sync.kueezrtb.com/api/user/pixel/?redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D151%26advUuid%3D%24%7BuserId%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://live.primis.tech/live/liveCS.php?source=external&advId=151&advUuid=75ea81e7-6094-d6a8-754b-b4f3d987e5a4&gdpr=0&gdpr_consent= HTTP 301
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=793790479&3rdpcid=75ea81e7-6094-d6a8-754b-b4f3d987e5a4
Request Chain 167
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Famspbs.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D33XUSERID33X&id=zzz000000000002zzz HTTP 302
  • https://de.tynt.com/deb/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Famspbs.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D33XUSERID33X&id=zzz000000000002zzz HTTP 307
  • https://hde.tynt.com/deb/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Famspbs.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D33XUSERID33X&id=zzz000000000002zzz&b=1
Request Chain 206
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&domain=trojan.iamvip.us.kg&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=_qnNAHxjMzNDTVJReXl4WGJuVFlLK0JnS0Ntanpyb2hyS2dvVDg2UTVVL0xvQVA1NW9HTDB6U0tReldTVHNieWZ0aGVQaDVPaEU2Vi9ZNW41ZnlFSkdsK3dna0dYd2dGQVJxSU1oa1p2dW5GTUlrU0tLeUJKY0lHMy9CTTFhWnhucTQ1RjdYNGo5N2Zpb1RiRkdkTENwdGhwM2o4d0dhcGIycjdTeWxzV09jVjFBVlpmRWd5LzFYTjE1NDBrT0xXZm1TdW9GWHY2TFBNazA1ZndaZUpDam0zVWV4Z2VXVS9IZi9rd3MxSzIvdWo1L0V2SE1lV1VrZFZpcyttL0l3RFhrdFdweGVXRW5FSmlxc3hKK0VaUElZL2JaVjk0UndJYVV0YzdpRTJwZ3dZVytlUT18&cppv=2
Request Chain 228
  • https://sync.1rx.io/usersync2/rmphb?gdpr=&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fprebid.bidstreamserver.com%2Fsetuid%3Fbidder%3Dunruly%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%5BRX_UUID%5D HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2438798273 HTTP 302
  • https://sync.1rx.io/usersync/tradedesk/baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9 HTTP 302
  • https://sync.targeting.unrulymedia.com/csync/RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005?redir=https%3A%2F%2Fprebid.bidstreamserver.com%2Fsetuid%3Fbidder%3Dunruly%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3DRX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005 HTTP 302
  • https://prebid.bidstreamserver.com/setuid?bidder=unruly&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005
Request Chain 234
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=140&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%26partner_device_id%3D23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553%26partner_url%3Dhttps%253A%252F%252Fsync.go.sonobi.com%252Fus.gif%253Fnw%253Dbs%2526nuid%253D23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553%2526gdpr%253D0%2526gdpr_consent%253D HTTP 302
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553&partner_url=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dbs%26nuid%3D23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=bs&nuid=23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553&gdpr=0&gdpr_consent=
Request Chain 235
  • https://match.sharethrough.com/universal/v1?supply_id=v5hJK9Sl&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=147&partneruserid=73aba2f8-05d0-40b3-a6d2-3e99555528ea&gdpr=0
Request Chain 236
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent= HTTP 302
  • https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=sonobi&ssp_user_id=c1f356b7-7783-49ce-9cb6-6119f8cbfea9&gdpr=0&gdpr_consent= HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=74&&user_id=y-NF7_cM5E2plOy9.8dJIT6w6ep1J3lBPe08EO8A--~A&expires=5&ssp=sonobi HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=c1f356b7-7783-49ce-9cb6-6119f8cbfea9&gdpr=&gdpr_consent=&us_privacy=
Request Chain 237
  • https://p.rfihub.com/cm?pub=35683&in=1 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=968062852894828788
Request Chain 238
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=73b05252b3&gdpr=0&gdpr_consent= HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&pubid=73b05252b3 HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3061&partner_device_id=041f4be4-ec5a-4d1e-ac5d-c88ccae4a9a8 HTTP 302
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DAPPNEXUS%26partner_device_id%3D%24UID%26pt%3D5bafec98-3d73-47cc-a82d-69fb264ec6a3%252C%252C HTTP 302
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=6178791637038509278&pt=5bafec98-3d73-47cc-a82d-69fb264ec6a3%2C%2C
Request Chain 239
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=smart-adserver&ttd_tpi=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&gdpr=0&gdpr_consent=
Request Chain 240
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=64&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D68%26partneruserid%3D%7BuserId%7D&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=68&partneruserid=23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553&gdpr=0&gdpr_consent=
Request Chain 241
  • https://x.bidswitch.net/sync?ssp=smartadserver&gdpr=0&gdpr_consent= HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dsmartadserver%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D0%26gdpr_consent%3D HTTP 302
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dsmartadserver%26expires%3D30%26user_group%3D%24%7BUSER_GROUP%7D%26gdpr%3D0%26gdpr_consent%3D&crf=1&rts=-2318761851121448213 HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=7f33fa5d-abda-5316-aeda-a44cc82574c6&ssp=smartadserver&expires=30&user_group=1&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?partnerid=31&partneruserid=c1f356b7-7783-49ce-9cb6-6119f8cbfea9&gdpr=0&gdpr_consent=
Request Chain 242
  • https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=0&gdpr_consent= HTTP 302
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=6178791637038509278&gdpr=0&gdpr_consent=
Request Chain 243
  • https://sync.srv.stackadapt.com/sync?nid=286 HTTP 302
  • https://sync.go.sonobi.com/us.gif?nw=st&nuid=z9dTeSF-UfB3mdv4fR5P1aL1zvc
Request Chain 245
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fprebid.bidstreamserver.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D33XUSERID33X&id=0010b00002QJmSBAA1 HTTP 302
  • https://de.tynt.com/deb/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fprebid.bidstreamserver.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D33XUSERID33X&id=0010b00002QJmSBAA1
Request Chain 247
  • https://match.sharethrough.com/FGMrCMMc/v1?gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&redirectUri=https%3A%2F%2Famspbs.com%2Fsetuid%3Fbidder%3Dsharethrough%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%24UID HTTP 302
  • https://amspbs.com/setuid?bidder=sharethrough&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=73aba2f8-05d0-40b3-a6d2-3e99555528ea

245 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
trojan.iamvip.us.kg/
276 KB
51 KB
Document
General
Full URL
https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27ac6e05eb3fda629533072cf0b9a49a3e904063055b23d29c709404426c5908
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

age
139
cache-control
public,max-age=0,must-revalidate,public
cf-cache-status
DYNAMIC
cf-ray
8cd4ced22fd108fa-LAX
content-encoding
br
content-security-policy
frame-ancestors 'self'
content-type
text/html; charset=UTF-8
date
Fri, 04 Oct 2024 11:24:51 GMT
last-modified
Mon, 30 Sep 2024 21:43:09 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qC0TKoFSQr%2Bf%2BpqEAWxfdo8Mz8hYEtKI83CyILYR4buhVKus4wojCgWSpc8vCYrqTmUhNKou35QTeBtWGzbfZwX0cjNgYpcoV9xYUEvpt%2BRm%2BK4SE%2FWQkzsUEGNP68oq438vk327PztVl4NIzDAtt55i"}],"group":"cf-nel","max_age":604800}
server
cloudflare
speculation-rules
"/cdn-cgi/speculation"
strict-transport-security
max-age=2592000; preload
vary
Accept-Encoding,Accept-Encoding
via
1.1 varnish (Varnish/7.1), 1.1 google
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-gatsby-fastify
served-by: Static;
x-varnish
31814935 50830681
x-xss-protection
1; mode=block
speculation
trojan.iamvip.us.kg/cdn-cgi/
128 B
473 B
Other
General
Full URL
https://trojan.iamvip.us.kg/cdn-cgi/speculation
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://trojan.iamvip.us.kg
Referer
https://trojan.iamvip.us.kg/

Response headers

nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ut4kcCpNWM9dTwNWLWAIRjnWB7xlosAddUThQOjz87U12kiHnVgkrvEP7dT1RXq9Kt6Bh140a7GtCmdeZB2QX5%2BtWVSE7TrHtnsDvg7AgeWNcsUZCy4c6t6tRP1%2FHLuuU6NnkD4ObItALjbsewcrwU%2BG"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd4ced368ed08fa-LAX
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
128
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/speculationrules+json
vary
Origin, Accept-Encoding
server
cloudflare
gtm.js
www.googletagmanager.com/
250 KB
84 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NCCVS2G
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
191601b22171ed66cf8767d674a9f5df540f5cb241431c02f1b6c1a31be34c56
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Fri, 04 Oct 2024 11:24:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Fri, 04 Oct 2024 09:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
85060
x-xss-protection
0
server
Google Tag Manager
menu.js
trojan.iamvip.us.kg/js/
3 KB
1023 B
Script
General
Full URL
https://trojan.iamvip.us.kg/js/menu.js
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c022f4239205287d0b41fcf2fa6d95e13b19b6aa9a60b09069017db770f313aa
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
cf-cache-status
REVALIDATED
etag
W/"d85-19249df7be0"
cf-bgj
minify
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UUqG4Aw5fLB%2Flm3O8omUPmoXfJEZLubV0g5fT3sidNvnGs2VynMT5z4QBUKjS5nsGq6NM3GB3IdexHeqf%2Byys1jTIZfkHUrvIz25YKo48HOtbq3RpBE3W65vUsRoTqolAjZvE%2BX1HLQtD5d8sHLDkEoB"}],"group":"cf-nel","max_age":604800}
x-varnish
2921201 2108010
cf-polished
origSize=3461
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public, max-age=0, must-revalidate, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced3a92b08fa-LAX
x-xss-protection
1; mode=block
server
cloudflare
What-Is-My-IP.webp
trojan.iamvip.us.kg/images/
2 KB
3 KB
Image
General
Full URL
https://trojan.iamvip.us.kg/images/What-Is-My-IP.webp
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9a45cde5bbafaf35d38e45eaa62784e12434286a1da8f7570b6c15a94e55f967
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"9bc-19249df7be0"
x-gatsby-fastify
served-by: Static;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=grEN%2FA0UAWiBzk9PIT%2FJ6GEF16Ngi%2Bfn0O1eBrJTg%2FlRXH4ce%2BfpTO1yVUnzOkKHPVvaXJ90JDW5A1CtmSdXEuNoGpfmKNrrHDcujNVP7CyOcww4KVWJYsCx5GmjoE5gesSWw88HqGT1yh0IOzLgvtGW"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-varnish
2921224 1809633
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/webp
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public, max-age=0, must-revalidate, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced4ba0d08fa-LAX
accept-ranges
bytes
content-length
2492
x-xss-protection
1; mode=block
server
cloudflare
webpack-runtime-97563fdde48fe41acc81.js
trojan.iamvip.us.kg/
5 KB
3 KB
Script
General
Full URL
https://trojan.iamvip.us.kg/webpack-runtime-97563fdde48fe41acc81.js
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7eb56e0ed7103763b3e865a4fdb69a775918bf8adcf345645cf8344850ca9e7f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"14df-19244441ec0"
age
128
cf-bgj
minify
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R%2FgzWsVpzbvVuDlFTPuoHphX8yQWwiqDVdkZg8hPnet1%2F642dVpt9PRBsbUFMQPb2C3aHkQi8O98%2F%2FKDMdxZMrMgMfSPN5jjAJm4mCVgJPEh%2FaTt%2BbkPeCX3Mro0DcoJyZ5h89owmF5jIr9iOV0S6MeS"}],"group":"cf-nel","max_age":604800}
x-varnish
1376264
cf-polished
origSize=5343
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Mon, 30 Sep 2024 18:49:28 GMT
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=3600,immutable,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced4ba1208fa-LAX
x-xss-protection
1; mode=block
server
cloudflare
framework-fe041d812b009cc8e73a.js
trojan.iamvip.us.kg/
138 KB
46 KB
Script
General
Full URL
https://trojan.iamvip.us.kg/framework-fe041d812b009cc8e73a.js
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
69aaf78ef7f17c80af7c5e8c84e669a097d79014d5df1e789b2b8136d26fdada
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"226a0-18faae5e058"
age
602
cf-bgj
minify
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uXb60qRE8etLpE4%2FSWbgSKxfnMXXB7kBdkGMjKyr%2BenP4KSCulg359qSNnm3Z5zBSaIHaXhxHqWYAJ4Ji22c%2FCqY5ilmgiQV65aoJ51PjwdNkLcsHeqJiiumVIlnpYueSOkTb8F3%2Fe2B0fjlJX2RZn8g"}],"group":"cf-nel","max_age":604800}
x-varnish
6333370
cf-polished
origSize=140960
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Fri, 24 May 2024 13:59:03 GMT
vary
Accept-Encoding, Accept-Encoding
strict-transport-security
max-age=2592000; preload
cache-control
public,max-age=3600,immutable,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced4ba1508fa-LAX
server
cloudflare
app-4b81e3872321a3f27a68.js
trojan.iamvip.us.kg/
66 KB
23 KB
Script
General
Full URL
https://trojan.iamvip.us.kg/app-4b81e3872321a3f27a68.js
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e49bdd30b3adfb8e315a42dfa7c3066b022be4c09edf33df0a9c7d84f38092d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"10a31-191950144b0"
age
1245
cf-bgj
minify
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=su%2BWBZZk3pHNSt%2Fa05CZHBa%2BC0sVxXDAsZkZUomDClz9gE7lu3wfI37w2Fp%2B%2B1A6dSHmYO4H0H5CKULiEhq57mWOEEQSqCP9Qsjw0wBF77YpdtuM%2BYjxalNhKjsmxujAH7wlIrSGY%2BcT929Veaf0gZIu"}],"group":"cf-nel","max_age":604800}
x-varnish
491691
alt-svc
h3=":443"; ma=86400
cf-polished
origSize=68145
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Tue, 27 Aug 2024 18:02:54 GMT
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=3600,immutable,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced4ba1708fa-LAX
x-xss-protection
1; mode=block
server
cloudflare
icon-search.png
trojan.iamvip.us.kg/images/icons/
868 B
1 KB
Image
General
Full URL
https://trojan.iamvip.us.kg/images/icons/icon-search.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8648b77b5a531bed11beeaafffd7a9449f4000c452d1e98b95b0dd57b212533e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"536-19249df7be0"
cf-bgj
imgq:85,h2pri
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=agRZzFg8W293TWKMS9NFPslXGd8Iq8A6lFPgVcoNaEB6a%2FWCRR%2FxyiFIT9U7It3T5FnRbolpaYVOPfjixSPLmB4kDp%2FWfR4kCzLiqnE6oNSU%2BxNYJj6M2EBYQ9Hvy5K9JzecfsIxu4yv7db1ogONqL1r"}],"group":"cf-nel","max_age":604800}
x-varnish
8797719 12162423
cf-polished
origFmt=png, origSize=1334
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/webp
content-disposition
inline; filename="icon-search.webp"
vary
Accept, Accept-Encoding
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced4ca2908fa-LAX
accept-ranges
bytes
content-length
868
x-xss-protection
1; mode=block
server
cloudflare
icon-menu-blue-home.png
trojan.iamvip.us.kg/images/icons/
222 B
709 B
Image
General
Full URL
https://trojan.iamvip.us.kg/images/icons/icon-menu-blue-home.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a24367ae1c667a9838cd51b75ba6d6b1706953f76f9c1aeb59aabe35e90276e0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"153-19249df7be0"
cf-bgj
imgq:85,h2pri
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YhVI7Em%2BlI25eH9WohSCoQOyGJIMHqUg4vggY%2BrkYtCL8kgNm3yN6%2BleuvM3SgJmtm368oC%2FqfUSfzKtbPDcqPqTGjH4nHX%2F6jsR7rEnAjPgwG4rOab3DArrudLwLBtdHmmsXpf%2BK%2Bj3sP6TP6i8SQto"}],"group":"cf-nel","max_age":604800}
x-varnish
2268013 1678333
cf-polished
origFmt=png, origSize=339
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/webp
content-disposition
inline; filename="icon-menu-blue-home.webp"
vary
Accept, Accept-Encoding
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public, max-age=0, must-revalidate, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced4ca2b08fa-LAX
accept-ranges
bytes
content-length
222
x-xss-protection
1; mode=block
server
cloudflare
icon-menu-blue-map.png
trojan.iamvip.us.kg/images/icons/
262 B
643 B
Image
General
Full URL
https://trojan.iamvip.us.kg/images/icons/icon-menu-blue-map.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8ea862da1f88f4ef953065b31efecf7d1cfded443c195e89c287d745afd116de
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"171-19249df7be0"
cf-bgj
imgq:85,h2pri
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EdTGLFkW0Q%2FK0dgkrn7xscKA32QdYXIwemDmGMmKWLjav1vneaHEGcC67ke5SCEW%2B6JWSa6qRLbAuaIOfOS2HNRLGwOslExYmLVd8RCh8GtFicbCAMKs1YzWgyqgGMx7%2F%2FDWt5yQPz9dX2uufuQchMSS"}],"group":"cf-nel","max_age":604800}
x-varnish
1476636 303202
cf-polished
origFmt=png, origSize=369
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/webp
content-disposition
inline; filename="icon-menu-blue-map.webp"
vary
Accept, Accept-Encoding
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public, max-age=0, must-revalidate, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced4ca2e08fa-LAX
accept-ranges
bytes
content-length
262
x-xss-protection
1; mode=block
server
cloudflare
icon-menu-blue-globe.png
trojan.iamvip.us.kg/images/icons/
568 B
984 B
Image
General
Full URL
https://trojan.iamvip.us.kg/images/icons/icon-menu-blue-globe.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ed239d1de8373b6b50a086822887f8b5bb73d2c01176d2bec3f1dc334c9301c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"35b-19249df7be0"
cf-bgj
imgq:85,h2pri
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nLWP2ZIphWIhJnU2fcOKTLno%2FutACxRfmyXhCw24KTIaR%2Fo8sIpU7PCbF8IRHT2Fx0ojeKFuXDMMbAXqGimD85hjFVXCIW%2F%2FCSbmOfzyS7aS8WQDCJUw2ghaPAu%2BSYyE65rvYJYB2J5MdnUXuW8D4UoN"}],"group":"cf-nel","max_age":604800}
x-varnish
1476634 698797
cf-polished
origFmt=png, origSize=859
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/webp
content-disposition
inline; filename="icon-menu-blue-globe.webp"
vary
Accept, Accept-Encoding
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced4ca3108fa-LAX
accept-ranges
bytes
content-length
568
x-xss-protection
1; mode=block
server
cloudflare
icon-menu-blue-dns.png
trojan.iamvip.us.kg/images/icons/
578 B
971 B
Image
General
Full URL
https://trojan.iamvip.us.kg/images/icons/icon-menu-blue-dns.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
baafdfb282cffd8d673850481dc2137c7e4b4f90c2d437581ef0531735548804
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"345-19249df7be0"
cf-bgj
imgq:85,h2pri
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Rx3Dudw5FryDutuVeTG30kofTfU7MzuxXNse4XPwauHjPpt%2B9569gD4rKgq3tGRvUyr6s1ov9rbqYAVXYAbLjdbFBbCiaE62HC4iVDK4UqiN3gJrdGCktJkPoJU7SjZxt0KcjaIrX%2FpQ4I8BFDRL8OUA"}],"group":"cf-nel","max_age":604800}
x-varnish
1678480 1972307
cf-polished
origFmt=png, origSize=837
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/webp
content-disposition
inline; filename="icon-menu-blue-dns.webp"
vary
Accept, Accept-Encoding
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public, max-age=0, must-revalidate, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced4ca3208fa-LAX
accept-ranges
bytes
content-length
578
x-xss-protection
1; mode=block
server
cloudflare
icon-menu-blue-speed.png
trojan.iamvip.us.kg/images/icons/
370 B
1020 B
Image
General
Full URL
https://trojan.iamvip.us.kg/images/icons/icon-menu-blue-speed.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6519ca896bc8fd4e14a643e92c7124d01fac74a76e1c17b11c23e96b4e91c5cc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"21a-19249df7be0"
cf-bgj
imgq:85,h2pri
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D%2BpFiidx6Poxu7UW4YpPAqEPryZhCfblnX%2FkHotIJYtx4sT5fcMrAMt3cYrMlYIC%2F4pdd6w9emRjiPKwVj6SUvjoz%2F9sHFbKBN0qHfvpm%2FPlJ78F8vm28Kpw2zMV1jCbn%2BalzpFHg9wQzEYpgankszR0"}],"group":"cf-nel","max_age":604800}
x-varnish
2108364 1187621
cf-polished
origFmt=png, origSize=538
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/webp
content-disposition
inline; filename="icon-menu-blue-speed.webp"
vary
Accept, Accept-Encoding
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced4ca3408fa-LAX
accept-ranges
bytes
content-length
370
x-xss-protection
1; mode=block
server
cloudflare
icon-menu-blue-tools.png
trojan.iamvip.us.kg/images/icons/
413 B
761 B
Image
General
Full URL
https://trojan.iamvip.us.kg/images/icons/icon-menu-blue-tools.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
97f13a205f2d824fa5dd95e8df87a1502471c50a51eb6b163572914d86fbf7a5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"19d-19249df7be0"
x-gatsby-fastify
served-by: Static;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B86OKbTQgPlr8PfZQZW3SX9FFE%2Bo5SZ%2Fd490wcKTuAScgvz6Z2xPVNNSVJflw93XUwDTuhskTQUp42AHY07DA53z4F7VZQyAg0OO%2BN4FUnqVJNkVdNBN0lwMbGIrg6SERnyATrVShkehiGr1v2%2Bk1Vsb"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-varnish
5892351 6705108
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/png
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced52a7f08fa-LAX
accept-ranges
bytes
content-length
413
x-xss-protection
1; mode=block
server
cloudflare
icon-menu-blue-help.png
trojan.iamvip.us.kg/images/icons/
324 B
709 B
Image
General
Full URL
https://trojan.iamvip.us.kg/images/icons/icon-menu-blue-help.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
57e43b43d5afa3659d1794240efc45dc47a3fd812634ddb0c4799c51f55290d3
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"1da-19249df7be0"
cf-bgj
imgq:85,h2pri
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HcSK9RdG2paixABIbGqrGHLUTjHCbTy61NQWr7tDwX7lbw2nTpahTgxa3KPLBGSPVt9%2B7ppw1ckoiFk6BTCc1sKpYoanRd8fZ3l23QJnA86TkZeGTRmKY94O8durhEcMVw0Y4GbFiblPEuBfgwljCGY7"}],"group":"cf-nel","max_age":604800}
x-varnish
393266
cf-polished
origFmt=png, origSize=474
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/webp
content-disposition
inline; filename="icon-menu-blue-help.webp"
vary
Accept, Accept-Encoding
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced52a8108fa-LAX
accept-ranges
bytes
content-length
324
x-xss-protection
1; mode=block
server
cloudflare
tool-copy-blue.png
trojan.iamvip.us.kg/images/
330 B
744 B
Image
General
Full URL
https://trojan.iamvip.us.kg/images/tool-copy-blue.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
47c908158e598c99184a165f9002e9840b1c5d6af942a64c9deb4c3bb0aaf281
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"1d9-19249df7be0"
cf-bgj
imgq:85,h2pri
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PFX%2FyusWRyCAPD%2BD8lF8XaEKQQjeFV%2BebBdyTDefIZE7oHI0uVRvXURhmhNLbgrrPSJgIINeq5OIKvLJc%2FKJ8hdPbUVAyyUzt4FrqOm9aHrcCoxLvDhfY4OOoTXx6kAc06vD6DNp6ubED0vcb%2BUc1V0L"}],"group":"cf-nel","max_age":604800}
x-varnish
19751986 19344623
cf-polished
origFmt=png, origSize=473
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/webp
content-disposition
inline; filename="tool-copy-blue.webp"
vary
Accept, Accept-Encoding
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced52a8208fa-LAX
accept-ranges
bytes
content-length
330
x-xss-protection
1; mode=block
server
cloudflare
icon-down-arrow.png
trojan.iamvip.us.kg/images/icons/
300 B
673 B
Image
General
Full URL
https://trojan.iamvip.us.kg/images/icons/icon-down-arrow.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a216e5408002afe495ed8a149c078795e06fff614c700cfaa236bfbc5ae3317a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"12c-19249df7be0"
x-gatsby-fastify
served-by: Static;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6xZ8cVwy7RmFVjtGcZPh%2FlaePw3FdJBqzwWY0cq%2FT5R1qPY7WOE%2BH5SEOJEKBkwWGAedC11qvHgxsV1GfbFS2aB7UldeMfy55tzCq4UshXXTh%2By6eoQBk%2B8Fc0DnFtHKOZRIomFRN3ESKBUmVo2kVyIL"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-varnish
21082410 18349740
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/png
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced52a8308fa-LAX
accept-ranges
bytes
content-length
300
x-xss-protection
1; mode=block
server
cloudflare
icon-card-map.png
trojan.iamvip.us.kg/images/icons/
858 B
1 KB
Image
General
Full URL
https://trojan.iamvip.us.kg/images/icons/icon-card-map.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f5388bb7bc9753635f6ff32b2842923913cc09e9d6b50241124095bd55a3561a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"56a-19249df7be0"
cf-bgj
imgq:85,h2pri
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wiriecSQOleb96Kyucy7jMh4OTthEhIMWO1SrfO%2FgTz%2F3xx%2F9yjBpyhT3qgpA82zNyJySgx1mdFzJuTvIOYkbQs5zI0Mqe04kH4mw5IOnEMIEZuKo6o%2FLhRig6CrulxscGDrtGvwfE9Q3MhUIh4yvuDV"}],"group":"cf-nel","max_age":604800}
x-varnish
557131
cf-polished
origFmt=png, origSize=1386
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/webp
content-disposition
inline; filename="icon-card-map.webp"
vary
Accept, Accept-Encoding
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced52a8408fa-LAX
accept-ranges
bytes
content-length
858
x-xss-protection
1; mode=block
server
cloudflare
icon-card-change.png
trojan.iamvip.us.kg/images/icons/
840 B
1 KB
Image
General
Full URL
https://trojan.iamvip.us.kg/images/icons/icon-card-change.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bd5f8764a9e684962199ce88d038ebaadc19fa0008910c87af1ab2064acdcef3
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"51f-19249df7be0"
cf-bgj
imgq:85,h2pri
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lw4fLxz7LDiljv54%2BUApmwGCaoKM6hJs1A%2FEd9zoCtRsVV2DG50HwmKb1UALguldJBxF2wY1WAQKbJXKBJI8M%2BVyzQH8EtFMCieP3rNrafslMtEhMh9xDfVWSXYNByhTX%2BpjcuJpsaMqz6SCpoVVWF%2Bx"}],"group":"cf-nel","max_age":604800}
x-varnish
2041911 3318417
cf-polished
origFmt=png, origSize=1311
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/webp
content-disposition
inline; filename="icon-card-change.webp"
vary
Accept, Accept-Encoding
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced52a8508fa-LAX
accept-ranges
bytes
content-length
840
x-xss-protection
1; mode=block
server
cloudflare
icon-card-email.png
trojan.iamvip.us.kg/images/icons/
1 KB
2 KB
Image
General
Full URL
https://trojan.iamvip.us.kg/images/icons/icon-card-email.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14ebd64274d01045f48b8878423535bf065768179fb64f441a5b625b00eccadd
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"723-19249df7be0"
cf-bgj
imgq:85,h2pri
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=14b6LEouh%2FUZKV%2Fjd%2FZ0yIdir%2FF42G3naxZwKalRS2%2BKQo3%2FTnoLnUfhDSMY5XFepR766JLbxvb4A2j8xuxHoNJhnGH%2FfA0sZDyWfXIU8vXbvGwp9SDgNgeZoLoSFWmT4XpKfEifuecIvX0wLug3Wqbk"}],"group":"cf-nel","max_age":604800}
x-varnish
3268762 6282077
alt-svc
h3=":443"; ma=86400
cf-polished
origFmt=png, origSize=1827
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/webp
content-disposition
inline; filename="icon-card-email.webp"
vary
Accept, Accept-Encoding
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced52a8708fa-LAX
accept-ranges
bytes
content-length
1162
x-xss-protection
1; mode=block
server
cloudflare
icon-card-security.png
trojan.iamvip.us.kg/images/icons/
546 B
945 B
Image
General
Full URL
https://trojan.iamvip.us.kg/images/icons/icon-card-security.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca3fb2a4d632a60143fdad298c0172cfc3b5671106ec47593d2001cb13f8722c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"33c-19249df7be0"
cf-bgj
imgq:85,h2pri
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VxgaQNqK%2BmkGhtBHFWwKiL%2FrTHH3N%2FtqVCMQNvO%2FqU4aYlGDhKz1M5uRNgf7StdJy4A%2FDZWG98vpURq2SQGmfcg8IKomLbdWr7L1MXsXYI%2FcLnM6XSMgcYreBpvTCgoXcd4djAkLAyVIlmy0DcR7LsDu"}],"group":"cf-nel","max_age":604800}
x-varnish
1678483 698804
cf-polished
origFmt=png, origSize=828
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/webp
content-disposition
inline; filename="icon-card-security.webp"
vary
Accept, Accept-Encoding
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced52a8808fa-LAX
accept-ranges
bytes
content-length
546
x-xss-protection
1; mode=block
server
cloudflare
icon-card-spy.png
trojan.iamvip.us.kg/images/icons/
1 KB
2 KB
Image
General
Full URL
https://trojan.iamvip.us.kg/images/icons/icon-card-spy.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46ee6292134b950168fcc5d297ab92b34fb56f5552f99668814ab1deb5fc74e7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"88b-19249df7be0"
cf-bgj
imgq:85,h2pri
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PNEjY%2Binr%2BZXsxvEFIR62v9Dv8aw6RiL03QO%2FRyZb7tS1O3aG8rmiCZrTgiJiQxFEbJy6nuOXfL4DuEpc2oCmlUrMBlfA5jWLPz0yxPIctuvSyydcdloQYO2R9ESYnvprCaug7blb%2FBL0cmcDDV0KPXR"}],"group":"cf-nel","max_age":604800}
x-varnish
22495872 25343855
cf-polished
origFmt=png, origSize=2187
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/webp
content-disposition
inline; filename="icon-card-spy.webp"
vary
Accept, Accept-Encoding
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced52a8a08fa-LAX
accept-ranges
bytes
content-length
1338
x-xss-protection
1; mode=block
server
cloudflare
icon-card-vpn.png
trojan.iamvip.us.kg/images/icons/
444 B
844 B
Image
General
Full URL
https://trojan.iamvip.us.kg/images/icons/icon-card-vpn.png
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b25e31939a2705945a38a53f92b61814cd6078d17bfc52dee1ced79b5b20e0d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"2af-19249df7be0"
cf-bgj
imgq:85,h2pri
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L4pr53%2Ftx9VGrNBgo5ukdYmS95R7%2BAUBxnDDlvLlZxQjYZs3ktPk1PMccsIJeh8fCgR9jitDoOjdbXWooEfDQNL2uhfyjXKskQC8iO5kW1VlLkaGfK%2BE7xQt59g6DYhK9ao98619vsjxfKYxERElEpzf"}],"group":"cf-nel","max_age":604800}
x-varnish
1476637 1711983
alt-svc
h3=":443"; ma=86400
cf-polished
origFmt=png, origSize=687
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
image/webp
content-disposition
inline; filename="icon-card-vpn.webp"
vary
Accept, Accept-Encoding
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced52a8d08fa-LAX
accept-ranges
bytes
content-length
444
x-xss-protection
1; mode=block
server
cloudflare
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c9fab32cc43d81d4ee03d5eb7b558fbdd2b654558c1f4a412829ac65fb4d105d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
2 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3b02584211e3f462fe1794c0f8e37908d3a4fcf2b061b490126df9440d5e98fb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/
1 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f2b3d89acc0779adf85e150299e020feb3e031fe1c38cd6f93eea93780b17300

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
app-data.json
trojan.iamvip.us.kg/page-data/
50 B
487 B
XHR
General
Full URL
https://trojan.iamvip.us.kg/page-data/app-data.json
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/app-4b81e3872321a3f27a68.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e95043bc5a53bff2d5587c078500a59bb2472f4e2bad3239b228c517aa4d157f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"32-19244e31de0"
age
281
x-gatsby-fastify
served-by: Static;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=87v9TdSQnJl3D94xOowAQvIgw12qYeN9XcpJnHeLiJd7fcb7GPQG5CXczx6yyJuUlpS161Hxgt5pxjwkSdDrM%2Bf%2FtwtzbVkNB5psOQXg3Rq2axXmFeuFA22TOwGj84aP5QegOiXo%2FP2BK2JXB6fdsYda"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-varnish
41752981 56165250
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/json; charset=UTF-8
last-modified
Mon, 30 Sep 2024 21:43:08 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced5db2f08fa-LAX
x-xss-protection
1; mode=block
server
cloudflare
page-data.json
trojan.iamvip.us.kg/page-data/index/
21 KB
6 KB
XHR
General
Full URL
https://trojan.iamvip.us.kg/page-data/index/page-data.json
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/app-4b81e3872321a3f27a68.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:d95a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb15441909a0c4b008360265f136f5f87a86591c5e7af1e05576e479521d414c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"5368-19195031588"
age
184
x-gatsby-fastify
served-by: Static;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gY43VHc%2BLzXjbR27fY%2FUSD4SdMf44ssnrwA59PY%2BtKChMesoyo%2F%2FmOhKV5u03gRj6o7YuG0Uv%2FwjcAeyBssHDbhxqDfAk%2BKws9tNsBcIQmipZQ1nu8oVarcK506pmuZJvn9IoyEDkvPUOwjD3VgfX%2FTf"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-varnish
50121202 39414812
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/json; charset=UTF-8
last-modified
Tue, 27 Aug 2024 18:04:53 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced5db3208fa-LAX
x-xss-protection
1; mode=block
server
cloudflare
commons-06a939c4b387dfcb9ba3.js
trojan.iamvip.us.kg/
192 KB
51 KB
Script
General
Full URL
https://trojan.iamvip.us.kg/commons-06a939c4b387dfcb9ba3.js
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/webpack-runtime-97563fdde48fe41acc81.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.217.90 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2339d8d2b671182fe921c1677bb1ec949363be3244b4572c6ea1d5613a61c73
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"3002a-192005f3af0"
age
1633
cf-bgj
minify
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z4ZNPI4gtWB%2BbhLPiaHBLHjmeV0ibCxKfDz63M80Rd4qUEGREO9MQ5XCk6drtC08ANELh7zoxZwJ2xBYEhlmNMtHzF4XDrxqf9RaU0oJv1Ue8CPNuhkbyAHEjIQYln%2BE0D6SoV9e"}],"group":"cf-nel","max_age":604800}
x-varnish
1638410
cf-polished
origSize=196650
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Tue, 17 Sep 2024 14:24:54 GMT
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=3600,immutable,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced6f9ce2f14-LAX
x-xss-protection
1; mode=block
server
cloudflare
component---src-pages-index-js-a796ce7a65e4e5798423.js
trojan.iamvip.us.kg/
805 B
1 KB
Script
General
Full URL
https://trojan.iamvip.us.kg/component---src-pages-index-js-a796ce7a65e4e5798423.js
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/webpack-runtime-97563fdde48fe41acc81.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.217.90 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
51ba230661257e0570e0e349ad32cf75fa42f044da11eaf4ad96798d74b465a9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"375-191950144b0"
age
1091
cf-bgj
minify
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ioqEYXfYTrNNRg%2BIqdPjUMyZ7eI%2Bad9c%2Fm4G4VxDARPICq6UaVh9KLiIzvwzRwbfT6QFqScQxi78Wdnbx1%2BCj3EQ9zJzXMGsfIguW8TbGRiFdITSg36UKwJEQ5rbB2RuNy9WbUsG"}],"group":"cf-nel","max_age":604800}
x-varnish
14709505
alt-svc
h3=":443"; ma=86400
cf-polished
origSize=885
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Tue, 27 Aug 2024 18:02:54 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=3600,immutable,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced6f9cf2f14-LAX
x-xss-protection
1; mode=block
server
cloudflare
3959158423.json
trojan.iamvip.us.kg/page-data/sq/d/
6 KB
2 KB
XHR
General
Full URL
https://trojan.iamvip.us.kg/page-data/sq/d/3959158423.json
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/app-4b81e3872321a3f27a68.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.217.90 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7ad19cea730f714c92c8fc0832966b8b85f81419c8d6269430b9cbdbfbb45f54
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"17ee-191a3d14e68"
age
274
x-gatsby-fastify
served-by: Static;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b7KxSvAYbgydZOAfLfkt8W5nrQ4ILD8BjA9Z%2FxUVkGytN8VWOQeHFL95vjr1xj4KTn0obHzhwS5cKZ4XW%2FmzCgtWK2VwXDebjJ18FjWhirJ15HArccdTYbcc0SJxXPzjWPOf5B9P"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-varnish
56039298 47925916
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/json; charset=UTF-8
last-modified
Fri, 30 Aug 2024 15:04:49 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced6f9d02f14-LAX
x-xss-protection
1; mode=block
server
cloudflare
780933996.json
trojan.iamvip.us.kg/page-data/sq/d/
31 KB
10 KB
XHR
General
Full URL
https://trojan.iamvip.us.kg/page-data/sq/d/780933996.json
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/app-4b81e3872321a3f27a68.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.217.90 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c8d34acf786483984d65f3818112e507e4cdeb6d7a8b6bb9a5cd130e77ecb52
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
etag
W/"7c6d-191a3d14e68"
age
274
x-gatsby-fastify
served-by: Static;
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qHi3dhn8aR%2BgoxsM2TMJhER1qRD7fHKXwHonBcLLN0gdrTOtiK9PRByBHCJ%2FDUaysHHyRRI%2BbARRryXNsJ9aCOVfYjrQHZIopzv1mrlIU7fZsZW6ivvhlOMPVkVHOLl9W1iIHOGT"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-varnish
42912534 53188158
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/json; charset=UTF-8
last-modified
Fri, 30 Aug 2024 15:04:49 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced6f9d22f14-LAX
x-xss-protection
1; mode=block
server
cloudflare
liveView.php
live.primis.tech/live/
50 KB
19 KB
Script
General
Full URL
https://live.primis.tech/live/liveView.php?s=116800
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/commons-06a939c4b387dfcb9ba3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2510:1600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
23598d0232e62f03807cb382268cee54c5016830ad640aeebd116690677dc0f2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

x-amz-cf-id
tYNcLvDUkfJ-S6ZnfesQSOHz1MXDouS21gInmAJAwQyTty5eILzmYQ==
cache-control
no-store
content-encoding
gzip
pragma
no-cache
age
0
via
1.1 9750f5ee94b45ad0faba87b3fac2aad6.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
alt-svc
h3=":443"; ma=86400
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
server
nginx
x-amz-cf-pop
JFK50-P5
wimi.php
api.whatismyip.com/
0
233 B
Fetch
General
Full URL
https://api.whatismyip.com/wimi.php
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/commons-06a939c4b387dfcb9ba3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.39.86 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
86.39.117.34.bc.googleusercontent.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
public, no-store
access-control-allow-methods
GET, OPTIONS, POST
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
text/html; charset=UTF-8
server
Apache
access-control-allow-headers
origin, x-requested-with, content-type, accept
wimi.php
apiv6.whatismyip.com/
0
233 B
Fetch
General
Full URL
https://apiv6.whatismyip.com/wimi.php
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/commons-06a939c4b387dfcb9ba3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1901:0:d110:: Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
public, no-store
access-control-allow-methods
GET, OPTIONS, POST
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
text/html; charset=UTF-8
server
Apache
access-control-allow-headers
origin, x-requested-with, content-type, accept
whatismyip-what-is-my-ip-homepage.js
widget.sellwild.com/whatismyip/
124 KB
41 KB
Script
General
Full URL
https://widget.sellwild.com/whatismyip/whatismyip-what-is-my-ip-homepage.js
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/commons-06a939c4b387dfcb9ba3.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.6 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-6.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7f1fced8ffbd89018c56bd5c7ff567759229ffdd4627e1bacb52d9c1f34723e4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

vary
Accept-Encoding
cache-control
max-age=1209600,public
content-encoding
gzip
etag
W/"23d8a889d10cf9a980f9d5a329a9f832"
age
40862
via
1.1 e774c9e3b514be02964a99136a6cdfda.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
QJYibTJK5EQYP4ejBHCx30b87Z3ie0-7l5kZeKmAjn4YTqUJWHpdNw==
date
Fri, 04 Oct 2024 00:03:51 GMT
content-type
application/javascript
last-modified
Sat, 14 Sep 2024 16:00:18 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P5
x-amz-server-side-encryption
AES256
/
cf.whatismyip.com/
0
0

menu.js
trojan.iamvip.us.kg/js/
3 KB
632 B
Script
General
Full URL
https://trojan.iamvip.us.kg/js/menu.js
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/app-4b81e3872321a3f27a68.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.217.90 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c022f4239205287d0b41fcf2fa6d95e13b19b6aa9a60b09069017db770f313aa
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

If-None-Match
W/"d85-19249df7be0"
Referer
https://trojan.iamvip.us.kg/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
If-Modified-Since
Tue, 01 Oct 2024 20:57:16 GMT

Response headers

cf-cache-status
REVALIDATED
etag
W/"d85-19249df7be0"
cf-bgj
minify
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h4Hhk3Ty%2Fv7S3LAcw1KlErsOxX7gHuZH6gQaneGCYBYrRlxbtFAHjzNrRSP%2FGiXfU2kTR28dvdrZ7BTjZ7O4PAAmka5xj4fSVuZBd89bJLj8%2B%2FmOmEQC0I56iMCHXM4G03HnWpWP"}],"group":"cf-nel","max_age":604800}
x-varnish
2921201 2108010
cf-polished
origSize=3461
date
Fri, 04 Oct 2024 11:24:52 GMT
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public, max-age=0, must-revalidate, public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ced8db502f14-LAX
x-xss-protection
1; mode=block
server
cloudflare
js
www.googletagmanager.com/gtag/
311 KB
104 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-4T6GFV4RYJ&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NCCVS2G
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fcd72ae3667f6b7781e644aba44e1e1e64b8c4809b48a98007e54f637efd56eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 04 Oct 2024 11:24:52 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
105755
x-xss-protection
0
server
Google Tag Manager
web-vitals.iife.js
unpkg.com/web-vitals@4.2.3/dist/
Redirect Chain
  • https://unpkg.com/web-vitals/dist/web-vitals.iife.js
  • https://unpkg.com/web-vitals@4.2.3/dist/web-vitals.iife.js
7 KB
4 KB
Script
General
Full URL
https://unpkg.com/web-vitals@4.2.3/dist/web-vitals.iife.js
Protocol
H2
Server
2606:4700::6811:f5cb , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e6b3272816c9b6efeb0b3ccc16326c123d9860f38d7c7c4fc215334559996e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
cf-cache-status
HIT
etag
"1c28-4f+2/GWZhXlozjo2GiBA+7VB9Ow"
age
5037747
x-content-type-options
nosniff
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
application/javascript; charset=utf-8
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01J4NG16659JEMRJTTZYQBW6S0-lax
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000
via
1.1 fly.io
cf-ray
8cd4cedafcec2f41-LAX
access-control-allow-origin
*
server
cloudflare

Redirect headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, s-maxage=600, max-age=60
location
/web-vitals@4.2.3/dist/web-vitals.iife.js
content-encoding
br
cf-cache-status
HIT
age
131
x-content-type-options
nosniff
via
1.1 fly.io
cf-ray
8cd4ceda6c7c2f41-LAX
access-control-allow-origin
*
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
text/plain; charset=utf-8
vary
Accept, Accept-Encoding
fly-request-id
01J9BM911MNETYWBYE115KDH91-lax
server
cloudflare
g1wh4yb6pk
www.clarity.ms/tag/
650 B
1014 B
Script
General
Full URL
https://www.clarity.ms/tag/g1wh4yb6pk?ref=gtm2
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0b187e4da337ffb9ca95d5afae80c420ebf0f070a1446dafa8cf0bf83448cadd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store
request-context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
expires
-1
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
650
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
application/x-javascript
x-azure-ref
20241004T112452Z-168d67d4c96bzcmx7zwv6gufy8000000015g00000000e7ye
favicon-32x32.png
trojan.iamvip.us.kg/images/
1 KB
2 KB
Other
General
Full URL
https://trojan.iamvip.us.kg/images/favicon-32x32.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.217.90 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ded3b46b583063b17c633a3da00d6ccff7183493e21a8f3387741d91f02e1b56
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-cache-status
REVALIDATED
etag
W/"79a-19249df7be0"
cf-bgj
imgq:85,h2pri
x-gatsby-fastify
served-by: Static;
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bLQTzUZvWxdr8kT0oQwPG52bpGGSWA0y4QhmWJCIoop1ukzAc9i9ML5YGHtgs%2BkVNUtXHSKCT7aATV1cN%2BOQvMC37IinKnCfth0swX0uFlS1pT%2BcWeI6kTD%2F%2BcBsxszIQ8lFkOtR"}],"group":"cf-nel","max_age":604800}
x-varnish
36142676 47668374
cf-polished
origFmt=png, origSize=1946
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
image/webp
content-disposition
inline; filename="favicon-32x32.webp"
vary
Accept, Accept-Encoding
last-modified
Tue, 01 Oct 2024 20:57:16 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=2592000; preload
content-security-policy
frame-ancestors 'self'
cache-control
public,max-age=0,must-revalidate,public
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
via
1.1 varnish (Varnish/7.1), 1.1 google
cf-ray
8cd4ceda6c842f14-LAX
accept-ranges
bytes
content-length
1386
x-xss-protection
1; mode=block
server
cloudflare
collect
analytics.google.com/g/
0
0
Fetch
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-4T6GFV4RYJ&gtm=45je4a20v881200953z877384308za200zb77384308&_p=1728041091112&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101529665~101671035~101747727&cid=1385255044.1728041092&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1728041092&sct=1&seg=0&dl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&dt=What%20Is%20My%20IP%3F%20Best%20Way%20To%20Check%20Your%20Public%20IP%20Address&en=page_view&_fv=1&_nsi=1&_ss=1&ep.anonymizeip=true&ep.isTool=false&ep.isASN=false&ep.showAds=Show&ep.effective_connection_type=4g&tfd=1845
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4T6GFV4RYJ&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/
0
557 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-4T6GFV4RYJ&cid=1385255044.1728041092&gtm=45je4a20v881200953z877384308za200zb77384308&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=101529665~101671035~101747727
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4T6GFV4RYJ&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c06::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
text/plain
server
Golfe2
rul
td.doubleclick.net/td/ga/ Frame 2B17
0
0
Document
General
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-4T6GFV4RYJ&gacid=1385255044.1728041092&gtm=45je4a20v881200953z877384308za200zb77384308&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101529665~101671035~101747727&z=813647385
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-4T6GFV4RYJ&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Fri, 04 Oct 2024 11:24:52 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
liveView.php
live.primis.tech/live/ Frame 2664
5 KB
2 KB
Script
General
Full URL
https://live.primis.tech/live/liveView.php?s=116800&cbuster=1728041092&pubUrlAuto=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=116800
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2510:1600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
f2962e09c7ae46c85d9cac5e0266652d7b641f1bc608cebe6a041bad2a73d214

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

x-amz-cf-id
LhaG66recDwgLfC0JX-Qv1v5zaeeWOOVEyQ-IR9A4BjEiZ_-QlC0Xg==
cache-control
no-store
content-encoding
gzip
pragma
no-cache
age
0
via
1.1 9750f5ee94b45ad0faba87b3fac2aad6.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
alt-svc
h3=":443"; ma=86400
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
server
nginx
x-amz-cf-pop
JFK50-P5
clarity.js
www.clarity.ms/s/0.7.47/
64 KB
27 KB
Script
General
Full URL
https://www.clarity.ms/s/0.7.47/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/g1wh4yb6pk?ref=gtm2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
30adbc7e799238c336b56a1e20db67910f2a114fc3bc6ced6c550b4c873318aa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

x-azure-ref
20241004T112452Z-168d67d4c96bzcmx7zwv6gufy8000000015g00000000e7yn
cache-control
public, max-age=86400
x-ms-version
2018-03-28
content-encoding
br
etag
W/"0x8DCE311794398B1"
x-fd-int-roxy-purgeid
51562430
x-ms-request-id
180c7462-701e-0001-5e31-157107000000
access-control-allow-origin
*
x-cache
TCP_HIT
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
last-modified
Wed, 02 Oct 2024 18:38:56 GMT
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=2DA3891D34954E1B9D8CA18F5A664B3C&RedC=c.clarity.ms&MXFR=1BFF0FBE48DB603212CE1AB04CDB6E39
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=2DA3891D34954E1B9D8CA18F5A664B3C&MUID=3D939885A31669EE12428D8BA2ED68F3
42 B
465 B
Image
General
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=2DA3891D34954E1B9D8CA18F5A664B3C&MUID=3D939885A31669EE12428D8BA2ED68F3
Protocol
H2
Server
20.110.205.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
private, no-cache, proxy-revalidate, no-store
pragma
no-cache
etag
"bb391b5d70eeda1:0"
accept-ranges
bytes
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-length
42
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
image/gif
last-modified
Wed, 14 Aug 2024 17:35:32 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET

Redirect headers

cache-control
private, no-cache, proxy-revalidate, no-store
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=2DA3891D34954E1B9D8CA18F5A664B3C&MUID=3D939885A31669EE12428D8BA2ED68F3
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 3030C0A2512D4B1A8206C0D227EC0A63 Ref B: LAXEDGE1511 Ref C: 2024-10-04T11:24:53Z
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
content-length
0
date
Fri, 04 Oct 2024 11:24:52 GMT
x-powered-by
ASP.NET
css2
fonts.googleapis.com/
0
0

listings-img-data-sm-webp
cache.sellwild.com/
3 KB
2 KB
Fetch
General
Full URL
https://cache.sellwild.com/listings-img-data-sm-webp
Requested by
Host: widget.sellwild.com
URL: https://widget.sellwild.com/whatismyip/whatismyip-what-is-my-ip-homepage.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.91.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-91-97.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3aa97395cf24342b972ebe19c924e51220b631de77bc3c378df079b67c8f443b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

access-control-expose-headers
Access-Control-Allow-Origin, Cloudfront-Viewer-City, Cloudfront-Viewer-Country, Cloudfront-Viewer-Country-Region
content-encoding
gzip
etag
"ad98c13b23a9cdf3df9cda6de99748a4"
access-control-allow-methods
HEAD, GET, PUT, POST
x-cache
Miss from cloudfront
x-amz-cf-id
gcQ4HnM-ad9bQ2F12odtK_9nIQchI8lsuBFF2jdbTnxFPCM-peIkJA==
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
application/json
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
last-modified
Fri, 04 Oct 2024 10:33:12 GMT
cloudfront-viewer-country-region
CA
cache-control
max-age=2592000
cloudfront-viewer-country
US
via
1.1 bc06e962b99bba0a18da728b3e764202.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
871
cloudfront-viewer-city
El Segundo
x-amz-cf-pop
JFK52-P9
server
AmazonS3
x-amz-server-side-encryption
AES256
deflate.min.js
live.primis.tech/main/js/ Frame 2664
13 KB
8 KB
Script
General
Full URL
https://live.primis.tech/main/js/deflate.min.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=116800&cbuster=1728041092&pubUrlAuto=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
407a567abfabf78843c1dfe24457bb650325d8f93e9396a00ce686172756244f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
etag
W/"64db4a53-3217"
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
xO94HtO15GhgVcMsjGMzJFeCE3bKgGOvvWMwTv-zXROGk2WRUGYoIA==
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/javascript
x-amz-cf-pop
JFK50-P5
server
nginx
last-modified
Tue, 15 Aug 2023 09:50:11 GMT
vary
Accept-Encoding
omweb-v1-5.js
live.primis.tech/content/omid/static/ Frame 2664
44 KB
23 KB
Script
General
Full URL
https://live.primis.tech/content/omid/static/omweb-v1-5.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=116800&cbuster=1728041092&pubUrlAuto=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
f7bc1865c10215913cd38a869630fd07c008811bb39ecdfc5b9d76a74a31b6b6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
etag
W/"66dd6341-b17f"
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
ZcKh8qp4YdW0-NDXfTbsf9-IejTdVf4sbq9bObZmiMHLxt1TpVX7MA==
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/javascript
x-amz-cf-pop
JFK50-P5
server
nginx
last-modified
Sun, 08 Sep 2024 08:41:37 GMT
vary
Accept-Encoding
omid-session-client-v1-5.js
live.primis.tech/content/omid/static/ Frame 2664
68 KB
22 KB
Script
General
Full URL
https://live.primis.tech/content/omid/static/omid-session-client-v1-5.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=116800&cbuster=1728041092&pubUrlAuto=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
d7c25086a2305f99b43116f3935095d346eea4e1fc781bab31e81b6b9320032b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
etag
W/"66dd6341-110bd"
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
-s-win8_SupNn5xk9munvbz8417UpqqaxuySp1RkEAFDdwFLxCU12A==
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
application/javascript
x-amz-cf-pop
JFK50-P5
server
nginx
last-modified
Sun, 08 Sep 2024 08:41:37 GMT
vary
Accept-Encoding
DetectCCPA.v1.3.js
live.primis.tech/content/ClientDetections/ Frame 2664
5 KB
2 KB
Script
General
Full URL
https://live.primis.tech/content/ClientDetections/DetectCCPA.v1.3.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=116800&cbuster=1728041092&pubUrlAuto=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
2c9219112ff4b077db203891f5cda971ad955f5b7aece98ce6a94410b58b3c99

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
max-age=31536000, public
content-encoding
gzip
etag
W/"659e71cc-1459"
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
expires
Sat, 04 Oct 2025 11:24:52 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
8Kw3fCIWUXQszZ7PrTv1DzhOCDsDDmtDqES0SuIlthsgKn0YotbIOg==
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
application/javascript
x-amz-cf-pop
JFK50-P5
server
nginx
last-modified
Wed, 10 Jan 2024 10:30:36 GMT
vary
Accept-Encoding
hls.0.12.4_3.min.js
live.primis.tech/content/video/hls/ Frame 2664
258 KB
116 KB
Script
General
Full URL
https://live.primis.tech/content/video/hls/hls.0.12.4_3.min.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=116800&cbuster=1728041092&pubUrlAuto=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
a20010b26bce05ea3cfc83cf3a162b7c16b5d2fa2bcf2253b0394b0eb322347a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
max-age=31536000, public
content-encoding
gzip
etag
W/"623b1723-409bc"
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
expires
Sat, 04 Oct 2025 11:24:51 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
cppy4dGMNGYoDdy_bi7rsleVEEwuKsqRBIR-LgCLcmcp2seFYxy8-Q==
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/javascript
x-amz-cf-pop
JFK50-P5
server
nginx
last-modified
Wed, 23 Mar 2022 12:48:35 GMT
vary
Accept-Encoding
pal.js
live.primis.tech/content/pal/ Frame 2664
181 KB
88 KB
Script
General
Full URL
https://live.primis.tech/content/pal/pal.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=116800&cbuster=1728041092&pubUrlAuto=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
e8b425b0454dfdeaacc90a822297f5386f87aa23cdb769f6843bfdc48d87a2bb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
etag
W/"66cd7c4d-2d42f"
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
EaINwWGyZvlcNKSuI1vQrye0p7Fbj5Mm1Wb3qPhge1QpCc8Qp8FtKg==
date
Fri, 04 Oct 2024 11:24:51 GMT
content-type
application/javascript
x-amz-cf-pop
JFK50-P5
server
nginx
last-modified
Tue, 27 Aug 2024 07:12:13 GMT
vary
Accept-Encoding
prebidVid.7.16.0_29.min.js
live.primis.tech/content/prebid/ Frame 2664
553 KB
278 KB
Script
General
Full URL
https://live.primis.tech/content/prebid/prebidVid.7.16.0_29.min.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=116800&cbuster=1728041092&pubUrlAuto=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
ea67ff6b5b7b47547079d888267aa933d278920933bf8d0b767dbbadb9a25be7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
max-age=31536000, public
content-encoding
gzip
etag
W/"66795624-8a3a8"
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
expires
Sat, 04 Oct 2025 11:24:52 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
GtJ8cN6bpce-LvQIAPuAQtvkifp5nnamp2ukr8C5P_3xnCw6mCBS2g==
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
application/javascript
x-amz-cf-pop
JFK50-P5
server
nginx
last-modified
Mon, 24 Jun 2024 11:19:00 GMT
vary
Accept-Encoding
liveVideo.php
live.primis.tech/live/ Frame 2664
703 KB
284 KB
Script
General
Full URL
https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveView.php?s=116800&cbuster=1728041092&pubUrlAuto=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&videoType=flow&floatWidth=&floatHeight=&floatDirection=&floatVerticalOffset=&floatHorizontalOffset=&floatCloseBtn=&flowMode=&flowCloseButtonPosition=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
82441026bf9689b2f757c1288e994fa52c18dadbcf890a3b16c7e3c5104ce5e8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
-Y3Sn1Yc4UYWsJBeMIovAozNeCBim-f_Tf9QJXv3XQZJz1mJHdHXIg==
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
text/html; charset=UTF-8
x-amz-cf-pop
JFK50-P5
server
nginx
vary
Accept-Encoding
collect
q.clarity.ms/
0
283 B
XHR
General
Full URL
https://q.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.47/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/x-clarity-gzip
Referer
https://trojan.iamvip.us.kg/

Response headers

Request-Context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
Access-Control-Allow-Origin
https://trojan.iamvip.us.kg
Date
Fri, 04 Oct 2024 11:24:53 GMT
Vary
Origin
Server
nginx
Connection
keep-alive
Access-Control-Allow-Credentials
true
gpt.js
securepubads.g.doubleclick.net/tag/js/
104 KB
32 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/tag/js/gpt.js
Requested by
Host: widget.sellwild.com
URL: https://widget.sellwild.com/whatismyip/whatismyip-what-is-my-ip-homepage.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
51ffe9ce88f756e0d006d1c15074348d6ecbf199e9725c3af5f3335ddeb671b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
etag
39 / 20000 / m202410010101 / config-hash: 1850967356644251471
x-content-type-options
nosniff
expires
Fri, 04 Oct 2024 11:24:53 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
content-disposition
attachment; filename="f.txt"
cache-control
private, max-age=900, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
32758
x-xss-protection
0
server
cafe
wimip_8_49_0.js
cache.sellwild.com/prebid/
287 KB
288 KB
Script
General
Full URL
https://cache.sellwild.com/prebid/wimip_8_49_0.js
Requested by
Host: widget.sellwild.com
URL: https://widget.sellwild.com/whatismyip/whatismyip-what-is-my-ip-homepage.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.91.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-91-97.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
27e975655f5d5e060bda8738ac8e9f95812d1df94791fa37c4ef79f60452fdb1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

access-control-expose-headers
Access-Control-Allow-Origin, Cloudfront-Viewer-City, Cloudfront-Viewer-Country, Cloudfront-Viewer-Country-Region
etag
"953108962c8b4659fb3219048eab3d00"
x-cache
Miss from cloudfront
x-amz-cf-id
MZwhL79MFC1u9Ealxs9yMyUC2NGf1bFJ2QTJ5qhlBpCrjO5Jle9HxA==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
application/javascript
last-modified
Sat, 14 Sep 2024 15:52:22 GMT
cloudfront-viewer-country-region
CA
cache-control
max-age=604800
cloudfront-viewer-country
US
via
1.1 d19251c56e7d3e047bfb531e418ce972.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
293901
cloudfront-viewer-city
El Segundo
x-amz-cf-pop
JFK52-P9
server
AmazonS3
x-amz-server-side-encryption
AES256
359
a.ad.gt/api/v1/u/matches/
13 KB
4 KB
Script
General
Full URL
https://a.ad.gt/api/v1/u/matches/359?url=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&ref=
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e83ed382858cd0ddb51113d1f77365e02d0232f2354327a4f0675d8aa9132ec1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
MISS
cross-origin-resource-policy
cross-origin
cf-ray
8cd4cee09c453110-LAX
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
application/javascript
last-modified
Fri, 04 Oct 2024 11:24:53 GMT
vary
Accept-Encoding
server
cloudflare
104341736.webp
cache.sellwild.com/webp/
9 KB
9 KB
Image
General
Full URL
https://cache.sellwild.com/webp/104341736.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.91.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-91-97.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6adb9bdd2e808813f71039c29c3ce4c33fc41543edd17d185869131eaeebf83e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

access-control-expose-headers
Access-Control-Allow-Origin, Cloudfront-Viewer-City, Cloudfront-Viewer-Country, Cloudfront-Viewer-Country-Region
etag
"a2ad90c6565399d3605b4b198a923e7e"
x-cache
Miss from cloudfront
x-amz-cf-id
QHPGr9xhIe3HBxl10JEeDmKlw3Ol0DSUTHlDR3_EntJnLr7StpFPtQ==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/webp
last-modified
Thu, 03 Oct 2024 20:33:11 GMT
cloudfront-viewer-country-region
CA
cache-control
max-age=2592000
cloudfront-viewer-country
US
via
1.1 d19251c56e7d3e047bfb531e418ce972.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
8862
cloudfront-viewer-city
El Segundo
x-amz-cf-pop
JFK52-P9
server
AmazonS3
x-amz-server-side-encryption
AES256
104413617.webp
cache.sellwild.com/webp/
6 KB
6 KB
Image
General
Full URL
https://cache.sellwild.com/webp/104413617.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.91.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-91-97.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
780b78a0497638003c5edb4a0ba452b0f3b9f4837ef51b81a6dd7b453a58fb89

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

access-control-expose-headers
Access-Control-Allow-Origin, Cloudfront-Viewer-City, Cloudfront-Viewer-Country, Cloudfront-Viewer-Country-Region
etag
"e995ec327da543227f7fc1758ed66525"
x-cache
Miss from cloudfront
x-amz-cf-id
kCZiGrkIbfzU-wiGc7_mhOgsVk9Hf6BuvIagp5R2m15MdsN_caeHSg==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/webp
last-modified
Tue, 01 Oct 2024 18:33:12 GMT
cloudfront-viewer-country-region
CA
cache-control
max-age=2592000
cloudfront-viewer-country
US
via
1.1 d19251c56e7d3e047bfb531e418ce972.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
6062
cloudfront-viewer-city
El Segundo
x-amz-cf-pop
JFK52-P9
server
AmazonS3
x-amz-server-side-encryption
AES256
104339743.webp
cache.sellwild.com/webp/
1 KB
2 KB
Image
General
Full URL
https://cache.sellwild.com/webp/104339743.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.91.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-91-97.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3968ade36305c0325e6bd6fa3a74e36001f56b7ba86e042ca3da7bd0819031e6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

access-control-expose-headers
Access-Control-Allow-Origin, Cloudfront-Viewer-City, Cloudfront-Viewer-Country, Cloudfront-Viewer-Country-Region
etag
"18ac90c5c7ff782c1b7d1334ce1868e3"
x-cache
Miss from cloudfront
x-amz-cf-id
J2WMR4aQxTi1sF6-cwDvSSYail1ux4yiyXoLAtYaEbNAdxPUszrrSQ==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/webp
last-modified
Tue, 01 Oct 2024 00:33:11 GMT
cloudfront-viewer-country-region
CA
cache-control
max-age=2592000
cloudfront-viewer-country
US
via
1.1 d19251c56e7d3e047bfb531e418ce972.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
1160
cloudfront-viewer-city
El Segundo
x-amz-cf-pop
JFK52-P9
server
AmazonS3
x-amz-server-side-encryption
AES256
104325509.webp
cache.sellwild.com/webp/
8 KB
8 KB
Image
General
Full URL
https://cache.sellwild.com/webp/104325509.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.91.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-91-97.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ced7fcce762495c19cc57163c2102f0933973394313c0627597fc8a3b90f14ea

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

access-control-expose-headers
Access-Control-Allow-Origin, Cloudfront-Viewer-City, Cloudfront-Viewer-Country, Cloudfront-Viewer-Country-Region
etag
"c1933ffa542ed1b00e8e315efcde335f"
x-cache
Miss from cloudfront
x-amz-cf-id
eViY_004MmJgZ8N1HW5t6-REtjTHjd5YKaugd6wqzEUFUkHp7OFGbA==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/webp
last-modified
Mon, 11 Sep 2023 23:33:11 GMT
cloudfront-viewer-country-region
CA
cache-control
max-age=2592000
cloudfront-viewer-country
US
via
1.1 d19251c56e7d3e047bfb531e418ce972.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
7996
cloudfront-viewer-city
El Segundo
x-amz-cf-pop
JFK52-P9
server
AmazonS3
x-amz-server-side-encryption
AES256
104332127.webp
cache.sellwild.com/webp/
12 KB
12 KB
Image
General
Full URL
https://cache.sellwild.com/webp/104332127.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.91.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-91-97.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
647a9f19e8a84fef49fb1878530915e3a25d502f92544534f5f8b33ba795d533

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

access-control-expose-headers
Access-Control-Allow-Origin, Cloudfront-Viewer-City, Cloudfront-Viewer-Country, Cloudfront-Viewer-Country-Region
etag
"12718c512e40263b834c2380e9eb0ea5"
x-cache
Miss from cloudfront
x-amz-cf-id
Cnap4ZjwMPtVAepN_gIlhvL_XrP8K6shlwaEzWt7Y8BjRkf-KbWDPg==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/webp
last-modified
Wed, 18 Oct 2023 19:33:10 GMT
cloudfront-viewer-country-region
CA
cache-control
max-age=2592000
cloudfront-viewer-country
US
via
1.1 d19251c56e7d3e047bfb531e418ce972.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
12092
cloudfront-viewer-city
El Segundo
x-amz-cf-pop
JFK52-P9
server
AmazonS3
x-amz-server-side-encryption
AES256
104351086.webp
cache.sellwild.com/webp/
7 KB
8 KB
Image
General
Full URL
https://cache.sellwild.com/webp/104351086.webp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.249.91.97 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-249-91-97.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cab40883a1bfc385245b2eee2345dabaf86a9ed22eb01d3665127b9b07035fff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

access-control-expose-headers
Access-Control-Allow-Origin, Cloudfront-Viewer-City, Cloudfront-Viewer-Country, Cloudfront-Viewer-Country-Region
etag
"2d2111233c0ff14c99564c301fe1de3a"
x-cache
Miss from cloudfront
x-amz-cf-id
9Hh2h6S4Ddy549hlUJ6T9D6TJ4N5rlSqGUp8Mpm9c6T5qs8GFmiwIg==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/webp
last-modified
Fri, 09 Feb 2024 20:33:11 GMT
cloudfront-viewer-country-region
CA
cache-control
max-age=2592000
cloudfront-viewer-country
US
via
1.1 d19251c56e7d3e047bfb531e418ce972.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
7188
cloudfront-viewer-city
El Segundo
x-amz-cf-pop
JFK52-P9
server
AmazonS3
x-amz-server-side-encryption
AES256
primisslate.css
live.primis.tech/content/video/css/
19 KB
7 KB
Stylesheet
General
Full URL
https://live.primis.tech/content/video/css/primisslate.css
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
c06615f65bbd0fd24a7fc98664ebe6cc69c165be8bf47181a45c4b5876e5471e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
etag
W/"66f3c359-4c94"
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
MUzdqaYhQ07lSbRKpMWV24REGhvdZHs64IHX9K3r8o0DGbTRT3wJXQ==
date
Fri, 04 Oct 2024 11:24:52 GMT
content-type
text/css
x-amz-cf-pop
JFK50-P5
server
nginx
last-modified
Wed, 25 Sep 2024 08:01:29 GMT
vary
Accept-Encoding
apstag.js
c.amazon-adsystem.com/aax2/ Frame 2664
324 KB
80 KB
Script
General
Full URL
https://c.amazon-adsystem.com/aax2/apstag.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.115.149 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-115-149.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6fdb7c12792ebd6e785128456249178e9b508c9677a300df8fbc6e7520147baa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

vary
Accept-Encoding
cache-control
max-age=3600
content-encoding
gzip
etag
W/"907cbdd883935369790d45cc9bd9e8b7"
age
1487
via
1.1 a497eba714f030335fd7adebea6fe8b6.cloudfront.net (CloudFront), 1.1 a65e9b4047452e76aa43b68828db2d7e.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
ZrfDGhQQVVCDPTrSr_6fKAkduzfCOCn6f5xrfntCIep_rnLSJb3vmw==
date
Fri, 04 Oct 2024 11:00:07 GMT
content-type
application/javascript
last-modified
Wed, 28 Aug 2024 22:46:37 GMT
server
AmazonS3
x-amz-cf-pop
IAD89-C3, JFK50-P3
x-amz-server-side-encryption
AES256
ProfilesEngineServlet
api.intentiq.com/profiles_engine/ Frame 2664
110 B
992 B
XHR
General
Full URL
https://api.intentiq.com/profiles_engine/ProfilesEngineServlet?at=39&mi=10&dpi=793790479&pt=17&dpn=1&jsver=5.09&iiqidtype=2&iiqpcid=65eff8db-bba4-463a-82fe-5b9df64a20bb&iiqpciddate=1728041093376&iiqcallcount=0&iiqfailcount=0&iiqnodata=false&iiqlocalstorageenabled=true&tsrnd=744_1728041093377&cttl=43200000&rrtt=0&dud=0&abtg=A&iiqppcc=0&vrref=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&ref=trojan.iamvip.us.kg
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.139.29.24 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-139-29-24.jfk50.r.cloudfront.net
Software
/
Resource Hash
ed25987ca4e49b93b279e0c4f040a0670641c32c1ba17235bf379616fba5bcd5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

access-control-max-age
3600
access-control-allow-methods
POST, GET, OPTIONS
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
x-amz-cf-id
jLL9TcrLAtrhCSIADBGSnazssxxCzzV98OB98PoinQPjwHGYmIV1zw==
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
text/html
vary
Origin
access-control-allow-headers
Content-Type, Accept, X-Requested-With, remember-me, DNT,X-CustomHeader,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control
patent
https://www.almondnet.com/ip
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
via
1.1 62c7f4f128c40af6818c2f8f919f1c18.cloudfront.net (CloudFront)
access-control-allow-origin
https://trojan.iamvip.us.kg
x-amz-cf-pop
JFK50-P2
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 2664
Redirect Chain
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=793790479&rnd=813258&iiqidtype=2&iiqpcid=65eff8db-bba4-463a-82fe-5b9df64a20bb&iiqpciddate=1728041093376&tsrn...
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=793790479&rnd=813258&iiqidtype=2&iiqpcid=65eff8db-bba4-463a-82fe-5b9df64a20bb&iiqpciddate=1728041093376&tsrn...
43 B
1 KB
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=793790479&rnd=813258&iiqidtype=2&iiqpcid=65eff8db-bba4-463a-82fe-5b9df64a20bb&iiqpciddate=1728041093376&tsrnd=6_1728041093379&vrref=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&jsver=5.09&ckls=true&ci=vesUi3M2sl&nc=false&trid=-1997232528
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Server
2600:9000:2807:ae00:1b:6b7d:2300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 7b759b902719cc4820228b1bc6b55814.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P6
x-amz-cf-id
sfMJXh-_VyOV8DpT2-DyOrsgR_cOZ1GAK1O1xKm5Z1YiqVZzuDA8xA==

Redirect headers

patent
https://www.almondnet.com/ip
cache-control
no-cache, no-store, must-revalidate
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&secure=1&dpi=793790479&rnd=813258&iiqidtype=2&iiqpcid=65eff8db-bba4-463a-82fe-5b9df64a20bb&iiqpciddate=1728041093376&tsrnd=6_1728041093379&vrref=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&jsver=5.09&ckls=true&ci=vesUi3M2sl&nc=false&trid=-1997232528
pragma
no-cache
via
1.1 7b759b902719cc4820228b1bc6b55814.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P6
x-amz-cf-id
Sj_purqM5RZOhJYUN-etlTQFio6IyF-TrpZl-F_FRTI9ocZk0GYo-w==
hadron.js
cdn.hadronid.net/
56 KB
12 KB
Script
General
Full URL
https://cdn.hadronid.net/hadron.js?partner_id=359&sync=1&url=https%3A%2F%2Ftrojan.iamvip.us.kg%2F
Requested by
Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/359?url=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&ref=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:246e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
492db2ca577f4d221e3e28239c19e7db05f1701b298bf278fc4d1fcb92563586

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
max-age=432000
content-encoding
br
cf-bgj
minify
etag
W/"1e77f38a1df1490d4175e3c4878bd150"
age
4123
cf-cache-status
HIT
x-amz-request-id
4GNMNHQXA94JVW78
cf-ray
8cd4cee2dc6e2b7f-LAX
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
application/javascript
last-modified
Tue, 04 Jun 2024 15:30:02 GMT
vary
Accept-Encoding
server
cloudflare
x-amz-id-2
FNS8Lc8R9Qji432eQyZbGDDgvyWHvIXmOzDykwh9qe1J2fX8u6aO0aANuFN3vxu6aVi9rB6lRRQ=
359
p.ad.gt/api/v1/p/
40 KB
14 KB
Script
General
Full URL
https://p.ad.gt/api/v1/p/359
Requested by
Host: a.ad.gt
URL: https://a.ad.gt/api/v1/u/matches/359?url=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&ref=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46605171f4704f6d6278ade0823687795bbfce636a24ce878754dc2f7c4cd0fe

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
max-age=14400
content-encoding
gzip
cf-cache-status
HIT
age
63
cf-ray
8cd4cee2de027bcd-LAX
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
application/javascript
last-modified
Fri, 04 Oct 2024 11:23:22 GMT
vary
Accept-Encoding
server
cloudflare
ip_match
ids.ad.gt/api/v1/
0
192 B
Image
General
Full URL
https://ids.ad.gt/api/v1/ip_match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.209.157.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-209-157-212.us-west-2.compute.amazonaws.com
Software
nginx/1.27.1 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-length
0
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
text/html; charset=utf-8
server
nginx/1.27.1
match
ids.ad.gt/api/v1/
Redirect Chain
  • https://secure.adnxs.com/getuid?https://ids.ad.gt/api/v1/match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&adnxs_id=$UID&gdpr=0
  • https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fmatch%3Fid%3DAU1D-0100-001728041093-QDRU72U7-2DJ2%26adnxs_id%3D%24UID%26gdpr%3D0
  • https://ids.ad.gt/api/v1/match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&adnxs_id=6178791637038509278&gdpr=0
43 B
143 B
Image
General
Full URL
https://ids.ad.gt/api/v1/match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&adnxs_id=6178791637038509278&gdpr=0
Protocol
H2
Server
34.209.157.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-209-157-212.us-west-2.compute.amazonaws.com
Software
nginx/1.27.1 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache
content-length
43
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/gif
server
nginx/1.27.1

Redirect headers

cache-control
no-store, no-cache, private
location
https://ids.ad.gt/api/v1/match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&adnxs_id=6178791637038509278&gdpr=0
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
162.245.206.247; 162.245.206.247; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
8b6d23f2-6e6d-481c-b34a-4cd303a9ca18
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Fri, 04 Oct 2024 11:24:53 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
t_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001728041093-QDRU72U7-2DJ2&gdpr=0
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=8gkxb6n&ttd_tpi=1&ttd_puid=AU1D-0100-001728041093-QDRU72U7-2DJ2&gdpr=0
  • https://ids.ad.gt/api/v1/t_match?tdid=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&id=AU1D-0100-001728041093-QDRU72U7-2DJ2
43 B
143 B
Image
General
Full URL
https://ids.ad.gt/api/v1/t_match?tdid=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&id=AU1D-0100-001728041093-QDRU72U7-2DJ2
Protocol
H2
Server
34.209.157.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-209-157-212.us-west-2.compute.amazonaws.com
Software
nginx/1.27.1 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache
content-length
43
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
image/gif
server
nginx/1.27.1

Redirect headers

location
https://ids.ad.gt/api/v1/t_match?tdid=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&id=AU1D-0100-001728041093-QDRU72U7-2DJ2
content-length
259
date
Fri, 04 Oct 2024 11:24:53 GMT
server
Kestrel
UCookieSetPug
image2.pubmatic.com/AdServer/
Redirect Chain
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001728041093-QDRU72U7-2DJ2
  • https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001728041093-QDRU72U7-2DJ2
0
0

token
token.rubiconproject.com/
0
1 KB
Image
General
Full URL
https://token.rubiconproject.com/token?pid=50242&puid=AU1D-0100-001728041093-QDRU72U7-2DJ2&gdpr=0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
8bab65602db075726861004da5629947
Pragma
no-cache
tapad_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3185&partner_device_id=AU1D-0100-001728041093-QDRU72U7-2DJ2&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001728041093...
  • https://pixel.tapad.com/idsync/ex/receive/check?partner_id=3185&partner_device_id=AU1D-0100-001728041093-QDRU72U7-2DJ2&partner_url=https://ids.ad.gt%2Fapi%2Fv1%2Ftapad_match%3Fid%3DAU1D-0100-001728...
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=5bafec98-3d73-47cc-a82d-69fb264ec6a3%252Chttps%25253A%25252F%25252Fids.ad.gt%25252Fapi%25252Fv1%25252Ftapad_match%25253Fi...
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&ttd_puid=5bafec98-3d73-47cc-a82d-69fb264ec6a3%2Chttps%253A%252F%252Fids.ad.gt%252Fap...
  • https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&tapad_id=5bafec98-3d73-47cc-a82d-69fb264ec6a3
43 B
143 B
Image
General
Full URL
https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&tapad_id=5bafec98-3d73-47cc-a82d-69fb264ec6a3
Protocol
H2
Server
34.209.157.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-209-157-212.us-west-2.compute.amazonaws.com
Software
nginx/1.27.1 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache
content-length
43
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/gif
server
nginx/1.27.1

Redirect headers

strict-transport-security
max-age=31536000
location
https://ids.ad.gt/api/v1/tapad_match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&tapad_id=5bafec98-3d73-47cc-a82d-69fb264ec6a3
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
0
date
Fri, 04 Oct 2024 11:24:53 GMT
server
Jetty(11.0.13)
g_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_cm&google_sc&google_ula=450542624&id=AU1D-0100-001728041093-QDRU72U7-2DJ2
  • https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&google_error=15
43 B
143 B
Image
General
Full URL
https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&google_error=15
Protocol
H2
Server
34.209.157.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-209-157-212.us-west-2.compute.amazonaws.com
Software
nginx/1.27.1 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache
content-length
43
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/gif
server
nginx/1.27.1

Redirect headers

cache-control
no-cache, must-revalidate
location
https://ids.ad.gt/api/v1/g_match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&google_error=15
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
289
date
Fri, 04 Oct 2024 11:24:53 GMT
x-xss-protection
0
content-type
text/html; charset=UTF-8
server
HTTP server (unknown)
pixel
cm.g.doubleclick.net/
Redirect Chain
  • https://ids.ad.gt/api/v1/g_hosted?id=AU1D-0100-001728041093-QDRU72U7-2DJ2
  • https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTcyODA0MTA5My1RRFJVNzJVNy0yREoy
170 B
243 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTcyODA0MTA5My1RRFJVNzJVNy0yREoy
Protocol
H2
Server
142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Fri, 04 Oct 2024 11:24:53 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)

Redirect headers

location
https://cm.g.doubleclick.net/pixel?google_nid=audigent_w_appnexus_3985&google_hm=QVUxRC0wMTAwLTAwMTcyODA0MTA5My1RRFJVNzJVNy0yREoy
content-length
453
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
text/html; charset=utf-8
server
nginx/1.27.1
impr_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://ad.360yield.com/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001728041093-QDRU72U7-2DJ2%26impr_uid%3D%7BPUB_USER_ID%7D
  • https://ad.360yield.com/ul_cb/ux?&publisher_dmp_id=15&r=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fimpr_match%3Fid%3DAU1D-0100-001728041093-QDRU72U7-2DJ2%26impr_uid%3D%7BPUB_USER_ID%7D
  • https://ids.ad.gt/api/v1/impr_match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&impr_uid=226c37da-df1d-4543-8e9c-83b9633bbf4b
43 B
143 B
Image
General
Full URL
https://ids.ad.gt/api/v1/impr_match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&impr_uid=226c37da-df1d-4543-8e9c-83b9633bbf4b
Protocol
H2
Server
34.209.157.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-209-157-212.us-west-2.compute.amazonaws.com
Software
nginx/1.27.1 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache
content-length
43
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/gif
server
nginx/1.27.1

Redirect headers

access-control-allow-origin
*
location
https://ids.ad.gt/api/v1/impr_match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&impr_uid=226c37da-df1d-4543-8e9c-83b9633bbf4b
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
text/plain
/
onetag-sys.com/match/
0
201 B
Image
General
Full URL
https://onetag-sys.com/match/?int_id=180&uid=AU1D-0100-001728041093-QDRU72U7-2DJ2&gdpr=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.222.239.232 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ip232.ip-51-222-239.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
content-length
0
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
ppnt_match
ids.ad.gt/api/v1/
Redirect Chain
  • https://bh.contextweb.com/bh/rtset?pid=562316&ev=1&rurl=https://ids.ad.gt/api/v1/ppnt_match?uid=%%VGUID%%&id=AU1D-0100-001728041093-QDRU72U7-2DJ2
  • https://ids.ad.gt/api/v1/ppnt_match?uid=SybANM77rTlT&ev=1&pid=562316&id=AU1D-0100-001728041093-QDRU72U7-2DJ2
43 B
143 B
Image
General
Full URL
https://ids.ad.gt/api/v1/ppnt_match?uid=SybANM77rTlT&ev=1&pid=562316&id=AU1D-0100-001728041093-QDRU72U7-2DJ2
Protocol
H2
Server
34.209.157.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-209-157-212.us-west-2.compute.amazonaws.com
Software
nginx/1.27.1 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache
content-length
43
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/gif
server
nginx/1.27.1

Redirect headers

cache-control
private, max-age=0, no-cache, no-store
location
https://ids.ad.gt/api/v1/ppnt_match?uid=SybANM77rTlT&ev=1&pid=562316&id=AU1D-0100-001728041093-QDRU72U7-2DJ2
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Platform-Version
cw-server
bh-deployment-69fb9654cf-wb2zn
expires
-1
p3p
policyref="/bh/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
content-language
en-US
server
Jetty(10.0.14)
pubads_impl.js
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410010101/
482 KB
149 KB
Script
General
Full URL
https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410010101/pubads_impl.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
3f799ff70a067cdb0d1110d608f80bae49955473be53048209b3e20321834d3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
etag
16592206555246158576
age
82135
x-content-type-options
nosniff
expires
Fri, 03 Oct 2025 12:35:58 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Thu, 03 Oct 2024 12:35:58 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, immutable, max-age=31536000
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
content-length
153017
x-xss-protection
0
server
cafe
ppub_config
securepubads.g.doubleclick.net/pagead/
67 B
77 B
XHR
General
Full URL
https://securepubads.g.doubleclick.net/pagead/ppub_config?ippd=trojan.iamvip.us.kg
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
d9d19f9ab730022e6cb2610f4e837400231429c2cf74a3417b1aa2d7476cf245
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 04 Oct 2024 11:24:53 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
53
date
Fri, 04 Oct 2024 11:24:53 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
hadron.json
id.hadron.ad.gt/v1/
122 B
279 B
XHR
General
Full URL
https://id.hadron.ad.gt/v1/hadron.json?_it=0&partner_id=359&sync=1&domain=trojan.iamvip.us.kg&url=https://trojan.iamvip.us.kg/
Requested by
Host: cdn.hadronid.net
URL: https://cdn.hadronid.net/hadron.js?partner_id=359&sync=1&url=https%3A%2F%2Ftrojan.iamvip.us.kg%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ccf28dbb14b0f299d36bf62794e69d8c6cd605cda196d6cef523b8778666b7d3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
cf-cache-status
DYNAMIC
debug
NON-OPTIONS
access-control-allow-methods
HEAD,GET,POST,PUT,DELETE,OPTIONS
access-control-allow-credentials
true
cf-ray
8cd4cee4fb302eb1-LAX
access-control-allow-origin
*
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
application/json
server
cloudflare
access-control-allow-headers
authorization,content-type
hadron.json
id.hadron.ad.gt/v1/ Frame
0
0
Preflight
General
Full URL
https://id.hadron.ad.gt/v1/hadron.json?_it=0&partner_id=359&sync=1&domain=trojan.iamvip.us.kg&url=https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://trojan.iamvip.us.kg
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
access-control-allow-origin
*
allow
POST, OPTIONS, GET
cf-cache-status
DYNAMIC
cf-ray
8cd4cee45ab22eb1-LAX
content-length
0
content-type
application/json
date
Fri, 04 Oct 2024 11:24:53 GMT
debug
OPTIONS block
server
cloudflare
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
age
4730
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Fri, 04 Oct 2024 12:06:04 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 10:06:04 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
20994
server
Golfe2
js
www.googletagmanager.com/gtag/
260 KB
91 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-FVWZ0RM4DH&l=audDataLayer
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/359
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.8 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
ce0c7e8d4dcf1446001ae4c18918e035e9a87be7538efa1b7300e32a346e5f33
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Fri, 04 Oct 2024 11:24:53 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
93426
x-xss-protection
0
server
Google Tag Manager
match
seg.ad.gt/api/v2/ Frame
0
0
Preflight
General
Full URL
https://seg.ad.gt/api/v2/match
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://trojan.iamvip.us.kg
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
*
access-control-allow-origin
*
allow
POST
cf-cache-status
DYNAMIC
cf-ray
8cd4cee489e63163-LAX
date
Fri, 04 Oct 2024 11:24:53 GMT
server
cloudflare
vary
origin, access-control-request-method, access-control-request-headers
collect
a.ad.gt/api/v1/
0
96 B
XHR
General
Full URL
https://a.ad.gt/api/v1/collect
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-ray
8cd4cee37db93110-LAX
access-control-allow-origin
https://trojan.iamvip.us.kg
cf-cache-status
DYNAMIC
date
Fri, 04 Oct 2024 11:24:53 GMT
vary
Origin
server
cloudflare
access-control-allow-credentials
true
getpixels
pixels.ad.gt/api/v1/
0
88 B
Script
General
Full URL
https://pixels.ad.gt/api/v1/getpixels?tagger_id=6951abc072a40636d9a580892e83b42d&url=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&code=%27none%27
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:445 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cf-ray
8cd4cee64e987bf5-LAX
cf-cache-status
DYNAMIC
date
Fri, 04 Oct 2024 11:24:54 GMT
server
cloudflare
match
seg.ad.gt/api/v2/
2 B
116 B
XHR
General
Full URL
https://seg.ad.gt/api/v2/match
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://trojan.iamvip.us.kg/

Response headers

access-control-expose-headers
*
cf-cache-status
DYNAMIC
cf-ray
8cd4cee54a873163-LAX
access-control-allow-origin
*
content-length
2
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
application/json
vary
origin, access-control-request-method, access-control-request-headers
server
cloudflare
css
fonts.googleapis.com/
2 KB
834 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto&display=swap
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81c::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ec34b6213ac38d00a879e30fe141b37c9ba2ea49c7c9efbd7a35e8fddfcee2ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 04 Oct 2024 11:24:53 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
text/css; charset=utf-8
last-modified
Fri, 04 Oct 2024 09:40:17 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 5678
0
0
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?p=159196&userIdMacro=PM_UID&gdpr=0&gdpr_consent=&predirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D91%26advUuid%3DPM_UID%26gdpr%3D0%26gdpr_consent%3D
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.51.57.13 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-51-57-13.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=145127
content-encoding
gzip
content-length
5633
content-type
text/html
date
Fri, 04 Oct 2024 11:24:54 GMT
expires
Sun, 06 Oct 2024 03:43:41 GMT
last-modified
Mon, 26 Aug 2024 15:25:10 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 6298
Redirect Chain
  • https://u.openx.net/w/1.0/cm?gdpr=0&gdpr_consent=&id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26gdpr%3D0%26gdpr_consent%3D%26adv...
  • https://u.openx.net/w/1.0/cm?cc=1&gdpr=0&gdpr_consent=&id=476b50d3-5ccf-49a1-89b8-1ddf8ea18042&r=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26gdpr%3D0%26gdpr_consent%3D%...
  • https://live.primis.tech/live/liveCS.php?source=external&gdpr=0&gdpr_consent=&advId=98&advUuid=31320967-e111-4871-aab1-fcc40a0daa10
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1486637409&3rdpcid=31320967-e111-4871-aab1-fcc40a0daa10
0
0
Document
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1486637409&3rdpcid=31320967-e111-4871-aab1-fcc40a0daa10
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2807:e000:1b:6b7d:2300:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
date
Fri, 04 Oct 2024 11:24:55 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
pragma
no-cache
via
1.1 afbdd645eabdfd8277097dc541b708a6.cloudfront.net (CloudFront)
x-amz-cf-id
6o5olgT9GRSfCm-Xwy2IyMbdTYF-rbe6PI87ZVsIbZAFKxOsuD49EA==
x-amz-cf-pop
JFK52-P6
x-cache
Miss from cloudfront

Redirect headers

age
0
alt-svc
h3=":443"; ma=86400
cache-control
no-store
content-type
text/html; charset=utf-8
date
Fri, 04 Oct 2024 11:24:54 GMT
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1486637409&3rdpcid=31320967-e111-4871-aab1-fcc40a0daa10
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
pragma
no-cache
server
nginx
via
1.1 38bc9c97daf30f968ccac44ef89e14e0.cloudfront.net (CloudFront)
x-amz-cf-id
zF6dkyPBe-otpDVFN2vhSYzFneTWX-FRpJ3JmlBSHoLzu3We43A03Q==
x-amz-cf-pop
JFK50-P5
x-cache
Miss from cloudfront
sync-iframe
cs-server-s2s.yellowblue.io/ Frame 73DA
0
0
Document
General
Full URL
https://cs-server-s2s.yellowblue.io/sync-iframe?gdpr={{gdpr}}&gdpr_consent={{gdpr_consent}}&redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D150%26advUuid%3D%7BpartnerId%7D
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
184.73.7.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-7-244.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-WL-CONF,X-Requested-With
access-control-allow-methods
POST, GET, OPTIONS, PUT, DELETE
access-control-allow-origin
https://trojan.iamvip.us.kg/
content-type
text/html
date
Fri, 04 Oct 2024 11:24:54 GMT
server
istio-envoy
x-envoy-upstream-service-time
2
liveView.php
live.primis.tech/live/ Frame 2664
2 B
368 B
XHR
General
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMSUlRaZcZGViJTJGqXNypaMyMxZwo252ZXJ0ZWQyMxYlNDQ4NSUlRaZcZGViXmVyMwx3MDtlMTquMTU2MwxkOTt2NwQyMxZ2nWQ2NGJuZDtkMDM4MDM0MDt5NwA2ODxlLz1jNCUmRaRinlUmRGV3o2qJQ0FaSW1Gp1c5STZJQ0cJVXcJMU5cSXNDnUFaSUNBnWRIoHqJnz9aSWgjWFZDSUgzUS5yq29aSUNBZ0ygoHcwrUx2SUNKUWNgoHRuWE1cTEFiZ0yDQWqJox4kWWyJNxyDSXZxWEJmYwJGn2N5OWcvnxV2ZG1fn1cXOHZxWE5fY25NqyxlOXVxoVZ5ZEqWn0k6STBORGpkTDNnpFcHVaZYryZfTWceM01EZ3yNVGRbTVRVMx1dn3uPVGplTzcRqzRgoGgOnyJcWVqRNE1UQXcPREF6TxRBNE9UWXqOnzp1TWx1qGNEUWyMQW9aSUNBZ0ygNWynnUx2SURFM01dYmVNREx0TURBp0NcQWqJQ0FcWyubq0ydo2qNVGN5T0RBNU56VTJNQXA5LausozNiZVc3SFqZNyZJqFBFQyqSVXN4pWp3Vz9kQxqHVUyPZDq1pXZgo1UzqzyxX2NioaRyoaRsnWQ9MmQ2NTU0NvZ2nWRsY29hqGVhqF9xZXNwPUkuYv1apz93ovgxnWFgo25xplgvo29gnW5aK2FmK25yq2k5q2VxplgipHQeZz9lK21ipzUep3VmqGFcozFvoGUeo3B0nW9hJaZcZF9wo250ZW50X3RcqGkyPUkuYv1apz93ovgxnWFgo25xplgvo29gnW5aK2FmK25yq2k5q2VxplgipHQeZz9lK21ipzUep3VmqGFcozFvoGUeo3B0nW9hJaZcZF9wo250ZW50X2R1pzF0nW9hPTEmOSZjoGFwZW1yoaRTqHJyYW1UrXByPTMzZGVvqWqJozZipz1uqGyiow0zpGkurWkcp3RJZD0kNTY0NvZjoGF5ZXJJoaN0YW5wZUyxPTQ0MDx3MTp5MTIjODt4NTx0MwUzrD02NDAzrT00NDAzpHVvVXJfPWu0qHBmJTNBJTJGJTJGqHJinzFhLzyuoXZcpC51pl5eZlUlRvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwM0MxQmMTMjMxQmMDM0NUYmMTM0N0Q3QwpmMmEmNmMlMmYmMTM4MmEmNwqEN0I0MmMmMmA3RDqCNTM2NDQ4NEE3NwYkNxQ0Nwp1NEM2RDZDNwt2MwU4NUE3MDYmNDMmNTMkNwM3OTM1NmI1QTp3M0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNxM2OTZFNmU3ODqEN0I1ODM2MmQmMDqEN0I1OTM0MmQmMDqEN0I2NwMkN0Q3QwRDMmImMDMkMmtmNwqERxVGRSZupHBOYW1yPSZcp0FjpD0jJzFjpEyxPSZxnWFcZD0zYXBjQaVhZGkySWQ9nHR0pHMyM0EyMxYyMxZ0pz9dYW4hnWFgqzyjLaVmLzgaJTJGJzFjpFN0o3JyVXJfPSZupHBQpzy2YWN5UG9fnWN5PSZupHBJp1BunWQ9JzFjpFZypaNco249JaNxn3Y9JzFjpERyqzVfo3Bypw0zZ2ViTGF0nT0mMl45MwE0Jzqyo0kiozp9LTEkOC40MTMzqXNypxyjQWRxpw0lYTA0JTNBYmYjNCUmQTYkNSUmQTEyM0EyM0E3JaVmZXJVQT1No3ccoGkuJTJGNS4jKlUlOFtkMSUmQvgMnW51rCg4ODZsNwQyMwxeQXBjoGVXZWJLnXQyMxY1MmphMmYeJTI4S0uUTUjyMxMeoGyeZSgHZWNeolUlOSgDnHJioWUyMxYkMwxhMC4jLwAeU2FzYXJcJTJGNTM3LwM2JaBfYXyypxFjnUyxPSZuqzFcoENuoXBunWqhpm0znXNBpHBKpm0jJzNmqXVcZD02NzZzZDA4NDQ2NzQ3JzNvqXN0ZXI9MTplODA0MTA5Mmt3NvZwY3BuPTEzY2NjYUNioaNyoaQ9MU5OLQ==
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
age
0
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
id5pNaJwp5U4Bq3XDmYmokS3T1oDXzzozxZIeX30X5SCyAWTXFJhEw==
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
application/json; charset=utf-8
cache-control
no-store
pragma
no-cache
access-control-allow-credentials
true
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
22
x-amz-cf-pop
JFK50-P5
server
nginx
integrator.json
pubads.g.doubleclick.net/adsid/ Frame 2664
15 B
58 B
XHR
General
Full URL
https://pubads.g.doubleclick.net/adsid/integrator.json?aos=https%3A%2F%2Ftrojan.iamvip.us.kg
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/pal/pal.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
6cb74b1c20520023a412d8e0bc04e0bcc832be2f66b0a584056db181dcd5a052
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
x-afma-token-requester-type
requester_type_9
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
private, no-cache, no-store
timing-allow-origin
*
content-encoding
gzip
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
x-content-type-options
nosniff
access-control-allow-origin
https://trojan.iamvip.us.kg
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
content-length
35
date
Fri, 04 Oct 2024 11:24:54 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
sodar
pagead2.googlesyndication.com/getconfig/ Frame 2664
12 KB
9 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?tid=pal&tv=1.0
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/pal/pal.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
a3d7e24a2f48068cd7bab18b2db5f8748c46d6c3ef6b664fa6605144a2bc22c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
9003
date
Fri, 04 Oct 2024 11:24:54 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
liveView.php
live.primis.tech/live/
0
343 B
Image
General
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTUjJaNypaZypyRcoWU9MTplODA0MTA5MvZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTE2ODAjJaN0YT0jJat9NwQjJax9NDQjJaZcZF9jYXNmRG9gYWyhPXRlo2cuov5cYW12nXAhqXMhn2pzp3VvSWQ9qHJinzFhLzyuoXZcpC51pl5eZlZxZWJ1Z0yhZz9loWF0nW9hPSZcp0FjpD0jJaNxn3Y9JaJcPTZDNwx3NwY1NTM3NDYkNmQ3MmqDNmM2QwMkN0I1NDMjN0Q3QwY0MmImMDMlMmQlRDMkMmAlRDMjMmQ1RwMkMmQ3RDqCNmMmMTM3MmImNwMkMmtmMTM2N0Q3QwQmMmMmMDqEN0I1MmY0NDt0QTp2NwE2RDQ2NmU0QmZENxM2ODYlNTt1QTpjNwM0MmM1MmE2Mmp5MmU3MwVBNmpmRDNEN0Q3QwYlNwM2ODplNxY2RDY1N0Q3QwpkNwQ2NTpmNxI3NDZGNmA3RDqCNxY2QmY5NxU3NTp4N0Q3QwU4MmYmNDMjN0Q3QwU5MmQmNDMjN0Q3QwY2MmE3RDqCNEMmMwMjMmEmODM2N0RGRUZFJzRcYWyxPSZ1p2VlSXBBZGRlPTJuMDQyM0FwNwA0JTNBNwE1JTNBMSUmQSUmQTpzqXNypyVBPU1irzyfoGEyMxY1LwAyMwAyMwuYMTEyM0IyMwBMnW51rCUlMHt4Ny82NCUlOSUlMEFjpGkyV2VvS2y0JTJGNTM3LwM2JTIjJTI4S0uUTUjyMxMyMwBfnWgyJTIjR2Vwn28yMwxyMwBDnHJioWUyMxYkMwxhMC4jLwAyMwBTYWZupzxyMxY1MmphMmYzY3N1qWyxPTY2ZzZxMDt0NDY2ZDpzY29hqGVhqEZcoGVJZD0jJz1yZGyuUGkurUkcp3RJZD0jJz1yZGyuTGymqEyxPTAzZ2Rjpw0jJzqxpHJDo25mZW50PSZcp1qyUGFmp0qxpHI9MSZwY3BuPTEzY2NjYUNioaNyoaQ9MU5OLSZwYaVmqGVlPTE3MwtjNDEjOTM4MmYzqWyxPVNyn2yhZG9TUGkurWVlNwZzZzQjODRuZDQ5NSZjqWJVpzj9nHR0pHMyM0EyMxYyMxZ0pz9dYW4hnWFgqzyjLaVmLzgaJTJGJzZfo2F0U3RuqHVmPWZuoHNyJzVcZHNjPWycpSZjrGyxPTI1NwBwNwqxZTqyMzYlZGElNWY3YmVzMDUkZwJzOGE5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

x-cache
Miss from cloudfront
cache-control
no-store
content-encoding
gzip
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
access-control-allow-origin
*
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
fT285jZrtVRJ4YM2KA_JarX1TTAWQoB35_qp647QSzwh-JAJ9iQeOg==
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
x-amz-cf-pop
JFK50-P5
p-1ZHFxK2kGG5Cz.gif
pixel.quantserve.com/pixel/ Frame 2664
35 B
582 B
Image
General
Full URL
https://pixel.quantserve.com/pixel/p-1ZHFxK2kGG5Cz.gif?labels=publisher.31604.space.116800,adsize.640x440
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:116:800b:21:c1e8:5385:5098:6bf0 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

strict-transport-security
max-age=86400
cache-control
private, no-cache, no-store, proxy-revalidate
pragma
no-cache
expires
Fri, 04 Aug 1978 12:00:00 GMT
content-length
35
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
date
Fri, 04 Oct 2024 11:24:54 GMT
attribution-reporting-register-trigger
{"event_trigger_data":[{"filters":[{"label":["C7TsQxTMRYftxPiwglo48g=="],"pcode":["p-1ZHFxK2kGG5Cz"]},{"label":["83LFnYgXVuDE5tSzBOfpBQ=="],"pcode":["p-1ZHFxK2kGG5Cz"]}],"trigger_data":"1"}]}
content-type
image/gif
pixel
cm.g.doubleclick.net/ Frame 2664
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sekindo&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/ul_cb/sync?ssp=sekindo&gdpr=0&gdpr_consent=
  • https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sekindo&bsw_param=c1f356b7-7783-49ce-9cb6-6119f8cbfea9&google_hm=YzFmMzU2YjctNzc4My00OWNlLTljYjYtNjExOWY4Y2JmZWE5...
170 B
232 B
Image
General
Full URL
https://cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sekindo&bsw_param=c1f356b7-7783-49ce-9cb6-6119f8cbfea9&google_hm=YzFmMzU2YjctNzc4My00OWNlLTljYjYtNjExOWY4Y2JmZWE5&gdpr_consent=&gdpr=0
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Server
142.251.32.98 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s77-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
date
Fri, 04 Oct 2024 11:24:54 GMT
x-xss-protection
0
content-type
image/png
server
HTTP server (unknown)

Redirect headers

via
1.1 google
cache-control
no-cache, no-store, must-revalidate
location
//cm.g.doubleclick.net/pixel?google_nid=bidswitch_dbm&google_cm&google_sc&ssp=sekindo&bsw_param=c1f356b7-7783-49ce-9cb6-6119f8cbfea9&google_hm=YzFmMzU2YjctNzc4My00OWNlLTljYjYtNjExOWY4Y2JmZWE5&gdpr_consent=&gdpr=0
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 11:24:54 GMT
liveCS.php
live.primis.tech/live/ Frame 2664
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=6gvshk1&ttd_tpi=1&ttd_puid=66ffd084466d7&gdpr=0&gdpr_consent=
  • https://live.primis.tech/live/liveCS.php?source=external&advId=149&advUuid=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&csuuid=66ffd084466d7&gdpr=0&gdpr_consent=
0
322 B
Image
General
Full URL
https://live.primis.tech/live/liveCS.php?source=external&advId=149&advUuid=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&csuuid=66ffd084466d7&gdpr=0&gdpr_consent=
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-store
content-encoding
gzip
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
yr3UsrGGoMz6sJOPb452kmGHqNhqKQTRAZC80hzQmu-JXadyBmM6tA==
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
text/html; charset=utf-8
vary
Accept-Encoding
server
nginx
x-amz-cf-pop
JFK50-P5

Redirect headers

location
https://live.primis.tech/live/liveCS.php?source=external&advId=149&advUuid=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&csuuid=66ffd084466d7&gdpr=0&gdpr_consent=
content-length
337
date
Fri, 04 Oct 2024 11:24:53 GMT
server
Kestrel
/
csync.loopme.me/ Frame 2664
24 B
24 B
Image
General
Full URL
https://csync.loopme.me/?pubid=11280&gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D93%26advUuid%3D%7Bviewer_token%7D
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.214.249.203 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
203.249.214.35.bc.googleusercontent.com
Software
_ /
Resource Hash
89f2d4e6c7a6c41c13c2e7a75e526aa60b9d5274fe28b2d82801c6beb6beb879

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-length
24
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
text/plain
server
_
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 2664
Redirect Chain
  • https://ssum-sec.casalemedia.com/usermatchredir?s=191923&gdpr=0&gdpr_consent=&cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D99%26advUuid%3D
  • https://ssum-sec.casalemedia.com/usermatchredir?cb=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D99%26advUuid%3D&gdpr=0&gdpr_consent=&s=191923&C=1
  • https://live.primis.tech/live/liveCS.php?source=external&advId=99&advUuid=Zv-QhsAoI78AAEdQAMPGQwAA%262299
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=2120880633&3rdpcid=Zv-QhsAoI78AAEdQAMPGQwAA%262299
43 B
847 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=2120880633&3rdpcid=Zv-QhsAoI78AAEdQAMPGQwAA%262299
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Server
18.173.132.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-46.jfk52.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
tBFQGVvOqnMP7h89hTCyci4CFUnDFUyPTZA5GwNt6EajH4WP-4vCnQ==

Redirect headers

cache-control
no-store
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=2120880633&3rdpcid=Zv-QhsAoI78AAEdQAMPGQwAA%262299
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
hrqJGm3WbXX8GVaM4TZ8vnUBPpr15vxVWOYCiAF3qPwsBEWRTcmncQ==
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
text/html; charset=utf-8
x-amz-cf-pop
JFK50-P5
server
nginx
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 2664
Redirect Chain
  • https://eb2.3lift.com/getuid?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D121%26advUuid%3D%24UID
  • https://eb2.3lift.com/getuid?ld=1&gdpr=0&cmp_cs=&us_privacy=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D121%26advUuid%3D%24UID
  • https://live.primis.tech/live/liveCS.php?source=external&advId=121&advUuid=1595236621141695270647
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=259151345&3rdpcid=1595236621141695270647
43 B
846 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=259151345&3rdpcid=1595236621141695270647
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Server
18.173.132.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-46.jfk52.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
Dt6mzx6O51__l-NejtYXjiBPCc6IZpzUknqSYI1r4CnIgJX0odPdAg==

Redirect headers

cache-control
no-store
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=259151345&3rdpcid=1595236621141695270647
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
g0Z7nMggRIn8EbN1OG6ID0afHf6l-Ywmo39ljKqxQUa6hunykUMQoQ==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
text/html; charset=utf-8
x-amz-cf-pop
JFK50-P5
server
nginx
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 2664
Redirect Chain
  • https://pixel.rubiconproject.com/exchange/sync.php?p=primis&gdpr=0&gdpr_consent=
  • https://live.primis.tech/live/liveCS.php?source=external&advId=100&advUuid=M1UN1TJS-24-BCQN&gdpr=0
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=M1UN1TJS-24-BCQN
43 B
846 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=M1UN1TJS-24-BCQN
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Server
18.173.132.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-46.jfk52.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
S-y36qYWN-pcU4JBdpxohOK5uyKTf-Nt-HbNbsXUVXtGhSBrxuDeAw==

Redirect headers

cache-control
no-store
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1725065545&3rdpcid=M1UN1TJS-24-BCQN
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
bTMZ_75z1N2y0bKttxCenybzW1Sx4FpN1ohfKZYA1qSeNcUVoRG38Q==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
text/html; charset=utf-8
x-amz-cf-pop
JFK50-P5
server
nginx
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 2664
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58818/sync?redir=true&gdpr=0&gdpr_consent=
  • https://ups.analytics.yahoo.com/ups/58818/sync?redir=true&gdpr=0&gdpr_consent=&verify=true
  • https://live.primis.tech/live/liveCS.php?source=external&advId=128&advUuid=y-WGcX.0tE2uKF7JU5fMSuyiZoeKiSFc02~A
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1028935272&3rdpcid=y-WGcX.0tE2uKF7JU5fMSuyiZoeKiSFc02~A
43 B
846 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1028935272&3rdpcid=y-WGcX.0tE2uKF7JU5fMSuyiZoeKiSFc02~A
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Server
18.173.132.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-46.jfk52.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
_6jAk3nexnHB2lqpxdXhNSAT1YQstvYqNgpxW6ii7kX_f-s3SPo_Yw==

Redirect headers

cache-control
no-store
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1028935272&3rdpcid=y-WGcX.0tE2uKF7JU5fMSuyiZoeKiSFc02~A
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
7jBcl7Nw0nnwpVEuj4HTegThQOBF3bX3SXntDkFLFIxoAnkPWvYzAw==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
text/html; charset=utf-8
x-amz-cf-pop
JFK50-P5
server
nginx
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 2664
Redirect Chain
  • https://ib.adnxs.com/getuid?https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D105%26advUuid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
  • https://live.primis.tech/live/liveCS.php?source=external&advId=105&advUuid=6178791637038509278&gdpr=0&gdpr_consent=
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1186917411&3rdpcid=6178791637038509278
43 B
847 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1186917411&3rdpcid=6178791637038509278
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Server
18.173.132.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-46.jfk52.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
9hQqEJ_YaKr2FITLwLtr-DxXZppGQfkuNJWUXO_H-BDvtqb7poNFzg==

Redirect headers

cache-control
no-store
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1186917411&3rdpcid=6178791637038509278
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
y_lsRWMIx5v1eIGSLwBjIT6Tl2lkGsxFhM0nkOQ9oR3CF-bvhYcdbQ==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
text/html; charset=utf-8
x-amz-cf-pop
JFK50-P5
server
nginx
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 2664
Redirect Chain
  • https://mb9eo.publishers.tremorhub.com/pubsync?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D126%26advUuid%3D%5Btvid%5D
  • https://mb9eo.publishers.tremorhub.com/pubsync/verify?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D126%26advUuid%3D%5Btvid%5D
  • https://live.primis.tech/live/liveCS.php?source=external&advId=126&advUuid=1964d31643b344fcaf5b341c04f0f9ff
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=584182936&3rdpcid=1964d31643b344fcaf5b341c04f0f9ff
43 B
846 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=584182936&3rdpcid=1964d31643b344fcaf5b341c04f0f9ff
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Server
18.173.132.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-46.jfk52.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
bv_V5jDH1oDlVoGsAcx_EBFbPhj2JKjEJ_36veNECSsIQIr5IyEBiA==

Redirect headers

cache-control
no-store
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=584182936&3rdpcid=1964d31643b344fcaf5b341c04f0f9ff
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
_bc-Ctkg6Idgppxj7XMn-OlOfV8z8P21QrI-TQotqLPY4YHXCFfK2Q==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
text/html; charset=utf-8
x-amz-cf-pop
JFK50-P5
server
nginx
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 2664
Redirect Chain
  • https://cs.media.net/cksync?gdpr=0&gdpr_consent=&cs=34&type=pri&ovsid=66ffd084466d7&redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D127%26advUuid%3D%3Cvsid...
  • https://live.primis.tech/live/liveCS.php?source=external&advId=127&advUuid=&gdpr=0&gdpr_consent=
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1723987475&3rdpcid=
43 B
846 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1723987475&3rdpcid=
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Server
18.173.132.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-46.jfk52.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
VgIpoHpe7Mei0c4KOjjw_3-n9j6O_k_qGYbcHOdnWQVDdMS12xTX6Q==

Redirect headers

cache-control
no-store
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1723987475&3rdpcid=
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
0yKNEwesHrV5s9Bf_lKUGJ0Wgt1vSaKN2ZLU3i7JFD6FdvrRZwcocA==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
text/html; charset=utf-8
x-amz-cf-pop
JFK50-P5
server
nginx
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 2664
Redirect Chain
  • https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D130%26advUuid%3D%24UID
  • https://ap.lijit.com/pixel?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D130%26advUuid%3D%24UID&sovrn_retry=true
  • https://live.primis.tech/live/liveCS.php?source=external&advId=130&advUuid=JcJsALZHJ7KS5nsVT06ycUSb
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=396218182&3rdpcid=JcJsALZHJ7KS5nsVT06ycUSb
43 B
846 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=396218182&3rdpcid=JcJsALZHJ7KS5nsVT06ycUSb
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Server
18.173.132.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-46.jfk52.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
NgfUhwVYPRoKBxxCoI1Axm3kBe68DC2TTg7Kt31qyag-xRmtQ4VvzQ==

Redirect headers

cache-control
no-store
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=396218182&3rdpcid=JcJsALZHJ7KS5nsVT06ycUSb
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
XNsMDzSzX4ncC9JWYBIeOImnC9wMp92nILS4iNOmnUSSU7-xRNcyHg==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
text/html; charset=utf-8
x-amz-cf-pop
JFK50-P5
server
nginx
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 2664
Redirect Chain
  • https://ads.stickyadstv.com/user-matching?id=3586&gdpr=0&gdpr_consent=
  • https://live.primis.tech/live/liveCS.php?source=external&advId=134&advUuid=ca92f4f0c1ef7dbf58fbcc3bdeac242&gdpr_consent=&gdpr=0
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=484859127&3rdpcid=ca92f4f0c1ef7dbf58fbcc3bdeac242
43 B
845 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=484859127&3rdpcid=ca92f4f0c1ef7dbf58fbcc3bdeac242
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Server
18.173.132.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-46.jfk52.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
m_cSPO13HeNd2Pogy_KqDKFtFUJVza56IsJJEH5D6O0Hc-Ij3Pr0eg==

Redirect headers

cache-control
no-store
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=484859127&3rdpcid=ca92f4f0c1ef7dbf58fbcc3bdeac242
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
vT3Gg_DieAI35j3NmvSZFXyuywO7zV4fstcRQMsSx0rs_EvWi_R1ng==
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
text/html; charset=utf-8
x-amz-cf-pop
JFK50-P5
server
nginx
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 2664
Redirect Chain
  • https://cs.admanmedia.com/3613a31b6329d1c17d5663d05b080db1.gif?gdpr=0&gdpr_consent=&redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D138%26advUuid%3D%5BUID%5D
  • https://live.primis.tech/live/liveCS.php?source=external&advId=138&advUuid=210c1e62-1141-42eb-b7d7-72bbf4095336
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=2136778551&3rdpcid=210c1e62-1141-42eb-b7d7-72bbf4095336
43 B
845 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=2136778551&3rdpcid=210c1e62-1141-42eb-b7d7-72bbf4095336
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Server
18.173.132.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-46.jfk52.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
40nwp06QU-ttS5nhcsNI_iMxWsm-OA0t4OiJ2KbGKfzx-obNeHVXrQ==

Redirect headers

cache-control
no-store
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=2136778551&3rdpcid=210c1e62-1141-42eb-b7d7-72bbf4095336
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
v7f43mlJDowNpad46IwuNE8ieR28PWClVS9otV8wJy60FU6q4mqnUg==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
text/html; charset=utf-8
x-amz-cf-pop
JFK50-P5
server
nginx
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 2664
Redirect Chain
  • https://ssbsync-global.smartadserver.com/api/sync?callerId=21&redirectUri=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D140%26advUuid%3D%5Bssb_sync_pid%5D%26gdpr%...
  • https://live.primis.tech/live/liveCS.php?source=external&advId=140&advUuid=3436013565888359446&gdpr=0&gdpr_consent=
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1881119486&3rdpcid=3436013565888359446
43 B
845 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1881119486&3rdpcid=3436013565888359446
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Server
18.173.132.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-46.jfk52.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
9SsQC_qIojJ7RJohzSfHDGsf9-6uSWVKeeV4tjpFjcGervTBL_cuGw==

Redirect headers

cache-control
no-store
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=1881119486&3rdpcid=3436013565888359446
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
jzKjrpJYVPkKvL9ez3LULUY2nFecgoCRjLpFjrrfh3V-w8_KkRXHbg==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
text/html; charset=utf-8
x-amz-cf-pop
JFK50-P5
server
nginx
cookie
cm.adform.net/ Frame 2664
35 B
484 B
Image
General
Full URL
https://cm.adform.net/cookie?redirect_url=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D143%26advUuid%3D%24UID%26gdpr%3D0%26gdpr_consent%3D
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.229 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

access-control-max-age
86400
accept-ch
Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-credentials
true
access-control-allow-methods
GET
access-control-allow-origin
*
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
image/gif
server
nginx
access-control-allow-headers
Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 2664
Redirect Chain
  • https://match.sharethrough.com/universal/v1?supply_id=Wog2sp89&gdpr=0&gdpr_consent=
  • https://live.primis.tech/live/liveCS.php?source=external&advId=144&advUuid=73aba2f8-05d0-40b3-a6d2-3e99555528ea&gdpr=0
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=2011327056&3rdpcid=73aba2f8-05d0-40b3-a6d2-3e99555528ea
43 B
847 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=2011327056&3rdpcid=73aba2f8-05d0-40b3-a6d2-3e99555528ea
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Server
18.173.132.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-46.jfk52.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
8NOY7swlpyMeEIGCDYRxYICrs_uNpyVgFmrOXLSs-TzNclilQUmEAA==

Redirect headers

cache-control
no-store
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=2011327056&3rdpcid=73aba2f8-05d0-40b3-a6d2-3e99555528ea
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
IFIG7nxCMuet5hUaMwSYxZlrMN7pP0mUcktV_YsJNqlEn0-5bDuM_g==
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
text/html; charset=utf-8
x-amz-cf-pop
JFK50-P5
server
nginx
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 2664
Redirect Chain
  • https://sync.1rx.io/usersync2/rmpssp?sub=primis&gdpr=0&gdpr_consent=
  • https://sync.1rx.io/usersync2/rmpssp?sub=primis&zcc=1&cb=1728041099008
  • https://ad.turn.com/r/cs?pid=45&id=RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005&rndcb=7509472897
  • https://sync.1rx.io/usersync/turn/8693763434019593167?dspret=1&gdpr=&gdpr_consent=&us_privacy=
  • https://sync.targeting.unrulymedia.com/csync/RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005?redir=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D119%26advUuid%3DRX-2a...
  • https://live.primis.tech/live/liveCS.php?source=external&advId=119&advUuid=RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=541745869&3rdpcid=RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005
43 B
845 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=541745869&3rdpcid=RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Server
18.173.132.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-46.jfk52.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:56 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
wKA2jD2tfjuUeG1rx8ER07WNEc0FltFpaENDlkbvToMgogh9-1HQTA==

Redirect headers

cache-control
no-store
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=541745869&3rdpcid=RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
Wz2ZbyKMIgf_TaEyzXI1eH6TDkHpJyhjyNHzN46TGfWXVesxapndew==
date
Fri, 04 Oct 2024 11:24:56 GMT
content-type
text/html; charset=utf-8
x-amz-cf-pop
JFK50-P5
server
nginx
ProfilesEngineServlet
sync.intentiq.com/profiles_engine/ Frame 2664
Redirect Chain
  • https://sync.kueezrtb.com/api/user/pixel/?redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D151%26advUuid%3D%24%7BuserId%7D%26gdpr%3D0%26gdpr_consent%3D
  • https://live.primis.tech/live/liveCS.php?source=external&advId=151&advUuid=75ea81e7-6094-d6a8-754b-b4f3d987e5a4&gdpr=0&gdpr_consent=
  • https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=793790479&3rdpcid=75ea81e7-6094-d6a8-754b-b4f3d987e5a4
43 B
845 B
Image
General
Full URL
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=793790479&3rdpcid=75ea81e7-6094-d6a8-754b-b4f3d987e5a4
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Server
18.173.132.46 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-132-46.jfk52.r.cloudfront.net
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
via
1.1 3b25d3847d37119898f877230ee8f426.cloudfront.net (CloudFront)
expires
Thu, 01 Jan 1970 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
image/gif
x-amz-cf-pop
JFK52-P2
x-amz-cf-id
wpoAd7aeouKHrzd1QV3Un_SQ1TMWpB2QKFFV0OgfLHG12pdKImB2_w==

Redirect headers

cache-control
no-store
location
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&mi=10&dpi=793790479&3rddpi=793790479&3rdpcid=75ea81e7-6094-d6a8-754b-b4f3d987e5a4
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
fr-RU-TZt2s4kLC3JUefTZTgHCuSXtbwraYjS-2QaqS8L7jM7klbSw==
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
text/html; charset=utf-8
x-amz-cf-pop
JFK50-P5
server
nginx
vid64bad81038034089606892.jpg
video.primis.tech/uploads/cn1/video/users/converted/24485/video_5e29708217a15629198664/
8 KB
9 KB
Image
General
Full URL
https://video.primis.tech/uploads/cn1/video/users/converted/24485/video_5e29708217a15629198664/vid64bad81038034089606892.jpg?cbuster=1689966611
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:9000:1:6448:6d00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5c2ceeb826ac06835fe85bab9b44b20ae2d59e67a56e8db2a0fc79f15df48f98

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

etag
"cfad150dbb1135fb39c12cb66ab1bc42"
age
70819
expires
Fri, 04 Oct 2024 15:44:34 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
oN9vSBTkAon13rlVW9MBve1VATHajugMDbjLPNDwcgAxBV0AyLmf4g==
date
Thu, 03 Oct 2024 15:44:34 GMT
content-type
image/jpeg
last-modified
Fri, 21 Jul 2023 19:10:30 GMT
cache-control
max-age=86400
via
1.1 48b970169016f7185b7cff9e185ee0b2.cloudfront.net (CloudFront), 1.1 d98647edce17345f3d148190339e9d8c.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
8432
x-amz-cf-pop
IAD50-C2, JFK50-P6
server
nginx
x-amz-server-side-encryption
AES256
integrator.json
pubads.g.doubleclick.net/adsid/ Frame
0
0
Preflight
General
Full URL
https://pubads.g.doubleclick.net/adsid/integrator.json?aos=https%3A%2F%2Ftrojan.iamvip.us.kg
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.162 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept
*/*
Access-Control-Request-Headers
x-afma-token-requester-type
Access-Control-Request-Method
GET
Origin
https://trojan.iamvip.us.kg
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
x-afma-token-requester-type
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
https://trojan.iamvip.us.kg
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
content-type
text/html; charset=UTF-8
date
Fri, 04 Oct 2024 11:24:54 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
liveView.php
live.primis.tech/live/ Frame 2664
2 B
366 B
XHR
General
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMSUlRaZcZGViJTJGqXNypaMyMxZwo252ZXJ0ZWQyMxYlNDQ4NSUlRaZcZGViXmVyMwx3MDtlMTquMTU2MwxkOTt2NwQyMxZ2nWQ2NGJuZDtkMDM4MDM0MDt5NwA2ODxlLz1jNCUmRaRinlUmRGV3o2qJQ0FaSW1Gp1c5STZJQ0cJVXcJMU5cSXNDnUFaSUNBnWRIoHqJnz9aSWgjWFZDSUgzUS5yq29aSUNBZ0ygoHcwrUx2SUNKUWNgoHRuWE1cTEFiZ0yDQWqJox4kWWyJNxyDSXZxWEJmYwJGn2N5OWcvnxV2ZG1fn1cXOHZxWE5fY25NqyxlOXVxoVZ5ZEqWn0k6STBORGpkTDNnpFcHVaZYryZfTWceM01EZ3yNVGRbTVRVMx1dn3uPVGplTzcRqzRgoGgOnyJcWVqRNE1UQXcPREF6TxRBNE9UWXqOnzp1TWx1qGNEUWyMQW9aSUNBZ0ygNWynnUx2SURFM01dYmVNREx0TURBp0NcQWqJQ0FcWyubq0ydo2qNVGN5T0RBNU56VTJNQXA5LausozNiZVc3SFqZNyZJqFBFQyqSVXN4pWp3Vz9kQxqHVUyPZDq1pXZgo1UzqzyxX2NioaRyoaRsnWQ9MmQ2NTU0NvZ2nWRsY29hqGVhqF9xZXNwPUkuYv1apz93ovgxnWFgo25xplgvo29gnW5aK2FmK25yq2k5q2VxplgipHQeZz9lK21ipzUep3VmqGFcozFvoGUeo3B0nW9hJaZcZF9wo250ZW50X3RcqGkyPUkuYv1apz93ovgxnWFgo25xplgvo29gnW5aK2FmK25yq2k5q2VxplgipHQeZz9lK21ipzUep3VmqGFcozFvoGUeo3B0nW9hJaZcZF9wo250ZW50X2R1pzF0nW9hPTEmOSZjoGFwZW1yoaRTqHJyYW1UrXByPTEzZGVvqWqJozZipz1uqGyiow0zpGkurWkcp3RJZD0kNTY0NvZjoGF5ZXJJoaN0YW5wZUyxPTQ0MDx3MTp5MTIjODt4NTx0MwUzrD00NDIzrT0lNDxzpHVvVXJfPWu0qHBmJTNBJTJGJTJGqHJinzFhLzyuoXZcpC51pl5eZlUlRvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwM0MxQmMTMjMxQmMDM0NUYmMTM0N0Q3QwpmMmEmNmMlMmYmMTM4MmEmNwqEN0I0MmMmMmA3RDqCNTM2NDQ4NEE3NwYkNxQ0Nwp1NEM2RDZDNwt2MwU4NUE3MDYmNDMmNTMkNwM3OTM1NmI1QTp3M0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNxM2OTZFNmU3ODqEN0I1ODM2MmQmMDqEN0I1OTM0MmQmMDqEN0I2NwMkN0Q3QwRDMmImMDMkMmtmNwqERxVGRSZupHBOYW1yPSZcp0FjpD0jJzFjpEyxPSZxnWFcZD0zYXBjQaVhZGkySWQ9nHR0pHMyM0EyMxYyMxZ0pz9dYW4hnWFgqzyjLaVmLzgaJTJGJzFjpFN0o3JyVXJfPSZupHBQpzy2YWN5UG9fnWN5PSZupHBJp1BunWQ9JzFjpFZypaNco249JaNxn3Y9JzFjpERyqzVfo3Bypw0zZ2ViTGF0nT0mMl45MwE0Jzqyo0kiozp9LTEkOC40MTMzqXNypxyjQWRxpw0lYTA0JTNBYmYjNCUmQTYkNSUmQTEyM0EyM0E3JaVmZXJVQT1No3ccoGkuJTJGNS4jKlUlOFtkMSUmQvgMnW51rCg4ODZsNwQyMwxeQXBjoGVXZWJLnXQyMxY1MmphMmYeJTI4S0uUTUjyMxMeoGyeZSgHZWNeolUlOSgDnHJioWUyMxYkMwxhMC4jLwAeU2FzYXJcJTJGNTM3LwM2JaBfYXyypxFjnUyxPSZuqzFcoENuoXBunWqhpm0znXNBpHBKpm0jJzNmqXVcZD02NzZzZDA4NDQ2NzQ3JzNvqXN0ZXI9MTplODA0MTA5Mmx1NlZwY3BuPTEzY2NjYUNioaNyoaQ9MU5OLQ==
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
age
0
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
iKsGa-vkW_O9PIQ5FtMAEkhfNc_o6-ICMalKE02DialTKRJem0W2Ng==
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
application/json; charset=utf-8
cache-control
no-store
pragma
no-cache
access-control-allow-credentials
true
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
22
x-amz-cf-pop
JFK50-P5
server
nginx
liveView.php
live.primis.tech/live/ Frame 2664
2 B
368 B
XHR
General
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMSUlRaZcZGViJTJGqXNypaMyMxZwo252ZXJ0ZWQyMxYlNDQ4NSUlRaZcZGViXmVyMwx3MDtlMTquMTU2MwxkOTt2NwQyMxZ2nWQ2NGJuZDtkMDM4MDM0MDt5NwA2ODxlLz1jNCUmRaRinlUmRGV3o2qJQ0FaSW1Gp1c5STZJQ0cJVXcJMU5cSXNDnUFaSUNBnWRIoHqJnz9aSWgjWFZDSUgzUS5yq29aSUNBZ0ygoHcwrUx2SUNKUWNgoHRuWE1cTEFiZ0yDQWqJox4kWWyJNxyDSXZxWEJmYwJGn2N5OWcvnxV2ZG1fn1cXOHZxWE5fY25NqyxlOXVxoVZ5ZEqWn0k6STBORGpkTDNnpFcHVaZYryZfTWceM01EZ3yNVGRbTVRVMx1dn3uPVGplTzcRqzRgoGgOnyJcWVqRNE1UQXcPREF6TxRBNE9UWXqOnzp1TWx1qGNEUWyMQW9aSUNBZ0ygNWynnUx2SURFM01dYmVNREx0TURBp0NcQWqJQ0FcWyubq0ydo2qNVGN5T0RBNU56VTJNQXA5LausozNiZVc3SFqZNyZJqFBFQyqSVXN4pWp3Vz9kQxqHVUyPZDq1pXZgo1UzqzyxX2NioaRyoaRsnWQ9MmQ2NTU0NvZ2nWRsY29hqGVhqF9xZXNwPUkuYv1apz93ovgxnWFgo25xplgvo29gnW5aK2FmK25yq2k5q2VxplgipHQeZz9lK21ipzUep3VmqGFcozFvoGUeo3B0nW9hJaZcZF9wo250ZW50X3RcqGkyPUkuYv1apz93ovgxnWFgo25xplgvo29gnW5aK2FmK25yq2k5q2VxplgipHQeZz9lK21ipzUep3VmqGFcozFvoGUeo3B0nW9hJaZcZF9wo250ZW50X2R1pzF0nW9hPTEmOSZjoGFwZW1yoaRTqHJyYW1UrXByPTEzZGVvqWqJozZipz1uqGyiow0zpGkurWkcp3RJZD0kNTY0NvZjoGF5ZXJJoaN0YW5wZUyxPTQ0MDx3MTp5MTIjODt4NTx0MwUzrD00NDIzrT0lNDxzpHVvVXJfPWu0qHBmJTNBJTJGJTJGqHJinzFhLzyuoXZcpC51pl5eZlUlRvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwM0MxQmMTMjMxQmMDM0NUYmMTM0N0Q3QwpmMmEmNmMlMmYmMTM4MmEmNwqEN0I0MmMmMmA3RDqCNTM2NDQ4NEE3NwYkNxQ0Nwp1NEM2RDZDNwt2MwU4NUE3MDYmNDMmNTMkNwM3OTM1NmI1QTp3M0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNxM2OTZFNmU3ODqEN0I1ODM2MmQmMDqEN0I1OTM0MmQmMDqEN0I2NwMkN0Q3QwRDMmImMDMkMmtmNwqERxVGRSZupHBOYW1yPSZcp0FjpD0jJzFjpEyxPSZxnWFcZD0zYXBjQaVhZGkySWQ9nHR0pHMyM0EyMxYyMxZ0pz9dYW4hnWFgqzyjLaVmLzgaJTJGJzFjpFN0o3JyVXJfPSZupHBQpzy2YWN5UG9fnWN5PSZupHBJp1BunWQ9JzFjpFZypaNco249JaNxn3Y9JzFjpERyqzVfo3Bypw0zZ2ViTGF0nT0mMl45MwE0Jzqyo0kiozp9LTEkOC40MTMzqXNypxyjQWRxpw0lYTA0JTNBYmYjNCUmQTYkNSUmQTEyM0EyM0E3JaVmZXJVQT1No3ccoGkuJTJGNS4jKlUlOFtkMSUmQvgMnW51rCg4ODZsNwQyMwxeQXBjoGVXZWJLnXQyMxY1MmphMmYeJTI4S0uUTUjyMxMeoGyeZSgHZWNeolUlOSgDnHJioWUyMxYkMwxhMC4jLwAeU2FzYXJcJTJGNTM3LwM2JaBfYXyypxFjnUyxPSZuqzFcoENuoXBunWqhpm0znXNBpHBKpm0jJzNmqXVcZD02NzZzZDA4NDQ2NzQ3JzNvqXN0ZXI9MTplODA0MTA5Mmx1NlZwY3BuPTEzY2NjYUNioaNyoaQ9MU5OLQ==
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
age
0
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
XNLoLuz1ZaXbFwWUw7h4GO1y2JEKwKtGFVNNhyuQlbFNsmMZ039rjg==
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
application/json; charset=utf-8
cache-control
no-store
pragma
no-cache
access-control-allow-credentials
true
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
22
x-amz-cf-pop
JFK50-P5
server
nginx
liveView.php
live.primis.tech/live/ Frame 2664
2 B
367 B
XHR
General
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0jJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMSUlRaZcZGViJTJGqXNypaMyMxZwo252ZXJ0ZWQyMxYlNDQ4NSUlRaZcZGViXmVyMwx3MDtlMTquMTU2MwxkOTt2NwQyMxZ2nWQ2NGJuZDtkMDM4MDM0MDt5NwA2ODxlLz1jNCUmRaRinlUmRGV3o2qJQ0FaSW1Gp1c5STZJQ0cJVXcJMU5cSXNDnUFaSUNBnWRIoHqJnz9aSWgjWFZDSUgzUS5yq29aSUNBZ0ygoHcwrUx2SUNKUWNgoHRuWE1cTEFiZ0yDQWqJox4kWWyJNxyDSXZxWEJmYwJGn2N5OWcvnxV2ZG1fn1cXOHZxWE5fY25NqyxlOXVxoVZ5ZEqWn0k6STBORGpkTDNnpFcHVaZYryZfTWceM01EZ3yNVGRbTVRVMx1dn3uPVGplTzcRqzRgoGgOnyJcWVqRNE1UQXcPREF6TxRBNE9UWXqOnzp1TWx1qGNEUWyMQW9aSUNBZ0ygNWynnUx2SURFM01dYmVNREx0TURBp0NcQWqJQ0FcWyubq0ydo2qNVGN5T0RBNU56VTJNQXA5LausozNiZVc3SFqZNyZJqFBFQyqSVXN4pWp3Vz9kQxqHVUyPZDq1pXZgo1UzqzyxX2NioaRyoaRsnWQ9MmQ2NTU0NvZ2nWRsY29hqGVhqF9xZXNwPUkuYv1apz93ovgxnWFgo25xplgvo29gnW5aK2FmK25yq2k5q2VxplgipHQeZz9lK21ipzUep3VmqGFcozFvoGUeo3B0nW9hJaZcZF9wo250ZW50X3RcqGkyPUkuYv1apz93ovgxnWFgo25xplgvo29gnW5aK2FmK25yq2k5q2VxplgipHQeZz9lK21ipzUep3VmqGFcozFvoGUeo3B0nW9hJaZcZF9wo250ZW50X2R1pzF0nW9hPTEmOSZjoGFwZW1yoaRTqHJyYW1UrXByPTMzZGVvqWqJozZipz1uqGyiow0zpGkurWkcp3RJZD0kNTY0NvZjoGF5ZXJJoaN0YW5wZUyxPTQ0MDx3MTp5MTIjODt4NTx0MwUzrD00NDIzrT0lNDxzpHVvVXJfPWu0qHBmJTNBJTJGJTJGqHJinzFhLzyuoXZcpC51pl5eZlUlRvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwM0MxQmMTMjMxQmMDM0NUYmMTM0N0Q3QwpmMmEmNmMlMmYmMTM4MmEmNwqEN0I0MmMmMmA3RDqCNTM2NDQ4NEE3NwYkNxQ0Nwp1NEM2RDZDNwt2MwU4NUE3MDYmNDMmNTMkNwM3OTM1NmI1QTp3M0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNxM2OTZFNmU3ODqEN0I1ODM2MmQmMDqEN0I1OTM0MmQmMDqEN0I2NwMkN0Q3QwRDMmImMDMkMmtmNwqERxVGRSZupHBOYW1yPSZcp0FjpD0jJzFjpEyxPSZxnWFcZD0zYXBjQaVhZGkySWQ9nHR0pHMyM0EyMxYyMxZ0pz9dYW4hnWFgqzyjLaVmLzgaJTJGJzFjpFN0o3JyVXJfPSZupHBQpzy2YWN5UG9fnWN5PSZupHBJp1BunWQ9JzFjpFZypaNco249JaNxn3Y9JzFjpERyqzVfo3Bypw0zZ2ViTGF0nT0mMl45MwE0Jzqyo0kiozp9LTEkOC40MTMzqXNypxyjQWRxpw0lYTA0JTNBYmYjNCUmQTYkNSUmQTEyM0EyM0E3JaVmZXJVQT1No3ccoGkuJTJGNS4jKlUlOFtkMSUmQvgMnW51rCg4ODZsNwQyMwxeQXBjoGVXZWJLnXQyMxY1MmphMmYeJTI4S0uUTUjyMxMeoGyeZSgHZWNeolUlOSgDnHJioWUyMxYkMwxhMC4jLwAeU2FzYXJcJTJGNTM3LwM2JaBfYXyypxFjnUyxPSZuqzFcoENuoXBunWqhpm0znXNBpHBKpm0jJzNmqXVcZD02NzZzZDA4NDQ2NzQ3JzNvqXN0ZXI9MTplODA0MTA5Mmx1OCZwY3BuPTEzY2NjYUNioaNyoaQ9MU5OLQ==
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
age
0
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
WQv8PoPratr5VC3dIdniC7Bvu0Ke9vk_HqjHAEVC1gy1n8MYfDKEcw==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
application/json; charset=utf-8
cache-control
no-store
pragma
no-cache
access-control-allow-credentials
true
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
22
x-amz-cf-pop
JFK50-P5
server
nginx
liveView.php
live.primis.tech/live/ Frame 2664
13 KB
5 KB
XHR
General
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMSUlRaZcZGViJTJGqXNypaMyMxZwo252ZXJ0ZWQyMxYlNDQ4NSUlRaZcZGViXmVyMwx3MDtlMTquMTU2MwxkOTt2NwQyMxZ2nWQ2NGJuZDtkMDM4MDM0MDt5NwA2ODxlLz1jNCUmRaRinlUmRGV3o2qJQ0FaSW1Gp1c5STZJQ0cJVXcJMU5cSXNDnUFaSUNBnWRIoHqJnz9aSWgjWFZDSUgzUS5yq29aSUNBZ0ygoHcwrUx2SUNKUWNgoHRuWE1cTEFiZ0yDQWqJox4kWWyJNxyDSXZxWEJmYwJGn2N5OWcvnxV2ZG1fn1cXOHZxWE5fY25NqyxlOXVxoVZ5ZEqWn0k6STBORGpkTDNnpFcHVaZYryZfTWceM01EZ3yNVGRbTVRVMx1dn3uPVGplTzcRqzRgoGgOnyJcWVqRNE1UQXcPREF6TxRBNE9UWXqOnzp1TWx1qGNEUWyMQW9aSUNBZ0ygNWynnUx2SURFM01dYmVNREx0TURBp0NcQWqJQ0FcWyubq0ydo2qNVGN5T0RBNU56VTJNQXA5LausozNiZVc3SFqZNyZJqFBFQyqSVXN4pWp3Vz9kQxqHVUyPZDq1pXZgo1UzqzyxX2NioaRyoaRsnWQ9MmQ2NTU0NvZ2nWRsY29hqGVhqF9xZXNwPUkuYv1apz93ovgxnWFgo25xplgvo29gnW5aK2FmK25yq2k5q2VxplgipHQeZz9lK21ipzUep3VmqGFcozFvoGUeo3B0nW9hJaZcZF9wo250ZW50X3RcqGkyPUkuYv1apz93ovgxnWFgo25xplgvo29gnW5aK2FmK25yq2k5q2VxplgipHQeZz9lK21ipzUep3VmqGFcozFvoGUeo3B0nW9hJaZcZF9wo250ZW50X2R1pzF0nW9hPTEmOSZjoGFwZW1yoaRTqHJyYW1UrXByPTMzZGVvqWqJozZipz1uqGyiow0zpGkurWkcp3RJZD0kNTY0NvZjoGF5ZXJJoaN0YW5wZUyxPTQ0MDx3MTp5MTIjODt4NTx0MwUzrD00NDIzrT0lNDxzpHVvVXJfPWu0qHBmJTNBJTJGJTJGqHJinzFhLzyuoXZcpC51pl5eZlUlRvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwM0MxQmMTMjMxQmMDM0NUYmMTM0N0Q3QwpmMmEmNmMlMmYmMTM4MmEmNwqEN0I0MmMmMmA3RDqCNTM2NDQ4NEE3NwYkNxQ0Nwp1NEM2RDZDNwt2MwU4NUE3MDYmNDMmNTMkNwM3OTM1NmI1QTp3M0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNxM2OTZFNmU3ODqEN0I1ODM2MmQmMDqEN0I1OTM0MmQmMDqEN0I2NwMkN0Q3QwRDMmImMDMkMmtmNwqERxVGRSZupHBOYW1yPSZcp0FjpD0jJzFjpEyxPSZxnWFcZD0zYXBjQaVhZGkySWQ9nHR0pHMyM0EyMxYyMxZ0pz9dYW4hnWFgqzyjLaVmLzgaJTJGJzFjpFN0o3JyVXJfPSZupHBQpzy2YWN5UG9fnWN5PSZupHBJp1BunWQ9JzFjpFZypaNco249JaNxn3Y9JzFjpERyqzVfo3Bypw0zZ2ViTGF0nT0mMl45MwE0Jzqyo0kiozp9LTEkOC40MTMzqXNypxyjQWRxpw0lYTA0JTNBYmYjNCUmQTYkNSUmQTEyM0EyM0E3JaVmZXJVQT1No3ccoGkuJTJGNS4jKlUlOFtkMSUmQvgMnW51rCg4ODZsNwQyMwxeQXBjoGVXZWJLnXQyMxY1MmphMmYeJTI4S0uUTUjyMxMeoGyeZSgHZWNeolUlOSgDnHJioWUyMxYkMwxhMC4jLwAeU2FzYXJcJTJGNTM3LwM2JaBfYXyypxFjnUyxPSZuqzFcoENuoXBunWqhpm0znXNBpHBKpm0jJzNmqXVcZD02NzZzZDA4NDQ2NzQ3JzNvqXN0ZXI9MTplODA0MTA5Mmx1OCZwY3BuPTEzY2NjYUNioaNyoaQ9MU5OLQ==
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
c9b6eeaa76461cfb0ba82b029ad06b0ca81935df532fb1aa26326003be03a305

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
age
0
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
obeD0b6w7hqTa6czlC74p_0mM34lXoTq1VYi5lHxu1x5e45c6BOINw==
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
application/json; charset=utf-8
cache-control
no-store
pragma
no-cache
access-control-allow-credentials
true
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
4519
x-amz-cf-pop
JFK50-P5
server
nginx
liveView.php
live.primis.tech/live/ Frame 2664
13 KB
5 KB
XHR
General
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMSUlRaZcZGViJTJGqXNypaMyMxZwo252ZXJ0ZWQyMxYlNDQ4NSUlRaZcZGViXmVyMwx3MDtlMTquMTU2MwxkOTt2NwQyMxZ2nWQ2NGJuZDtkMDM4MDM0MDt5NwA2ODxlLz1jNCUmRaRinlUmRGV3o2qJQ0FaSW1Gp1c5STZJQ0cJVXcJMU5cSXNDnUFaSUNBnWRIoHqJnz9aSWgjWFZDSUgzUS5yq29aSUNBZ0ygoHcwrUx2SUNKUWNgoHRuWE1cTEFiZ0yDQWqJox4kWWyJNxyDSXZxWEJmYwJGn2N5OWcvnxV2ZG1fn1cXOHZxWE5fY25NqyxlOXVxoVZ5ZEqWn0k6STBORGpkTDNnpFcHVaZYryZfTWceM01EZ3yNVGRbTVRVMx1dn3uPVGplTzcRqzRgoGgOnyJcWVqRNE1UQXcPREF6TxRBNE9UWXqOnzp1TWx1qGNEUWyMQW9aSUNBZ0ygNWynnUx2SURFM01dYmVNREx0TURBp0NcQWqJQ0FcWyubq0ydo2qNVGN5T0RBNU56VTJNQXA5LausozNiZVc3SFqZNyZJqFBFQyqSVXN4pWp3Vz9kQxqHVUyPZDq1pXZgo1UzqzyxX2NioaRyoaRsnWQ9MmQ2NTU0NvZ2nWRsY29hqGVhqF9xZXNwPUkuYv1apz93ovgxnWFgo25xplgvo29gnW5aK2FmK25yq2k5q2VxplgipHQeZz9lK21ipzUep3VmqGFcozFvoGUeo3B0nW9hJaZcZF9wo250ZW50X3RcqGkyPUkuYv1apz93ovgxnWFgo25xplgvo29gnW5aK2FmK25yq2k5q2VxplgipHQeZz9lK21ipzUep3VmqGFcozFvoGUeo3B0nW9hJaZcZF9wo250ZW50X2R1pzF0nW9hPTEmOSZjoGFwZW1yoaRTqHJyYW1UrXByPTMzZGVvqWqJozZipz1uqGyiow0zpGkurWkcp3RJZD0kNTY0NvZjoGF5ZXJJoaN0YW5wZUyxPTQ0MDx3MTp5MTIjODt4NTx0MwUzrD0mNTAzrT0kOTpzpHVvVXJfPWu0qHBmJTNBJTJGJTJGqHJinzFhLzyuoXZcpC51pl5eZlUlRvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwM0MxQmMTMjMxQmMDM0NUYmMTM0N0Q3QwpmMmEmNmMlMmYmMTM4MmEmNwqEN0I0MmMmMmA3RDqCNTM2NDQ4NEE3NwYkNxQ0Nwp1NEM2RDZDNwt2MwU4NUE3MDYmNDMmNTMkNwM3OTM1NmI1QTp3M0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNxM2OTZFNmU3ODqEN0I1ODM2MmQmMDqEN0I1OTM0MmQmMDqEN0I2NwMkN0Q3QwRDMmImMDMkMmtmNwqERxVGRSZupHBOYW1yPSZcp0FjpD0jJzFjpEyxPSZxnWFcZD0zYXBjQaVhZGkySWQ9nHR0pHMyM0EyMxYyMxZ0pz9dYW4hnWFgqzyjLaVmLzgaJTJGJzFjpFN0o3JyVXJfPSZupHBQpzy2YWN5UG9fnWN5PSZupHBJp1BunWQ9JzFjpFZypaNco249JaNxn3Y9JzFjpERyqzVfo3Bypw0zZ2ViTGF0nT0mMl45MwE0Jzqyo0kiozp9LTEkOC40MTMzqXNypxyjQWRxpw0lYTA0JTNBYmYjNCUmQTYkNSUmQTEyM0EyM0E3JaVmZXJVQT1No3ccoGkuJTJGNS4jKlUlOFtkMSUmQvgMnW51rCg4ODZsNwQyMwxeQXBjoGVXZWJLnXQyMxY1MmphMmYeJTI4S0uUTUjyMxMeoGyeZSgHZWNeolUlOSgDnHJioWUyMxYkMwxhMC4jLwAeU2FzYXJcJTJGNTM3LwM2JaBfYXyypxFjnUyxPSZuqzFcoENuoXBunWqhpm0znXNBpHBKpm0jJzNmqXVcZD02NzZzZDA4NDQ2NzQ3JzNvqXN0ZXI9MTplODA0MTA5Mmx1OSZwY3BuPTEzY2NjYUNioaNyoaQ9MU5OLQ==
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
d1448a35d649955b3cc9911a7f159dda66dee81753b2c2a0487f2299f1b80cbb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
age
0
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
2GkqVh8pexYERFy1FbZL24D-0v9P0Mkl-HLphSMIOuy07H5Hrl3Wug==
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
application/json; charset=utf-8
cache-control
no-store
pragma
no-cache
access-control-allow-credentials
true
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
4515
x-amz-cf-pop
JFK50-P5
server
nginx
liveView.php
live.primis.tech/live/ Frame 2664
2 B
367 B
XHR
General
Full URL
https://live.primis.tech/live/liveView.php?hash=pm01ODA1NlZ2nWRsqzFmqFRcoWViqXQ9LTEzqzyxX3Zup3RUrXByPTMzqzyxX3BfYXyypyZypw0mLwEhMCZ2nWRsqzyyq2FvnWkcqHyTqGF0ZT0kJaZcZF9wo250ZW50X3VloD1bqHRjplUmQSUlRvUlRaZcZGViLaBlnW1cpl50ZWNbJTJGqXBfo2FxplUlRzNhMSUlRaZcZGViJTJGqXNypaMyMxZwo252ZXJ0ZWQyMxYlNDQ4NSUlRaZcZGViXmVyMwx3MDtlMTquMTU2MwxkOTt2NwQyMxZ2nWQ2NGJuZDtkMDM4MDM0MDt5NwA2ODxlLz1jNCUmRaRinlUmRGV3o2qJQ0FaSW1Gp1c5STZJQ0cJVXcJMU5cSXNDnUFaSUNBnWRIoHqJnz9aSWgjWFZDSUgzUS5yq29aSUNBZ0ygoHcwrUx2SUNKUWNgoHRuWE1cTEFiZ0yDQWqJox4kWWyJNxyDSXZxWEJmYwJGn2N5OWcvnxV2ZG1fn1cXOHZxWE5fY25NqyxlOXVxoVZ5ZEqWn0k6STBORGpkTDNnpFcHVaZYryZfTWceM01EZ3yNVGRbTVRVMx1dn3uPVGplTzcRqzRgoGgOnyJcWVqRNE1UQXcPREF6TxRBNE9UWXqOnzp1TWx1qGNEUWyMQW9aSUNBZ0ygNWynnUx2SURFM01dYmVNREx0TURBp0NcQWqJQ0FcWyubq0ydo2qNVGN5T0RBNU56VTJNQXA5LausozNiZVc3SFqZNyZJqFBFQyqSVXN4pWp3Vz9kQxqHVUyPZDq1pXZgo1UzqzyxX2NioaRyoaRsnWQ9MmQ2NTU0NvZ2nWRsY29hqGVhqF9xZXNwPUkuYv1apz93ovgxnWFgo25xplgvo29gnW5aK2FmK25yq2k5q2VxplgipHQeZz9lK21ipzUep3VmqGFcozFvoGUeo3B0nW9hJaZcZF9wo250ZW50X3RcqGkyPUkuYv1apz93ovgxnWFgo25xplgvo29gnW5aK2FmK25yq2k5q2VxplgipHQeZz9lK21ipzUep3VmqGFcozFvoGUeo3B0nW9hJaZcZF9wo250ZW50X2R1pzF0nW9hPTEmOSZjoGFwZW1yoaRTqHJyYW1UrXByPTEzZGVvqWqJozZipz1uqGyiow0zpGkurWkcp3RJZD0kNTY0NvZjoGF5ZXJJoaN0YW5wZUyxPTQ0MDx3MTp5MTIjODt4NTx0MwUzrD0mNTAzrT0kOTpzpHVvVXJfPWu0qHBmJTNBJTJGJTJGqHJinzFhLzyuoXZcpC51pl5eZlUlRvZlnT02QmY5NmY2NTUmNmQ2MTp0NmM3QmpmNxImMTqCNTQmMDqEN0I2NDMlMmAmMwM0MxQmMTMjMxQmMDM0NUYmMTM0N0Q3QwpmMmEmNmMlMmYmMTM4MmEmNwqEN0I0MmMmMmA3RDqCNTM2NDQ4NEE3NwYkNxQ0Nwp1NEM2RDZDNwt2MwU4NUE3MDYmNDMmNTMkNwM3OTM1NmI1QTp3M0QmRDqEN0I2MwYmNwt3MwZGNxQ2NTqEN0I3MTY0NwU3MmZCNmQ2RwpjN0Q3QwZGNxM2OTZFNmU3ODqEN0I1ODM2MmQmMDqEN0I1OTM0MmQmMDqEN0I2NwMkN0Q3QwRDMmImMDMkMmtmNwqERxVGRSZupHBOYW1yPSZcp0FjpD0jJzFjpEyxPSZxnWFcZD0zYXBjQaVhZGkySWQ9nHR0pHMyM0EyMxYyMxZ0pz9dYW4hnWFgqzyjLaVmLzgaJTJGJzFjpFN0o3JyVXJfPSZupHBQpzy2YWN5UG9fnWN5PSZupHBJp1BunWQ9JzFjpFZypaNco249JaNxn3Y9JzFjpERyqzVfo3Bypw0zZ2ViTGF0nT0mMl45MwE0Jzqyo0kiozp9LTEkOC40MTMzqXNypxyjQWRxpw0lYTA0JTNBYmYjNCUmQTYkNSUmQTEyM0EyM0E3JaVmZXJVQT1No3ccoGkuJTJGNS4jKlUlOFtkMSUmQvgMnW51rCg4ODZsNwQyMwxeQXBjoGVXZWJLnXQyMxY1MmphMmYeJTI4S0uUTUjyMxMeoGyeZSgHZWNeolUlOSgDnHJioWUyMxYkMwxhMC4jLwAeU2FzYXJcJTJGNTM3LwM2JaBfYXyypxFjnUyxPSZuqzFcoENuoXBunWqhpm0znXNBpHBKpm0jJzNmqXVcZD02NzZzZDA4NDQ2NzQ3JzNvqXN0ZXI9MTplODA0MTA5Mmx1OSZwY3BuPTEzY2NjYUNioaNyoaQ9MU5OLQ==
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
age
0
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
chlozCTAbj-Tl2Vkxw9EZIOtgmN1NmEuXi65W1HXFzoYF_R9WKAKnA==
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
application/json; charset=utf-8
cache-control
no-store
pragma
no-cache
access-control-allow-credentials
true
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
22
x-amz-cf-pop
JFK50-P5
server
nginx
collect
q.clarity.ms/
0
283 B
XHR
General
Full URL
https://q.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.47/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/x-clarity-gzip
Referer
https://trojan.iamvip.us.kg/

Response headers

Request-Context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
Access-Control-Allow-Origin
https://trojan.iamvip.us.kg
Date
Fri, 04 Oct 2024 11:24:54 GMT
Vary
Origin
Server
nginx
Connection
keep-alive
Access-Control-Allow-Credentials
true
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v32/
18 KB
18 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v32/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.163 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f3.1e100.net
Software
sffe /
Resource Hash
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://trojan.iamvip.us.kg
Referer
https://fonts.googleapis.com/

Response headers

age
155793
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Thu, 02 Oct 2025 16:08:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 02 Oct 2024 16:08:21 GMT
last-modified
Thu, 01 Aug 2024 20:41:24 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
18536
x-xss-protection
0
server
sffe
halo_match
ids.ad.gt/api/v1/
43 B
143 B
Image
General
Full URL
https://ids.ad.gt/api/v1/halo_match?id=AU1D-0100-001728041093-QDRU72U7-2DJ2&halo_id=060ixe7ju6a65hicigj8bhbjf8jdl7a9lieuom2wi0e0ysuiuqw4gsgwo4wk02e60
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.209.157.212 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-209-157-212.us-west-2.compute.amazonaws.com
Software
nginx/1.27.1 /
Resource Hash
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache
content-length
43
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
image/gif
server
nginx/1.27.1
topics_frame.html
securepubads.g.doubleclick.net/static/topics/ Frame 160A
0
0
Document
General
Full URL
https://securepubads.g.doubleclick.net/static/topics/topics_frame.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410010101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
2765
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000, stale-while-revalidate=3600
content-encoding
br
content-length
29417
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 04 Oct 2024 10:38:49 GMT
expires
Fri, 04 Oct 2024 11:28:49 GMT
last-modified
Mon, 30 Sep 2024 19:42:40 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
join-ad-interest-groups.html
proton.ad.gt/ Frame D222
0
0
Document
General
Full URL
https://proton.ad.gt/join-ad-interest-groups.html
Requested by
Host: p.ad.gt
URL: https://p.ad.gt/api/v1/p/359
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:17ea , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
ad-auction-allowed
true
age
767
apigw-requestid
fHsjXi7nPHcEJIw=
cache-control
max-age=14400
cf-cache-status
HIT
cf-ray
8cd4cee79f4f08fc-LAX
content-encoding
br
content-type
text/html
date
Fri, 04 Oct 2024 11:24:54 GMT
last-modified
Fri, 04 Oct 2024 10:19:52 GMT
server
cloudflare
supports-loading-mode
fenced-frame
vary
Accept-Encoding
cookie_sync
amspbs.com/
1 KB
2 KB
Fetch
General
Full URL
https://amspbs.com/cookie_sync
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.135.116.123 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-135-116-123.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
9dee7ac7401f0813ca71d57c22749a90afb536eebac2715fc31dc915ef801ddb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
0
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
1351
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding, Origin
auction
amspbs.com/openrtb2/
51 KB
28 KB
Fetch
General
Full URL
https://amspbs.com/openrtb2/auction
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.135.116.123 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-135-116-123.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
50d2f0adbeb165610f0de75ae164a1e2518cf175a461609b03818e6a2d831537

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
observe-browsing-topics
?1
expires
0
access-control-allow-origin
https://trojan.iamvip.us.kg
date
Fri, 04 Oct 2024 11:24:54 GMT
x-prebid
pbs-go/2.27.1
content-type
application/json
vary
Accept-Encoding, Origin
translator
hbopenbid.pubmatic.com/
0
116 B
Fetch
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
207.65.37.179 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
https://trojan.iamvip.us.kg
date
Fri, 04 Oct 2024 11:24:54 GMT
access-control-allow-credentials
true
pb
ad.360yield.com/
0
104 B
Fetch
General
Full URL
https://ad.360yield.com/pb
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.228.185.44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-228-185-44.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

date
Fri, 04 Oct 2024 11:24:54 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
access-control-allow-credentials
true
pb
ad.360yield.com/
0
104 B
Fetch
General
Full URL
https://ad.360yield.com/pb
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.228.185.44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-228-185-44.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

date
Fri, 04 Oct 2024 11:24:54 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
access-control-allow-credentials
true
pb
ad.360yield.com/
0
104 B
Fetch
General
Full URL
https://ad.360yield.com/pb
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.228.185.44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-228-185-44.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

date
Fri, 04 Oct 2024 11:24:54 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
access-control-allow-credentials
true
pb
ad.360yield.com/
0
104 B
Fetch
General
Full URL
https://ad.360yield.com/pb
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.228.185.44 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-228-185-44.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

date
Fri, 04 Oct 2024 11:24:54 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
access-control-allow-credentials
true
unruly_prebid
targeting.unrulymedia.com/ Frame
0
0
Preflight
General
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.194.240.11 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://trojan.iamvip.us.kg
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Accept-Encoding,Origin,Accept-Language,X-CSRF-Token,x-unruly-override
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://trojan.iamvip.us.kg
access-control-max-age
1728000
content-length
0
content-type
text/plain charset=UTF-8
date
Fri, 04 Oct 2024 11:24:54 GMT
prebid-request
onetag-sys.com/
15 B
415 B
Fetch
General
Full URL
https://onetag-sys.com/prebid-request
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.222.239.232 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ip232.ip-51-222-239.net
Software
/
Resource Hash
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

strict-transport-security
max-age=15552000
cache-control
no-transform, no-cache
content-encoding
gzip
access-control-allow-credentials
true
access-control-allow-origin
https://trojan.iamvip.us.kg
alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
p3p
CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
content-length
41
content-type
application/json
access-control-allow-headers
content-type, origin, referer, user-agent
c
prebid.a-mo.net/a/
1006 B
1 KB
Fetch
General
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.195.55 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
c1d85c78597220ff9282f8eac179e9b0eaaf3be17a5d169c6ebe90e7f2d0bd74

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
max-age=0, private, must-revalidate
content-encoding
gzip
x-envoy-upstream-service-time
177
access-control-allow-credentials
true
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
485
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
application/json; charset=utf-8
vary
origin, accept-encoding
server
envoy
v1
prg.smartadserver.com/prebid/
1 KB
2 KB
Fetch
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
147.135.119.114 , United States, ASN16276 (OVH, FR),
Reverse DNS
ip114.ip-147-135-119.us
Software
/
Resource Hash
9a0858b1da603cca03d986a56869b18d35259adae16406e1734f4ae45cb36d1d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

transfer-encoding
chunked
cache-control
no-cache,no-store
content-encoding
br
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-origin
https://trojan.iamvip.us.kg
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
application/json; charset=UTF-8
vary
Accept-Encoding, Origin
v1
prg.smartadserver.com/prebid/
805 B
2 KB
Fetch
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
147.135.119.114 , United States, ASN16276 (OVH, FR),
Reverse DNS
ip114.ip-147-135-119.us
Software
/
Resource Hash
bf7aa4745c5816c5cee5dbbfdca54ffef9ad0cf4b84b99291ad3bc160967035e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

transfer-encoding
chunked
cache-control
no-cache,no-store
content-encoding
br
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-origin
https://trojan.iamvip.us.kg
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
application/json; charset=UTF-8
vary
Accept-Encoding, Origin
v1
prg.smartadserver.com/prebid/
794 B
2 KB
Fetch
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
147.135.119.114 , United States, ASN16276 (OVH, FR),
Reverse DNS
ip114.ip-147-135-119.us
Software
/
Resource Hash
32d176449bbf8dbdc0ed4c99755ec0c4b0cc21133644020cb2796db68f174782

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

transfer-encoding
chunked
cache-control
no-cache,no-store
content-encoding
br
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-origin
https://trojan.iamvip.us.kg
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date
Fri, 04 Oct 2024 11:24:53 GMT
content-type
application/json; charset=UTF-8
vary
Accept-Encoding, Origin
v1
prg.smartadserver.com/prebid/
1 KB
2 KB
Fetch
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
147.135.119.114 , United States, ASN16276 (OVH, FR),
Reverse DNS
ip114.ip-147-135-119.us
Software
/
Resource Hash
cb1b93d088e104c98f142741928879047801277684b7a62b57839617f3e50ce2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

transfer-encoding
chunked
cache-control
no-cache,no-store
content-encoding
br
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-origin
https://trojan.iamvip.us.kg
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
application/json; charset=UTF-8
vary
Accept-Encoding, Origin
prebid
ib.adnxs.com/ut/v3/
496 B
2 KB
Fetch
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.208 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
1b0a1223eb6a2c991fc1232aa8898096f98d811789a91df35063b9180adf8dc4
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
162.245.206.247; 162.245.206.247; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
an-x-request-uuid
0bc11b7a-0449-4ab7-aa59-676fb2ee6eed
content-length
496
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Fri, 04 Oct 2024 11:24:54 GMT
x-xss-protection
0
content-type
application/json; charset=utf-8
server
nginx/1.23.4
fastlane.json
fastlane.rubiconproject.com/a/api/
375 B
409 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23260&site_id=367072&zone_id=1996582&size_id=15&rf=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&tg_i.domain=trojan.iamvip.us.kg&tg_i.page=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&tg_i.name=whatismyip&tk_flint=pbjs_lite_v8.49.0&x_source.tid=dca67e89-83fe-40e2-8704-db2f00b4e000&l_pb_bid_id=576ecd4cc2ad978&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=c0bbdc87-8a37-4896-a7c3-e87f94a2dd69&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.5632268785880876
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
18c6b61251d5e75e4ddf7eb99fb3149388d547cefedc627251c4adacebc2fa22

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
375
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.21.4
fastlane.json
fastlane.rubiconproject.com/a/api/
375 B
409 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23260&site_id=367072&zone_id=1996582&size_id=15&rf=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&tg_i.domain=trojan.iamvip.us.kg&tg_i.page=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&tg_i.name=whatismyip&tk_flint=pbjs_lite_v8.49.0&x_source.tid=dca67e89-83fe-40e2-8704-db2f00b4e000&l_pb_bid_id=587fad5075fbe9c&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=7beecd34-d1e7-41d5-9923-24428b029a5e&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.36872454307007874
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
f9c8e31f9b2aab8055d29fee46b9eec457291534f6dccd06cf644fd2d233e060

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
375
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.21.4
fastlane.json
fastlane.rubiconproject.com/a/api/
374 B
586 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23260&site_id=367072&zone_id=1996582&size_id=2&rf=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&tg_i.domain=trojan.iamvip.us.kg&tg_i.page=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&tg_i.name=whatismyip&tk_flint=pbjs_lite_v8.49.0&x_source.tid=dca67e89-83fe-40e2-8704-db2f00b4e000&l_pb_bid_id=599c8f871bdf26&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=45e3b656-6cc3-41c1-9093-26a478a9a3f5&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.00010273526599102745
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
127ec6e87ef138e16ca621a508ae190e176327c70b09ee4eadd4b1b6a5c2c8e7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
374
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.21.4
fastlane.json
fastlane.rubiconproject.com/a/api/
374 B
408 B
Fetch
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23260&site_id=367072&zone_id=1996582&size_id=2&rf=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&tg_i.domain=trojan.iamvip.us.kg&tg_i.page=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&tg_i.name=whatismyip&tk_flint=pbjs_lite_v8.49.0&x_source.tid=dca67e89-83fe-40e2-8704-db2f00b4e000&l_pb_bid_id=600427c7ce0ac22&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=dab2824b-94be-4532-9b0b-84e9dc7ef99f&rp_maxbids=1&m_ch_mobile=%3F0&slots=1&rand=0.9476469368579694
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
f5cd7d2edd3e7fe3be138cd47c63f228947615ede3f8f8f358a1527f1c3a16e6

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
374
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.21.4
trinity.json
apex.go.sonobi.com/
684 B
1 KB
Fetch
General
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%22629c0b6a5bb1261%22%3A%22bd389b96374b14231fff%7C300x250%7Cgpid%3D%2F21824729475%2Fwhatismyip-what-is-my-ip-homepage-desktop-300x250%2Cc%3Dd%2C%22%2C%2263389f3a22c045f%22%3A%22bd389b96374b14231fff%7C300x250%7Cgpid%3D%2F21824729475%2Fwhatismyip-what-is-my-ip-homepage-desktop-300x250%2Cc%3Dd%2C%22%2C%22644a875bdc26b3c%22%3A%22bd389b96374b14231fff%7C728x90%7Cgpid%3D%2F21824729475%2Fwhatismyip-what-is-my-ip-homepage-desktop-728x90%2Cc%3Dd%2C%22%2C%22653f9eb09b0dd0f%22%3A%22bd389b96374b14231fff%7C728x90%7Cgpid%3D%2F21824729475%2Fwhatismyip-what-is-my-ip-homepage-desktop-728x90%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&s=00875bb4-23ce-46a6-8731-60f9ee11070f&pv=d2a34bc6-6a1b-482c-8ac9-b105fc719d23&vp=desktop&lib_name=prebid&lib_v=8.49.0&us=5&iqid=null&fpd=%7B%22source%22%3A%7B%22tid%22%3A%22dca67e89-83fe-40e2-8704-db2f00b4e000%22%7D%2C%22site%22%3A%7B%22domain%22%3A%22trojan.iamvip.us.kg%22%2C%22publisher%22%3A%7B%22domain%22%3A%22iamvip.us.kg%22%7D%2C%22page%22%3A%22https%3A%2F%2Ftrojan.iamvip.us.kg%2F%22%2C%22name%22%3A%22whatismyip%22%7D%2C%22user%22%3A%7B%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F129.0.0.0%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%2C%22sua%22%3A%7B%22source%22%3A1%2C%22browsers%22%3A%5B%5D%2C%22mobile%22%3A0%7D%7D%7D&ius=1&coppa=0
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f350:3:2569:0:10:0:a , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
2a17f73254b781fcdf538f95d72c09b4bb45cd179ed8a58ea819ead8f134f111
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, private
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
expires
Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
371
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date
Fri, 04 Oct 2024 11:24:54 GMT
tcn
Choice
content-type
application/json
vary
negotiate,Accept-Encoding
server
sonobi-go
x-go-server
go-iad-2-6-184
x-xss-protection
0
unruly_prebid
targeting.unrulymedia.com/
0
167 B
Fetch
General
Full URL
https://targeting.unrulymedia.com/unruly_prebid
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.194.240.11 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
content-type
application/json
Referer
https://trojan.iamvip.us.kg/

Response headers

access-control-allow-origin
https://trojan.iamvip.us.kg
cache-control
private, max-age=0, no-cache, no-store
date
Fri, 04 Oct 2024 11:24:54 GMT
pragma
no-cache
access-control-allow-credentials
true
aps_csm.js
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 2664
6 KB
3 KB
XHR
General
Full URL
https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by
Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.115.149 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-115-149.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

access-control-max-age
3000
content-encoding
gzip
etag
W/"a4d296427fc806b21335359e398c025c"
x-amz-version-id
r5.lR.LJ66XEXzxUUVo7iMemjL_F_GoE
access-control-allow-methods
GET
x-cache
Miss from cloudfront
x-amz-cf-id
XnuoVlc9SBC8eBFPIH6Zlf5wTZt2uieNoZjMBTbl9Y-hAS7pt3vN2g==
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
application/javascript
vary
Accept-Encoding,Origin
last-modified
Thu, 29 Feb 2024 02:13:08 GMT
cache-control
public, max-age=86400
via
1.1 6741f9acf28bc52b25f06e9986a71e26.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
JFK50-P3
server
AmazonS3
x-amz-server-side-encryption
AES256
liveInternalSsp.php
rtb.primis.tech/live/ Frame 2664
64 B
551 B
XHR
General
Full URL
https://rtb.primis.tech/live/liveInternalSsp.php?sspData=%7B%22enc%22%3Atrue%2C%22comp%22%3Atrue%2C%22data%22%3A%22%5C%22rJlgWygm2mvT%2FTWclT5IRq2qR1frT%2FkNLg5kLihWtxuIQxjSHIKUbia1p7boIEFZmh5MoUyFSQAB9OX06QnbV6hoV9PcQqr4iccql%2Fqix%2FGCsx%2FXhBnziDGZqCsSgGa%2F%2BdfojROxgv2ojT2NnXL9TcsSOEy881F%2BT8Piir9sJd9Wg%2F4WxmW%2BrT73Qhl12r39AgP5G2y0yUe1iRpN18VVfyu1paPic1Oyr82U4lz4%2B2AloR9l3FPbfhaiz0z3docuU5XM8S1q8fqlfvB5dWg23n%2B20mZIMiOddomnd%2Byi2aYmsX7f7f%2F0jnS66Zo1mp2P5infu292T41yvpT%2BgT26lGXcieYF387q1aU970mZ%2Fht6MPiHiv8s9IyA722z8%2B6OnMYihaoGrz%2FGXX6pKghgSch2wfQ6h2rNhT8bxXPY30KZ6k3p0HW9g3%2BZPFricarLMplZiP6sCUjOcCVrb%2BTH1sLopi5s%2BHZqVoa%2Bdwr%2FG4l%2FW8kW49zSuim%2B9gP7q7kAxcfaLJi8cgMaS0PW3zB3x%2BzopUIiND6dencNNIWXLyr9XLPZ%2BM10Mh%2F7IcOMJcOe8XjCAPyOVVWX9UVHBNhh2TvbMttv3HwTyyxrb3msNJXwe3q4N7X9efdkUpXBVOPWwZ923NGi9NwYWa%2BhL3tVaQ%2B1Onw09GBmx54hC%2BbrVAw%2Ffl4tVrr2hhRkf4XiawprLfmTNB6Sip4itd3WW13HEPgHkdwUeasGPkd5lld%2FcurSGgn2qDFzIm9%2B1Q%2FKhq%2B6UouOhh40eokk0BYnmvrosPtj6hPHFfe05etbeL%2F1dDsONL2nk%2BNk7PSTKTM7Tz3Rf6NOEnfDMUBuw7ng037j%2FUMigK2C1N4EoRiBYeapoePxnw5sLeOrFPWP5wNC%2Bm4LcLO4xXTuuhgU7SY12qwWiR6Y%2FHkQgFm6Ry0c8OAban70nL5ZmUqXS3U1WflT1VLPqTZZRWHYp%2BzExfmv1y8yiqWA93Wr26MrJeyMo9eqsoz1qnGnv2txQ4sAaElWVlGaQZ3phD0c7wMC0uf4QkC8v%2Bs6%2FDw68KU3fvbdZXZy0JmViybyyPD6udZW6VPM%2Fa7UXn3%2FXKid1rjWpvlzq7thQk8xzq36zZnpGnsXGTqOVgPyoPzzc7Sd1uhTsXChhv8mmQzvf0x0ftPd%2BsuMd8A14wo3R7O57Re9TLW0XnJBqD1d1Zk1urbAiV%2Bc%2B%2Fz4SFsh8%2BeGXY%2BA8QB2bL0%2BoMgG16XKo9dTew9s4wjNh8SEewKtG%2FXSALxdE8jH1l%2FrXPzfaXZSA9IBskhVBVZEn8jvtN5dxtlvqzpPY8OGyGBHpPqN%2FYkO3%2BXWrbTMk4xXAOEYO6ZSqVNGOJbImDkMD497FQtC12RMntQ7yFyyYn7PsTFBqNdkKsL5CBtnVoUcwBiDTPXBG%2BxO7XLNnGa%2FU258Ni%2Bi7rX5qVi%2Fi8m%2FlF57Pe8m5o%2BoH%2BDhxoc5EUrpkaTZF6%2BuewoZ9cLwwLhm4Mi70wW1VtlH2sVW5Q7%2B4oBM931%2BrFoQT6v66Wv8QLEU8bMa%2FuKF2TaZKbqKKMSJzKHRKZsyaig6iTl9uVLqymAR1%2F5sCz7saRZRF9flwK%2FC0PWyMLb8PAj8oUCZuW72Nxv9hFy2Y3sVjEy3D3%2B8c9LQM7diDo5Jhi3Whz9RhwXhY4H0xTYbb5dQQJd69Y4c1pHfFAdjq6epgXH5IRhwevl5SA2cBSOVmnAPSsa6ZaI1YahHGlxR%2Fn5PR1g3STPzRZxz4gPZsLyYmPfK19%2FkvoZf%2FqZBoUY7oDQtnJJBrViS5MaGWhjIYYFE0p9SH%2FMTUvq9gkUETZAjpS1QqOLDgn4BNNWGJdYosPKLy4U%2F9p7Wbsk8SUy%2F9mM9n%2B20dtznn9rCwTHPha3C5oFcM%2FekH33UrY6SEg%2FivrM1oQPXh1cVr6L%2FqWVmEOt6UzX9YKf2k26tbQx6yVGxnX%2FmCwbxTCK8odlylwzPABKEthfgDJL5eb9fAFbA1eU1IrN0jpueLEqtSan6bJ%2FV%2FhRMdiIp0vQArgaQL3Sxr11p6hwQ%2BQ5CPEnx4YaG2kLo813Ynx9zPyszP4Gdpo8WG515qrISVvn81S6gTrsytKOXNU04k0StIudDXXie%2FkkzKExiQ23tuKTBHwlJwTdz%2FR5iAZPiPTjSc9vQHUvSPn8r5N5Qe1%2Bh2SgdIfMxRBMJ74OSyIg4UWMev58AT%2FJv0KXSFukMh1JetqNujKtYLuIiLOkDDAFVxu4iOV%2B0oXBxQiPCBz3NmXkGb2gK%2BlLNcvVRU%2BfnfX0L5coBVmw%2BGSdUn%2Bq1lC%2FmtwwSyCaAuil5Y6x2WzZ2zxAx6xMj7zxtl%2BvtphLK2F2x7TUeSM51EfSJ3rJCYFhjfY%2B2moPRubohW7rBQVtGHaoEJPReC33c9%2BdZq3t0C8G35mtJISyZ9XN0krdrSsaFCk8pWBL3JK8XQ%2BPRrYMI1vHU5ALg13Mxi%2FNoPoebKeh%2BuCmKeEHNc19bdxLktYop5b6zIs4TBUub7krnFbM5MQxxiUY%2BIEzJe3iDWFfv%2FIqWUyyu4CQnS%2BfGh5W%2FUCromfNU8IYt6vTKmNZXOOLdb%2FusOcfw3480mqFMwt0urQqlgUsiDo55v50esaif0QyPpcQbYiAGdLMAHLGqzyjR0O0trTKO2%2BPQwAZvZ45bH3Ej53cLt4ClUfwuhBqJLQMEycJyrAXUQnkQeB1HgnA1q7QpSeR2g4fRqWnZPzIbExaerlnSZCIEDCWcN8nqUjt%2FsOb%2FW%2B9Mait78EQWLFz42HVfVIfvEOjjtIOsdY%2F%2BZf91K3GUNIPXOADMwf8HPAM65fuh5SgE4x9XwNYBOBzoeH4tWknoWzxiG2Z1YvvK8wpp5ZrbZblpxewKPzxHARAXXQB6YdaZHoll9mlKXgSiqKIUjMkB1ZUNLC9KQEcXlT1oi2R52ubhclI7lCrG9iR9RujFgCriHwzHoHHAGOWpTab6jokMbFVgCoIriThK2%2Bq5TJmDLehUMASJjgWJjZ43ooYg2VSMmYee8zBdW1IyPTQTm0ceojjcuZSrYhzI3kugbw7c8UaCDbFAvmIAOgiAGME0R8XV2xgElcI6kgAO5RQXywAuLsALlbzKD7MhpDuSqppTHTs9C07iYbNMtWOcATQ60dBv%2BSlHtAEYKOjyKMxZXW2GTfUJKS2vskvHjOXUJwmOsvkoVFM8J8baaGhmMVwvHV0lycBqkI77UrzUuzW6EErLRv8xZJ4aTBk%2BE5k734Xx6dxeJMmFMCfF52L3kLFj3NPN2FUJUqLF9MabSSjS3JHheYjvh6NvUTIiCx%2BUzIJBCCWyHl3CDF9bkR3rgSuprC6HNR15RUwZB0CANyp7KBEcXZAyBEOvKLmANau9cydsz0X4swvW2LIfe2sYusmiORcEYVGjGaYuTz4D7sUmxcoU%2BXb2JE%2BnxKpAFqpxCz90r9zkgl93HfmCD5LvGwkun3awHtWZoBtxyLqgDRFczT0rahX0AI25vBPs6uzDo7X2MsMCbCvbQbCJ7dwKOQRjQxb9XtgO2l09CcKUTzf4eeXw%2FMI3qKlTt%2B4YvuA4ZFXdzOIj%2Bnjd6W6FtKkPlCaMAzL1F4NpZDSpqxPyM%2BOgXLmGxltzOY1flObm7PrKTWuosuj5DPuYFt71QSejSPBZ0qpf9FAi2ZxgJ50%2Bf3wA%2Bj0CkkuOxlKp%2B7M7GxUuDtlK60cowf5mwcTyOoDCLxhsCF%2BMkMVQplCRRAP3qVuqDHzXfNdkKDJgdaGYkIXfWZCIsZa7OIdQtaglA0UpUUmQFyNfLFYpJtWSkBp402sxO%2BAw2cGTjwTvYEvlw6XGEl3nIDOh84uLkH%2BpYS0qBvHRKxqO4CzPAf6sjIpm%2BIfylH%2B3KHQqlzYGIY4IsVHkQfesK87dgiSoJoZXyKbLVT%2BkssiUuYRE27pEp%2FATq28KE8KLvVjdlJ%2FUMD4IBXB0L4tszwTtQfFRlhTObY4lAcWJJK%2F%2FvENIxC2HvN%2FoJbbSyfr1JAyJw8wrTEvukdBzCrODMwBkgH%2Fb2DQppdLEc%2FN5etTr4iEMa2yCK6jeJZhIsa6CjPS2sLnByQcXeOh%2FE0137H%2FvnXl%2BwKg3X9%2B0FXNfy8K7YN1bAarswmc0u5eM7lHOnjPS4Z7UuIiEYyI5f4P8PyevOKR7i%2B3PDTTvvte0EEznQliSmfiRFpUF6zdEFEhrI2uAXX3uQiPUYfKjOm87Nbw2xhpHCJ3ZsKDlDBhg2fZI2SxSR5WgFEOtwojeP724fOJbW0O1TI44BaVi0CUhQAe5R4vAyLqzXInleZz0w1TeIPKvA5ka5kXa22O%2B1BDscIn1qmvaEBfHCBp4DE85rtzJtVqxhxIJlYek8gMYKVkfKkUD73myHDeUCrEUu8uLVVKAZwuykJxha6J5G1IKZm1R2%2FhNzoQtjIBmWyCPo1gsSe19rPgJeFiJmnzdNmjoc1hrRon7bKchkjmB5KCbyq09L4ldE1oiqa6zQNHGXxAgkm73Lh7xniDsCbEYxxPnjDEfBu5WODJHLMjG1a8vtnTSDQCiT2AvFPAYInqkZ8pnpxLEZ3FrYgcG8f0DspQKEYDwCtZf0od0woZNeWi9YZeEkfE484ltSul8fFyOaaB9krF3R1Sw1klpYBI8I9EDumjem1xSOQeDF%2Bmh%2FpGQP1kps8HZq7k3DA9sGtRGva9y8QaU4Gxk0Bx%2Fl%2FEPRiAUb6w6RmT4vjWI1T%2FViifOLcZw2%2BGsb9CFskPjjXH3fBlaMUB2s77ew38L9WPY3i2%2Fv%2FZSDs6mA25v1nJDnFSopnhsCzTR2NTziRLUQXLRtlJ6vt5dX6MvWKM0XNMDMijmCBr6t%2F57f8n%2Fp%2FbabU0TabMgohu4ZZJ0anbKT7w6JVo9I5Wa8A8jLkp1dC07vycJvKDrYjPKjP%2BzdNdLH5nsNsMDfqXg367s0eb%3D%5C%22%22%7D
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_29.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2510:1600:1a:5235:f980:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
6739f353b673753b2573c675259213e096ac48d732f9bf72936ed6565bf3e6f2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
age
0
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
OjoNzyswDywmKOh6wseQ1hgVeFsDDoaRWRK6o3RxcQ2udx0uxd-9UQ==
date
Fri, 04 Oct 2024 11:24:54 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
cache-control
no-store
pragma
no-cache
access-control-allow-credentials
true
via
1.1 9750f5ee94b45ad0faba87b3fac2aad6.cloudfront.net (CloudFront)
access-control-allow-origin
https://trojan.iamvip.us.kg
x-amz-cf-pop
JFK50-P5
server
nginx
xdEizrWJ.js
tpc.googlesyndication.com/sodar/ Frame 2664
41 KB
15 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/xdEizrWJ.js
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/pal/pal.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c5d122ceb58926c5fc3da5d1d664684af89e5dc8f6ee490449ef4e1f4f1da790
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
age
1204
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Fri, 04 Oct 2024 11:54:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 11:04:51 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=3000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
15273
x-xss-protection
0
server
sffe
ecommerce.js
www.google-analytics.com/plugins/ua/
1 KB
717 B
Script
General
Full URL
https://www.google-analytics.com/plugins/ua/ecommerce.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
age
2043
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options
nosniff
expires
Fri, 04 Oct 2024 11:50:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 10:50:51 GMT
last-modified
Thu, 20 Jul 2023 22:48:00 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
content-length
630
x-xss-protection
0
server
sffe
ec.js
www.google-analytics.com/plugins/ua/
3 KB
1 KB
Script
General
Full URL
https://www.google-analytics.com/plugins/ua/ec.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
age
2043
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
x-content-type-options
nosniff
expires
Fri, 04 Oct 2024 11:50:51 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 10:50:51 GMT
last-modified
Tue, 27 Jun 2023 17:28:00 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
public, max-age=3600
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
content-length
1129
x-xss-protection
0
server
sffe
cm
u.openx.net/w/1.0/ Frame A273
0
0
Document
General
Full URL
https://u.openx.net/w/1.0/cm?id=891039ac-a916-42bb-a651-4be9e3b201da&ph=a3aece0c-9e80-4316-8deb-faf804779bd1&gdpr=&gdpr_consent=&r=https%3A%2F%2Famspbs.com%2Fsetuid%3Fbidder%3Dopenx%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%7BOPENX_ID%7D
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.98.64.218 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
218.64.98.34.bc.googleusercontent.com
Software
OXGW/0.0.0 /
Resource Hash

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding
gzip
content-length
619
content-type
text/html
date
Fri, 04 Oct 2024 11:24:54 GMT
p3p
CP="CUR ADM OUR NOR STA NID"
server
OXGW/0.0.0
vary
Accept, Accept-Encoding
via
1.1 google
gen_204
pagead2.googlesyndication.com/pagead/ Frame 2664
0
0
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?length=928&loaderinit=1728041093920&nonreq=1728041093920&nonload=1728041094770&srvcstrt=1728041093912&srvcend=1728041094766&lid=1&sdkv=h.0.0.0&palv=1.32.0&e=44752657%2C95322027%2C95326337%2C95331589%2C95332046%2C95336957&id=pal_html5&c=1635792597877908&domain=trojan.iamvip.us.kg
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/pal/pal.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Fri, 04 Oct 2024 11:24:55 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
sodar
pagead2.googlesyndication.com/getconfig/
17 KB
13 KB
XHR
General
Full URL
https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202410010101&st=env
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410010101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
b77af814384dc8b101d530e4f234e652906835ae3cd5cb55d41c6b075e011536
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

timing-allow-origin
*
content-encoding
br
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
12980
date
Fri, 04 Oct 2024 11:24:55 GMT
x-xss-protection
0
content-type
application/json; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
ads
securepubads.g.doubleclick.net/gampad/
429 KB
220 KB
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/gampad/ads?pvsid=289524567482740&correlator=502762668236372&eid=31085739%2C31087358&output=ldjh&gdfp_req=1&vrg=202410010101&ptt=17&impl=fifs&iu_parts=21824729475%2Cwhatismyip-what-is-my-ip-homepage-desktop-300x250%2Cwhatismyip-what-is-my-ip-homepage-desktop-728x90&enc_prev_ius=%2F0%2F1%2C%2F0%2F1%2C%2F0%2F2%2C%2F0%2F2&prev_iu_szs=300x250%2C300x250%2C728x90%2C728x90&ifi=1&sfv=1-0-40&eri=1&sc=1&cookie_enabled=1&abxe=1&dt=1728041095052&lmt=1727732589&adxs=170%2C1130%2C436%2C436&adys=3376%2C3376%2C2941%2C3645&biw=1600&bih=1200&scr_x=0&scr_y=0&btvi=1%7C2%7C3%7C4&ucis=1%7C2%7C3%7C4&oid=2&u_his=1&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&u_tz=-600&dmc=8&bc=31&nvt=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0.&url=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&vis=1&psz=300x250%7C300x250%7C728x90%7C728x90&msz=300x-1%7C300x-1%7C728x-1%7C728x-1&fws=4%2C4%2C4%2C4&ohw=1280%2C1280%2C1280%2C1280&td=1&tan=de8d8646-67ed-4a62-a2c6-4b70fe69caf3%2Cde8d8646-67ed-4a62-a2c6-4b70fe69caf4%2Cde8d8646-67ed-4a62-a2c6-4b70fe69caf5%2Cde8d8646-67ed-4a62-a2c6-4b70fe69caf6&tdf=2&topics=1&tps=1&htps=10&nt=1&psd=WzE1LFtdLG51bGwsM10.&dlt=1728041091065&idt=2976&prev_scp=%7Chb_cache_host_sharet%3Dcache.amspbs.com%26hb_format_sharethrou%3Dbanner%26hb_size_sharethrough%3D300x250%26hb_pb_sharethrough%3D0.10%26hb_adid_sharethrough%3D763120852eb2d06%26hb_bidder_sharethrou%3Dsharethrough%26hb_format%3Dbanner%26hb_adid%3D763120852eb2d06%26hb_size%3D300x250%26hb_pb%3D0.10%26hb_cache_path%3D%252Fcache%26hb_cache_host%3Dcache.amspbs.com%26hb_bidder%3Dsharethrough%7C%7C&adks=2351518156%2C2351518155%2C2970595351%2C2970595350&frm=20&eoidce=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410010101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
8b370040448c4d8a0e2ac16a4853c3ae635a2cfe4367a1bc3e068b3d920192f8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
google-lineitem-id
6772984715,6768946692,6767632018,6243313145
x-content-type-options
nosniff
google-mediationtag-id
-2
google-mediationgroup-id
-2,-2,-2,-2
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
text/plain; charset=UTF-8
google-creative-id
138487070854,138486130362,138485314599,138425841292
cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
224997
x-xss-protection
0
server
cafe
container.html
8e52cbf225f3b0141167904da14fac96.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 1AA5
0
0
Document
General
Full URL
https://8e52cbf225f3b0141167904da14fac96.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410010101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 04 Oct 2024 11:24:55 GMT
expires
Fri, 04 Oct 2024 11:24:55 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sodar2.js
tpc.googlesyndication.com/sodar/
18 KB
6 KB
Script
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410010101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
etag
"1727224258380615"
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
x-content-type-options
nosniff
expires
Fri, 04 Oct 2024 11:24:55 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
text/javascript
vary
Accept-Encoding
cache-control
private, max-age=3000
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
6445
x-xss-protection
0
server
sffe
/
hde.tynt.com/deb/ Frame 858B
Redirect Chain
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Famspbs.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26u...
  • https://de.tynt.com/deb/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Famspbs.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D33X...
  • https://hde.tynt.com/deb/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Famspbs.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D33...
0
0
Document
General
Full URL
https://hde.tynt.com/deb/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Famspbs.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D33XUSERID33X&id=zzz000000000002zzz&b=1
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.31 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip31.67-202-105.static.steadfastdns.net
Software
/
Resource Hash

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length
1765
content-type
text/html
date
Fri, 04 Oct 2024 11:24:56 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy
unsafe-url

Redirect headers

accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length
0
date
Fri, 04 Oct 2024 11:24:55 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
location
https://hde.tynt.com/deb/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Famspbs.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D33XUSERID33X&id=zzz000000000002zzz&b=1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy
unsafe-url
view
securepubads.g.doubleclick.net/pcs/ Frame 70D5
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsvzn26LB8pCJSlb-0RC_GXDel7J84VQG0wrgxdQRBy8ABHusFPxoG9tSPvRrgDPQDUQHs2GsKlFlOTgkbfLC4U0gtjyxm9sPV6Gs-W1I3Au13ZE37Xano_UULt-G1xoQyUfSvlY5Nzof0Tkuet3DV28uog3YYv_6kRsbQdkO69NWLxwfIUC3SzlAN1iZhJabj887Lrpx1WBXvpkDTi_9AG8ToMs-pjEyqzGGwD6WH9QlhaRH69ImhmzlsFTZFuxvhJSypHD5O9Z3nBUcxmIquCXT25-euFcScLDpVnNSKkXFVncuskQLe8Qx2-NvGDreKvw1_R6s2I13YTdo76_lsYuJb7OMQqrcorr0nztLfLXc48JRWLCLlKjhxsbZaPi11dcJARnN9aTWzd3noQqMhblybHRdQrGkuDoHe6Gr5z-NS_RiCeXNlcPKUxuMHv9Up6R3faLFRsriTgkFo-odojwN57GXA&sai=AMfl-YSir9uNhjMnq4xCza_7XPky9OMhzfrPGs2Ej_s1ZHj9Jhd4bpfKjPVIt0o7LYtshy25e6Sc3A-3jpXwcv70KJne8A7Hgy0R-7bXk6ji7495RR44-d2UkpXBCiA&sig=Cg0ArKJSzA7JqNg_Sya7EAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Fri, 04 Oct 2024 11:24:55 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
ttj
secure.adnxs.com/ Frame 70D5
7 KB
4 KB
Script
General
Full URL
https://secure.adnxs.com/ttj?id=33976887&cb=%5BCACHEBUSTER%5D
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410010101/pubads_impl.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.208 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
1aa91c2bf5d4cf391b6df03f189737c077faa58bd323c3156b88f0d2a0f712f8
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-store, no-cache, private
content-encoding
gzip
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
162.245.206.247; 162.245.206.247; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
1349f293-a760-4a1f-931b-1e5aedcb8df8
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Fri, 04 Oct 2024 11:24:55 GMT
x-xss-protection
0
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
server
nginx/1.23.4
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 70D5
206 KB
64 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410010101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
b0088124edc0322d5cc6c4385ca59c018ceb76790c907d13f1ee5be3dcc1a039
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
etag
7550679465687725357
age
2389
x-content-type-options
nosniff
expires
Fri, 04 Oct 2024 11:45:06 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Fri, 04 Oct 2024 10:45:06 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
65390
x-xss-protection
0
server
cafe
container.html
8e52cbf225f3b0141167904da14fac96.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame A2C6
0
0
Document
General
Full URL
https://8e52cbf225f3b0141167904da14fac96.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410010101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 04 Oct 2024 11:24:55 GMT
expires
Fri, 04 Oct 2024 11:24:55 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
view
securepubads.g.doubleclick.net/pcs/ Frame 1F23
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssAtx0xXw5kgcRQtnCL4CavHhJDh6oeAbQTjzuRsSgZCetdIMEHhHF-iXzmGqmMcQClNGAcFhJg72WrKBAbo4qVfWoySP_5JtzFnOdkxmHXmvZ7ycIWXomR0-KVAGMBlExQJO9an2ecS9MuDb69_LEURDeh7W46Dkug3VMzTt_Egp-u_UFpv4u0aE0qIv4tQc49RJbG62LSr8AkMMcCGfHSelTwN3z_sZbgcH9njlg8To7BxbsumzEvji9W7LHyYDYCmFA63CcDXS3osmc_r5zNieEACqmytTUvib87WYm_kP68y5iuFHnp8kjr8C-56883GAtuHZLzhwq1dxXp7znZK2tB0hIO07KUiSTvC_TA9I91CG7U-ePQi9o8aW_UIjriZceUV3Y85XdPrlgU1f4k7CpmTmhm5UHrPV9MYRB62IZmPyT7tOjDpncZZS47VlO0rOd0&sai=AMfl-YS0dZ-VIJ1fFbWU_AvHJmkUYve4v5zs8cW5ccLvahMSxX0ig-3aCMTfOzd3W36_fwkR26spbS2wi1UWHGH5IQGUIcntaMmikOTtsSye3ZwdDFeEynZIbz4gFg4&sig=Cg0ArKJSzPKM7Hcxge0SEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Fri, 04 Oct 2024 11:24:55 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
zone
ads.bidstreamserver.com/servlet/view/banner/javascript/ Frame 1F23
24 KB
6 KB
Script
General
Full URL
https://ads.bidstreamserver.com/servlet/view/banner/javascript/zone?zid=347&friendly=friendly_[random]&pid=1&fr=60&frlm=1&rmpid=true&random=[random]&encode=1&origin=https%3A%2F%2Ftrojan.iamvip.us.kg&referrer=[referrer]&cturl=[clickurl]
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.190.160.59 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
bidstream-sfc-03.advertserve.org
Software
nginx /
Resource Hash
cc1d13f6725a5b644efff0ff36863d6e6e022b4a82dc9792b61384a5acd10fd5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

Transfer-Encoding
chunked
X-Robots-Tag
none
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
Connection
keep-alive
Expires
Thu, 31 Dec 1998 11:59:59 GMT
P3P
CP="NOI DSP COR NID"
Date
Fri, 04 Oct 2024 11:24:55 GMT
Content-Type
text/javascript;charset=UTF-8
Vary
Accept-Encoding
Server
nginx
ufs_web_display.js
pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ Frame 1F23
206 KB
0
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410010101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
b0088124edc0322d5cc6c4385ca59c018ceb76790c907d13f1ee5be3dcc1a039
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
br
etag
7550679465687725357
age
2389
x-content-type-options
nosniff
expires
Fri, 04 Oct 2024 11:45:06 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
date
Fri, 04 Oct 2024 10:45:06 GMT
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
cache-control
public, max-age=3600, stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
content-length
65390
x-xss-protection
0
server
cafe
prebid
id5-sync.com/api/config/ Frame 2664
167 B
452 B
XHR
General
Full URL
https://id5-sync.com/api/config/prebid
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_29.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 Amsterdam, Netherlands, ASN16276 (OVH, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
2940655625cbe9168662c87a72288297d67e21a12ca7b63954003dc7bb0410f7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-origin
https://trojan.iamvip.us.kg
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
application/json;charset=UTF-8
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials
true
envelope
api.rlcdn.com/api/identity/ Frame 2664
0
0

id
id.crwdcntrl.net/ Frame 2664
75 B
831 B
XHR
General
Full URL
https://id.crwdcntrl.net/id
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_29.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.229.119.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-229-119-146.compute-1.amazonaws.com
Software
Jetty(9.4.38.v20210224) /
Resource Hash
c07dec93390c80e552ab378e5ee888d08ff201149692b56553329cfb1aed2640

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache
pragma
no-cache
access-control-allow-credentials
true
expires
0
access-control-allow-origin
https://trojan.iamvip.us.kg
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
content-length
75
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
application/json;charset=utf-8
x-server
10.40.15.2
server
Jetty(9.4.38.v20210224)
rid
match.adsrvr.org/track/ Frame 2664
108 B
739 B
XHR
General
Full URL
https://match.adsrvr.org/track/rid?ttd_pid=j6w8ta9&fmt=json
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_29.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
13a07f2a85b89e75be6a92c9fb0c33148e5a4537d90888e5eb4bef6ee9aee8b5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
private
content-encoding
gzip
access-control-allow-credentials
true
expires
Sun, 03 Nov 2024 11:24:55 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
application/json
vary
Origin, Accept-Encoding
server
Kestrel
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Content-Length, Content-Encoding, Vary, Cache-Control, Accept
container.html
8e52cbf225f3b0141167904da14fac96.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame F62B
0
0
Document
General
Full URL
https://8e52cbf225f3b0141167904da14fac96.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410010101/pubads_impl.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
br
content-length
2653
content-type
text/html
cross-origin-opener-policy-report-only
same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 04 Oct 2024 11:24:55 GMT
expires
Fri, 04 Oct 2024 11:24:55 GMT
last-modified
Thu, 03 Nov 2022 19:10:08 GMT
report-to
{"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
sync
gum.criteo.com/ Frame 70D5
51 B
715 B
Script
General
Full URL
https://gum.criteo.com/sync?c=30&r=2&j=cr_handle_data_a
Requested by
Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?id=33976887&cb=%5BCACHEBUSTER%5D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::12 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
acb5d519051cc13618e992a7df4bce6a980036dfbe2e17a970ec716194329f6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
private, max-age=3600
content-encoding
gzip
server-processing-duration-in-ticks
341693
expires
60
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
server
Kestrel
ttj
secure.adnxs.com/ Frame 70D5
5 KB
3 KB
Script
General
Full URL
https://secure.adnxs.com/ttj?ttjb=1&bdc=1728041095&bdh=NilDE3SIrVpxbmwVe3YATaqzEYk.&&bdref=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Ftrojan.iamvip.us.kg%2F,https%3A%2F%2Ftrojan.iamvip.us.kg%2F&&id=33976887&cb=%5BCACHEBUSTER%5D
Requested by
Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?id=33976887&cb=%5BCACHEBUSTER%5D
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.208 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
1a04de2ecdb30e2b206a752c68342a2708145246d03fc235022ca20591d48f8d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

content-encoding
gzip
expires
Sat, 15 Nov 2008 16:00:00 GMT
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
162.245.206.247; 162.245.206.247; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
x-creative-id
548711153
access-control-allow-origin
*
an-x-request-uuid
df00c527-0846-4e25-9014-e7908a899f97
x-xss-protection
0
server
nginx/1.23.4
LVEN46HQ.html
tpc.googlesyndication.com/sodar/ Frame F921
0
0
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/LVEN46HQ.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/xdEizrWJ.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
175521
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=31536000
content-encoding
gzip
content-length
8534
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Wed, 02 Oct 2024 10:39:35 GMT
expires
Thu, 02 Oct 2025 10:39:35 GMT
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
timing-allow-origin
*
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
runner.html
tpc.googlesyndication.com/sodar/sodar2/232/ Frame 5840
0
0
Document
General
Full URL
https://tpc.googlesyndication.com/sodar/sodar2/232/runner.html
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2001 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
682
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=3000
content-encoding
gzip
content-length
5005
content-type
text/html
cross-origin-opener-policy
same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy
cross-origin
date
Fri, 04 Oct 2024 11:13:34 GMT
expires
Fri, 04 Oct 2024 12:03:34 GMT
last-modified
Mon, 23 Sep 2024 18:12:21 GMT
report-to
{"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server
sffe
vary
Accept-Encoding
x-content-type-options
nosniff
x-xss-protection
0
aframe
www.google.com/recaptcha/api2/ Frame 347B
0
0
Document
General
Full URL
https://www.google.com/recaptcha/api2/aframe
Requested by
Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.164 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s81-in-f4.1e100.net
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Wxua36jxGMTZ8JiHGK9h3A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=300
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-Wxua36jxGMTZ8JiHGK9h3A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy
cross-origin
date
Fri, 04 Oct 2024 11:24:56 GMT
expires
Fri, 04 Oct 2024 11:24:56 GMT
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server
ESF
x-content-type-options
nosniff
x-xss-protection
0
code.min.js
media.bidgx.com/js/ Frame 70D5
42 KB
18 KB
Script
General
Full URL
https://media.bidgx.com/js/code.min.js
Requested by
Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?ttjb=1&bdc=1728041095&bdh=NilDE3SIrVpxbmwVe3YATaqzEYk.&&bdref=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Ftrojan.iamvip.us.kg%2F,https%3A%2F%2Ftrojan.iamvip.us.kg%2F&&id=33976887&cb=%5BCACHEBUSTER%5D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.170.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
30da98fecaf6b7cdb114b762d49fa2743cc5ba4f7853936889659a0707fd49dd

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
max-age=259200
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
HIT
etag
W/"66f6ca50-a931"
age
89759
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HLXFFYj%2B9Mz6aUHWD62Xdp2KKFvqgYsOaEz9f5HDE%2BUFCUVtfbd93k6O77b%2FrUCFfQLnkFrlOcQWuYP6RLq5BdGTQIT%2FSg3jD9tlnYscDSAPRYnBsDKpDr68iePTgAuGteE%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd4cef1ed3d521a-LAX
expires
Fri, 04 Oct 2024 14:55:38 GMT
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
application/javascript
last-modified
Fri, 27 Sep 2024 15:08:00 GMT
vary
Accept-Encoding
server
cloudflare
async_usersync.html
acdn.adnxs.com/dmp/ Frame DAAF
0
0
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html?gdpr=0&seller_id=1922&pub_id=2465685
Requested by
Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?ttjb=1&bdc=1728041095&bdh=NilDE3SIrVpxbmwVe3YATaqzEYk.&&bdref=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Ftrojan.iamvip.us.kg%2F,https%3A%2F%2Ftrojan.iamvip.us.kg%2F&&id=33976887&cb=%5BCACHEBUSTER%5D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.219.161.150 Philadelphia, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-219-161-150.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Fri, 04 Oct 2024 11:24:56 GMT
ETag
W/"623de86a-cf34"
Expires
Sat, 05 Oct 2024 11:24:58 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
trk.js
cdn.adnxs.com/v/s/246/ Frame 70D5
81 KB
28 KB
Script
General
Full URL
https://cdn.adnxs.com/v/s/246/trk.js
Requested by
Host: secure.adnxs.com
URL: https://secure.adnxs.com/ttj?ttjb=1&bdc=1728041095&bdh=NilDE3SIrVpxbmwVe3YATaqzEYk.&&bdref=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&bdtop=true&bdifs=1&bstk=https%3A%2F%2Ftrojan.iamvip.us.kg%2F,https%3A%2F%2Ftrojan.iamvip.us.kg%2F&&id=33976887&cb=%5BCACHEBUSTER%5D
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.219.161.150 Philadelphia, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-219-161-150.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
3ba9de84337ba208fdafeb484461b6bf4dbbef80edf27f7aceb44ebcba1a7518

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

Cache-Control
max-age=31536000
Content-Encoding
gzip
ETag
"e8ee9b193f2eb43cfd8dca60852635f9:1726038251.246527"
Connection
keep-alive
Expires
Sat, 04 Oct 2025 11:24:56 GMT
Accept-Ranges
bytes
Access-Control-Allow-Origin
*
Content-Length
27884
Date
Fri, 04 Oct 2024 11:24:56 GMT
Content-Type
application/x-javascript
Last-Modified
Wed, 11 Sep 2024 07:04:11 GMT
Server
AkamaiNetStorage
Vary
Accept-Encoding
it
nym1-ib.adnxs.com/ Frame 70D5
0
975 B
Image
General
Full URL
https://nym1-ib.adnxs.com/it?an_audit=0&referrer=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&e=wqT_3QLnCqBnBQAAAwDWAAUBCIeh_7cGELSj2cSIucenZxje2dbWncje31UqNgkAAAECCPg_EQEHNAAA-D8ZAAAAwPUo-D8hERIAKREJADERG7Awt-SZEDiCD0CCD0gCUPHV0oUCWLa8rQFgAGimndEBeIvLBYABAYoBA1VTRJIFBvBPmAGsAqAB-gGoAQGwAQC4AQLAAQTIAQLQAQDYAQDgAQDwAQCKAkB1ZignYScsIDEwMzA2NzQ0LCAwKTt1ZignaScsIDEwMTAyMTE4LCAwKTsBFTRyJywgNTQ4NzExMTUzLAEr8IuSApUEIW1GdzFtd2pscEx3ZEVQSFYwb1VDR0FBZ3RyeXRBVEFBT0FCQUEwaUNEMUMzNUprUVdBQmdsZ0pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFHb0FRR3dBUUM1QWI3UVRNVUFBQWhBd1FHLTBFekZBQUQ0UDhrQkFBQUFBQUFBOERfWkFRQQkOmFBBXzRBSG15dWdFOVFFQUFNQV9tQUlBb0FJQnRRSUsxeU04dlFJQQEt8FV3QUlBeUFJQTBBSUEyQUlBNEFJQTZBSUEtQUlBZ0FNQm1BTUJ1Z01KVGxsTk1qbzFORGs1NEFQQlI0QUVfcjZNRG9nRWpaT1BENUFFQUpnRUFjRUVBQQFaAQEIREpCAQcNARgyQVFBOFFRDQ4oQUFBSWdGLXlxcEIRExRQQV9zUVUBGgkBCE1FRgkJFEFBLURfShUoDEFCQTAuKAAETmsVKMA4RF9nQmZDVENmQUY2ZXpnRFBnRnVJbjFCSUlHQTFWVFJJZ0dBSkFHQVpnR0FLRUdBDWEsLUQtb0JnU3lCaVFKDRMBAQBSAQUNAQBaDQgBAQBoAQUJARhDNEJpaUJDCQ1cQUFQZ19pQWdBa0FnQZoCmQEhMlJJSGFnOhkCLExhOHJRRWdBeWdBTRX9UGdfT2dsT1dVMHlPalUwT1RsQXdVZBWNCDhEOR2NAEIdjQBCHY0IQnBBFQEEQngVCxRBQjRBSWs1jPDCOEQ4LtgC1gngAoecCuoCHGh0dHBzOi8vdHJvamFuLmlhbXZpcC51cy5rZy-AAwCIAwGQAwCYAxmgAwGqAwDAA9gEyAMA2AMA4AMA6AMA-AMBgAQAkgQEL3R0apgEAKIEDzE2Mi4yNDUuMjA2LjI0N6gEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANIEDjE5MjIjTllNMjo1NDk52gQCCAHgBADwBPHV0oUCiAUBmAUAoAX___________8BwAUAyQUAhR4U8D_SBQkJBQs4AAAA2AUB4AUB8AUB-gUEAWwokAYAmAYAuAYAwQYBHzAAAPA_0AbpBtoGFgoQCREZAXAQABgA4AYB8gYCCACABwGIBwCgBwHIB4vLBdIHDRViASYI2gcGAV3wfRgA4AcA6gcCCADwBwCKCEcKQwAAAZJXRo9YZ08dyIiWUbTbYQgEpOS7UTFg_U390j2ZjzLXkSIiNgGwW2h13Yi6wzLRCd8zNjk9z_Jeqc9zfkRLYhgQAZUIAACAP5gIAcAIANIIDgiBgoSIkKDAgAEQABgA2ggECAAgAOAIAA..&s=bda687b6a51170a2cf718cf9458001482c81188b
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.24 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
162.245.206.247; 162.245.206.247; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
42e14ce1-5c69-47cd-8131-b56284429d78
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Fri, 04 Oct 2024 11:24:56 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
truncated
/ Frame 70D5
212 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ab70857ce53f68d18c11478f6f4db8ba63719468a6e9245e6acc35b84fc4a8d8

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame 70D5
0
0
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Fri, 04 Oct 2024 11:24:55 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
pwt.js
ads.pubmatic.com/AdServer/js/pwt/161217/10689/1/ Frame D05F
230 KB
76 KB
Script
General
Full URL
https://ads.pubmatic.com/AdServer/js/pwt/161217/10689/1/pwt.js
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.51.57.13 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-51-57-13.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
bd80b5a3e423e057ec6ec0429e9d07fb8d680c4147fbb1ed55b42e6ff54c6fee

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
max-age=88782
content-encoding
gzip
expires
Sat, 05 Oct 2024 12:04:38 GMT
accept-ranges
bytes
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
content-length
77731
date
Fri, 04 Oct 2024 11:24:56 GMT
last-modified
Mon, 03 Jul 2023 17:47:02 GMT
content-type
application/javascript
server
Apache
vary
Accept-Encoding
prebid-bidstream-7.54.5.js
ads.bidstreamserver.com/js/ Frame D05F
366 KB
118 KB
Script
General
Full URL
https://ads.bidstreamserver.com/js/prebid-bidstream-7.54.5.js
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.190.160.59 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
bidstream-sfc-03.advertserve.org
Software
nginx /
Resource Hash
3fbe8ac4f89eadd638a12fc4e6911facc584fa3dfb822a5faef6b0cd60ac9c42

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

Transfer-Encoding
chunked
Cache-Control
public, max-age=86400
Content-Encoding
gzip
Connection
keep-alive
Expires
Sat, 05 Oct 2024 11:24:55 GMT
Date
Fri, 04 Oct 2024 11:24:55 GMT
Content-Type
text/javascript;charset=UTF-8
Vary
Accept-Encoding, Accept-Encoding
Server
nginx
Last-Modified
Thu, 04 Apr 2024 11:34:08 GMT
view
securepubads.g.doubleclick.net/pcs/ Frame 1F23
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjstMRWW16TWhd4j_1we8Zex0zckfGosmACy4FE1gD0zay2xyvBGtPXZhxIVFe84XkcERWUVt1jmWnmYxMsIpkIXln5gyWRhhUmDI29-iErjJVyX38juSaIKu5yTilKiYibc7DWPohlsYuBLyLCaSOnYaDAYqzviZw6Dm_SBJZWAUy7NVjXNhLddqMeXKmUw0qrlvXdqvxdE-KhQAf9g6mm6jkzXIzJdYDMVeJhdKDKXMGHWlUU2AoTzegy4GmmiH-KmtV7kJswLZTUCMAA6sN4T6hrG3J-hUExyaWXMn-imqMn0vpIpYlToS7F2YgL2zFkQTZl8gHhKEXiOq6bC9HN13IgDpRykWCOxTNfqjBKb6ZtH-fWNb1BF0UlOKsTs79P9o9vmQeIXVHFG3L0FYER_d_OM7wWVsaePWL7rn0cLYEGNX8EqHiFchgzPfGTPOJQZ3ZUpmDXk&sai=AMfl-YRvebfhqTDEfLWuQ6hi7FfreB34BNlTCpAEFr8_dD5ZXxr5iKzBLMrPhK2BJhEdU-2aPc6dZAauG-jMJIUIUWjcF8ZDmM_cmem18i367-tci7f7fcDF3pVNLS4&sig=Cg0ArKJSzFiRCXV4fBVQEAE&uach_m=%5BUACH%5D&urlfix=1&adurl=
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 04 Oct 2024 11:24:56 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Fri, 04 Oct 2024 11:24:56 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame 1F23
207 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
11582994f26fe838b1c72df0462ed744392a39cc223177347d530ff30d851208

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
gen_204
pagead2.googlesyndication.com/pagead/ Frame 1F23
0
0
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pagead/gen_204?id=av-js&type=reach&proto=CAlgAWACaAM%3D
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
0
date
Fri, 04 Oct 2024 11:24:56 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
liveView.php
live.primis.tech/live/
0
343 B
Image
General
Full URL
https://live.primis.tech/live/liveView.php?hash=ozcmPTEznXRiPTEzqzyxX2V2ZW50PTM2JaNypaZypyRcoWU9MTplODA0MTA5MvZ2nWRspGkurWVlVzVlPTMhMS4jJaM9MTE2ODAjJaN0YT0jJat9NwQjJax9NDQjJaZcZF9jYXNmRG9gYWyhPXRlo2cuov5cYW12nXAhqXMhn2pzp3VvSWQ9qHJinzFhLzyuoXZcpC51pl5eZlZxZWJ1Z0yhZz9loWF0nW9hPSZcp0FjpD0jJaNxn3Y9JaVmZXJJpEFxZHI9MzEjNCUmQWM2MDQyM0E2MTUyM0EkJTNBJTNBNlZ1p2VlVUE9TW96nWkfYSUlRwUhMCUlMCUlOFtkMSUmQvUlMEkcoaV4JTIjrDt2XmY0JTI5JTIjQXBjoGVXZWJLnXQyMxY1MmphMmYyMwAyMwuLSFRNTCUlQlUlMGkcn2UyMwBHZWNeolUlOSUlMENbpz9gZSUlRwElOS4jLwAhMCUlMFNuZzFlnSUlRwUmNl4mNvZwp3V1nWQ9NwZzZzQjODQ0NwZxNlZwo250ZW50RzyfZUyxPTAzoWVxnWFQoGF5TGymqEyxPTAzoWVxnWFMnXN0SWQ9MCZaZHBlPTAzZ2RjpxNioaNyoaQ9JzymV2VQYXNmR2Rjpw0kJzNwpGE9MSZwY3BuQ29hp2VhqD0kTx4gJzNvqXN0ZXI9MTplODA0MTA5NTx5MSZ1nWQ9U2VenW5xo1NQoGF5ZXI2NzZzZDA4NGFxNDx1JaB1YyVloD1bqHRjplUmQSUlRvUlRaRlo2cuov5cYW12nXAhqXMhn2pyMxYzZzkiYXRTqGF0qXM9ZzFfp2UzZWyxp3A9nWykJaB4nWQ9YwQ1NDVxYTQ3ZGM0ZTM3NDI4OTZyZTuuY2EmMTywN2Y=
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

x-cache
Miss from cloudfront
cache-control
no-store
content-encoding
gzip
pragma
no-cache
age
0
via
1.1 53a1f042d35b1ad7e45dd18908041b36.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
access-control-allow-origin
*
p3p
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
x-amz-cf-id
OSS9lV3DmBc-Ee69UTgM3HbCBIgcYQkrAvOmveipz6J3L85NaC9t4g==
date
Fri, 04 Oct 2024 11:24:55 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
x-amz-cf-pop
JFK50-P5
rotor
srv.bidgx.com/ Frame 70D5
0
439 B
Script
General
Full URL
https://srv.bidgx.com/rotor?data=JG1xcQJ%2BPGt2eGV2NXdlQHQ7QjUnInUDDRJkHmF4FjYhPyggXHY9Nyk7PCBpPzAbIjQTcxF3OQ19ESA1eXt2Lm41LGxnC3IieXxiYn96dwR5agBnIyMxUycKBQgGC2IaBwYGDGcIExwHeBwDcQsUZBljenYBCRR6HHU%3D_SPBA2XTVDMUPGJC5IS6AWQP0L7VXDJPB&ver=4.8.8&zones=%5B%7B%22id%22%3A%22121216%22%2C%22el%22%3A%22_9f870%22%7D%5D&__cb=0.7065818453634805
Requested by
Host: media.bidgx.com
URL: https://media.bidgx.com/js/code.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.170.105 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-store, max-age=0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding
gzip
cf-cache-status
DYNAMIC
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S8OgKczEXJbf0ThfnIAPbLYTnSV%2FB6zPYvOFHTYEpkp8DPDCM6H7kpxm%2Bc6dX%2FfGfd8XC0lSIMbmTMJVXA%2FcGFf0ybsftFTyxMmT5ofP8hSRs8mZ3xwsWJp98sbmhm%2FW"}],"group":"cf-nel","max_age":604800}
cf-ray
8cd4cef2fe2c521a-LAX
expires
Sun, 27 May 1979 00:00:00 GMT
date
Fri, 04 Oct 2024 11:24:56 GMT
content-type
application/javascript
vary
accept-encoding
server
cloudflare
v1
lb.eu-1-id5-sync.com/lb/ Frame 2664
45 B
291 B
XHR
General
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_29.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.95.33.120 , Germany, ASN16276 (OVH, FR),
Reverse DNS
ns3203256.ip-141-95-33.eu
Software
/
Resource Hash
1fd87175b6ea58f5e37928f5430552316319a3883f8fd13afa0d5ead6fb69270
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-origin
https://trojan.iamvip.us.kg
date
Fri, 04 Oct 2024 11:24:56 GMT
content-type
application/json;charset=UTF-8
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
event
amspbs.com/
0
124 B
Image
General
Full URL
https://amspbs.com/event?t=win&b=d8b4dbf8-1a6e-48d2-98f2-df19fce745d4&a=264&bidder=sharethrough&ts=1728041094469
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.135.116.123 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-135-116-123.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

expires
0
cache-control
no-cache, no-store, must-revalidate
date
Fri, 04 Oct 2024 11:24:56 GMT
pragma
no-cache
vary
Accept-Encoding, Origin
vevent
nym1-ib.adnxs.com/ Frame 70D5
0
993 B
Ping
General
Full URL
https://nym1-ib.adnxs.com/vevent?an_audit=0&referrer=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&e=wqT_3QLnCqBnBQAAAwDWAAUBCIeh_7cGELSj2cSIucenZxje2dbWncje31UqNgkAAAECCPg_EQEHNAAA-D8ZAAAAwPUo-D8hERIAKREJADERG7Awt-SZEDiCD0CCD0gCUPHV0oUCWLa8rQFgAGimndEBeIvLBYABAYoBA1VTRJIFBvBPmAGsAqAB-gGoAQGwAQC4AQLAAQTIAQLQAQDYAQDgAQDwAQCKAkB1ZignYScsIDEwMzA2NzQ0LCAwKTt1ZignaScsIDEwMTAyMTE4LCAwKTsBFTRyJywgNTQ4NzExMTUzLAEr8IuSApUEIW1GdzFtd2pscEx3ZEVQSFYwb1VDR0FBZ3RyeXRBVEFBT0FCQUEwaUNEMUMzNUprUVdBQmdsZ0pvQUhBQWVBQ0FBUUNJQVFDUUFRR1lBUUdnQVFHb0FRR3dBUUM1QWI3UVRNVUFBQWhBd1FHLTBFekZBQUQ0UDhrQkFBQUFBQUFBOERfWkFRQQkOmFBBXzRBSG15dWdFOVFFQUFNQV9tQUlBb0FJQnRRSUsxeU04dlFJQQEt8FV3QUlBeUFJQTBBSUEyQUlBNEFJQTZBSUEtQUlBZ0FNQm1BTUJ1Z01KVGxsTk1qbzFORGs1NEFQQlI0QUVfcjZNRG9nRWpaT1BENUFFQUpnRUFjRUVBQQFaAQEIREpCAQcNARgyQVFBOFFRDQ4oQUFBSWdGLXlxcEIRExRQQV9zUVUBGgkBCE1FRgkJFEFBLURfShUoDEFCQTAuKAAETmsVKMA4RF9nQmZDVENmQUY2ZXpnRFBnRnVJbjFCSUlHQTFWVFJJZ0dBSkFHQVpnR0FLRUdBDWEsLUQtb0JnU3lCaVFKDRMBAQBSAQUNAQBaDQgBAQBoAQUJARhDNEJpaUJDCQ1cQUFQZ19pQWdBa0FnQZoCmQEhMlJJSGFnOhkCLExhOHJRRWdBeWdBTRX9UGdfT2dsT1dVMHlPalUwT1RsQXdVZBWNCDhEOR2NAEIdjQBCHY0IQnBBFQEEQngVCxRBQjRBSWs1jPDCOEQ4LtgC1gngAoecCuoCHGh0dHBzOi8vdHJvamFuLmlhbXZpcC51cy5rZy-AAwCIAwGQAwCYAxmgAwGqAwDAA9gEyAMA2AMA4AMA6AMA-AMBgAQAkgQEL3R0apgEAKIEDzE2Mi4yNDUuMjA2LjI0N6gEALIEDAgAEAAYACAAMAA4ALgEAMAEAMgEANIEDjE5MjIjTllNMjo1NDk52gQCCAHgBADwBPHV0oUCiAUBmAUAoAX___________8BwAUAyQUAhR4U8D_SBQkJBQs4AAAA2AUB4AUB8AUB-gUEAWwokAYAmAYAuAYAwQYBHzAAAPA_0AbpBtoGFgoQCREZAXAQABgA4AYB8gYCCACABwGIBwCgBwHIB4vLBdIHDRViASYI2gcGAV3wfRgA4AcA6gcCCADwBwCKCEcKQwAAAZJXRo9YZ08dyIiWUbTbYQgEpOS7UTFg_U390j2ZjzLXkSIiNgGwW2h13Yi6wzLRCd8zNjk9z_Jeqc9zfkRLYhgQAZUIAACAP5gIAcAIANIIDgiBgoSIkKDAgAEQABgA2ggECAAgAOAIAA..&s=bda687b6a51170a2cf718cf9458001482c81188b&type=nv&nvt=5&jm=1003&px=170&py=3376&bw=300&bh=250&sid=2565692451243593421&vd=ct~0|rr~0&sv=246&tv=view7-1js&ua=chrome52&pl=linux&x=v&tag_id=33976887&sw=1600&sh=1200&pw=1600&ph=4382&ww=1600&wh=1200&ft=2
Requested by
Host: cdn.adnxs.com
URL: https://cdn.adnxs.com/v/s/246/trk.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.160.24 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
162.245.206.247; 162.245.206.247; 577.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
an-x-request-uuid
0b7febd6-1bcf-42ad-a457-f0cda0ac790d
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Fri, 04 Oct 2024 11:24:56 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
collect
q.clarity.ms/
0
283 B
XHR
General
Full URL
https://q.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.47/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/x-clarity-gzip
Referer
https://trojan.iamvip.us.kg/

Response headers

Request-Context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
Access-Control-Allow-Origin
https://trojan.iamvip.us.kg
Date
Fri, 04 Oct 2024 11:24:57 GMT
Vary
Origin
Server
nginx
Connection
keep-alive
Access-Control-Allow-Credentials
true
ping
pagead2.googlesyndication.com/pagead/
0
0
Fetch
General
Full URL
https://pagead2.googlesyndication.com/pagead/ping?e=1
Requested by
Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202410010101/pubads_impl.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f2.1e100.net
Software
/
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://trojan.iamvip.us.kg/

Response headers

view
securepubads.g.doubleclick.net/pcs/ Frame 70D5
0
0
Fetch
General
Full URL
https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjssLYUl9J5ECBBTWjTmODAsz1fiHqaThTZ3L_RM52iEujtnN3pqfNAW1jIdXHD9EwgVINmPTx9TVfoqjLiqmwRXgxLLsrSbW13DRH4dCo0vnygnEVaYm1VzrvgzgqL2a4sGWAWLYhXoRDZA9Dq7B4MdLLlGgjLgkzZH_W49ZrNOhHBZGjhV9aV6SxCkhuzBIldk82PAD8Uczjsz0ZGk7ztW3XhcpY3Lupa-qViGFNfs8j8AL3zEJspqjPfaZ5CPKyRzMzTTD6SMDVqYptcyWUzcV3ym0QdvxUWKJEjiC8SoMgp3erwIFDkj7maTyz6Ly96mgbo5MIsugjdKqjulp9MBcWXhkjCO3ek6itlbSc94fsAY9vBtXIxo0yR02nXyLdP1U7NBZ377TeHtomFxsOW99TL3YAygQJ2S2qMtQ2BxAUcNIiAxjyyaDkqIBesBGuhULcZ0hHvqGZw&sai=AMfl-YScWKiQWdgFvbgA02xBLNM9lcmSjvBgcjWzH-_P5pWDZkxhIYr3oAK0J5uVJ0ot-jQA5MqyZjAyzLbGjcB4GupfE3M-jYd0FwmlCqzRzBmmrk3QLq-ZL1J8GfQ&sig=Cg0ArKJSzGtZM2CjkkTMEAE&uach_m=%5BUACH%5D&urlfix=1&uach=WyIiLCIiLCIiLCIiLCIiLG51bGwsMCxudWxsLCIiLG51bGwsMF0%3D&adurl=
Requested by
Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/activeview/current/ufs_web_display.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.194 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f2.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
private
timing-allow-origin
*
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 04 Oct 2024 11:24:56 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
0
date
Fri, 04 Oct 2024 11:24:56 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
json
gum.criteo.com/sid/ Frame
0
0
Preflight
General
Full URL
https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&domain=trojan.iamvip.us.kg&cw=1&lsw=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2620:100:a00b::12 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
https://trojan.iamvip.us.kg
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
https://trojan.iamvip.us.kg
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Fri, 04 Oct 2024 11:24:56 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
213609
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
envelope
lexicon.33across.com/v1/ Frame D05F
42 B
246 B
XHR
General
Full URL
https://lexicon.33across.com/v1/envelope?pid=0010b00002QJmSBAA1&gdpr=0&src=pbjs&ver=7.39.0
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/161217/10689/1/pwt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.244.193.51 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
51.193.244.35.bc.googleusercontent.com
Software
/
Resource Hash
435b1ece4a55f4f8d06866b32c1aee3cc4661eb905265894795f15a57bf1b33d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
private, must-revalidate, max-age=28800
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://trojan.iamvip.us.kg
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
date
Fri, 04 Oct 2024 11:24:56 GMT
content-type
application/json
vary
origin
sid
mug.criteo.com/ Frame D05F
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=prebid&topUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&domain=trojan.iamvip.us.kg&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=_qnNAHxjMzNDTVJReXl4WGJuVFlLK0JnS0Ntanpyb2hyS2dvVDg2UTVVL0xvQVA1NW9HTDB6U0tReldTVHNieWZ0aGVQaDVPaEU2Vi9ZNW41ZnlFSkdsK3dna0dYd2dGQVJxSU1oa1p2dW5GTUlrU0tLeUJKY0lHMy9CTT...
352 B
934 B
XHR
General
Full URL
https://mug.criteo.com/sid?cpp=_qnNAHxjMzNDTVJReXl4WGJuVFlLK0JnS0Ntanpyb2hyS2dvVDg2UTVVL0xvQVA1NW9HTDB6U0tReldTVHNieWZ0aGVQaDVPaEU2Vi9ZNW41ZnlFSkdsK3dna0dYd2dGQVJxSU1oa1p2dW5GTUlrU0tLeUJKY0lHMy9CTTFhWnhucTQ1RjdYNGo5N2Zpb1RiRkdkTENwdGhwM2o4d0dhcGIycjdTeWxzV09jVjFBVlpmRWd5LzFYTjE1NDBrT0xXZm1TdW9GWHY2TFBNazA1ZndaZUpDam0zVWV4Z2VXVS9IZi9rd3MxSzIvdWo1L0V2SE1lV1VrZFZpcyttL0l3RFhrdFdweGVXRW5FSmlxc3hKK0VaUElZL2JaVjk0UndJYVV0YzdpRTJwZ3dZVytlUT18&cppv=2
Protocol
H2
Server
74.119.117.17 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
c233c8d2249a75e3cfde649de9634599d1d1a4e429074dc30d8ef49f63f6ab83
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

strict-transport-security
max-age=31536000; preload;
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
483689
expires
0
access-control-allow-origin
null
date
Fri, 04 Oct 2024 11:24:57 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding
server
Kestrel

Redirect headers

strict-transport-security
max-age=31536000; preload;
cache-control
no-cache, no-store, must-revalidate
location
https://mug.criteo.com/sid?cpp=_qnNAHxjMzNDTVJReXl4WGJuVFlLK0JnS0Ntanpyb2hyS2dvVDg2UTVVL0xvQVA1NW9HTDB6U0tReldTVHNieWZ0aGVQaDVPaEU2Vi9ZNW41ZnlFSkdsK3dna0dYd2dGQVJxSU1oa1p2dW5GTUlrU0tLeUJKY0lHMy9CTTFhWnhucTQ1RjdYNGo5N2Zpb1RiRkdkTENwdGhwM2o4d0dhcGIycjdTeWxzV09jVjFBVlpmRWd5LzFYTjE1NDBrT0xXZm1TdW9GWHY2TFBNazA1ZndaZUpDam0zVWV4Z2VXVS9IZi9rd3MxSzIvdWo1L0V2SE1lV1VrZFZpcyttL0l3RFhrdFdweGVXRW5FSmlxc3hKK0VaUElZL2JaVjk0UndJYVV0YzdpRTJwZ3dZVytlUT18&cppv=2
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-methods
GET
server-processing-duration-in-ticks
321955
expires
0
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
0
date
Fri, 04 Oct 2024 11:24:57 GMT
server
Kestrel
prebid
id5-sync.com/api/config/ Frame D05F
167 B
451 B
XHR
General
Full URL
https://id5-sync.com/api/config/prebid
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/161217/10689/1/pwt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 Amsterdam, Netherlands, ASN16276 (OVH, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
a3987679d2bcb3a563aca55296d435bf0551e738c8d00a19a5280feefe117184
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-origin
https://trojan.iamvip.us.kg
date
Fri, 04 Oct 2024 11:24:56 GMT
content-type
application/json;charset=UTF-8
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
access-control-allow-credentials
true
localstore.js
script.4dex.io/ Frame D05F
1 KB
1 KB
Script
General
Full URL
https://script.4dex.io/localstore.js
Requested by
Host: ads.bidstreamserver.com
URL: https://ads.bidstreamserver.com/js/prebid-bidstream-7.54.5.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

Transfer-Encoding
chunked
Cache-Control
public, max-age=1800
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Content-Encoding
br
CF-Cache-Status
HIT
ETag
W/"00a8e13a83b2bbab51af8e55f52be363"
Age
504993
Connection
keep-alive
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2d4o4O4oHTkvZ%2FpseJTp%2B0K6VkuKUW89HDB5RaUlQ2M81nhrM0C7uOrBd%2BG75TR6acsTmJgEE474dkuZrZQQozU%2FhmCwZ6k3S5Ac%2BogSxrJ2dxJ9C9ORpfCAT9z89Q3zfyJpr2cBeLxO6cC8"}],"group":"cf-nel","max_age":604800}
CF-RAY
8cd4cef7b87f3131-LAX
Date
Fri, 04 Oct 2024 11:24:56 GMT
Content-Type
application/javascript
Last-Modified
Wed, 28 Aug 2024 15:06:32 GMT
Vary
Accept-Encoding
Server
cloudflare
cookie_sync
prebid.bidstreamserver.com/ Frame D05F
964 B
637 B
XHR
General
Full URL
https://prebid.bidstreamserver.com/cookie_sync
Requested by
Host: ads.bidstreamserver.com
URL: https://ads.bidstreamserver.com/js/prebid-bidstream-7.54.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
157.245.223.249 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
prebid3.advertserve.com
Software
nginx /
Resource Hash
83c3c2442b00092de8b793dbf48e6041118a9c03e33556c08ca8921123516631
Security Headers
Name Value
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
expires
0
access-control-allow-origin
https://trojan.iamvip.us.kg
date
Fri, 04 Oct 2024 11:24:57 GMT
content-type
application/json; charset=utf-8
vary
Accept-Encoding, Origin
server
nginx
x-frame-options
DENY
auction
prebid.bidstreamserver.com/openrtb2/ Frame D05F
258 B
489 B
XHR
General
Full URL
https://prebid.bidstreamserver.com/openrtb2/auction
Requested by
Host: ads.bidstreamserver.com
URL: https://ads.bidstreamserver.com/js/prebid-bidstream-7.54.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
157.245.223.249 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
prebid3.advertserve.com
Software
nginx /
Resource Hash
44189512738206177f5a081156e7d6c31607bcf3fea4995e6193eaa12762ffa1
Security Headers
Name Value
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
expires
0
access-control-allow-origin
https://trojan.iamvip.us.kg
date
Fri, 04 Oct 2024 11:24:57 GMT
x-prebid
pbs-go/unknown
content-type
application/json
vary
Accept-Encoding, Origin
server
nginx
x-frame-options
DENY
trinity.json
apex.go.sonobi.com/ Frame D05F
639 B
983 B
XHR
General
Full URL
https://apex.go.sonobi.com/trinity.json?key_maker=%7B%2286796e492bbe49%22%3A%22379eabe042f57c792991%7C728x90%7Cgpid%3DSW_-_WhatIsMyIP.com_Desktop_728x90%2Cc%3Dd%2C%22%7D&ref=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&s=618f365c-0248-48a8-9173-a6a93bf3f3c5&pv=723ba879-ac67-4c8f-8630-3eb1aee6acd5&vp=mobile&lib_name=prebid&lib_v=7.54.5&us=5&iqid=%7B%22pcid%22%3A%2265eff8db-bba4-463a-82fe-5b9df64a20bb%22%2C%22pcidDate%22%3A1728041093376%2C%22dbsaved%22%3A%22false%22%7D&fpd=%7B%22site%22%3A%7B%22domain%22%3A%22trojan.iamvip.us.kg%22%2C%22publisher%22%3A%7B%22domain%22%3A%22iamvip.us.kg%22%7D%2C%22page%22%3A%22https%3A%2F%2Ftrojan.iamvip.us.kg%2F%22%7D%2C%22device%22%3A%7B%22w%22%3A1600%2C%22h%22%3A1200%2C%22dnt%22%3A0%2C%22ua%22%3A%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F129.0.0.0%20Safari%2F537.36%22%2C%22language%22%3A%22en%22%7D%7D&ius=1&schain=%7B%22ver%22%3A%221.0%22%2C%22complete%22%3A1%2C%22nodes%22%3A%5B%7B%22asi%22%3A%22bidstreammedia.com%22%2C%22sid%22%3A%22347%22%2C%22hp%22%3A1%7D%5D%7D&eids=%5B%7B%22source%22%3A%22pubcid.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%2285f949f1-42d2-4e4a-aaa2-d045e39729d8%22%2C%22atype%22%3A1%7D%5D%7D%2C%7B%22source%22%3A%22adserver.org%22%2C%22uids%22%3A%5B%7B%22id%22%3A%22baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9%22%2C%22atype%22%3A1%2C%22ext%22%3A%7B%22rtiPartner%22%3A%22TDID%22%7D%7D%5D%7D%5D&coppa=0
Requested by
Host: ads.bidstreamserver.com
URL: https://ads.bidstreamserver.com/js/prebid-bidstream-7.54.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f350:3:2569:0:10:0:a , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
4d29679847c32904698bed6f5c6efbceb489aa291df621518fdc36bf142069df
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, private
content-encoding
gzip
pragma
no-cache
access-control-allow-credentials
true
expires
Sat, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
367
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date
Fri, 04 Oct 2024 11:24:57 GMT
tcn
Choice
content-type
application/json
vary
negotiate,Accept-Encoding
server
sonobi-go
x-go-server
go-iad-2-5-161
x-xss-protection
0
c
prebid.a-mo.net/a/ Frame D05F
398 B
494 B
XHR
General
Full URL
https://prebid.a-mo.net/a/c
Requested by
Host: ads.bidstreamserver.com
URL: https://ads.bidstreamserver.com/js/prebid-bidstream-7.54.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.75.195.55 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash
7e25f2a9fd10569d82f3b570bb674c5652ecb41e0f0f0fe053e74ceeb99fe92b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
max-age=0, private, must-revalidate
content-encoding
gzip
x-envoy-upstream-service-time
320
access-control-allow-credentials
true
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
321
date
Fri, 04 Oct 2024 11:24:56 GMT
content-type
application/json; charset=utf-8
vary
origin, accept-encoding
server
envoy
bid
ap.lijit.com/rtb/ Frame D05F
24 B
363 B
XHR
General
Full URL
https://ap.lijit.com/rtb/bid?src=prebid_prebid_7.54.5
Requested by
Host: ads.bidstreamserver.com
URL: https://ads.bidstreamserver.com/js/prebid-bidstream-7.54.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.197.253.82 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-197-253-82.compute-1.amazonaws.com
Software
/
Resource Hash
3a2d8761ec937b0fdbbd68af5e948d1d284f862d5d9b3df041b7786702f3ff5d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

access-control-allow-credentials
true
access-control-allow-methods
GET, POST, DELETE, PUT
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
24
date
Fri, 04 Oct 2024 11:24:56 GMT
content-type
application/json
vary
Accept-Encoding
access-control-allow-headers
X-Requested-With, Content-Type
fastlane.json
fastlane.rubiconproject.com/a/api/ Frame D05F
402 B
458 B
XHR
General
Full URL
https://fastlane.rubiconproject.com/a/api/fastlane.json?account_id=23684&site_id=384476&zone_id=2137124&size_id=2&rp_schain=1.0,1!bidstreammedia.com,347,1,,,&eid_pubcid.org=85f949f1-42d2-4e4a-aaa2-d045e39729d8%5E1&tpid_tdid=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&eid_adserver.org=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&rf=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&tg_i.domain=trojan.iamvip.us.kg&tg_i.page=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&tg_i.pbadslot=SW_-_WhatIsMyIP.com_Desktop_728x90&tk_flint=pbjs_lite_v7.54.5&x_source.tid=e73cf207-e162-4bd8-a32f-7545b4053e75&l_pb_bid_id=14d020e61650e5&p_screen_res=1600x1200&rp_secure=1&x_imp.ext.tid=e73cf207-e162-4bd8-a32f-7545b4053e75&rp_maxbids=1&p_gpid=SW_-_WhatIsMyIP.com_Desktop_728x90&slots=1&rand=0.5037070272400752
Requested by
Host: ads.bidstreamserver.com
URL: https://ads.bidstreamserver.com/js/prebid-bidstream-7.54.5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2602:803:c002:200::32 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
nginx/1.21.4 /
Resource Hash
7c25ff3908391b9d88c75960a43b7c5df22f36dbd86ff39b39c74984d48e3717

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
Wed, 17 Sep 1975 21:32:10 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
402
date
Fri, 04 Oct 2024 11:24:56 GMT
content-type
application/json
vary
Accept-Encoding
server
nginx/1.21.4
translator
hbopenbid.pubmatic.com/ Frame D05F
0
60 B
XHR
General
Full URL
https://hbopenbid.pubmatic.com/translator?source=prebid-client
Requested by
Host: ads.bidstreamserver.com
URL: https://ads.bidstreamserver.com/js/prebid-bidstream-7.54.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
207.65.37.179 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
access-control-allow-origin
https://trojan.iamvip.us.kg
date
Fri, 04 Oct 2024 11:24:56 GMT
access-control-allow-credentials
true
prebid
ib.adnxs.com/ut/v3/ Frame D05F
139 B
1 KB
XHR
General
Full URL
https://ib.adnxs.com/ut/v3/prebid
Requested by
Host: ads.bidstreamserver.com
URL: https://ads.bidstreamserver.com/js/prebid-bidstream-7.54.5.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.208 Colonia, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.23.4 /
Resource Hash
3bfeef96a8e901a3614400f85e10670c7f0551ab53c34e8fbbcb405dbda2cc9d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-store, no-cache, private
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
162.245.206.247; 162.245.206.247; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
an-x-request-uuid
5cb3a7e6-cbed-46f8-91b2-0f13f3e06a44
content-length
139
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Fri, 04 Oct 2024 11:24:56 GMT
x-xss-protection
0
content-type
application/json; charset=utf-8
server
nginx/1.23.4
v1
prg.smartadserver.com/prebid/ Frame D05F
790 B
1 KB
XHR
General
Full URL
https://prg.smartadserver.com/prebid/v1
Requested by
Host: ads.bidstreamserver.com
URL: https://ads.bidstreamserver.com/js/prebid-bidstream-7.54.5.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
147.135.119.114 , United States, ASN16276 (OVH, FR),
Reverse DNS
ip114.ip-147-135-119.us
Software
/
Resource Hash
18a56efa25b45d346e6b2912200c40185663fcfd1451faf2bc837ff0bc5e5bbf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

transfer-encoding
chunked
cache-control
no-cache,no-store
content-encoding
br
pragma
no-cache
access-control-allow-credentials
true
access-control-allow-origin
https://trojan.iamvip.us.kg
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date
Fri, 04 Oct 2024 11:24:56 GMT
content-type
application/json; charset=UTF-8
vary
Accept-Encoding, Origin
wl
t.pubmatic.com/ Frame D05F
17 B
185 B
XHR
General
Full URL
https://t.pubmatic.com/wl?pubid=161217
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/161217/10689/1/pwt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
8.28.7.92 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
/
Resource Hash
0d111d61901004eafd87c672f12f6cd54b3c376513aa672bf58100506dfe76f5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
access-control-allow-credentials
true
expires
0
access-control-allow-origin
https://trojan.iamvip.us.kg
content-length
17
date
Fri, 04 Oct 2024 11:24:57 GMT
content-type
text/plain; charset=utf-8
212.json
id5-sync.com/g/v2/ Frame 2664
638 B
1 KB
XHR
General
Full URL
https://id5-sync.com/g/v2/212.json
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/content/prebid/prebidVid.7.16.0_29.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 Amsterdam, Netherlands, ASN16276 (OVH, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
ad6a84328a93e0886620ebb3cbef3f1a5956674ca05bd9d151024b6ce1f1ad71
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
expires
Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
p3p
CP="CAO PSA OUR"
date
Fri, 04 Oct 2024 11:24:57 GMT
content-type
application/json
vary
Origin
v1
lb.eu-1-id5-sync.com/lb/ Frame D05F
45 B
290 B
XHR
General
Full URL
https://lb.eu-1-id5-sync.com/lb/v1
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/161217/10689/1/pwt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
141.95.33.120 , Germany, ASN16276 (OVH, FR),
Reverse DNS
ns3203256.ip-141-95-33.eu
Software
/
Resource Hash
1fd87175b6ea58f5e37928f5430552316319a3883f8fd13afa0d5ead6fb69270
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-origin
https://trojan.iamvip.us.kg
date
Fri, 04 Oct 2024 11:24:56 GMT
content-type
application/json;charset=UTF-8
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Origin
script.js
cadmus.script.ac/dahhc4ozyvjm6/
3 B
239 B
Script
General
Full URL
https://cadmus.script.ac/dahhc4ozyvjm6/script.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1691 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
101ead936a2281d53dcc064b7e2a2ab0d53b92ef3ef7b34b668673007895c860

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
public,max-age=259200,stale-while-revalidate=86400,stale-if-error=259200
etag
W/"601055f6a0c6408859f97b5f0a84bdb88441a80e"
age
0
cf-ray
8cd4cefa2ee32abb-LAX
content-length
3
date
Fri, 04 Oct 2024 11:24:57 GMT
content-type
application/javascript
vary
Accept-Encoding
server
cloudflare
last-modified
Mon, 01 Jan 2018 00:00:00 GMT
adagio.js
script.4dex.io/a/latest/ Frame D05F
61 KB
19 KB
Fetch
General
Full URL
https://script.4dex.io/a/latest/adagio.js
Requested by
Host: script.4dex.io
URL: https://script.4dex.io/localstore.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:8a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

Access-Control-Expose-Headers
Content-Encoding
br
CF-Cache-Status
MISS
ETag
W/"3bd20e5fbdd6d804d194856ed36c4ccb"
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vyei0Lw9VMYma4RjAxD9NnyqpUXGX3vK4B8uekzvu8grrjAScV%2B9xG90XYHFDKUM0ivIKLtel%2FINg6%2FzlbfS0fNn87ctfKu5NdxY%2F1ieEpeQZ2ANT2D6bRHGKevUH0jPUS73X3nGZfQMuVns"}],"group":"cf-nel","max_age":604800}
Date
Fri, 04 Oct 2024 11:24:57 GMT
Content-Type
application/javascript
Last-Modified
Wed, 28 Aug 2024 15:06:29 GMT
Vary
Origin, Accept-Encoding
Transfer-Encoding
chunked
Cache-Control
public, max-age=1800
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Connection
keep-alive
CF-RAY
8cd4cef93c76293b-LAX
Access-Control-Allow-Origin
*
Server
cloudflare
429.json
id5-sync.com/g/v2/ Frame D05F
639 B
1 KB
XHR
General
Full URL
https://id5-sync.com/g/v2/429.json
Requested by
Host: ads.pubmatic.com
URL: https://ads.pubmatic.com/AdServer/js/pwt/161217/10689/1/pwt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.19.138.120 Amsterdam, Netherlands, ASN16276 (OVH, FR),
Reverse DNS
ns31533571.ip-162-19-138.eu
Software
/
Resource Hash
8f03ff7fd05f96bbe57825385dbd12e629f44e29c181d8999521fdd66fc484b0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://trojan.iamvip.us.kg/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-allow-credentials
true
expires
Thu, 01 Jan 1970 00:00:00 GMT
access-control-allow-origin
https://trojan.iamvip.us.kg
p3p
CP="CAO PSA OUR"
date
Fri, 04 Oct 2024 11:24:57 GMT
content-type
application/json
vary
Origin
sid
mug.criteo.com/ Frame
0
0
Preflight
General
Full URL
https://mug.criteo.com/sid?cpp=_qnNAHxjMzNDTVJReXl4WGJuVFlLK0JnS0Ntanpyb2hyS2dvVDg2UTVVL0xvQVA1NW9HTDB6U0tReldTVHNieWZ0aGVQaDVPaEU2Vi9ZNW41ZnlFSkdsK3dna0dYd2dGQVJxSU1oa1p2dW5GTUlrU0tLeUJKY0lHMy9CTTFhWnhucTQ1RjdYNGo5N2Zpb1RiRkdkTENwdGhwM2o4d0dhcGIycjdTeWxzV09jVjFBVlpmRWd5LzFYTjE1NDBrT0xXZm1TdW9GWHY2TFBNazA1ZndaZUpDam0zVWV4Z2VXVS9IZi9rd3MxSzIvdWo1L0V2SE1lV1VrZFZpcyttL0l3RFhrdFdweGVXRW5FSmlxc3hKK0VaUElZL2JaVjk0UndJYVV0YzdpRTJwZ3dZVytlUT18&cppv=2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.119.117.17 , United States, ASN19750 (AS-CRITEO, US),
Reverse DNS
Software
Kestrel /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload;

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
GET
Origin
null
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
content-type
access-control-allow-methods
GET
access-control-allow-origin
null
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
application/json; charset=utf-8
date
Fri, 04 Oct 2024 11:24:57 GMT
expires
0
pragma
no-cache
server
Kestrel
server-processing-duration-in-ticks
182453
strict-transport-security
max-age=31536000; preload;
vary
Accept-Encoding
sodar
pagead2.googlesyndication.com/pagead/
0
0

/
onetag-sys.com/usync/ Frame 8D09
0
0
Document
General
Full URL
https://onetag-sys.com/usync/?redir=https%3A%2F%2Fprebid.bidstreamserver.com%2Fsetuid%3Fbidder%3Donetag%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D%24%7BUSER_TOKEN%7D&gdpr=&gdpr_consent=&us_privacy=
Requested by
Host: ads.bidstreamserver.com
URL: https://ads.bidstreamserver.com/js/prebid-bidstream-7.54.5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.222.239.230 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ip230.ip-51-222-239.net
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
793
content-type
text/html
strict-transport-security
max-age=15552000
zone
ads.bidstreamserver.com/servlet/view/banner/javascript/ Frame FEC8
194 B
662 B
Script
General
Full URL
https://ads.bidstreamserver.com/servlet/view/banner/javascript/zone?pid=1&zid=347&fcid=471&uuid=d2465fc49a81244c6b808a34d9533969&viewable=false&random=45300336&millis=20241004072455&hb_request=28308877&hb_error=timeout&friendly=friendly_45300336&language=en&resolution=unspecified&txid=21999073&rmpid=true&sid=19&encode=1&referrer=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&cturl=
Requested by
Host: trojan.iamvip.us.kg
URL: https://trojan.iamvip.us.kg/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.190.160.59 San Francisco, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
bidstream-sfc-03.advertserve.org
Software
nginx /
Resource Hash
e7b6931850dba2bf4c2a5175422a78ece17c10bc97336585b069cb74f83d8de4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

Transfer-Encoding
chunked
X-Robots-Tag
none
Cache-Control
no-cache, no-store
Content-Encoding
gzip
Pragma
no-cache
Connection
keep-alive
Expires
Thu, 31 Dec 1998 11:59:59 GMT
P3P
CP="NOI DSP COR NID"
Date
Fri, 04 Oct 2024 11:24:57 GMT
Content-Type
text/javascript;charset=UTF-8
Vary
Accept-Encoding
Server
nginx
setuid
prebid.bidstreamserver.com/ Frame D05F
Redirect Chain
  • https://sync.1rx.io/usersync2/rmphb?gdpr=&gdpr_consent=&us_privacy=&redir=https%3A%2F%2Fprebid.bidstreamserver.com%2Fsetuid%3Fbidder%3Dunruly%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3...
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=adconductor&ttd_tpi=1&rndcb=2438798273
  • https://sync.1rx.io/usersync/tradedesk/baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9
  • https://sync.targeting.unrulymedia.com/csync/RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005?redir=https%3A%2F%2Fprebid.bidstreamserver.com%2Fsetuid%3Fbidder%3Dunruly%26gdpr%3D%26gdpr_consent%3D%26gpp%...
  • https://prebid.bidstreamserver.com/setuid?bidder=unruly&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005
86 B
436 B
Image
General
Full URL
https://prebid.bidstreamserver.com/setuid?bidder=unruly&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005
Protocol
H2
Server
157.245.223.249 Clifton, United States, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
prebid3.advertserve.com
Software
nginx /
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
Security Headers
Name Value
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
expires
0
content-length
86
date
Fri, 04 Oct 2024 11:24:58 GMT
content-type
image/png
vary
Origin
server
nginx
x-frame-options
DENY

Redirect headers

location
https://prebid.bidstreamserver.com/setuid?bidder=unruly&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005
p3p
CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
date
Fri, 04 Oct 2024 11:25:03 GMT
etag
RX2ae724ae77ed4f68ab63256e3cc43b17005
content-type
text/html
isyn
sync.a-mo.net/ Frame C8C1
0
0
Document
General
Full URL
https://sync.a-mo.net/isyn?__st=iframe&gdpr=0&gdpr_consent=&us_privacy=1---&_e=Cu8BShN0cm9qYW4uaWFtdmlwLnVzLmtnUgthYXMtOTE0YWNhY1oIcGJhMS4zLjRqE3Ryb2phbi5pYW12aXAudXMua2f6AQY4LjQ5LjDoAgGIA4ah_7cGqAM86gMkMWQ3ZmNhZDEtODZkNS00NjY0LWFkNzQtZDk1OTE5ODBkYzk2ogQcaHR0cHM6Ly90cm9qYW4uaWFtdmlwLnVzLmtnL6oEA0RDSLIFA1VTROoFB2Rlc2t0b3D6BQNueTXABgDIBgGqBwN3ZWLKBwxpYW12aXAudXMua2fgBwGCCAxpYW12aXAudXMua2eKCAZjaHJvbWU
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
147.28.129.37 Ashburn, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
envoy /
Resource Hash

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
max-age=0, private, must-revalidate
content-encoding
gzip
content-length
657
content-type
text/html; charset=utf-8
date
Fri, 04 Oct 2024 11:24:57 GMT
server
envoy
vary
accept-encoding
x-envoy-upstream-service-time
0
user_sync.html
ads.pubmatic.com/AdServer/js/ Frame 6A2D
0
0
Document
General
Full URL
https://ads.pubmatic.com/AdServer/js/user_sync.html?kdntuid=1&p=160587
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.51.57.13 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-51-57-13.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=145123
content-encoding
gzip
content-length
5633
content-type
text/html
date
Fri, 04 Oct 2024 11:24:58 GMT
expires
Sun, 06 Oct 2024 03:43:41 GMT
last-modified
Mon, 26 Aug 2024 15:25:10 GMT
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC", CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
server
Apache
vary
Accept-Encoding
async_usersync.html
acdn.adnxs.com/dmp/ Frame DBB9
0
0
Document
General
Full URL
https://acdn.adnxs.com/dmp/async_usersync.html
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.219.161.150 Philadelphia, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-219-161-150.deploy.static.akamaitechnologies.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Cache-Control
max-age=86402
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17053
Content-Type
text/html
Date
Fri, 04 Oct 2024 11:24:58 GMT
ETag
W/"623de86a-cf34"
Expires
Sat, 05 Oct 2024 11:25:00 GMT
Last-Modified
Fri, 25 Mar 2022 16:06:02 GMT
Server
nginx/1.18.0 (Ubuntu)
Vary
Accept-Encoding
/
onetag-sys.com/usync/ Frame B96D
0
0
Document
General
Full URL
https://onetag-sys.com/usync/?cb=1728041094316
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
51.222.239.230 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ip230.ip-51-222-239.net
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=900, h3-29=":443"; ma=900
cache-control
no-transform, no-cache
content-encoding
gzip
content-length
731
content-type
text/html
strict-transport-security
max-age=15552000
usync.html
eus.rubiconproject.com/ Frame 1D32
0
0
Document
General
Full URL
https://eus.rubiconproject.com/usync.html
Requested by
Host: cache.sellwild.com
URL: https://cache.sellwild.com/prebid/wimip_8_49_0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.56.163.106 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-56-163-106.deploy.static.akamaitechnologies.com
Software
Apache/2.2.15 (CentOS) /
Resource Hash

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
content-encoding
gzip
content-length
224
content-type
text/html; charset=UTF-8
date
Fri, 04 Oct 2024 11:24:58 GMT
etag
"28052a-10d-6142d69a886c0"
last-modified
Thu, 21 Mar 2024 15:32:19 GMT
server
Apache/2.2.15 (CentOS)
vary
Accept-Encoding
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=140&gdpr=0&gdpr_consent=
  • https://sync.crwdcntrl.net/qmap?c=1389&tp=STSC&tpid=23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553&gdpr=0&gdpr_consent=&d=https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Fpush%3Fpartner_id%3D2499%...
  • https://pixel.tapad.com/idsync/ex/push?partner_id=2499&partner_device_id=23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553&partner_url=https%3A%2F%2Fsync.go.sonobi.com%2Fus.gif%3Fnw%3Dbs%26nuid%3D...
  • https://sync.go.sonobi.com/us.gif?nw=bs&nuid=23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553&gdpr=0&gdpr_consent=
49 B
783 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=bs&nuid=23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553&gdpr=0&gdpr_consent=
Protocol
H2
Server
2607:f350:3:2569:0:10:0:200d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, private
pragma
no-cache
expires
Sat, 26 Jul 1997 05:00:00 GMT
content-length
49
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date
Fri, 04 Oct 2024 11:24:58 GMT
tcn
Choice
content-type
image/gif
vary
negotiate,Accept-Encoding
server
sonobi-go
x-go-server
go-iad-2-5-161
x-xss-protection
0

Redirect headers

strict-transport-security
max-age=31536000
location
https://sync.go.sonobi.com/us.gif?nw=bs&nuid=23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553&gdpr=0&gdpr_consent=
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
0
date
Fri, 04 Oct 2024 11:24:58 GMT
server
Jetty(11.0.13)
/
rtb-csync.smartadserver.com/redir/
Redirect Chain
  • https://match.sharethrough.com/universal/v1?supply_id=v5hJK9Sl&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?partnerid=147&partneruserid=73aba2f8-05d0-40b3-a6d2-3e99555528ea&gdpr=0
43 B
548 B
Image
General
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=147&partneruserid=73aba2f8-05d0-40b3-a6d2-3e99555528ea&gdpr=0
Protocol
HTTP/1.1
Server
23.105.14.105 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
23.105.14.105.rdns.racklot.com
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

transfer-encoding
chunked
cache-control
no-cache,no-store
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date
Fri, 04 Oct 2024 11:24:58 GMT
pragma
no-cache
content-type
image/gif

Redirect headers

strict-transport-security
max-age=16000000; includeSubDomains; preload;
location
https://rtb-csync.smartadserver.com/redir/?partnerid=147&partneruserid=73aba2f8-05d0-40b3-a6d2-3e99555528ea&gdpr=0
content-length
0
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=sonobi&gdpr=0&gdpr_consent=
  • https://pr-bh.ybp.yahoo.com/sync/iponweb?bidswitch_ssp_id=sonobi&ssp_user_id=c1f356b7-7783-49ce-9cb6-6119f8cbfea9&gdpr=0&gdpr_consent=
  • https://x.bidswitch.net/sync?dsp_id=74&&user_id=y-NF7_cM5E2plOy9.8dJIT6w6ep1J3lBPe08EO8A--~A&expires=5&ssp=sonobi
  • https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=c1f356b7-7783-49ce-9cb6-6119f8cbfea9&gdpr=&gdpr_consent=&us_privacy=
49 B
769 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=c1f356b7-7783-49ce-9cb6-6119f8cbfea9&gdpr=&gdpr_consent=&us_privacy=
Protocol
H2
Server
2607:f350:3:2569:0:10:0:200d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, private
pragma
no-cache
expires
Sat, 26 Jul 1997 05:00:00 GMT
content-length
49
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date
Fri, 04 Oct 2024 11:24:58 GMT
tcn
Choice
content-type
image/gif
vary
negotiate,Accept-Encoding
server
sonobi-go
x-go-server
go-iad-2-5-161
x-xss-protection
0

Redirect headers

via
1.1 google
cache-control
no-cache, no-store, must-revalidate
location
//sync.go.sonobi.com/us.gif?nw=bidswitch&nuid=c1f356b7-7783-49ce-9cb6-6119f8cbfea9&gdpr=&gdpr_consent=&us_privacy=
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 11:24:58 GMT
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://p.rfihub.com/cm?pub=35683&in=1
  • https://sync.go.sonobi.com/us.gif?nw=zt&nuid=968062852894828788
49 B
750 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=968062852894828788
Protocol
H2
Server
2607:f350:3:2569:0:10:0:200d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, private
pragma
no-cache
expires
Sat, 26 Jul 1997 05:00:00 GMT
content-length
49
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date
Fri, 04 Oct 2024 11:24:58 GMT
tcn
Choice
content-type
image/gif
vary
negotiate,Accept-Encoding
server
sonobi-go
x-go-server
go-iad-2-5-161
x-xss-protection
0

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=zt&nuid=968062852894828788
Content-Length
0
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Date
Fri, 04 Oct 2024 11:24:58 GMT
Server
Jetty(9.4.51.v20230217)
receive
pixel.tapad.com/idsync/ex/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=sonobi&ttd_tpi=1&ttd_puid=73b05252b3&gdpr=0&gdpr_consent=
  • https://sync.go.sonobi.com/us.gif?nw=td&nuid=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&pubid=73b05252b3
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=3061&partner_device_id=041f4be4-ec5a-4d1e-ac5d-c88ccae4a9a8
  • https://secure.adnxs.com/getuid?https%3A%2F%2Fpixel.tapad.com%2Fidsync%2Fex%2Freceive%3Fpartner_id%3DAPPNEXUS%26partner_device_id%3D%24UID%26pt%3D5bafec98-3d73-47cc-a82d-69fb264ec6a3%252C%252C
  • https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=6178791637038509278&pt=5bafec98-3d73-47cc-a82d-69fb264ec6a3%2C%2C
95 B
124 B
Image
General
Full URL
https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=6178791637038509278&pt=5bafec98-3d73-47cc-a82d-69fb264ec6a3%2C%2C
Protocol
H3
Server
34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
62.113.111.34.bc.googleusercontent.com
Software
Jetty(11.0.13) /
Resource Hash
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

strict-transport-security
max-age=31536000
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
via
1.1 google
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-length
95
date
Fri, 04 Oct 2024 11:24:58 GMT
content-type
image/png
server
Jetty(11.0.13)

Redirect headers

cache-control
no-store, no-cache, private
location
https://pixel.tapad.com/idsync/ex/receive?partner_id=APPNEXUS&partner_device_id=6178791637038509278&pt=5bafec98-3d73-47cc-a82d-69fb264ec6a3%2C%2C
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
162.245.206.247; 162.245.206.247; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
4a198ec0-6040-4a56-834c-8c51234b87d9
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Fri, 04 Oct 2024 11:24:58 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
/
rtb-csync.smartadserver.com/redir/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=smart-adserver&ttd_tpi=1&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&gdpr=0&gdpr_consent=
43 B
547 B
Image
General
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
23.105.14.105 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
23.105.14.105.rdns.racklot.com
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

transfer-encoding
chunked
cache-control
no-cache,no-store
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date
Fri, 04 Oct 2024 11:24:57 GMT
pragma
no-cache
content-type
image/gif

Redirect headers

location
https://rtb-csync.smartadserver.com/redir/?partnerid=75&issi=1&partneruserid=baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&gdpr=0&gdpr_consent=
content-length
299
date
Fri, 04 Oct 2024 11:24:58 GMT
server
Kestrel
/
rtb-csync.smartadserver.com/redir/
Redirect Chain
  • https://pixel-sync.sitescout.com/dmp/pixelSync?nid=64&redir=https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D68%26partneruserid%3D%7BuserId%7D&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=68&partneruserid=23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553&gdpr=0&gdpr_consent=
43 B
545 B
Image
General
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=68&partneruserid=23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
23.105.14.105 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
23.105.14.105.rdns.racklot.com
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

transfer-encoding
chunked
cache-control
no-cache,no-store
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date
Fri, 04 Oct 2024 11:24:58 GMT
pragma
no-cache
content-type
image/gif

Redirect headers

cache-control
max-age=0,no-cache,no-store
location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=68&partneruserid=23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553&gdpr=0&gdpr_consent=
pragma
no-cache
via
1.1 google
expires
Tue, 11 Oct 1977 12:34:56 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
content-length
0
date
Fri, 04 Oct 2024 11:24:57 GMT
server
A
/
rtb-csync.smartadserver.com/redir/
Redirect Chain
  • https://x.bidswitch.net/sync?ssp=smartadserver&gdpr=0&gdpr_consent=
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dsmartadserver%26expires%3D...
  • https://ads.betweendigital.com/match?bidder_id=43092&gdpr=0&consent=&callback_url=https%3A%2F%2Fx.bidswitch.net%2Fsync%3Fdsp_id%3D429%26user_id%3D%24%7BUSER_ID%7D%26ssp%3Dsmartadserver%26expires%3D...
  • https://x.bidswitch.net/sync?dsp_id=429&user_id=7f33fa5d-abda-5316-aeda-a44cc82574c6&ssp=smartadserver&expires=30&user_group=1&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?partnerid=31&partneruserid=c1f356b7-7783-49ce-9cb6-6119f8cbfea9&gdpr=0&gdpr_consent=
43 B
585 B
Image
General
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=31&partneruserid=c1f356b7-7783-49ce-9cb6-6119f8cbfea9&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
23.105.14.105 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
23.105.14.105.rdns.racklot.com
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

transfer-encoding
chunked
cache-control
no-cache,no-store
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date
Fri, 04 Oct 2024 11:24:58 GMT
pragma
no-cache
content-type
image/gif

Redirect headers

via
1.1 google
cache-control
no-cache, no-store, must-revalidate
location
//rtb-csync.smartadserver.com/redir/?partnerid=31&partneruserid=c1f356b7-7783-49ce-9cb6-6119f8cbfea9&gdpr=0&gdpr_consent=
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Fri, 04 Oct 2024 11:24:58 GMT
/
rtb-csync.smartadserver.com/redir/
Redirect Chain
  • https://secure.adnxs.com/getuid?https%3A%2F%2Frtb-csync.smartadserver.com%2Fredir%2F%3Fissi%3D1%26partnerid%3D86%26partneruserid%3D$UID&gdpr=0&gdpr_consent=
  • https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=6178791637038509278&gdpr=0&gdpr_consent=
43 B
514 B
Image
General
Full URL
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=6178791637038509278&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
23.105.14.105 Manassas, United States, ASN30633 (LEASEWEB-USA-WDC, US),
Reverse DNS
23.105.14.105.rdns.racklot.com
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

transfer-encoding
chunked
cache-control
no-cache,no-store
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
date
Fri, 04 Oct 2024 11:24:57 GMT
pragma
no-cache
content-type
image/gif

Redirect headers

cache-control
no-store, no-cache, private
location
https://rtb-csync.smartadserver.com/redir/?issi=1&partnerid=86&partneruserid=6178791637038509278&gdpr=0&gdpr_consent=
pragma
no-cache
accept-ch
Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
access-control-allow-credentials
true
x-proxy-origin
162.245.206.247; 162.245.206.247; 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
expires
Sat, 15 Nov 2008 16:00:00 GMT
access-control-allow-origin
*
an-x-request-uuid
59d4515c-7021-4b7c-ae03-f299eb1744ad
content-length
0
p3p
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
date
Fri, 04 Oct 2024 11:24:58 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
server
nginx/1.23.4
us.gif
sync.go.sonobi.com/
Redirect Chain
  • https://sync.srv.stackadapt.com/sync?nid=286
  • https://sync.go.sonobi.com/us.gif?nw=st&nuid=z9dTeSF-UfB3mdv4fR5P1aL1zvc
49 B
760 B
Image
General
Full URL
https://sync.go.sonobi.com/us.gif?nw=st&nuid=z9dTeSF-UfB3mdv4fR5P1aL1zvc
Protocol
H2
Server
2607:f350:3:2569:0:10:0:200d , United States, ASN27630 (AS-XFERNET, US),
Reverse DNS
Software
sonobi-go /
Resource Hash
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-cache, no-store, private
pragma
no-cache
expires
Sat, 26 Jul 1997 05:00:00 GMT
content-length
49
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
date
Fri, 04 Oct 2024 11:24:58 GMT
tcn
Choice
content-type
image/gif
vary
negotiate,Accept-Encoding
server
sonobi-go
x-go-server
go-iad-2-5-161
x-xss-protection
0

Redirect headers

Location
https://sync.go.sonobi.com/us.gif?nw=st&nuid=z9dTeSF-UfB3mdv4fR5P1aL1zvc
Content-Length
99
Date
Fri, 04 Oct 2024 11:24:58 GMT
Content-Type
text/html; charset=utf-8
Connection
keep-alive
liveMatching.php
live.primis.tech/live/ Frame 2664
0
376 B
XHR
General
Full URL
https://live.primis.tech/live/liveMatching.php
Requested by
Host: live.primis.tech
URL: https://live.primis.tech/live/liveVideo.php?vpaidManager=sekindo&s=58057&ri=6C69766553746174737C736B317B54307D7B64323032342D31302D30345F31347D7B7331373236313831367D7B4333307D7B5364484A76616D46754C6D6C6862585A7063433531637935725A773D3D7D7B626368726F6D657D7B716465736B746F707D7B6F6C696E75787D7B583634307D7B593434307D7B66317D7B4C32303138367DFEFE&userIpAddr=2a04%3Ac604%3A615%3A1%3A%3A7&userUA=Mozilla%2F5.0+%28X11%3B+Linux+x86_64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome%2F129.0.0.0+Safari%2F537.36&debugInformation=&isWePassGdpr=1&noViewableMidrollPolicy=vary&isDoublePreroll=1&autoSkipVideoSec=20&c2pWaitTime=10&sdkv=&isSinglePageFloatSupport=0&availCampaigns=&isAmpIframe=0&tagKeywords=&cbuster=1728041092&csuuid=66ffd084466d7&debugInfo=17261816_&debugPlayerSession=&pubUrlDEMO=&isAsyncDEMO=0&customPlaylistIdDEMO=&sta=17261816&showLogo=0&clkUrl=&plMult=-1&schedule=eyJwcmVfcm9sbCI6MSwibWlkX3JvbGwiOltdLCJnYXAiOiJhdXRvIn0%3D&content=plembed3d1emjhnxzps&secondaryContent=&x=640&y=440&pubUrl=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&contentNum=1&flow_closeBtn=1&flowCloseTimeout=0&flow_closeButtonPosition=right&flow_direction=br&flow_horizontalOffset=10&flow_bottomOffset=10&impGap=1&flow_width=350&flow_height=197&videoType=flow&isOriginImg=0&gdpr=0&gdprConsent=&contentFeedId=&geoLati=33.9214&geoLong=-118.413&vpTemplate=20186&flowMode=seenboth&isRealPreroll=0&playerApiId=&isApp=0&ccpa=1&ccpaConsent=&subId=&appName=&appBundleId=https%3A%2F%2Ftrojan.iamvip.us.kg%2F&appStoreUrl=&diaid=&appPrivacyPolicy=&appIsPaid=&appDeveloper=&appId=&appVersion=&sdkv=&enableResizeObserverInapp=0&isAppJs=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
18.164.96.65 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-96-65.jfk50.r.cloudfront.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded
Referer
https://trojan.iamvip.us.kg/

Response headers

cache-control
no-store
content-encoding
gzip
pragma
no-cache
age
0
via
1.1 82139f26335f87e45d45c08d5208817a.cloudfront.net (CloudFront)
alt-svc
h3=":443"; ma=86400
access-control-allow-origin
*
x-cache
Miss from cloudfront
x-amz-cf-id
xA-qDQnxKuOTZT_pM5wuh9hPEgUcYlgmTTpcqmvYMALTZdtiGCeTIA==
date
Fri, 04 Oct 2024 11:24:58 GMT
content-type
text/html; charset=UTF-8
vary
Accept-Encoding
server
nginx
x-amz-cf-pop
JFK50-P5
/
de.tynt.com/deb/ Frame D461
Redirect Chain
  • https://ssc-cms.33across.com/ps/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fprebid.bidstreamserver.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_si...
  • https://de.tynt.com/deb/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fprebid.bidstreamserver.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f...
0
0
Document
General
Full URL
https://de.tynt.com/deb/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fprebid.bidstreamserver.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D33XUSERID33X&id=0010b00002QJmSBAA1
Requested by
Host: ads.bidstreamserver.com
URL: https://ads.bidstreamserver.com/js/prebid-bidstream-7.54.5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
67.202.105.32 , United States, ASN32748 (STEADFAST, US),
Reverse DNS
ip32.67-202-105.static.steadfastdns.net
Software
/
Resource Hash

Request headers

Referer
https://trojan.iamvip.us.kg/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA, Sec-CH-UA-Mobile
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false
content-length
2110
content-type
text/html
date
Fri, 04 Oct 2024 11:24:58 GMT
expires
Sat, 26 Jul 1997 05:00:00 GMT
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
referrer-policy
unsafe-url

Redirect headers

cache-control
no-store, no-cache, must-revalidate
content-length
0
date
Fri, 04 Oct 2024 11:24:57 GMT
expires
Thu, 01-Jan-70 00:00:01 GMT
location
https://de.tynt.com/deb/?m=xch&rt=html&gdpr=&gdpr_consent=&us_privacy=&ru=https%3A%2F%2Fprebid.bidstreamserver.com%2Fsetuid%3Fbidder%3D33across%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Db%26uid%3D33XUSERID33X&id=0010b00002QJmSBAA1
p3p
CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
pragma
no-cache
referrer-policy
unsafe-url
server
33XP016
x-33x-status
8340000A
cksync.php
hbx.media.net/
0
0

setuid
amspbs.com/
Redirect Chain
  • https://match.sharethrough.com/FGMrCMMc/v1?gdpr=&gdpr_consent=&us_privacy=&gpp=&gpp_sid=&redirectUri=https%3A%2F%2Famspbs.com%2Fsetuid%3Fbidder%3Dsharethrough%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%2...
  • https://amspbs.com/setuid?bidder=sharethrough&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=73aba2f8-05d0-40b3-a6d2-3e99555528ea
86 B
630 B
Image
General
Full URL
https://amspbs.com/setuid?bidder=sharethrough&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=73aba2f8-05d0-40b3-a6d2-3e99555528ea
Protocol
H2
Server
3.135.116.123 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-135-116-123.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://trojan.iamvip.us.kg/

Response headers

expires
0
cache-control
no-cache, no-store, must-revalidate
content-length
86
date
Fri, 04 Oct 2024 11:24:59 GMT
pragma
no-cache
content-type
image/png
vary
Accept-Encoding, Origin

Redirect headers

strict-transport-security
max-age=16000000; includeSubDomains; preload;
location
https://amspbs.com/setuid?bidder=sharethrough&gdpr=&gdpr_consent=&gpp=&gpp_sid=&f=i&uid=73aba2f8-05d0-40b3-a6d2-3e99555528ea
content-length
0
collect
q.clarity.ms/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cf.whatismyip.com
URL
https://cf.whatismyip.com/
Domain
fonts.googleapis.com
URL
https://fonts.googleapis.com/css2?family=Opensans&display=swap
Domain
image2.pubmatic.com
URL
https://image2.pubmatic.com/AdServer/UCookieSetPug?ird=1&rd=https%3A%2F%2Fids.ad.gt%2Fapi%2Fv1%2Fpbm_match%3Fpbm%3D%23PM_USER_ID%26id%3DAU1D-0100-001728041093-QDRU72U7-2DJ2
Domain
api.rlcdn.com
URL
https://api.rlcdn.com/api/identity/envelope?pid=34
Domain
pagead2.googlesyndication.com
URL
https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=232&t=2&li=gpt_m202410010101&jk=289524567482740&bg=!b2ylbCPNAAax3igvkd47ADQBe5WfOL4EOAGEtHG9g04uWiX9GojR8JJEWI8RDK5_Ni2dcXHYiBGyM_7mJLJJAeSDgYDaAgAAAJRSAAAAA2gBB34ANhHd6CXVuuINFw0HamftWinSIzCvZVJRAebLug2lWsuhhMKD0iRQmGxD8foshVDpt7VlAqkUTZkClydv6Y5nbglTb59rXNjANn7g1Aphv5thgwv2RKHkm2HlVgbD56CAVWwNTk1Fh40hAli_M9-GdbIpZR4zSXx_Ho_LcMuhQGeZSDqeENkfYeXpY4dR0nGXDwtCckMJE5wSHtiRz4MccSVqbA-u_mOYAtw2Qmu2c3dNFG9SMuyz44bbIfQ0PUcXlNbYKT7a5WDDzzOXrij6dmZanzz-DUb0EnCfWHPZE91ob9fsdS8Mm-StqqVNwPECSNPKHjyEJhCix6N6wOD9fnNvvjdf9oeaJKg6m4bwVY3mFF9de2wkD8wxbJzrMlR-Uvo4FkPEVSTstQHia5m5BEUoDMgIvwpj7uI4dqW4tXLw3dBDZ1t4wdi4kswrzxP1xFicwnqbuIJ4EKVqXqf7nOuG7SZOm9Xj0A9NRCcwuLcDjxA0-Bqi3BnmJyZRC_VCQbcex42r72aIaJGMB5waFW8YztXwEE8rvYgIF6rOq9_M0TZtuqBlyAazbtMnzZ7hO0VnmBAPC10dyBRN8kj79ReMXHU2kh1btEpfgwiuP4xQXFx-5x7CwC7IOleT3rFC3mIRU_N005S_yZeVz77u2ixDg32ZnFcp4zPjR0--OkjMy7ao7wrpuB5itBenjjTeC1zbe8YMkm4WB01MTJau_bzsKvU0lJOHkhRifH25qL0WTCMzxlLQgyhWRLScTbGg98vzf3bBAmkGbmfrYo75Yb50KEp1Hk2DeVxqaysWVWHY2H6hcuhdPNbytMS4eGoPfKCghvXT4Diy8pqHQJneBsdIFHz1mz5nsWlM6RMcYc1EXgxEG6ZCp2l7caSZHc8_Of7UKogZe3PwbM5HmoVz8bnrds2uD2z-52sQ9p1Ovs5p-d0kjiZwatqtBDP0tAxeuQ
Domain
hbx.media.net
URL
https://hbx.media.net/cksync.php?cs=1&type=pbs&ovsid=setstatuscode&bidder=medianet&gdpr=&gdpr_consent=&us_privacy=&redirect=https%3A%2F%2Famspbs.com%2Fsetuid%3Fbidder%3Dmedianet%26gdpr%3D%26gdpr_consent%3D%26gpp%3D%26gpp_sid%3D%26f%3Di%26uid%3D%3Cvsid%3E&gpp=&gpp_sid=
Domain
q.clarity.ms
URL
https://q.clarity.ms/collect

Verdicts & Comments Add Verdict or Comment

82 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| dataLayer function| toggleMenu function| toggleItem function| closeSubmenu function| setTOC string| pagePath string| ___chunkMapping string| ___webpackCompilationHash object| webpackChunkwimi_gatsby object| asyncRequires object| ___emitter object| ___loader function| ___push function| ___replace function| ___navigate object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| acc function| clarity object| gaGlobal object| webVitals object| viewPortSize number| sekindoDisplayedPlacement function| constructsekindoParent146 object| regeneratorRuntime boolean| sellwildsellwild-widget object| swpbjs boolean| sellwildsellwild-ad boolean| sellwildInitialized function| runWidgets number| PREBID_TIMEOUT number| FAILSAFE_TIMEOUT object| googletag function| requestSellwildBids function| initSellwildAdserver number| google_global_correlator object| auvars object| ggeac object| google_js_reporting_queue object| hadron boolean| __halo_loaded__ function| docReady object| au object| autag string| GoogleAnalyticsObject function| ga object| audDataLayer function| audGtag boolean| sekindoFlowingPlayerOn object| swpbjsChunk object| _pbjsGlobals object| google_reactive_ads_global_state object| google_tag_topics_state object| gaplugins object| gaData number| google_unique_id object| GoogleGcLKhOms object| ADAGIO number| lnt_z object| google_image_requests object| _ADAGIO

249 Cookies

Domain/Path Name / Value
.smartadserver.com/api Name: pid
Value: 3436013565888359446
.iamvip.us.kg/ Name: _ga_4T6GFV4RYJ
Value: GS1.1.1728041092.1.0.1728041092.60.0.0
.primis.tech/ Name: csuuid
Value: 66ffd084466d7
www.clarity.ms/ Name: CLID
Value: 1c4a738f80b64232accb6e35e745c184.20241004.20251004
.iamvip.us.kg/ Name: _clck
Value: mmslj3%7C2%7Cfpq%7C0%7C1738
.bing.com/ Name: MUID
Value: 3D939885A31669EE12428D8BA2ED68F3
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 3D939885A31669EE12428D8BA2ED68F3
.ad.gt/ Name: au_3p_check
Value: 1
.iamvip.us.kg/ Name: _au_1d
Value: AU1D-0100-001728041093-QDRU72U7-2DJ2
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 3D939885A31669EE12428D8BA2ED68F3
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0
.iamvip.us.kg/ Name: _clsk
Value: u673zd%7C1728041093544%7C1%7C1%7Cq.clarity.ms%2Fcollect
.tapad.com/ Name: TapAd_TS
Value: 1728041093595
.tapad.com/ Name: TapAd_DID
Value: 5bafec98-3d73-47cc-a82d-69fb264ec6a3
.adsrvr.org/ Name: TDID
Value: baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9
.ad.gt/ Name: au_id
Value: AU1D-0100-001728041093-QDRU72U7-2DJ2
.intentiq.com/ Name: intentIQ
Value: vesUi3M2sl
.intentiq.com/ Name: IQver
Value: 1.9
.adnxs.com/ Name: XANDR_PANID
Value: Tw3xa8gR9SIXzgg3aZKL_HuTbIeGGR1Tlu_ql_X8IKjAKxwgvFJ9y-Eb93IUIX0n7p5V9YmZg4KApDuxeynXBPBrSQlDZ2AMuRAQjZE6SQA.
.adnxs.com/ Name: receive-cookie-deprecation
Value: 1
.adnxs.com/ Name: uuid2
Value: 6178791637038509278
trojan.iamvip.us.kg/ Name: _pbjs_userid_consent_data
Value: 3524755945110770
.rubiconproject.com/ Name: khaos
Value: M1UN1TJS-24-BCQN
.rubiconproject.com/ Name: khaos_p
Value: M1UN1TJS-24-BCQN
.intentiq.com/ Name: ASDT
Value: 0
.intentiq.com/ Name: intentIQCDate
Value: 1728041093869
.360yield.com/ Name: tuuid
Value: 226c37da-df1d-4543-8e9c-83b9633bbf4b
.360yield.com/ Name: tuuid_lu
Value: 1728041093
.openx.net/ Name: i
Value: 153bd08e-04d0-4f75-b402-a20f8262daf8|1728041094
.contextweb.com/ Name: V
Value: SybANM77rTlT
.contextweb.com/ Name: VP
Value: part_SybANM77rTlT
bh.contextweb.com/ Name: INGRESSCOOKIE
Value: 969e8841b05c78f7
.yellowblue.io/ Name: wrvUserID
Value: gMEvx3MrCp_s
.quantserve.com/ Name: mc
Value: 66ffd086-47bd8-1ebdd-2b994
.casalemedia.com/ Name: CMID
Value: Zv-QhsAoI78AAEdQAMPGQwAA
.casalemedia.com/ Name: CMPS
Value: 2299
.casalemedia.com/ Name: CMPRO
Value: 2299
.iamvip.us.kg/ Name: _ga
Value: GA1.3.1385255044.1728041092
.iamvip.us.kg/ Name: _gid
Value: GA1.3.2092328481.1728041094
.bidswitch.net/ Name: tuuid
Value: c1f356b7-7783-49ce-9cb6-6119f8cbfea9
.bidswitch.net/ Name: c
Value: 1728041094
.bidswitch.net/ Name: tuuid_lu
Value: 1728041094
.3lift.com/ Name: tluidp
Value: 1595236621141695270647
.3lift.com/ Name: tluid
Value: 1595236621141695270647
.yahoo.com/ Name: A3
Value: d=AQABBIbQ_2YCEHdtr77d7RwAXdnvehHkE4EFEgEBAQEiAWcJZ9wAAAAA_eMAAA&S=AQAAAr-0IB5QLiQ6Ytgf90nquqA
.go.sonobi.com/ Name: _usd_trojan.iamvip.us.kg
Value: d2a34bc6-6a1b-482c-8ac9-b105fc719d23
apex.go.sonobi.com/ Name:
Value: receive-cookie-deprecation: 1
.go.sonobi.com/ Name: __uih
Value: 1
.openx.net/ Name: pd
Value: v2|1728041094|vMgavPkWgyiK
.33across.com/ Name: 33x_ps
Value: u%3D212820451863933%3As1%3D1728041094595%3Ats%3D1728041094595
.go.sonobi.com/ Name: __uis
Value: 041f4be4-ec5a-4d1e-ac5d-c88ccae4a9a8
.rubiconproject.com/ Name: receive-cookie-deprecation
Value: 1
.contextweb.com/ Name: ccpa
Value: 1NNN
.pubmatic.com/ Name: KADUSERCOOKIE
Value: 71ADAA7B-9644-4125-9FC1-74DD489D6F37
.tremorhub.com/ Name: tvid
Value: 1964d31643b344fcaf5b341c04f0f9ff
.a-mo.net/ Name: amuid2
Value: 5a7739d3-998f-4852-a06b-f645488b4619
.a-mo.net/ Name: pamuid2
Value: 5a7739d3-998f-4852-a06b-f645488b4619
.prebid.a-mo.net/ Name: psd_amuid2
Value: 5a7739d3-998f-4852-a06b-f645488b4619
.prebid.a-mo.net/ Name: sd_amuid2
Value: 5a7739d3-998f-4852-a06b-f645488b4619
.yieldmo.com/ Name: yieldmo_id
Value: VecHuII0RHIG_XAE9kWB%7C1728000000000%7C0
.media.net/ Name: usp_status
Value: 1
.media.net/ Name: data-ris
Value: {{APID}}~~25
.smartadserver.com/ Name: pbw
Value: %24b%3d16999%3b%24o%3d99999
.smartadserver.com/ Name: TestIfCookieP
Value: ok
.smartadserver.com/ Name: sasd
Value: %24qc%3D1500048261%3B%24ql%3DUnknown%3B%24qpc%3D90245%3B%24qt%3D152_2199_18079t%3B%24dma%3D803%3B%24qo%3D6
.media.net/ Name: data-pri
Value: 66ffd084466d7~~34
.smartadserver.com/ Name: pid
Value: 9125110371243453562
.smartadserver.com/ Name: sasd2
Value: q=%24qc%3D1500048261%3B%24ql%3DUnknown%3B%24qpc%3D90245%3B%24qt%3D152_2199_18079t%3B%24dma%3D803%3B%24qo%3D6&c=1&l&lo&lt=638636378946984914&o=1
.tremorhub.com/ Name: tvssa
Value: 1728041094797
.lijit.com/ Name: ljt_reader
Value: JcJsALZHJ7KS5nsVT06ycUSb
.creativecdn.com/ Name: g
Value: yoPyEpKi7TQXL6GmEtPx_1728041094937
.creativecdn.com/ Name: ts
Value: 1728041094
.simpli.fi/ Name: suid
Value: D62F5168C7F74AB6851F22A9B65D3707
.omnitagjs.com/ Name: ayl_visitor
Value: 41b9aaecfd5df703c8799312895de812
.deepintent.com/ Name: CDIUSER
Value: di_51a72ddae3d54be4b64bd
.adgrx.com/ Name: ADGRX_UID
Value: 47d551c6-8243-11ef-a5cd-7f6dae47d005
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.w55c.net/ Name: wfivefivec
Value: MBDtbvUK1SWGqz5
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSsjSzMDAzsjA1srA0sTCyMLewEOIz1M0wDwstLCvNTg92DQUAGomT8yQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSsjSzMDAzsjA1srA0sTCyMLewEOIz1M0wDwstLCvNTg92DQUAGomT8yQAAAA
.thrtle.com/ Name: mc
Value: eyJpZCI6ImQzNzExYzkzLTM1MTItNDE4NC1hMTFiLWUxNDEyZmY0YTNhNyIsImwiOjE3MjgwNDEwOTUxNzAsInQiOjF9
.amazon-adsystem.com/ Name: ad-id
Value: A1OJfOV14EdYpqRq-Vm9U9E
sync.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-cfd75379-217e-51f0-7799-dbf87d1e4fd5.euUUIVpZNhQZvShOG8C5YAgmc7G9iz4Yq%2FTT966EpYQ
.srv.stackadapt.com/ Name: sa-user-id
Value: s%3A0-cfd75379-217e-51f0-7799-dbf87d1e4fd5.euUUIVpZNhQZvShOG8C5YAgmc7G9iz4Yq%2FTT966EpYQ
sync.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3Az9dTeSF-UfB3mdv4fR5P1aL1zvc.VTWfWSYFrHD0zjBsF%2FQ%2BfqQYtTodcS4O4otBr0eKRFI
.srv.stackadapt.com/ Name: sa-user-id-v2
Value: s%3Az9dTeSF-UfB3mdv4fR5P1aL1zvc.VTWfWSYFrHD0zjBsF%2FQ%2BfqQYtTodcS4O4otBr0eKRFI
sync.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIDmkMNtGcnuEO6vs1l8bUZl5Np29_JIlgEsCTTQ8lIx6EGcYBCCHof-3BjABOgS9RxseQgT3zQy1.LMa3ykW9L2E8s8voIBt1uUE%2FAh1i%2B%2Fg5NfjGQNDMc%2F8
.srv.stackadapt.com/ Name: sa-user-id-v3
Value: s%3AAQAKIDmkMNtGcnuEO6vs1l8bUZl5Np29_JIlgEsCTTQ8lIx6EGcYBCCHof-3BjABOgS9RxseQgT3zQy1.LMa3ykW9L2E8s8voIBt1uUE%2FAh1i%2B%2Fg5NfjGQNDMc%2F8
.ads.stickyadstv.com/ Name: UID
Value: ca92f4f0c1ef7dbf58fbcc3bdeac242
.doubleclick.net/ Name: IDE
Value: AHWqTUm0tQu41WKZMQwTiXx0cl5PkT6m1aWItCm_1nFn8ZtbZN2AAUQgwksfSN7eNys
.smaato.net/ Name: SCM
Value: 0c3e01481b
.smaato.net/ Name: SCMrise
Value: 0c3e01481b
.adgrx.com/ Name: ADGRX_CM_PUBMATIC_BRIDGED
Value: 1
.admanmedia.com/ Name: admtr
Value: 210c1e62-1141-42eb-b7d7-72bbf4095336
.w55c.net/ Name: matchpubmatic
Value: 5
.pubmatic.com/ Name: KRTBCOOKIE_377
Value: 6810-baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&KRTB&22918-baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&KRTB&22926-baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9&KRTB&23031-baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9
.sharethrough.com/ Name: stx_user_id
Value: 73aba2f8-05d0-40b3-a6d2-3e99555528ea
.bidr.io/ Name: bito
Value: AADVvU7N_6EAABUduNQpMQ
.bidr.io/ Name: bitoIsSecure
Value: ok
.pubmatic.com/ Name: KRTBCOOKIE_860
Value: 16335-z9dTeSF-UfB3mdv4fR5P1aL1zvc&KRTB&23334-z9dTeSF-UfB3mdv4fR5P1aL1zvc&KRTB&23417-z9dTeSF-UfB3mdv4fR5P1aL1zvc&KRTB&23426-z9dTeSF-UfB3mdv4fR5P1aL1zvc
.sportradarserving.com/ Name: zuuid
Value: 322c4293-ac94-4b5e-9b1a-da5e408e5400
.sportradarserving.com/ Name: c
Value: 1728041095
.sportradarserving.com/ Name: zuuid_lu
Value: 1728041095
trojan.iamvip.us.kg/ Name: _lr_retry_request
Value: true
trojan.iamvip.us.kg/ Name: _lr_env_src_ats
Value: false
.pubmatic.com/ Name: KRTBCOOKIE_1003
Value: 22761-47d551c6-8243-11ef-a5cd-7f6dae47d005&KRTB&23275-47d551c6-8243-11ef-a5cd-7f6dae47d005
.csync.loopme.me/ Name: viewer_token
Value: 98d01a2b-c8a2-4aa8-9618-2451b248acc2
.sitescout.com/ Name: ssi
Value: 23aa16fb-42da-49d5-a047-d139ebc8c745#1728041095444
.pubmatic.com/ Name: KRTBCOOKIE_107
Value: 1471-uid:MBDtbvUK1SWGqz5&KRTB&23421-uid:MBDtbvUK1SWGqz5
.pubmatic.com/ Name: KRTBCOOKIE_153
Value: 19420-6NlXPbrfCW3z2wY5utccaruNVT_z3VNi59u9Z2k-&KRTB&22979-6NlXPbrfCW3z2wY5utccaruNVT_z3VNi59u9Z2k-&KRTB&23462-6NlXPbrfCW3z2wY5utccaruNVT_z3VNi59u9Z2k-
.pubmatic.com/ Name: KRTBCOOKIE_18
Value: 22947-968062852894828788&KRTB&23628-968062852894828788
.pubmatic.com/ Name: KRTBCOOKIE_148
Value: 19421-uid:D62F5168C7F74AB6851F22A9B65D3707&KRTB&23486-uid:D62F5168C7F74AB6851F22A9B65D3707&KRTB&23489-uid:D62F5168C7F74AB6851F22A9B65D3707&KRTB&23539-uid:D62F5168C7F74AB6851F22A9B65D3707
.adx.opera.com/ Name: UID
Value: OPU4f580104313445479bcc7e827583ad33
beacon.lynx.cognitivlabs.com/ Name: UID
Value: d992da45-6709-4e2f-a9c7-6e6739144cdf
.kueezrtb.com/ Name: vdz_sync
Value: 75ea81e7-6094-d6a8-754b-b4f3d987e5a4
.sportradarserving.com/ Name: zuuid_k
Value: 1
.sportradarserving.com/ Name: zuuid_k_lu
Value: 1728041095
trojan.iamvip.us.kg/ Name: pbjs-unifiedid
Value: %7B%22TDID%22%3A%22baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9%22%2C%22TDID_LOOKUP%22%3A%22TRUE%22%2C%22TDID_CREATED_AT%22%3A%222024-09-04T11%3A24%3A55%22%7D
trojan.iamvip.us.kg/ Name: pbjs-unifiedid_last
Value: Fri%2C%2004%20Oct%202024%2011%3A24%3A55%20GMT
.ipredictive.com/ Name: cu
Value: 4d0fa256-1203-4cb4-bdf9-e85c9cab6677|1728041095503
.pubmatic.com/ Name: KRTBCOOKIE_188
Value: 3189-23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553&KRTB&23418-23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553&KRTB&23634-23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553
.pubmatic.com/ Name: KRTBCOOKIE_279
Value: 22890-4d0fa256-1203-4cb4-bdf9-e85c9cab6677&KRTB&23011-4d0fa256-1203-4cb4-bdf9-e85c9cab6677&KRTB&23355-4d0fa256-1203-4cb4-bdf9-e85c9cab6677
.adnxs.com/ Name: anj
Value: dTM7k!M4/8CxrEQF']wIg2HaSpmld1!@wnf-Te9(>wL5L!!'id$xsYq
.adnxs.com/ Name: icu
Value: ChkIsKGWARAKGAEgASgBMIah_7cGOAFAAUgBChkIlb-WARAKGAEgASgBMIeh_7cGOAFAAUgBEIeh_7cGGAE.
.pubmatic.com/ Name: KRTBCOOKIE_1323
Value: 23480-OPU4f580104313445479bcc7e827583ad33&KRTB&23485-OPU4f580104313445479bcc7e827583ad33&KRTB&23524-OPU4f580104313445479bcc7e827583ad33&KRTB&23575-OPU4f580104313445479bcc7e827583ad33
.pubmatic.com/ Name: KRTBCOOKIE_632
Value: 23041-Bl7D7O-7X2WZM1PFTWKMcux1rVPEKbVBlsM8Zj2R5KI&KRTB&23047-Bl7D7O-7X2WZM1PFTWKMcux1rVPEKbVBlsM8Zj2R5KI&KRTB&23234-Bl7D7O-7X2WZM1PFTWKMcux1rVPEKbVBlsM8Zj2R5KI&KRTB&23361-Bl7D7O-7X2WZM1PFTWKMcux1rVPEKbVBlsM8Zj2R5KI
.tynt.com/ Name: uid
Value: B8HSyGb/0IcIqsqFR5ujUQ==
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: d90ba1807260010ad16e31d321ad53d8
.crwdcntrl.net/ Name: _cc_cc
Value: "ACZ4nGNQSLE0SEo0tDAwNzIzMDA0SEwxNEs1NkwxNjJMTDE1TrFgAIK0%2FxfaGRAAAE8RCx4%3D"
.crwdcntrl.net/ Name: _cc_aud
Value: "ABR4nGNgYGBI%2B3%2BhnQEOACImAr0%3D"
.pubmatic.com/ Name: KRTBCOOKIE_466
Value: 16530-c1f356b7-7783-49ce-9cb6-6119f8cbfea9
.criteo.com/ Name: receive-cookie-deprecation
Value: 1
.iamvip.us.kg/ Name: panoramaId_expiry
Value: 1728127495870
.iamvip.us.kg/ Name: _cc_id
Value: d90ba1807260010ad16e31d321ad53d8
.adform.net/ Name: C
Value: 1
.turn.com/ Name: uid
Value: 8693763434019593167
.pubmatic.com/ Name: KRTBCOOKIE_52
Value: 22772-R33647_11CDE6AA7_1C2A209C&KRTB&23092-R33647_11CDE6AA7_1C2A209C
.adform.net/ Name: uid
Value: 5758921278501779407
.pubmatic.com/ Name: KRTBCOOKIE_391
Value: 22924-5758921278501779407&KRTB&23263-5758921278501779407&KRTB&23481-5758921278501779407
.analytics.yahoo.com/ Name: IDSYNC
Value: "18z8~2l2b:190u~2l2b"
.linkedin.com/ Name: bcookie
Value: "v=2&4ef1fd9d-2c93-4f3f-8ec7-0868af163d37"
.linkedin.com/ Name: lidc
Value: "b=VGST07:s=V:r=V:a=V:p=V:g=3075:u=1:x=1:i=1728041096:t=1728127496:v=2:sig=AQFFC6xVfNM0C2fLKPr0MryJWmU4bJnZ"
amspbs.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyIzM2Fjcm9zcyI6eyJ1aWQiOiIyMTI4MjA0NTE4NjM5MzMiLCJleHBpcmVzIjoiMjAyNC0xMC0xOFQxMToyNDo1Ni41NTQ1MTA2MTRaIn0sIm9wZW54Ijp7InVpZCI6ImZmNDk2MDE4LTE0YzgtNDM2Yi04NTU4LWFhZjI2NzFlMmI4OCIsImV4cGlyZXMiOiIyMDI0LTEwLTE4VDExOjI0OjU0Ljk3NDA4MTQwOVoifX19
.iamvip.us.kg/ Name: _pubcid
Value: 85f949f1-42d2-4e4a-aaa2-d045e39729d8
.targeting.unrulymedia.com/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005%22%7D
.krushmedia.com/ Name: krm_usr
Value: 2e5f3ffa-4cac-5094-8925-51034e0bc2f7
.krushmedia.com/ Name: krm_r
Value: 615
.go.sonobi.com/ Name: HAPLB8G
Value: s85161|Zv/Qj
.mxptint.net/ Name: mxpim
Value: R33647_11CDE6AA7_1C2A209C.1.000000000000000066FFD089
.deepintent.com/ Name: CDIPARTNERS
Value: %7B%221%22%3A%2220241004%22%2C%22141%22%3A%2220241004%22%7D
.tribalfusion.com/ Name: ANON_ID
Value: adnteZbuyTYEBErv6XromijFZaMPZdWM9sVBg8ZdY7nabJ2Rj6VEihRdpPAbA7PJ16nP4y4KVZcjM3qXqkhR9Y83KB1obUVAj4WSZc
.prebid.a-mo.net/ Name: __amc
Value: 2_1728041094_1728041096
.pubmatic.com/ Name: KRTBCOOKIE_1251
Value: 23269-di_51a72ddae3d54be4b64bd&KRTB&23571-di_51a72ddae3d54be4b64bd
.w55c.net/ Name: matchsharethrough
Value: 5
.smaato.net/ Name: SCMs
Value: 0c3e01481b
.pubmatic.com/ Name: KRTBCOOKIE_1278
Value: 23329-d992da45-6709-4e2f-a9c7-6e6739144cdf&KRTB&23340-d992da45-6709-4e2f-a9c7-6e6739144cdf&KRTB&23498-d992da45-6709-4e2f-a9c7-6e6739144cdf
.pubmatic.com/ Name: KRTBCOOKIE_594
Value: 17105-OPTOUT&KRTB&17107-OPTOUT
.pubmatic.com/ Name: KRTBCOOKIE_22
Value: 14911-8693763434019593167&KRTB&23150-8693763434019593167&KRTB&23527-8693763434019593167&KRTB&23629-8693763434019593167
ads.bidstreamserver.com/ Name: AVPUID
Value: d2465fc49a81244c6b808a34d9533969
.storygize.net/ Name: U
Value: d76c1cf4-f481-4cb7-ad3f-0518bf248f70
.mathtag.com/ Name: uuid
Value: e0cb66ff-d089-4d00-a5f1-195d49a192a0
.kargo.com/ Name: ktcid
Value: f446aebf-ea36-04cf-542f-1817d16db1ef
beacon.lynx.cognitivlabs.com/ Name: ss
Value: P0BCnPGU7aAuytcFSFWlST4hLOqFNqXkVGnVGlwMgKVEmZp%2BKMdsRNp28c25%2FTWULKmgHrR9ecbW1Q8N5L6acA%3D%3D
.id5-sync.com/ Name: id5
Value: d08a6b68-eaeb-76d5-ba7d-fd4367679225#1728041097396#1
.pubmatic.com/ Name: DPSync4
Value: 1729209600%3A263_260_259_256_261_258_262%7C1728086400%3A248_255%7C1728604800%3A252_265%7C1729036800%3A257
.pubmatic.com/ Name: pi
Value: 0:3
.pubmatic.com/ Name: KRTBCOOKIE_32
Value: 11175-AQAHjJ95co_LQQIQH3YnAQEBAQEBAQCTVkeZhQEBAJNWR5mF&KRTB&22715-AQAHjJ95co_LQQIQH3YnAQEBAQEBAQCTVkeZhQEBAJNWR5mF&KRTB&23519-AQAHjJ95co_LQQIQH3YnAQEBAQEBAQCTVkeZhQEBAJNWR5mF&KRTB&23632-AQAHjJ95co_LQQIQH3YnAQEBAQEBAQCTVkeZhQEBAJNWR5mF
.resetdigital.co/ Name: ckbk
Value: 0000015DBA980B2F
.pubmatic.com/ Name: chkChromeAb67Sec
Value: 10
.disqus.com/ Name: zeta-ssp-user-id
Value: ua-b888ed0c-2f56-3a83-9863-8a161b9c3f0f
.pubmatic.com/ Name: KRTBCOOKIE_27
Value: 16735-uid:e0cb66ff-d089-4d00-a5f1-195d49a192a0
.mgid.com/ Name: __cf_bm
Value: hu4TWzGTYcXVm3zR5cGNwE6lYHIOba4fjXGkaWRbwFk-1728041097-1.0.1.1-aiwHWJXJ_E9Ja.xkLrcplF0pukREmVfD6W8DH8MVeHR5_bU7hK8VisUxJnThn641JEhtC32I1jDBKSq6_UD.OQ
.mfadsrvr.com/ Name: tuuid
Value: 50fa3551-9e3c-466b-9d12-f2f389df3aee
.mfadsrvr.com/ Name: c
Value: 1728041097
.mfadsrvr.com/ Name: tuuid_lu
Value: 1728041097
.pubmatic.com/ Name: KRTBCOOKIE_1199
Value: 23168-0000015DBA980B2F&KRTB&23175-0000015DBA980B2F
.quantserve.com/ Name: sp
Value: CggIiQ0SAxDJDQoJCN6vBhIDEMkNCgkIgq0DEgMQyQ0=
.rubiconproject.com/ Name: audit_p
Value: 1|Ieicv4cBOm/rdFPI3qPcVjeBWXwR7itdAjgvjhZnUhQJD8deNwibMJLehtE26BonYXuEhT32ajJBK03vAHceEHP0swe0RknJoRjbyWWLTN4j5+SvyefVPITSZerNs6xrdX8LaUJQ3mWUfD0oq+p086gHq5Z49DJ6zY7yoJVHQ3jeJRBGYIPH7rKpUjWTmmg0
.rubiconproject.com/ Name: audit
Value: 1|Ieicv4cBOm/rdFPI3qPcVjeBWXwR7itdAjgvjhZnUhQJD8deNwibMJLehtE26BonYXuEhT32ajJBK03vAHceEHP0swe0RknJoRjbyWWLTN4j5+SvyefVPITSZerNs6xrdX8LaUJQ3mWUfD0oq+p086gHq5Z49DJ6zY7yoJVHQ3jeJRBGYIPH7rKpUjWTmmg0
.pubmatic.com/ Name: SyncRTB4
Value: 1728604800%3A2_223_15%7C1728432000%3A216%7C1729209600%3A22_48_7_56_46_54_240_81_176_104_3_13_249_166_178_234_231_266_220_250_233_264_165_55_71_21_99_8_201_5%7C1730592000%3A224%7C1728864000%3A63%7C1729296000%3A35
.blismedia.com/ Name: b
Value: 66FFD089B5C4D7B6DF603DF5BLIS
.mfadsrvr.com/ Name: ssh
Value: !bidswitch=1728041097
.ctnsnet.com/ Name: cid_7bdcc5d9ddef4dd9b11e8da99316e3a3
Value: 1
.rlcdn.com/ Name: rlas3
Value: t6+KXjf4K6ym1rmJ1yw1DfV0UnMEhCsTeG/jaCMuiIA=
.intentiq.com/ Name: IQPubmaticCookieSync
Value: 1728041097845_-2079164176_278
.intentiq.com/ Name: IQPData
Value: 2734018295#1728041097843#0#1728041093869
.intentiq.com/ Name: CSDT
Value: UEQ6MTUxMDZfMCZVUUVXTENQ
.intentiq.com/ Name: IQAppnexusCookieSync
Value: 1728041097845_0_278
.bttrack.com/ Name: GLOBALID
Value: 2uKlc8-sIBd987FnXwXEHpn7BgsCX1B_dHA4nXbIJLsKPD5scInHLvqx5GSunvcpIWr23mwmb5QC4TM1
.iqzone.com/ Name: iq_u_key
Value: f1bf4862-ff8b-4a50-9b26-6f19c7f5c9d5
.company-target.com/ Name: tuuid
Value: bdd3cc11-ac0e-4bf7-ba05-d545d7e8d28e
.company-target.com/ Name: tuuid_lu
Value: 1728041097|eqx:0
.rlcdn.com/ Name: pxrc
Value: CImh/7cGEgUI6AcQABIFCOhHEAA=
.criteo.com/ Name: cto_bundle
Value: RasC9F9VWFFaUHQ2T1NqeW11dUltRjNFOG9iTlFSaWZYUlhvMDNNakdiOWdxMCUyRkVDUnc0QllFZUltbldMUkpkUHhZa2hlMTNmV21VMWd0SUh2NENWeEFQYTdOajlMaXBRRTBHSEpZeTVJY1lWdTVnJTNE
.admanmedia.com/ Name: ac_r
Value: CS116|CS139
.owneriq.net/ Name: p2
Value: pmc
.owneriq.net/ Name: si
Value: Q7813274981734127639P
.owneriq.net/ Name: pmc
Value: 1
.zemanta.com/ Name: zuid
Value: 1hv7tY9rcWM3RJNhYgpU
.iamvip.us.kg/ Name: cto_bundle
Value: ExZhYF9pdEZhQUluWFhPWFp3bmdQRDNxc2pkUU5PMXRMVzFwczk5Zzh2TjJSUGhRaWpSeHBWTndITzVudHFkYmIydDZic2VaZHF0STBzQW83SjgyR0tmVno4cXh6N0syVTFwRHZMb21nRUJTSU1HNmd6Q0RnOW41b3hkeUFRQlZWRmRNQw
.iamvip.us.kg/ Name: cto_bidid
Value: Kk9xbV9LcHQlMkJZUkZ3enlrTjJZcEhuZ3dEOHJXS0ViZHBCOWtKaHdRcFhpWkNxVXklMkZXOHpoOTdHdFdsemNsS2FCakY1MDdiMVh5S0x4d3RDQlZSN3Rja1IlMkJ6ZyUzRCUzRA
.pubmatic.com/ Name: PugT
Value: 1728041098
.media.net/ Name: visitor-id
Value: 3710426981829586000V10
.adsrvr.org/ Name: TDCPM
Value: CAESFAoFdGFwYWQSCwjqoL64ppyyPRAFEhcKCHB1Ym1hdGljEgsI3oLh0qacsj0QBRIWCgdydWJpY29uEgsI2Juuzaacsj0QBRIbCgxzaGFyZXRocm91Z2gSCwju4bLZppyyPRAFGAEgASgCMgsI_NmJj72csj0QBTgBWgZzb25vYmlgAg..
.pippio.com/ Name: didts
Value: 1728041098
.pippio.com/ Name: nnls
Value:
.pippio.com/ Name: pxrc
Value: CIqh/7cGEgYIgr0rEAA=
.pippio.com/ Name: did
Value: xTZFhyVUkjk8e-lA
.sitescout.com/ Name: _ssuma
Value: eyI0NSI6MTcyODA0MTA5NzAyMiwiMzkiOjE3MjgwNDEwOTgyOTEsIjciOjE3MjgwNDEwOTgyOTEsIjQxIjoxNzI4MDQxMDk3MjI2fQ
.1rx.io/ Name: _rxuuid
Value: %7B%22rx_uuid%22%3A%22RX-2ae724ae-77ed-4f68-ab63-256e3cc43b17-005%22%7D
.linkedin.com/ Name: li_sugr
Value: 150a87be-f7bc-48a4-9794-7df040f54651
.pubmatic.com/ Name: KRTBCOOKIE_904
Value: 23554-7G6W7HFBCRCdoInbitD_Zg&KRTB&23557-7G6W7HFBCRCdoInbitD_Zg&KRTB&23586-7G6W7HFBCRCdoInbitD_Zg
.rfihub.com/ Name: eud
Value: H4sIAAAAAAAA_9vEyGtobmRhYGJoYGluYGG2ShTBtzAxNQEAbBczmyAAAAA
.media.net/ Name: data-exp
Value: setstatuscode~~1
.go.sonobi.com/ Name: __uir_td
Value: 238397734687536506
.go.sonobi.com/ Name: __uin_td
Value: baec7c2e-0e3e-4409-bbcc-e33c1f8b27b9
.media.net/ Name: data-lop
Value: 98d01a2b-c8a2-4aa8-9618-2451b248acc2~~1
.go.sonobi.com/ Name: __uir_zt
Value: 238397734687536506
.go.sonobi.com/ Name: __uin_zt
Value: 968062852894828788
.betweendigital.com/ Name: dc
Value: was1
.betweendigital.com/ Name: tuuid
Value: 7f33fa5d-abda-5316-aeda-a44cc82574c6
.betweendigital.com/ Name: ss
Value: 1
.go.sonobi.com/ Name: __uir_bs
Value: 238397734687536506
.go.sonobi.com/ Name: __uin_bs
Value: 23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553
.go.sonobi.com/ Name: __uir_st
Value: 238397734687536506
.go.sonobi.com/ Name: __uin_st
Value: z9dTeSF-UfB3mdv4fR5P1aL1zvc
.betweendigital.com/ Name: ut
Value: Zv_QigALG8Bexxvdg2kZghSpWDpmWvKrmiW_FQ==
.a-mx.com/ Name: amdt_t
Value: p::1728041098835
.a-mx.com/ Name: amdt_t
Value: p::1728041098835
.a-mx.com/ Name: amuid2
Value: 5a7739d3-998f-4852-a06b-f645488b4619
.a-mx.com/ Name: amuid2
Value: 5a7739d3-998f-4852-a06b-f645488b4619
.go.sonobi.com/ Name: __uir_bw
Value: 238397734687536506
.go.sonobi.com/ Name: __uin_bw
Value: c1f356b7-7783-49ce-9cb6-6119f8cbfea9
.tynt.com/ Name: pids
Value: %5B%7B%22p%22%3A%22797f54a72d%22%2C%22f%22%3A1%2C%22ts%22%3A1728041096258%7D%2C%7B%22p%22%3A%224ef5c9a86a%22%2C%22f%22%3A1%2C%22ts%22%3A1728041096258%7D%2C%7B%22p%22%3A%224bee518595%22%2C%22f%22%3A1%2C%22ts%22%3A1728041098875%7D%2C%7B%22p%22%3A%22029cc11ae7%22%2C%22f%22%3A1%2C%22ts%22%3A1728041098875%7D%2C%7B%22p%22%3A%226f27415d53%22%2C%22f%22%3A1%2C%22ts%22%3A1728041098875%7D%2C%7B%22p%22%3A%22162dbd77b3%22%2C%22f%22%3A1%2C%22ts%22%3A1728041098875%7D%2C%7B%22p%22%3A%227daaa56bb0%22%2C%22f%22%3A1%2C%22ts%22%3A1728041098875%7D%2C%7B%22p%22%3A%2224c05c7b76%22%2C%22f%22%3A1%2C%22ts%22%3A1728041096258%7D%2C%7B%22p%22%3A%22d26852f088%22%2C%22f%22%3A1%2C%22ts%22%3A1728041096258%7D%2C%7B%22p%22%3A%22cf4d6e49b5%22%2C%22f%22%3A1%2C%22ts%22%3A1728041096258%7D%2C%7B%22p%22%3A%22f9a4a8fd15%22%2C%22f%22%3A1%2C%22ts%22%3A1728041096258%7D%2C%7B%22p%22%3A%22008c314e8f%22%2C%22f%22%3A1%2C%22ts%22%3A1728041098875%7D%5D
.tapad.com/ Name: TapAd_3WAY_SYNCS
Value: 1!6683-2!6683
.smartadserver.com/ Name: csync
Value: 31:c1f356b7-7783-49ce-9cb6-6119f8cbfea9|68:23aa16fb-42da-49d5-a047-d139ebc8c745-66ffd087-5553|80:0nU0TYBzah3Jd2VJgHt_GoEhNk_JcTAS3Xf1bF9f|116:08gXeroY-jMlzMA8VqFI|127:AADVvU7N_6EAABUduNQpMQ|134:OB_OK
.adsby.bidtheatre.com/ Name: __kuid
Value: 668e51d0-0e5b-48bc-b975-0c897fc35df8.497255098
.contextweb.com/ Name: pb_rtb_ev
Value: 3-1u06|80p.0.1|7bs.0.1|7dN.0.AADVvU7N_6EAABUduNQpMQ|8i8.0.1
.contextweb.com/ Name: pb_rtb_ev_part
Value: 3-1u06|80p.0.1|7bs.0.1|7dN.0.AADVvU7N_6EAABUduNQpMQ|8i8.0.1
.iqzone.com/ Name: iq_r_key
Value: 277|299
.pubmatic.com/ Name: SPugT
Value: 1728041099
.dotomi.com/ Name: DotomiTest
Value: 542bacf40b1313df
prebid.bidstreamserver.com/ Name: uids
Value: eyJ0ZW1wVUlEcyI6eyIzM2Fjcm9zcyI6eyJ1aWQiOiIyMTI4MjA0NTE4NjM5MzMiLCJleHBpcmVzIjoiMjAyNC0xMC0xOFQxMToyNDo1OS4xNTIyMDU3OTZaIn0sInVucnVseSI6eyJ1aWQiOiJSWC0yYWU3MjRhZS03N2VkLTRmNjgtYWI2My0yNTZlM2NjNDNiMTctMDA1IiwiZXhwaXJlcyI6IjIwMjQtMTAtMThUMTE6MjQ6NTguNjE0NDc4ODE5WiJ9fX0=
.rtb.mx/ Name: amdt_t
Value: p::1728041099256
.rtb.mx/ Name: amuid2
Value: 5a7739d3-998f-4852-a06b-f645488b4619

5 Console Messages

Source Level URL
Text
javascript error URL: https://trojan.iamvip.us.kg/
Message:
Access to fetch at 'https://cf.whatismyip.com/' from origin 'https://trojan.iamvip.us.kg' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
network error URL: https://cf.whatismyip.com/
Message:
Failed to load resource: net::ERR_FAILED
network error URL: https://csync.loopme.me/?pubid=11280&gdpr=0&gdpr_consent=&redirect=https%3A%2F%2Flive.primis.tech%2Flive%2FliveCS.php%3Fsource%3Dexternal%26advId%3D93%26advUuid%3D%7Bviewer_token%7D
Message:
Failed to load resource: the server responded with a status of 504 ()
javascript error URL: https://trojan.iamvip.us.kg/
Message:
Access to XMLHttpRequest at 'https://api.rlcdn.com/api/identity/envelope?pid=34' from origin 'https://trojan.iamvip.us.kg' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://api.rlcdn.com/api/identity/envelope?pid=34
Message:
Failed to load resource: net::ERR_FAILED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=2592000; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

8e52cbf225f3b0141167904da14fac96.safeframe.googlesyndication.com
a.ad.gt
acdn.adnxs.com
ad.360yield.com
ad.turn.com
ads.betweendigital.com
ads.bidstreamserver.com
ads.pubmatic.com
ads.stickyadstv.com
amspbs.com
analytics.google.com
ap.lijit.com
apex.go.sonobi.com
api.intentiq.com
api.rlcdn.com
api.whatismyip.com
apiv6.whatismyip.com
bh.contextweb.com
c.amazon-adsystem.com
c.bing.com
c.clarity.ms
cache.sellwild.com
cadmus.script.ac
cdn.adnxs.com
cdn.hadronid.net
cf.whatismyip.com
cm.adform.net
cm.g.doubleclick.net
cs-server-s2s.yellowblue.io
cs.admanmedia.com
cs.media.net
csync.loopme.me
de.tynt.com
eb2.3lift.com
eus.rubiconproject.com
fastlane.rubiconproject.com
fonts.googleapis.com
fonts.gstatic.com
gum.criteo.com
hbopenbid.pubmatic.com
hbx.media.net
hde.tynt.com
ib.adnxs.com
id.crwdcntrl.net
id.hadron.ad.gt
id5-sync.com
ids.ad.gt
image2.pubmatic.com
lb.eu-1-id5-sync.com
lexicon.33across.com
live.primis.tech
match.adsrvr.org
match.sharethrough.com
mb9eo.publishers.tremorhub.com
media.bidgx.com
mug.criteo.com
nym1-ib.adnxs.com
onetag-sys.com
p.ad.gt
p.rfihub.com
pagead2.googlesyndication.com
pixel-sync.sitescout.com
pixel.quantserve.com
pixel.rubiconproject.com
pixel.tapad.com
pixels.ad.gt
pr-bh.ybp.yahoo.com
prebid.a-mo.net
prebid.bidstreamserver.com
prg.smartadserver.com
proton.ad.gt
pubads.g.doubleclick.net
q.clarity.ms
rtb-csync.smartadserver.com
rtb.primis.tech
script.4dex.io
secure.adnxs.com
securepubads.g.doubleclick.net
seg.ad.gt
srv.bidgx.com
ssbsync-global.smartadserver.com
ssc-cms.33across.com
ssum-sec.casalemedia.com
stats.g.doubleclick.net
sync.1rx.io
sync.a-mo.net
sync.crwdcntrl.net
sync.go.sonobi.com
sync.intentiq.com
sync.kueezrtb.com
sync.srv.stackadapt.com
sync.targeting.unrulymedia.com
t.pubmatic.com
targeting.unrulymedia.com
td.doubleclick.net
token.rubiconproject.com
tpc.googlesyndication.com
trojan.iamvip.us.kg
u.openx.net
unpkg.com
ups.analytics.yahoo.com
video.primis.tech
widget.sellwild.com
www.clarity.ms
www.google-analytics.com
www.google.com
www.googletagmanager.com
x.bidswitch.net
api.rlcdn.com
cf.whatismyip.com
fonts.googleapis.com
hbx.media.net
image2.pubmatic.com
pagead2.googlesyndication.com
q.clarity.ms
108.138.115.149
108.139.29.24
13.249.91.97
141.95.33.120
142.251.32.98
142.251.40.162
142.251.40.163
142.251.40.164
142.251.40.194
142.251.41.2
142.251.41.8
146.190.160.59
147.135.119.114
147.182.130.98
147.28.129.37
147.75.195.55
157.245.223.249
162.19.138.120
172.240.127.130
172.64.151.101
172.67.170.105
172.67.217.90
18.164.96.65
18.173.132.46
18.238.80.6
184.73.7.244
199.38.167.131
20.110.205.119
20.231.53.73
2001:4860:4802:36::181
207.65.37.179
216.22.16.4
23.105.14.105
23.199.48.23
23.219.161.150
23.51.57.13
23.56.163.106
2600:1901:0:d110::
2600:1f18:4e9:5a05:1e36:854b:ce6e:e1d4
2600:1f18:612b:4200:7dcc:5c5a:aa02:8246
2600:9000:2510:1600:1a:5235:f980:93a1
2600:9000:2510:c200:1a:5235:f980:93a1
2600:9000:2511:9000:1:6448:6d00:93a1
2600:9000:2807:ae00:1b:6b7d:2300:93a1
2600:9000:2807:e000:1b:6b7d:2300:93a1
2602:803:c002:200::32
2606:4700:10::6816:445
2606:4700:10::ac43:17ea
2606:4700:10::ac43:246e
2606:4700:20::681a:8a9
2606:4700:3035::ac43:d95a
2606:4700::6811:f5cb
2606:4700::6812:1691
2607:f350:3:2569:0:10:0:200d
2607:f350:3:2569:0:10:0:a
2607:f8b0:4004:c06::9c
2607:f8b0:4006:80c::2001
2607:f8b0:4006:80f::2002
2607:f8b0:4006:817::200e
2607:f8b0:4006:81c::200a
2607:f8b0:4006:822::2001
2607:f8b0:4006:824::2008
2620:100:a00b::12
2620:112:f008:200::101
2620:116:800b:21:c1e8:5385:5098:6bf0
2620:1ec:bdf::40
2620:1ec:c11::237
3.135.116.123
3.225.218.10
3.228.185.44
3.229.119.146
34.111.113.62
34.117.39.86
34.209.157.212
34.36.216.150
34.98.64.218
35.211.202.130
35.214.249.203
35.244.193.51
35.71.131.137
37.157.2.229
44.197.253.82
51.222.239.230
51.222.239.232
52.223.22.214
54.209.225.147
54.224.103.108
63.251.28.230
67.202.105.24
67.202.105.31
67.202.105.32
68.67.160.24
68.67.161.208
69.173.151.100
69.194.240.11
69.194.240.13
74.119.117.17
74.214.194.131
8.28.7.92
80.77.87.163
058ed961bfe422af7bfc65865f4c08531ec8ace995f8a1ec560a46581cb7712c
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
0b187e4da337ffb9ca95d5afae80c420ebf0f070a1446dafa8cf0bf83448cadd
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0d111d61901004eafd87c672f12f6cd54b3c376513aa672bf58100506dfe76f5
101ead936a2281d53dcc064b7e2a2ab0d53b92ef3ef7b34b668673007895c860
11582994f26fe838b1c72df0462ed744392a39cc223177347d530ff30d851208
11a2142988720cd49ff000e5d488493947b3d34821301c5a706b3495b8381f7d
127ec6e87ef138e16ca621a508ae190e176327c70b09ee4eadd4b1b6a5c2c8e7
13a07f2a85b89e75be6a92c9fb0c33148e5a4537d90888e5eb4bef6ee9aee8b5
14ebd64274d01045f48b8878423535bf065768179fb64f441a5b625b00eccadd
18a56efa25b45d346e6b2912200c40185663fcfd1451faf2bc837ff0bc5e5bbf
18c6b61251d5e75e4ddf7eb99fb3149388d547cefedc627251c4adacebc2fa22
191601b22171ed66cf8767d674a9f5df540f5cb241431c02f1b6c1a31be34c56
1a04de2ecdb30e2b206a752c68342a2708145246d03fc235022ca20591d48f8d
1aa91c2bf5d4cf391b6df03f189737c077faa58bd323c3156b88f0d2a0f712f8
1b0a1223eb6a2c991fc1232aa8898096f98d811789a91df35063b9180adf8dc4
1fd87175b6ea58f5e37928f5430552316319a3883f8fd13afa0d5ead6fb69270
23598d0232e62f03807cb382268cee54c5016830ad640aeebd116690677dc0f2
27ac6e05eb3fda629533072cf0b9a49a3e904063055b23d29c709404426c5908
27e975655f5d5e060bda8738ac8e9f95812d1df94791fa37c4ef79f60452fdb1
2940655625cbe9168662c87a72288297d67e21a12ca7b63954003dc7bb0410f7
2a17f73254b781fcdf538f95d72c09b4bb45cd179ed8a58ea819ead8f134f111
2c9219112ff4b077db203891f5cda971ad955f5b7aece98ce6a94410b58b3c99
30adbc7e799238c336b56a1e20db67910f2a114fc3bc6ced6c550b4c873318aa
30da98fecaf6b7cdb114b762d49fa2743cc5ba4f7853936889659a0707fd49dd
32d176449bbf8dbdc0ed4c99755ec0c4b0cc21133644020cb2796db68f174782
3968ade36305c0325e6bd6fa3a74e36001f56b7ba86e042ca3da7bd0819031e6
3a2d8761ec937b0fdbbd68af5e948d1d284f862d5d9b3df041b7786702f3ff5d
3aa97395cf24342b972ebe19c924e51220b631de77bc3c378df079b67c8f443b
3aec57ffa5c31e185202ddaa3b5b9d9872d4504f4546ab4eea1298baaf3c7cc7
3b02584211e3f462fe1794c0f8e37908d3a4fcf2b061b490126df9440d5e98fb
3ba9de84337ba208fdafeb484461b6bf4dbbef80edf27f7aceb44ebcba1a7518
3bfeef96a8e901a3614400f85e10670c7f0551ab53c34e8fbbcb405dbda2cc9d
3c8d34acf786483984d65f3818112e507e4cdeb6d7a8b6bb9a5cd130e77ecb52
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ed239d1de8373b6b50a086822887f8b5bb73d2c01176d2bec3f1dc334c9301c
3f799ff70a067cdb0d1110d608f80bae49955473be53048209b3e20321834d3b
3fbe8ac4f89eadd638a12fc4e6911facc584fa3dfb822a5faef6b0cd60ac9c42
407a567abfabf78843c1dfe24457bb650325d8f93e9396a00ce686172756244f
435b1ece4a55f4f8d06866b32c1aee3cc4661eb905265894795f15a57bf1b33d
44189512738206177f5a081156e7d6c31607bcf3fea4995e6193eaa12762ffa1
46605171f4704f6d6278ade0823687795bbfce636a24ce878754dc2f7c4cd0fe
46ee6292134b950168fcc5d297ab92b34fb56f5552f99668814ab1deb5fc74e7
47c908158e598c99184a165f9002e9840b1c5d6af942a64c9deb4c3bb0aaf281
492db2ca577f4d221e3e28239c19e7db05f1701b298bf278fc4d1fcb92563586
4d29679847c32904698bed6f5c6efbceb489aa291df621518fdc36bf142069df
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50d2f0adbeb165610f0de75ae164a1e2518cf175a461609b03818e6a2d831537
51ba230661257e0570e0e349ad32cf75fa42f044da11eaf4ad96798d74b465a9
51ffe9ce88f756e0d006d1c15074348d6ecbf199e9725c3af5f3335ddeb671b3
57e43b43d5afa3659d1794240efc45dc47a3fd812634ddb0c4799c51f55290d3
5c2ceeb826ac06835fe85bab9b44b20ae2d59e67a56e8db2a0fc79f15df48f98
647a9f19e8a84fef49fb1878530915e3a25d502f92544534f5f8b33ba795d533
6519ca896bc8fd4e14a643e92c7124d01fac74a76e1c17b11c23e96b4e91c5cc
663dab1310a7e64c3bdd7dfdc81b7fc9a28884d4ee290b96077c7b32bbe84707
6739f353b673753b2573c675259213e096ac48d732f9bf72936ed6565bf3e6f2
69aaf78ef7f17c80af7c5e8c84e669a097d79014d5df1e789b2b8136d26fdada
6adb9bdd2e808813f71039c29c3ce4c33fc41543edd17d185869131eaeebf83e
6b25e31939a2705945a38a53f92b61814cd6078d17bfc52dee1ced79b5b20e0d
6cb74b1c20520023a412d8e0bc04e0bcc832be2f66b0a584056db181dcd5a052
6e49bdd30b3adfb8e315a42dfa7c3066b022be4c09edf33df0a9c7d84f38092d
6fdb7c12792ebd6e785128456249178e9b508c9677a300df8fbc6e7520147baa
780b78a0497638003c5edb4a0ba452b0f3b9f4837ef51b81a6dd7b453a58fb89
7ad19cea730f714c92c8fc0832966b8b85f81419c8d6269430b9cbdbfbb45f54
7c25ff3908391b9d88c75960a43b7c5df22f36dbd86ff39b39c74984d48e3717
7e25f2a9fd10569d82f3b570bb674c5652ecb41e0f0f0fe053e74ceeb99fe92b
7eb56e0ed7103763b3e865a4fdb69a775918bf8adcf345645cf8344850ca9e7f
7f1fced8ffbd89018c56bd5c7ff567759229ffdd4627e1bacb52d9c1f34723e4
82441026bf9689b2f757c1288e994fa52c18dadbcf890a3b16c7e3c5104ce5e8
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
83c3c2442b00092de8b793dbf48e6041118a9c03e33556c08ca8921123516631
8648b77b5a531bed11beeaafffd7a9449f4000c452d1e98b95b0dd57b212533e
89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
89f2d4e6c7a6c41c13c2e7a75e526aa60b9d5274fe28b2d82801c6beb6beb879
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8b370040448c4d8a0e2ac16a4853c3ae635a2cfe4367a1bc3e068b3d920192f8
8e1b84265e633c043720dd0921476c16bc9f75e393e855c9116ca7c3a847b5c7
8e6b3272816c9b6efeb0b3ccc16326c123d9860f38d7c7c4fc215334559996e2
8ea862da1f88f4ef953065b31efecf7d1cfded443c195e89c287d745afd116de
8f03ff7fd05f96bbe57825385dbd12e629f44e29c181d8999521fdd66fc484b0
8f69e10876805b747a3ad08a818d46ac7e731b1af417ea6e259d9b6b7deb65c5
97f13a205f2d824fa5dd95e8df87a1502471c50a51eb6b163572914d86fbf7a5
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a0858b1da603cca03d986a56869b18d35259adae16406e1734f4ae45cb36d1d
9a45cde5bbafaf35d38e45eaa62784e12434286a1da8f7570b6c15a94e55f967
9dee7ac7401f0813ca71d57c22749a90afb536eebac2715fc31dc915ef801ddb
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a20010b26bce05ea3cfc83cf3a162b7c16b5d2fa2bcf2253b0394b0eb322347a
a216e5408002afe495ed8a149c078795e06fff614c700cfaa236bfbc5ae3317a
a24367ae1c667a9838cd51b75ba6d6b1706953f76f9c1aeb59aabe35e90276e0
a3987679d2bcb3a563aca55296d435bf0551e738c8d00a19a5280feefe117184
a3d7e24a2f48068cd7bab18b2db5f8748c46d6c3ef6b664fa6605144a2bc22c5
ab70857ce53f68d18c11478f6f4db8ba63719468a6e9245e6acc35b84fc4a8d8
acb5d519051cc13618e992a7df4bce6a980036dfbe2e17a970ec716194329f6a
ad6a84328a93e0886620ebb3cbef3f1a5956674ca05bd9d151024b6ce1f1ad71
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b0088124edc0322d5cc6c4385ca59c018ceb76790c907d13f1ee5be3dcc1a039
b2339d8d2b671182fe921c1677bb1ec949363be3244b4572c6ea1d5613a61c73
b77af814384dc8b101d530e4f234e652906835ae3cd5cb55d41c6b075e011536
baafdfb282cffd8d673850481dc2137c7e4b4f90c2d437581ef0531735548804
bd5f8764a9e684962199ce88d038ebaadc19fa0008910c87af1ab2064acdcef3
bd80b5a3e423e057ec6ec0429e9d07fb8d680c4147fbb1ed55b42e6ff54c6fee
bf7aa4745c5816c5cee5dbbfdca54ffef9ad0cf4b84b99291ad3bc160967035e
c022f4239205287d0b41fcf2fa6d95e13b19b6aa9a60b09069017db770f313aa
c06615f65bbd0fd24a7fc98664ebe6cc69c165be8bf47181a45c4b5876e5471e
c06f0ff3bff18094a91fb345b425c2d6cbac9fb8ea56f6db2e879cd49fa36510
c07dec93390c80e552ab378e5ee888d08ff201149692b56553329cfb1aed2640
c1d85c78597220ff9282f8eac179e9b0eaaf3be17a5d169c6ebe90e7f2d0bd74
c233c8d2249a75e3cfde649de9634599d1d1a4e429074dc30d8ef49f63f6ab83
c2ecff291918a3caf0b7e470323e89f2a1f05b92e12a10649e598cacebe62acf
c5d122ceb58926c5fc3da5d1d664684af89e5dc8f6ee490449ef4e1f4f1da790
c9b6eeaa76461cfb0ba82b029ad06b0ca81935df532fb1aa26326003be03a305
c9fab32cc43d81d4ee03d5eb7b558fbdd2b654558c1f4a412829ac65fb4d105d
ca3fb2a4d632a60143fdad298c0172cfc3b5671106ec47593d2001cb13f8722c
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cab40883a1bfc385245b2eee2345dabaf86a9ed22eb01d3665127b9b07035fff
cb15441909a0c4b008360265f136f5f87a86591c5e7af1e05576e479521d414c
cb1b93d088e104c98f142741928879047801277684b7a62b57839617f3e50ce2
cc1d13f6725a5b644efff0ff36863d6e6e022b4a82dc9792b61384a5acd10fd5
ccf28dbb14b0f299d36bf62794e69d8c6cd605cda196d6cef523b8778666b7d3
ce0c7e8d4dcf1446001ae4c18918e035e9a87be7538efa1b7300e32a346e5f33
ced7fcce762495c19cc57163c2102f0933973394313c0627597fc8a3b90f14ea
d1448a35d649955b3cc9911a7f159dda66dee81753b2c2a0487f2299f1b80cbb
d7c25086a2305f99b43116f3935095d346eea4e1fc781bab31e81b6b9320032b
d9d19f9ab730022e6cb2610f4e837400231429c2cf74a3417b1aa2d7476cf245
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
ded3b46b583063b17c633a3da00d6ccff7183493e21a8f3387741d91f02e1b56
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7b6931850dba2bf4c2a5175422a78ece17c10bc97336585b069cb74f83d8de4
e83ed382858cd0ddb51113d1f77365e02d0232f2354327a4f0675d8aa9132ec1
e8b425b0454dfdeaacc90a822297f5386f87aa23cdb769f6843bfdc48d87a2bb
e95043bc5a53bff2d5587c078500a59bb2472f4e2bad3239b228c517aa4d157f
ea67ff6b5b7b47547079d888267aa933d278920933bf8d0b767dbbadb9a25be7
ec34b6213ac38d00a879e30fe141b37c9ba2ea49c7c9efbd7a35e8fddfcee2ee
ed25987ca4e49b93b279e0c4f040a0670641c32c1ba17235bf379616fba5bcd5
f2962e09c7ae46c85d9cac5e0266652d7b641f1bc608cebe6a041bad2a73d214
f2b3d89acc0779adf85e150299e020feb3e031fe1c38cd6f93eea93780b17300
f5388bb7bc9753635f6ff32b2842923913cc09e9d6b50241124095bd55a3561a
f5cd7d2edd3e7fe3be138cd47c63f228947615ede3f8f8f358a1527f1c3a16e6
f7bc1865c10215913cd38a869630fd07c008811bb39ecdfc5b9d76a74a31b6b6
f9c8e31f9b2aab8055d29fee46b9eec457291534f6dccd06cf644fd2d233e060
fcd72ae3667f6b7781e644aba44e1e1e64b8c4809b48a98007e54f637efd56eb
ff3de130872fe0fb5b770dfa2bc9f0daf8ab320403a34a60d089436f08d24f99