r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 507011ccb9124dcd57e84a90a0965cc4
1a6575d0ac979c7184490cc9836ac4812ad2afd1
01626c18e1e68507aa33ef7448dbc3311901ab6f29adc2f51d449409b0680dce
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "01626C18E1E68507AA33EF7448DBC3311901AB6F29ADC2F51D449409B0680DCE"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15812
Expires: Mon, 06 Feb 2023 21:03:48 GMT
Date: Mon, 06 Feb 2023 16:40:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c21ba65e44ac95470c314e068e49a9eb
17a13b13738993d889d4afa3d848dc63bf6eba64
9bd0795b30e84ce63b6e2a365ca91bbffc395dd955e112152066c31e63a4ab66
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9BD0795B30E84CE63B6E2A365CA91BBFFC395DD955E112152066C31E63A4AB66"
Last-Modified: Sat, 04 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4758
Expires: Mon, 06 Feb 2023 17:59:34 GMT
Date: Mon, 06 Feb 2023 16:40:16 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 06 Feb 2023 16:34:05 GMT
content-type: application/json
age: 371
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash fb7b6b46e708ad73eaaa3c21e74569ae
950663c025acad81556af5aa3022ecc9d55097fe
763f58b9fb838378c92033b59907b036f4c33081f5103d9bcc2ca2a8de500d64
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "763F58B9FB838378C92033B59907B036F4C33081F5103D9BCC2CA2A8DE500D64"
Last-Modified: Sat, 04 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12466
Expires: Mon, 06 Feb 2023 20:08:02 GMT
Date: Mon, 06 Feb 2023 16:40:16 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: DQ0Io/FL3/kf51oebYNpvw8lvqjNctTGsAxDuPcSojoYsWtSfc/B7nAu5oYVC31BJTHRTb4e1K0=
x-amz-request-id: 4KBAGZY89T1K2ZRH
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 06 Feb 2023 15:53:45 GMT
age: 2791
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
helixnixo.buzz/
172.67.208.86301 Moved Permanently 0 B IP 172.67.208.86:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET / HTTP/1.1
Host: helixnixo.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 06 Feb 2023 16:40:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache, no-store, must-revalidate
Expires: 0
Location: https://helixnixo.buzz/
Pragma: no-cache
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GEYg6zSsQMUNtk3NSofBkKihP9%2FHgSDeqQjLnC4w2%2Fpo5s8EhOQhtfjYhLZ4erlDPs%2BbZ7ZA8SCT%2BcmqgP0SI8cb09VlyarK7YfAByxRAn54pz6Gr3wSrHDxwEXMRQh0jg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7955539ea95e0b02-OSL
alt-svc: h2=":443"; ma=60
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 06 Feb 2023 16:40:16 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1c9a5c9aae6bf33e70f71bf4c20d4259
357d2d0856c90740294ba8eaac7c1485d766d3bf
b3092ce05712d9f2e381eae8667cf502cb8809f01f0de745f2d6f4b5ac18d4f6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "B3092CE05712D9F2E381EAE8667CF502CB8809F01F0DE745F2D6F4B5AC18D4F6"
Last-Modified: Sun, 05 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21584
Expires: Mon, 06 Feb 2023 22:40:01 GMT
Date: Mon, 06 Feb 2023 16:40:17 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 06 Feb 2023 15:51:19 GMT
age: 2938
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11571
Expires: Mon, 06 Feb 2023 19:53:08 GMT
Date: Mon, 06 Feb 2023 16:40:17 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1c9a5c9aae6bf33e70f71bf4c20d4259
357d2d0856c90740294ba8eaac7c1485d766d3bf
b3092ce05712d9f2e381eae8667cf502cb8809f01f0de745f2d6f4b5ac18d4f6
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "B3092CE05712D9F2E381EAE8667CF502CB8809F01F0DE745F2D6F4B5AC18D4F6"
Last-Modified: Sun, 05 Feb 2023 02:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21584
Expires: Mon, 06 Feb 2023 22:40:01 GMT
Date: Mon, 06 Feb 2023 16:40:17 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 08a2a2192c7f49fbd23a252fb0964c45
38a9cec9f7234659581efd3145528a6b9dd7baf8
0e523e1a0e49765eaab1e0c962131095a368b9a62e7a2aa963e222432769b85c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3339
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:17 GMT
Etag: "63e0161c-117"
Last-Modified: Mon, 06 Feb 2023 15:44:38 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 08a2a2192c7f49fbd23a252fb0964c45
38a9cec9f7234659581efd3145528a6b9dd7baf8
0e523e1a0e49765eaab1e0c962131095a368b9a62e7a2aa963e222432769b85c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3339
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:17 GMT
Etag: "63e0161c-117"
Last-Modified: Mon, 06 Feb 2023 15:44:38 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash dc60ed295610c25d9c7d9b91fee9599d
372045e47c3a57e46b235fc696d72006eb697f44
1cbc2e2d5c6b513139658a71fc33dc7cc99eaa28d0f03af83ab80063d1ea7ccc
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5517
Cache-Control: max-age=117249
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:17 GMT
Etag: "63e03ee5-116"
Expires: Wed, 08 Feb 2023 01:14:26 GMT
Last-Modified: Sun, 05 Feb 2023 23:42:29 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 278
push.services.mozilla.com/
52.88.143.102101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.88.143.102:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2GWryI1DjkYDwuMqUf+TIw==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: YtQ58AP6XLCxZG2cJ7YrNSSy9c0=
ggbetpromo.com/l/63a07c78406fe15f2660c7fc?sub_id=s8hnpa76e&click_id=s8hnpa76e
104.21.51.166302 Found 278 B URL HTTP/2 ggbetpromo.com/l/63a07c78406fe15f2660c7fc?sub_id=s8hnpa76e&click_id=s8hnpa76e
IP 104.21.51.166:0
Hash dc60ed295610c25d9c7d9b91fee9599d
372045e47c3a57e46b235fc696d72006eb697f44
1cbc2e2d5c6b513139658a71fc33dc7cc99eaa28d0f03af83ab80063d1ea7ccc
GET /l/63a07c78406fe15f2660c7fc?sub_id=s8hnpa76e&click_id=s8hnpa76e HTTP/1.1
Host: ggbetpromo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Mon, 06 Feb 2023 16:40:17 GMT
content-type: text/html; charset=UTF-8
location: https://coffee2play.com/?s=60&ref=gg_w174495c143008l8366gnop799_s8hnpa76e&encoded_url=Y2FzaW5vIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==&click_id=s8hnpa76e
x-xss-protection: 1; mode=block
strict-transport-security: max-age=300; includeSubDomains;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lmV2ISU6n56dopCgCE57KuPezvWdfMFwPf1jOt0YDKMn%2BoZqHsknsMdK96hNtqQbCKIXDqFHTIRh6ZoafxQaYH3B7domkV45JX5AVwne08Cg1rWzEbIyMDUGbxLDNkSY3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795553a52d7ab50b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 26a15a1b880ec1026360b696b1c27074
fd35f80a1cf599da2a8e68a44477465a580440a5
a6d5caec988319523c120bc435a4ff0200b7ead114db10db19a09caeace978f7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash ad2d72821808ee5f77c0598fed0f8bd1
adcd92881d1c5ac3cca4687dc6347369240f4726
c7ce86611bf0b0063c0bcb2c6a6a4b85fe6be2d89e382b8907e8bbb2e1e5962d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 836bc62dbb011b6180fc7209d0061736
74e6f18561a7006a3afb6ab03559eec239ce4b36
90b197384670fdb210d364f91b423fd383d25838e38a494158a8185bef0061f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15700, version 1.0\012- data
Hash 3d7f7413fca69bff4d231ebdc50aaab0
cb18e7943b6a8a0e3672d7242197c19a226b92e8
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
GET /s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://coffee2play.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15700
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 02 Feb 2023 01:03:45 GMT
expires: Fri, 02 Feb 2024 01:03:45 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 19 Apr 2022 18:51:55 GMT
content-type: font/woff2
age: 401792
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 70d7e4cd91d9f630c160410d22c1cede
82f5d0fbb11bcde09c107b6c1cbc6e014bb08b85
b8679be6c92167c51793ca4a8774caf0a50949737a99652243208fcfda917faf
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:17 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 665a5b2638dbaefac6e22734f94f071b
0d95d647f9bbb3fb3060b658c86f1590ebcf4b26
829868c0001723f01025d31d735e3c111eef6fd676c2cd2eba6a27375e8f888d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2564
Cache-Control: max-age=161488
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:17 GMT
Etag: "63e0f73d-116"
Expires: Wed, 08 Feb 2023 13:31:45 GMT
Last-Modified: Mon, 06 Feb 2023 12:49:01 GMT
Server: ECS (amb/6B93)
X-Cache: HIT
Content-Length: 278
www.googletagmanager.com/gtm.js?id=GTM-5RMQ4SV
142.250.74.168200 OK 46 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5RMQ4SV
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash a825e8f8fa0b28ab3406bcc9d0e900a8
b6e13cabe682f54b53e321095d31fc11ff427b5c
ac6801ce74ae6a3a6aea7a3e9f50aceffdd50415ede7ae1c08e94ac935620278
GET /gtm.js?id=GTM-5RMQ4SV HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 06 Feb 2023 16:40:17 GMT
expires: Mon, 06 Feb 2023 16:40:17 GMT
cache-control: private, max-age=900
last-modified: Mon, 06 Feb 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46183
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
coffee2play.com/?s=60&ref=gg_w174495c143008l8366gnop799_s8hnpa76e&encoded_url=Y2FzaW5vIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==&click_id=s8hnpa76e
172.67.163.47200 OK 3.5 kB URL HTTP/2 coffee2play.com/?s=60&ref=gg_w174495c143008l8366gnop799_s8hnpa76e&encoded_url=Y2FzaW5vIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==&click_id=s8hnpa76e
IP 172.67.163.47:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (505)
Hash 0e9b1861fd59454b10154326550d41e9
28562264920b2a927c2f0fc0f472d04c92ff87ac
6d856278b852cd792523593c3087a127d32cef326187f830f521bfe48fa189ae
GET /?s=60&ref=gg_w174495c143008l8366gnop799_s8hnpa76e&encoded_url=Y2FzaW5vIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==&click_id=s8hnpa76e HTTP/1.1
Host: coffee2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:40:17 GMT
content-type: text/html; charset=UTF-8
set-cookie: visit11f5cbb7625a4f005ea406f5cd052d1d=1; expires=Wed, 08-Mar-2023 16:40:17 GMT; Max-Age=2592000
x-xss-protection: 1; mode=block
strict-transport-security: max-age=300; includeSubDomains;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gfi1lvxllYB2GMgEqv%2BTSDSONH6kyd5P5wNjGkc5K5aPOv0MOVZMRpzhYGxedHGOZJo7z%2B8DEJA4o1q4A710C%2FUdaQV50eOhuBQmAatrXxLZ3ycUyo%2BJ3Pdibo%2BzUFOYM08%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795553a5fc481c0a-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9206c3ba6d5a17d62244c438fd03496e
069e8257aebe618953434b1299d065540125a512
937d395fed398e9410f75945e80f607f3146458b48cd47ba7249536ca2195817
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css2?family=Roboto+Condensed&display=swap
142.250.74.106200 OK 590 B URL HTTP/2 fonts.googleapis.com/css2?family=Roboto+Condensed&display=swap
IP 142.250.74.106:0
Hash cf4cc10711634155ae275eb5827ff98c
3f5cc2e2046e63e1ee32f2d15777ff2b6e8db9d3
8256233e143564483daa3ea0712a9c0185e2d9d3cff4e890f627cc760720d0ab
GET /css2?family=Roboto+Condensed&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 06 Feb 2023 16:40:17 GMT
date: Mon, 06 Feb 2023 16:40:17 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 665a5b2638dbaefac6e22734f94f071b
0d95d647f9bbb3fb3060b658c86f1590ebcf4b26
829868c0001723f01025d31d735e3c111eef6fd676c2cd2eba6a27375e8f888d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 215
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:18 GMT
Etag: "63dfa5bf-118"
Last-Modified: Mon, 06 Feb 2023 16:36:43 GMT
Server: ECS (amb/6BC7)
X-Cache: HIT
Content-Length: 278
a.exoclick.com/tag_gen.js
205.185.216.10200 OK 515 B URL HTTP/1.1 a.exoclick.com/tag_gen.js
IP 205.185.216.10:0
File type ASCII text, with very long lines (1030), with no line terminators
Hash 628e0302068ade64b5f411f39d5ce7e5
ff1a609269f34bad5ae67ed1678df3f7b905d018
c583ceaeae2e9a05e25c27b61520710f16b8b98ca7f9087a75ae90a040b8bc3f
GET /tag_gen.js HTTP/1.1
Host: a.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 06 Feb 2023 16:40:18 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 515
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"a56c0470b9aa925085e51a6271a"
X-HW: 1675701618.dop202.sk1.t,1675701618.cds216.sk1.shn,1675701618.dop202.sk1.t,1675701618.cds251.sk1.c
Access-Control-Allow-Origin: *, *
ocsp.digicert.com/
93.184.220.29200 OK 1.3 kB IP 93.184.220.29:0
Hash b4dd79b6cf55addb6b801f5c98154709
9107151749782ca34896090c4ff0bc51c75aa799
6214488f77773f46a5e584e88867d1e43621ab4008fbc128630d88cb1d9ca30d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=163237
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:18 GMT
Etag: "63e10817-118"
Expires: Wed, 08 Feb 2023 14:00:55 GMT
Last-Modified: Mon, 06 Feb 2023 14:00:55 GMT
Server: nginx
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash e418416d0b05e8806cfec69087c81575
3506f56e05b2766c3349e12e9fe30d8c6e7c3ce8
1e284daf250b1669e75c78a1421fc0e73d0dcce191fe7bd1ec9cba70569834d5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=143431
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:18 GMT
Etag: "63e0bab9-116"
Expires: Wed, 08 Feb 2023 08:30:49 GMT
Last-Modified: Mon, 06 Feb 2023 08:30:49 GMT
Server: nginx
Content-Length: 278
gbett1.net/blank.gif?1675701663616
203.32.121.98200 OK 43 B URL HTTP/2 gbett1.net/blank.gif?1675701663616
IP 203.32.121.98:0
ASN #209242 Cloudflare London, LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /blank.gif?1675701663616 HTTP/1.1
Host: gbett1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:40:18 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-envoy-upstream-service-time: 0
x-frame-options: DENY
x-request-id: 729614b9-9446-49b7-8c4c-591401c7cc09
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 795553a93f790b61-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gg.bet/blank.gif?1675701663617
203.29.52.121200 OK 574 B URL HTTP/2 gg.bet/blank.gif?1675701663617
IP 203.29.52.121:0
ASN #209242 Cloudflare London, LLC
Hash f2518c2a7b2bb867c152a9cb495dd464
e560432e2070457c990678329f2dda6d6f520b66
17da213cef913a6643cc74a94515e654262da9e146e7efb7f6f3d689a8cb88cd
GET /blank.gif?1675701663617 HTTP/1.1
Host: gg.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:40:18 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-envoy-upstream-service-time: 1
x-frame-options: DENY
x-request-id: 8f3f2a54-b2f4-4a22-9d82-a49db5e78cc7
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 795553a96b81b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash c949632c572ad6a5424f9ae32b693681
d20049d998c7dab873f096f31de854f6187634ad
357fc0f0213095e51f6e3d1c0fd0a13849a78915c1e3ccfc78eac23cc2195151
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5105
Cache-Control: max-age=101396
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:18 GMT
Etag: "63e00295-116"
Expires: Tue, 07 Feb 2023 20:50:14 GMT
Last-Modified: Sun, 05 Feb 2023 19:25:09 GMT
Server: ECS (amb/6B87)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9e41c53ce4a613f370c092f0b9bc54e6
287157aa22427807d80a3204a8c889018a80a55e
bf3478bf8c4df2375321619960dc221c2f0bf9443fa9881bc050ea6de5307e4a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:18 GMT
Etag: "63dfb69b-116"
Server: ECS (amb/6BC7)
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash e418416d0b05e8806cfec69087c81575
3506f56e05b2766c3349e12e9fe30d8c6e7c3ce8
1e284daf250b1669e75c78a1421fc0e73d0dcce191fe7bd1ec9cba70569834d5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:18 GMT
Etag: "63df6942-118"
Server: ECS (amb/6B87)
Content-Length: 278
sat.crwds.net/p/gnt908wk0bl6xyll5bj94zafs74gwo53/c89c19045bc1c74fffa579d1f73d1366.jpg
203.30.191.209200 OK 20 kB URL HTTP/2 sat.crwds.net/p/gnt908wk0bl6xyll5bj94zafs74gwo53/c89c19045bc1c74fffa579d1f73d1366.jpg
IP 203.30.191.209:0
ASN #209242 Cloudflare London, LLC
File type gzip compressed data, max compression\012- data
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /p/gnt908wk0bl6xyll5bj94zafs74gwo53/c89c19045bc1c74fffa579d1f73d1366.jpg HTTP/1.1
Host: sat.crwds.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:40:18 GMT
content-type: image/jpeg
cache-control: no-cache, private
set-cookie: _7jt1oxhp4z=eyJpdiI6IjJoK0wxN2NKSUJYaUtsN0l3bWpqUXc9PSIsInZhbHVlIjoiUGgvWkdxQUlmM2piL1BWVjB2Ri9XUjBvazJockQ2NzZldmxDak5kb1RBNG1rcEJibzh1cHN4dWs4RjJaQTl5OXhOSS9ScEl3Y0xPTE12QThFMUprb0RuMEtvNnM1V1VWQ1hQNmVpUlN0R2M9IiwibWFjIjoiNGJmNGIzN2NjYTRkNjc2ZTQyMWYyNmZlMGRkNDU3OWRlNWUzNzNjNmYyM2FlMGUwODczMmNhZDlhM2VlYTJhZSIsInRhZyI6IiJ9; expires=Tue, 06-Feb-2024 16:40:18 GMT; Max-Age=31536000; path=/; domain=.crwds.net; secure; httponly; samesite=none
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 795553a9e9131c0a-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 262283a921f231669fd41486228a6e9a
4b96dcb2cd03f53280d2ecf5ccb249b0b32e6e97
13b8cc87c28e0113401d88f89971eb966afde870a3e4be2602ff34942e81862d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-156256613-1&cid=642252220.1675701664&jid=1055569827&gjid=1373167408&_gid=1970898072.1675701664&_u=YEBAAAAAAAAAAC~&z=1696803236
64.233.165.157200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-156256613-1&cid=642252220.1675701664&jid=1055569827&gjid=1373167408&_gid=1970898072.1675701664&_u=YEBAAAAAAAAAAC~&z=1696803236
IP 64.233.165.157:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-156256613-1&cid=642252220.1675701664&jid=1055569827&gjid=1373167408&_gid=1970898072.1675701664&_u=YEBAAAAAAAAAAC~&z=1696803236 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://coffee2play.com
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://coffee2play.com
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 06 Feb 2023 16:40:18 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 7afb8eb5dcbd727fb69c14bfabe20e72
d4b1cc1973e4200a371f0aa8c5ec8232d780a77b
ca0a46edfe267973b60ff163d696fe7c0e862e56ee3f90f098bf309f276c987f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:18 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7757
Expires: Mon, 06 Feb 2023 18:49:35 GMT
Date: Mon, 06 Feb 2023 16:40:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3b4ea902c3e097daaa31810cb66d585a
97dfbd81d31b43196d8a4bd2fa3ff8a5cc115049
0291ed72c3115d6b6cf8c001b13bbc4ad517d76242b6cbed9db5ee1162572d3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0291ED72C3115D6B6CF8C001B13BBC4AD517D76242B6CBED9DB5EE1162572D3F"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7757
Expires: Mon, 06 Feb 2023 18:49:35 GMT
Date: Mon, 06 Feb 2023 16:40:18 GMT
Connection: keep-alive
sat.ugabartint.net/gnt908wk0bl6xyll5bj94zafs74gwo53/script.min.js?sub_1=gg_w174495c143008l8366gnop799_s8hnpa76e&visitorId=63e12d71ebe6efd47d08b31b
203.34.80.159200 OK 51 kB URL HTTP/2 sat.ugabartint.net/gnt908wk0bl6xyll5bj94zafs74gwo53/script.min.js?sub_1=gg_w174495c143008l8366gnop799_s8hnpa76e&visitorId=63e12d71ebe6efd47d08b31b
IP 203.34.80.159:0
ASN #209242 Cloudflare London, LLC
Hash eb828a777ea6a546d013dccecf0564fd
0239045a7e1231fe9c1967ae7ca10ab14df90c32
9f63f1669d7a24e25480bb2519971a1f75ccd23f8ad67395ba0d38b39859a370
GET /gnt908wk0bl6xyll5bj94zafs74gwo53/script.min.js?sub_1=gg_w174495c143008l8366gnop799_s8hnpa76e&visitorId=63e12d71ebe6efd47d08b31b HTTP/1.1
Host: sat.ugabartint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:40:18 GMT
content-type: application/javascript
cache-control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
last-modified: Mon, 06 Feb 2023 16:40:18 GMT
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 795553a89b8db4eb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba57757-8c86-4311-801e-5e416095984a.jpeg
34.120.237.76200 OK 4.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba57757-8c86-4311-801e-5e416095984a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7d8c3ebd17a435401c7f9fe3b8f842be
f2106be148fea23bf961fcdb69ea4cb127aa5f3e
ee708e68414539c75ddc077e0be7b75a86fd4fc9b6c1ddd1da86d0b9aca35558
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5ba57757-8c86-4311-801e-5e416095984a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 4442
x-amzn-requestid: 1bb3d1b3-ff58-4b0d-9a2b-c25797530c5d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiQG1JoAMFRtg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-1bb478453ececa9613e7e4a2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 9U-7wtL1xaLoE87hXcnrcTp-LCseI5ne10812N_9F_arqyi703w7Ng==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:10 GMT
age: 67808
etag: "f2106be148fea23bf961fcdb69ea4cb127aa5f3e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F085f1306-f595-4e1a-8162-7d3d1f959ac3.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F085f1306-f595-4e1a-8162-7d3d1f959ac3.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 7dbe304b5138a360ff07a9842bcf6a7f
00572f7667e322c9ef34bc35b7998c1c172dd34c
d63c58d6c96e23c61b92272de8c2aab01f4cf85f3420cc434c05447d355b1c77
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F085f1306-f595-4e1a-8162-7d3d1f959ac3.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9108
x-amzn-requestid: 47a7d6da-229b-4fcc-a2c0-823f9c5e4224
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f0QLAGXgoAMFv6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de60ac-5b8ee53114e58a056306067f;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 13:42:04 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 6oyg-X-GTV3HeKzW4a6Sa99JNjWcZFnE8okoqeAtp6ZgkTKCDtSoAw==
via: 1.1 a20e81b65d2465c729ce2f6bfe539dd0.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:46:53 GMT
age: 68005
etag: "00572f7667e322c9ef34bc35b7998c1c172dd34c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ccc8078cc937b7de0b299bcee1496f1b
395f04af71767acc9516387c8b07bde08968fdfe
cf959fc4a72d80dcab20c235bec6d21eadaab87efa7a8969744cd228628ba050
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd3694634-2f5a-47ff-b75c-9cb394881acc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9808
x-amzn-requestid: 75cc8041-19f5-4994-96b6-b14d3c90ec6e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiSFZAIAMF65g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-355d272c345c8c37595b4bb2;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: T7YlRZ936VEDkBvo2YKrS3GbyEh1xzC8W-50KiODzFjTnQb-hvkKpw==
via: 1.1 28a7186077f9b5270d98dd053f31303e.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:03 GMT
age: 67815
etag: "395f04af71767acc9516387c8b07bde08968fdfe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9046d887fd45a0940e31a74173d17798
1ff698b9cf660165e846dfc4770f29852aedce45
0c7b0e1250aa7718b7b35b80a1442f62e94ace1fb578fb781ec8204ee96386d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F731dc7de-ce12-4639-9ceb-3218584c3d56.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10514
x-amzn-requestid: ac2a383b-833d-4dae-9bd9-43dc3d9e373d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f4oiPEIyoAMFqUw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e02141-436bb6816b269ce45b9f8600;Sampled=0
x-amzn-remapped-date: Sun, 05 Feb 2023 21:36:01 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: RYNzle5-l5dOMPWb2Bmu_T5aIJw9NX2FKuJsej8hzpYZcgD6coH9SA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 21:50:09 GMT
age: 67809
etag: "1ff698b9cf660165e846dfc4770f29852aedce45"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d1adf44-5bff-4d36-99c4-8dd0dc2e5ac2.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d1adf44-5bff-4d36-99c4-8dd0dc2e5ac2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 352e4166a431e781e56cc7f169c7f8ca
866b76c34076cf2e18c6a071336fcf4f581f3c4d
75ba13b601f4b00c5b091eb29e7f6739ffee3e127bd6d3c4b35cc967bb6d354a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d1adf44-5bff-4d36-99c4-8dd0dc2e5ac2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9779
x-amzn-requestid: 101b984b-9c04-4d07-b1fe-3d888f4bcd49
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ftcNRFV_oAMF2_w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dba721-72679ba0378015034e17b8ca;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 12:05:53 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: FRZf4nkQyttwihy5BBbuHzT9lYQvBPqcOTdT5esu46vqMTvXAi5aQw==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 32c16f33c8f5601364fa8229b0d74dc2.cloudfront.net (CloudFront), 1.1 google
date: Sun, 05 Feb 2023 18:39:44 GMT
age: 79234
etag: "866b76c34076cf2e18c6a071336fcf4f581f3c4d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 665a5b2638dbaefac6e22734f94f071b
0d95d647f9bbb3fb3060b658c86f1590ebcf4b26
829868c0001723f01025d31d735e3c111eef6fd676c2cd2eba6a27375e8f888d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 217
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:20 GMT
Last-Modified: Mon, 06 Feb 2023 16:36:43 GMT
Server: ECS (ska/F709)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 50 kB IP 142.250.74.131:0
File type gzip compressed data, from Unix\012- data
Hash 3d7e01acc001d3c7f86c39c6117b8cf2
96cbc88a702922393e124fb2acd6be17fdd9f0db
94e779de2173c17ad30091eccf34c0076d52b56c85eee3ffb583419367c0fcd6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 040d512b73ad828b2dd7409c0c9dab49
a7b7256940377241abd22db537a864ec6348bf90
6e7f979d255eba736072b159be75a5865fd307781806c412ea66bb0f80e38aa6
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash fd6de89e006fabe4f52236f90c669187
e387c4fda7559eadc096de1929873e655ed41fc9
71052e4869e46ae4020527bfab6c74ad0a11f16ae7c4ab6f1928048aa090a87c
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5304
Cache-Control: max-age=130400
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:21 GMT
Etag: "63e0731d-117"
Expires: Wed, 08 Feb 2023 04:53:41 GMT
Last-Modified: Mon, 06 Feb 2023 03:25:17 GMT
Server: ECS (amb/6B87)
X-Cache: HIT
Content-Length: 279
www.googletagmanager.com/gtag/js?id=G-NJWKXH39RY
142.250.74.168200 OK 80 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-NJWKXH39RY
IP 142.250.74.168:0
File type ASCII text, with very long lines (25667)
Hash bf8a2171a073bb97a9b17a6b6f7978cd
2511ba881037a8a6385d9ccc97477f5d25c4ed3b
53c755616fa2a9da9b7553e200372fd4776325b6147e7252c0a5060bc1fdccb7
GET /gtag/js?id=G-NJWKXH39RY HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggbets1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 06 Feb 2023 16:40:21 GMT
expires: Mon, 06 Feb 2023 16:40:21 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 79794
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
142.250.74.164200 OK 578 B URL HTTP/2 www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
IP 142.250.74.164:0
File type ASCII text, with very long lines (909), with no line terminators
Hash 2672ff05f8bc7eda93c563abfc745b2b
1f034b4ed041dcd30213c216cf9577e33fee586e
cf5c01ee8166251a53f7c12e7e1635df845c491f16217106f35512093cb4d729
GET /recaptcha/api.js?onload=onloadCallback&render=explicit HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggbets1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
expires: Mon, 06 Feb 2023 16:40:21 GMT
date: Mon, 06 Feb 2023 16:40:21 GMT
cache-control: private, max-age=300
content-type: text/javascript; charset=UTF-8
cross-origin-resource-policy: cross-origin
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
x-xss-protection: 1; mode=block
content-length: 578
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 2183fdf183ed33f2cd4342abd7bcadbe
007fe0bb01b7d77fbaaff5346fd7582041c978c8
8f0381d12ab5a76be5137b365e811e75db681eb0f6ad04d7ce28ad73101c33d5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 6a874172e9ec3dfa1c94c13b7cb10e4d
56c74168ac66e8fd9d5369949eed1fab35d90c9d
c1b45e13fa5fd70cb845c19920f298e4b8b5add9e10c825a125cccf34e89c19d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:21 GMT
Etag: "63dfa71d-116"
Server: ECS (amb/6BC7)
Content-Length: 279
stat.ggbets1.net/font.png?project=ggbet&uniqueId=669d1407-f971-4447-9798-d42e96e623d9&is_auth=0&action=visit&refCode=gg_w174495c143008l8366gnop799_s8hnpa76e&affdata=subdata=c89c19045bc1c74fffa579d1f73d1366&click_id=s8hnpa76e&geo=no&rotator=143008&landing=8366&sub_id=s8hnpa76e
203.30.189.19200 OK 95 B URL HTTP/2 stat.ggbets1.net/font.png?project=ggbet&uniqueId=669d1407-f971-4447-9798-d42e96e623d9&is_auth=0&action=visit&refCode=gg_w174495c143008l8366gnop799_s8hnpa76e&affdata=subdata=c89c19045bc1c74fffa579d1f73d1366&click_id=s8hnpa76e&geo=no&rotator=143008&landing=8366&sub_id=s8hnpa76e
IP 203.30.189.19:0
ASN #209242 Cloudflare London, LLC
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
GET /font.png?project=ggbet&uniqueId=669d1407-f971-4447-9798-d42e96e623d9&is_auth=0&action=visit&refCode=gg_w174495c143008l8366gnop799_s8hnpa76e&affdata=subdata=c89c19045bc1c74fffa579d1f73d1366&click_id=s8hnpa76e&geo=no&rotator=143008&landing=8366&sub_id=s8hnpa76e HTTP/1.1
Host: stat.ggbets1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggbets1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:40:21 GMT
content-type: image/png
content-length: 95
expires: Mon, 06 Feb 2023 16:40:20 GMT
cache-control: no-cache, no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
last-modified: Mon, 06 Feb 2023 16:40:21 GMT
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 795553bedc710afe-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 0a8ea253ef61b5c330b3285f9a94e6ae
0cf9a1c66c83f505c7195774996b107c145f5884
8b6bca0cd9c9adcb16bba03349e8fcbfcd645719c82c95f0111095b731842402
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js
142.250.74.35200 OK 164 kB URL HTTP/2 www.gstatic.com/recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js
IP 142.250.74.35:0
File type ASCII text, with very long lines (633)
Size 164 kB (163841 bytes)
Hash fe98364486b3206867b17008f995646f
35a5e9aa210970f7abd718d99e629c6982a3cc02
1fd703cb16e3f6f3f7192109d19c69d6e5ac1cfa0feb5b105a86564b7970d28a
GET /recaptcha/releases/gEr-ODersURoIfof1hiDm7R5/recaptcha__en.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ggbets1.net
Connection: keep-alive
Referer: https://ggbets1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-length: 163841
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 08:53:11 GMT
expires: Wed, 31 Jan 2024 08:53:11 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 31 Jan 2023 02:51:47 GMT
content-type: text/javascript
age: 546430
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggbets1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Mon, 06 Feb 2023 15:44:08 GMT
expires: Mon, 06 Feb 2023 17:44:08 GMT
cache-control: public, max-age=7200
age: 3373
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 6a874172e9ec3dfa1c94c13b7cb10e4d
56c74168ac66e8fd9d5369949eed1fab35d90c9d
c1b45e13fa5fd70cb845c19920f298e4b8b5add9e10c825a125cccf34e89c19d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=159268
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:21 GMT
Etag: "63e0f899-117"
Expires: Wed, 08 Feb 2023 12:54:49 GMT
Last-Modified: Mon, 06 Feb 2023 12:54:49 GMT
Server: nginx
Content-Length: 279
ggbets1.net/gql/query
203.30.189.19101 Switching Protocols 472 B IP 203.30.189.19:0
ASN #209242 Cloudflare London, LLC
File type gzip compressed data, from Unix\012- data
Hash de30b83c25e652129b2dc17be9e51912
4c08b5c83cd542f70d4693d8d28cf7d1d5bf38f9
334819cf7758e5a8ca849b14ab6b2e7a3392272f030a885b045093c02e0d1137
GET /gql/query HTTP/1.1
Host: ggbets1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://ggbets1.net
Sec-WebSocket-Protocol: graphql-ws
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: odp/k6g1VXhodxFXWnIcGQ==
Connection: keep-alive, Upgrade
Cookie: uuid=669d1407-f971-4447-9798-d42e96e623d9; refCode=gg_w174495c143008l8366gnop799_s8hnpa76e; affdata=subdata%3Dc89c19045bc1c74fffa579d1f73d1366%26click_id%3Ds8hnpa76e%26geo%3Dno%26rotator%3D143008%26landing%3D8366%26sub_id%3Ds8hnpa76e; landingId=8366; first_entrypoint=L2VuL2Nhc2lubz9yZWY9Z2dfdzE3NDQ5NWMxNDMwMDhsODM2Nmdub3A3OTlfczhobnBhNzZlJmFmZmRhdGElNUJzdWJkYXRhJTVEPWM4OWMxOTA0NWJjMWM3NGZmZmE1NzlkMWY3M2QxMzY2JmFmZmRhdGElNUJjbGlja19pZCU1RD1zOGhucGE3NmUmYWZmZGF0YSU1QmdlbyU1RD1ubyZhZmZkYXRhJTVCcm90YXRvciU1RD0xNDMwMDgmYWZmZGF0YSU1QmxhbmRpbmclNUQ9ODM2NiZhZmZkYXRhJTVCc3ViX2lkJTVEPXM4aG5wYTc2ZQ%3D%3D; player_affiliation=casino; _ga_NJWKXH39RY=GS1.1.1675701667.1.0.1675701667.0.0.0; _ga=GA1.1.886843265.1675701667
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Mon, 06 Feb 2023 16:40:21 GMT
Content-Type: application/json
Connection: upgrade
sec-websocket-accept: E6eQc6evxq4p9bl5fdpalu+ksys=
sec-websocket-extensions: permessage-deflate; server_no_context_takeover; client_no_context_takeover
sec-websocket-protocol: graphql-ws
upgrade: websocket
x-frame-options: DENY
x-request-id: 95437d77-63ac-4d3a-822d-c2c0a4163af4
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 795553c0ba19b50f-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
region1.google-analytics.com/g/collect?v=2&tid=G-NJWKXH39RY>m=45je3210&_p=736501965&cid=886843265.1675701667&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675701667&sct=1&seg=0&dl=https%3A%2F%2Fggbets1.net%2Fen%2Fcasino%3Fref%3Dgg_w174495c143008l8366gnop799_s8hnpa76e%26affdata%255Bsubdata%255D%3Dc89c19045bc1c74fffa579d1f73d1366%26affdata%255Bclick_id%255D%3Ds8hnpa76e%26affdata%255Bgeo%255D%3Dno%26affdata%255Brotator%255D%3D143008%26affdata%255Blanding%255D%3D8366%26affdata%255Bsub_id%255D%3Ds8hnpa76e&dr=https%3A%2F%2Fcoffee2play.com%2F&dt=Casino%20-%20Play%20Online%20for%20Real%20Money%20at%20GG.BET&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-NJWKXH39RY>m=45je3210&_p=736501965&cid=886843265.1675701667&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675701667&sct=1&seg=0&dl=https%3A%2F%2Fggbets1.net%2Fen%2Fcasino%3Fref%3Dgg_w174495c143008l8366gnop799_s8hnpa76e%26affdata%255Bsubdata%255D%3Dc89c19045bc1c74fffa579d1f73d1366%26affdata%255Bclick_id%255D%3Ds8hnpa76e%26affdata%255Bgeo%255D%3Dno%26affdata%255Brotator%255D%3D143008%26affdata%255Blanding%255D%3D8366%26affdata%255Bsub_id%255D%3Ds8hnpa76e&dr=https%3A%2F%2Fcoffee2play.com%2F&dt=Casino%20-%20Play%20Online%20for%20Real%20Money%20at%20GG.BET&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-NJWKXH39RY>m=45je3210&_p=736501965&cid=886843265.1675701667&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675701667&sct=1&seg=0&dl=https%3A%2F%2Fggbets1.net%2Fen%2Fcasino%3Fref%3Dgg_w174495c143008l8366gnop799_s8hnpa76e%26affdata%255Bsubdata%255D%3Dc89c19045bc1c74fffa579d1f73d1366%26affdata%255Bclick_id%255D%3Ds8hnpa76e%26affdata%255Bgeo%255D%3Dno%26affdata%255Brotator%255D%3D143008%26affdata%255Blanding%255D%3D8366%26affdata%255Bsub_id%255D%3Ds8hnpa76e&dr=https%3A%2F%2Fcoffee2play.com%2F&dt=Casino%20-%20Play%20Online%20for%20Real%20Money%20at%20GG.BET&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://ggbets1.net
Connection: keep-alive
Referer: https://ggbets1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://ggbets1.net
date: Mon, 06 Feb 2023 16:40:22 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
static.hotjar.com/c/hotjar-2089269.js?sv=7
143.204.55.84200 OK 16 kB URL HTTP/2 static.hotjar.com/c/hotjar-2089269.js?sv=7
IP 143.204.55.84:0
Hash 8a52db3947ba27e7d008e82a41abf76a
52ef5c7a307131afbe0900cf34e83d3c80a59161
c275796674ca13e568f7dd1d5b1bd5205c43f884a7a156ff2bf2f23a984c1b5a
GET /c/hotjar-2089269.js?sv=7 HTTP/1.1
Host: static.hotjar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggbets1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
cross-origin-resource-policy: cross-origin
strict-transport-security: max-age=2592000; includeSubDomains
x-cache-hit: 1
x-content-type-options: nosniff
date: Mon, 06 Feb 2023 16:40:21 GMT
cache-control: max-age=60
etag: W/652f14673d55b49dc0f165abb8e76034
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 50584ad285d5f627ddebae74efdd0770.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: jSdrc8BeIKcXDw449Qgu779myFZgbP6kT0--dQX7elz69EtnS9qejg==
age: 28
X-Firefox-Spdy: h2
widget.yhelper.net/iframe/main.512329f3.js?3aff78d1c09dfe58e641
203.30.189.107200 OK 312 kB URL HTTP/2 widget.yhelper.net/iframe/main.512329f3.js?3aff78d1c09dfe58e641
IP 203.30.189.107:0
ASN #209242 Cloudflare London, LLC
Size 312 kB (311499 bytes)
Hash 6edddb8cb6b0420233a16e8e1b7605f7
8b5ffe1a0d4fd2680fcf108e3efa3a5eb1defdca
e6016d7aecf326f264e03045770942efc98701242b47e82f7416ecd2e4787dc3
GET /iframe/main.512329f3.js?3aff78d1c09dfe58e641 HTTP/1.1
Host: widget.yhelper.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://widget.yhelper.net/iframe/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:40:22 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Monday, 06-Feb-2023 16:40:22 UTC
cache-control: no-store, no-cache
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 795553c56e72b527-OSL
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://widget.yhelper.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 01 Feb 2023 07:51:59 GMT
expires: Thu, 01 Feb 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 463704
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://widget.yhelper.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 05 Feb 2023 22:02:00 GMT
expires: Mon, 05 Feb 2024 22:02:00 GMT
cache-control: public, max-age=31536000
age: 67103
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e5ece90dcf859fbfb5907545922b41f8
f0c23639673b841d8eb8e0dab730242755e63795
cb9e1225607aa7f5b01b5e5da9a9d961e67b7499a70fc3f1d81135d924dfc2f7
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB9E1225607AA7F5B01B5E5DA9A9D961E67B7499A70FC3F1D81135D924DFC2F7"
Last-Modified: Sun, 05 Feb 2023 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3785
Expires: Mon, 06 Feb 2023 17:43:28 GMT
Date: Mon, 06 Feb 2023 16:40:23 GMT
Connection: keep-alive
widget.yhelper.net/iframe/src/assets/icons/chat/24//1c089c1d.close.svg
203.30.189.107200 OK 37 kB URL HTTP/2 widget.yhelper.net/iframe/src/assets/icons/chat/24//1c089c1d.close.svg
IP 203.30.189.107:0
ASN #209242 Cloudflare London, LLC
Hash 98642728b92810114e153c21d89e7f47
bf24b31a2d9a690113f68f10ccb4f5583a0001bd
9a85fa5e2c72a515e8d8e69bdf6c03df91bc0d5c833abe24bad20feaf9b903fb
GET /iframe/src/assets/icons/chat/24//1c089c1d.close.svg HTTP/1.1
Host: widget.yhelper.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://widget.yhelper.net/iframe/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:40:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Monday, 06-Feb-2023 16:40:23 UTC
cache-control: no-store, no-cache
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 795553c9dd17b527-OSL
X-Firefox-Spdy: h2
f52dbc7f-cbcb-4ccf-87d5-3e05f6c9f762.seals-emr.certria.com/emr-seal.js
143.204.55.108200 OK 78 kB URL HTTP/2 f52dbc7f-cbcb-4ccf-87d5-3e05f6c9f762.seals-emr.certria.com/emr-seal.js
IP 143.204.55.108:0
Hash 47b59f5369c0bc042576853610db0f51
c2f06baa8a46b024672f497038b017a68cfe0ea6
ead0723f941714c8e754452647d2c4cc0e24562ccedf3c276fdd9f8ef323768d
GET /emr-seal.js HTTP/1.1
Host: f52dbc7f-cbcb-4ccf-87d5-3e05f6c9f762.seals-emr.certria.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggbets1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
date: Mon, 06 Feb 2023 16:40:21 GMT
x-powered-by: Express
cache-control: max-age=300
etag: W/"c6a-uNn1yBXwnwSQlyJleTt/5xQnWOU"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 795553bdfd05362c-FRA
vary: Accept-Encoding
x-cache: Miss from cloudfront
via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: DunsyzP1tmz7ZtOSCJQuuBKKdLAkQ2i-W1JE-oN1Op05IVkuD_eDcw==
X-Firefox-Spdy: h2
widget.yhelper.net/iframe/src/assets/icons/chat/24//119f4539.history.svg
203.30.189.107200 OK 17 kB URL HTTP/2 widget.yhelper.net/iframe/src/assets/icons/chat/24//119f4539.history.svg
IP 203.30.189.107:0
ASN #209242 Cloudflare London, LLC
File type SVG Scalable Vector Graphics image\012- exported SGML document, ASCII text, with very long lines (2407)
Hash 8096c2fd0830fc97cda131f45942848e
7107a568d0e9a633270ba2246e058a5949efd575
af52656b48df491f7f13cdbc1972d385a8cbf41d150595a0dd0bf59cbc3679e3
GET /iframe/src/assets/icons/chat/24//119f4539.history.svg HTTP/1.1
Host: widget.yhelper.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://widget.yhelper.net/iframe/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:40:23 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Monday, 06-Feb-2023 16:40:23 UTC
cache-control: no-store, no-cache
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 795553c9dd20b527-OSL
X-Firefox-Spdy: h2
widget.yhelper.net/iframe/src/assets/sounds//4782183d.ChatIncomingInitial.wav
203.30.189.107206 Partial Content 28 kB URL HTTP/2 widget.yhelper.net/iframe/src/assets/sounds//4782183d.ChatIncomingInitial.wav
IP 203.30.189.107:0
ASN #209242 Cloudflare London, LLC
File type RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, mono 16000 Hz\012- data
Hash 1df95570b7377118f5e3aaf17713aae9
79f36413ac726b7e9fe372bb7150910d0b5d91a8
70f61fc75704bbe219317ebe36e8dc5f1c66bebe36b1debd903ae62a5913f35c
GET /iframe/src/assets/sounds//4782183d.ChatIncomingInitial.wav HTTP/1.1
Host: widget.yhelper.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: audio/webm,audio/ogg,audio/wav,audio/*;q=0.9,application/ogg;q=0.7,video/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://widget.yhelper.net/iframe/
Sec-Fetch-Dest: audio
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 206 Partial Content
date: Mon, 06 Feb 2023 16:40:23 GMT
content-type: application/octet-stream
content-length: 27564
last-modified: Monday, 06-Feb-2023 16:40:23 UTC
cache-control: no-store, no-cache
content-range: bytes 0-27563/27564
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 795553c9fd38b527-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 262283a921f231669fd41486228a6e9a
4b96dcb2cd03f53280d2ecf5ccb249b0b32e6e97
13b8cc87c28e0113401d88f89971eb966afde870a3e4be2602ff34942e81862d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 06 Feb 2023 16:40:23 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-82654859-1&cid=886843265.1675701667&jid=1314367487&gjid=838607717&_gid=667808133.1675701668&_u=YADAAEAAAAAAACAAI~&z=1674251915
64.233.165.154200 OK 1 B URL HTTP/2 stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-82654859-1&cid=886843265.1675701667&jid=1314367487&gjid=838607717&_gid=667808133.1675701668&_u=YADAAEAAAAAAACAAI~&z=1674251915
IP 64.233.165.154:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j99&tid=UA-82654859-1&cid=886843265.1675701667&jid=1314367487&gjid=838607717&_gid=667808133.1675701668&_u=YADAAEAAAAAAACAAI~&z=1674251915 HTTP/1.1
Host: stats.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://ggbets1.net
Connection: keep-alive
Referer: https://ggbets1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://ggbets1.net
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Mon, 06 Feb 2023 16:40:23 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
chat.prod.yhelper.net/socket.io/?EIO=4&transport=websocket
35.204.181.185101 Switching Protocols 0 B URL HTTP/1.1 chat.prod.yhelper.net/socket.io/?EIO=4&transport=websocket
IP 35.204.181.185:0
ASN #396982 GOOGLE-CLOUD-PLATFORM
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /socket.io/?EIO=4&transport=websocket HTTP/1.1
Host: chat.prod.yhelper.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: https://widget.yhelper.net
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: +WGGa9BRd6W9KSdS6b78LQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Date: Mon, 06 Feb 2023 16:40:23 GMT
Connection: upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RmvtD3G52Fdt6AHZTnHqv/WOjnY=
Strict-Transport-Security: max-age=15724800; includeSubDomains
zz.connextra.com/GGBet/dcs/tagController/tagData/992b65560df2
104.110.28.81200 OK 2.1 kB URL HTTP/2 zz.connextra.com/GGBet/dcs/tagController/tagData/992b65560df2
IP 104.110.28.81:0
File type ASCII text, with very long lines (5211), with no line terminators
Hash 94124a0e35f9a35b4e59d362aa807fdd
19e315583fc4081e789fc51dbf62e07e809b502c
fc7ae38924b6717bdaae354f751ad2668a10c23de563db76a73cabf259fbaa81
POST /GGBet/dcs/tagController/tagData/992b65560df2 HTTP/1.1
Host: zz.connextra.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 40
Origin: https://ggbets1.net
Connection: keep-alive
Referer: https://ggbets1.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: text/plain
server: istio-envoy
access-control-allow-credentials: true
access-control-allow-origin: https://ggbets1.net
vary: origin,accept-encoding
p3p: CP=NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR SAMa BUS IND UNI PUR COM NAV
content-encoding: gzip
x-envoy-upstream-service-time: 2
expires: Mon, 06 Feb 2023 16:40:23 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 06 Feb 2023 16:40:23 GMT
content-length: 20
set-cookie: CxtId=d4483fef-5749-4f0c-abf1-e96cd8356d16; Domain=.connextra.com; Expires=Wed, 05-Feb-2025 16:40:23 GMT; Path=/; Secure
GGBet=P%7Cregstart%7C1%7C202302061640; Domain=.connextra.com; Expires=Tue, 06-Feb-2024 16:40:23 GMT; Path=/; Secure; HttpOnly
X-Firefox-Spdy: h2
secure.adnxs.com/getuidnb?https%3A//zz.connextra.com/sync/data/uid/3bc1d7fd2e/%24UID
37.252.171.149200 OK 43 B URL HTTP/1.1 secure.adnxs.com/getuidnb?https%3A//zz.connextra.com/sync/data/uid/3bc1d7fd2e/%24UID
IP 37.252.171.149:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /getuidnb?https%3A//zz.connextra.com/sync/data/uid/3bc1d7fd2e/%24UID HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggbets1.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Mon, 06 Feb 2023 16:40:23 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 17ca3f3e-27c8-4a11-aed5-e415153c469a
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
secure.adnxs.com/seg?add=31428075&t=2
37.252.171.149307 Redirection 521 kB URL HTTP/1.1 secure.adnxs.com/seg?add=31428075&t=2
IP 37.252.171.149:0
File type gzip compressed data, from Unix\012- data
Size 521 kB (521284 bytes)
Hash a5cf3cfd96386555eba4a0d3704f0be5
0adc302d8068b19e855ed89bf3c92fb053148d71
f1ebcf99010ca34d8e3170c9a176054deb416544e978476277128124d1dc5e0e
GET /seg?add=31428075&t=2 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggbets1.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Mon, 06 Feb 2023 16:40:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D31428075%26t%3D2
AN-X-Request-Uuid: c6dfb641-d4cb-4cdf-9cef-2772eb8c5352
Set-Cookie: uuid2=4372576530280204130; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 07-May-2023 16:40:23 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
widget.yhelper.net/iframe/
203.30.189.107200 OK 26 kB URL HTTP/2 widget.yhelper.net/iframe/
IP 203.30.189.107:0
ASN #209242 Cloudflare London, LLC
Hash 8580321bd3dfceb5aaaf6ffb799e4d47
d7ef96a039de8b7fdf9500f763865a396b4c5166
9125a565fac66ee74ce6dbbdc04fa1e0052b738e91e268983c0fcf024ffa371a
GET /iframe/ HTTP/1.1
Host: widget.yhelper.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggbets1.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:40:21 GMT
content-type: text/html
vary: Accept-Encoding
last-modified: Monday, 06-Feb-2023 16:40:21 UTC
cache-control: no-store, no-cache
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 795553bfee9bb527-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D31428075%26t%3D2
37.252.171.149200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D31428075%26t%3D2
IP 37.252.171.149:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D31428075%26t%3D2 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://ggbets1.net/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Mon, 06 Feb 2023 16:40:24 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 8117e3a2-364d-49e1-aaf9-180dc880148d
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2Il^G_iq(!@wnf-Te9(>wL5L!!'QX$gZ1y; SameSite=None; Path=/; Max-Age=7776000; Expires=Sun, 07-May-2023 16:40:24 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.35200 OK 22 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.35:0
File type gzip compressed data, from Unix\012- data
Hash 589281e9807979171c31a74cebb85f4f
4b7d3b21291a60aa734aeabe5eee2394d938b695
77b0f1b581c1c09b7ae5a00cc07033cae70890e236d12d966d39dbcca3e23da7
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://widget.yhelper.net
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 31 Jan 2023 13:09:06 GMT
expires: Wed, 31 Jan 2024 13:09:06 GMT
cache-control: public, max-age=31536000
age: 531078
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
helixnixo.buzz/
172.67.208.86302 Found 0 B IP 172.67.208.86:0
NIDS Severity Alert suricata medium ET INFO HTTP Request to a *.buzz domain
GET / HTTP/1.1
Host: helixnixo.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 302 Found
date: Mon, 06 Feb 2023 16:40:17 GMT
content-type: text/html; charset=UTF-8
location: https://ggbetpromo.com/l/63a07c78406fe15f2660c7fc?sub_id=s8hnpa76e&click_id=s8hnpa76e
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
set-cookie: _subid=s8hnpa76e;Expires=Thursday, 09-Mar-2023 16:40:17 GMT;Max-Age=2678400;Path=/
e4d08=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjIyXCI6MTY3NTcwMTYxN30sXCJjYW1wYWlnbnNcIjp7XCIxMVwiOjE2NzU3MDE2MTd9LFwidGltZVwiOjE2NzU3MDE2MTd9In0.DM0AZNmLksbgpIJdP0wjSaqdAHUwF2Zwk2ku1gZASLI;Expires=Sunday, 15-Mar-2076 09:20:34 GMT;Max-Age=1675788017;Path=/
_token=uuid_s8hnpa76e_s8hnpa76e63e12d714cd556.38876790;Expires=Thursday, 09-Mar-2023 16:40:17 GMT;Max-Age=2678400;Path=/
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CX7tKkTVa2dQyoT0irZLDKDF3RtQ7SkugarYzvd%2FQOW0waD9uITebFuC7%2F3Atz06LhRp3N340bvPnL%2BH1%2FlkJvNjO17G4wdDJTVd0jl3WdSZCUx4PJL1hCvfDW%2BWSupVRg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 795553a25ca30b59-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-5F3SFTF
142.250.74.168200 OK 0 B URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-5F3SFTF
IP 142.250.74.168:0
GET /gtm.js?id=GTM-5F3SFTF HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggbets1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 06 Feb 2023 16:40:21 GMT
expires: Mon, 06 Feb 2023 16:40:21 GMT
cache-control: private, max-age=900
last-modified: Mon, 06 Feb 2023 15:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 71733
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sat.ugabartint.net/ie/e?m=Yzg5YzE5MDQ1YmMxYzc0ZmZmYTU3OWQxZjczZDEzNjYgPSBDYW52YXMgZWxlbWVudCBkb2Vzbid0IGhhdmUgYW55IG9mIHRoaXMgY29udGV4dCAtIHdlYmdsMixleHBlcmltZW50YWwtd2ViZ2wyLCB3ZWJnbCwgZXhwZXJpbWVudGFsLXdlYmdsLCBtb3otd2ViZ2wuIFdlYkdsIHN1cHBvcnQgaXMgZGlzYWJsZWQ%3D&h=aHR0cHM6Ly9jb2ZmZWUycGxheS5jb20vP3M9NjAmcmVmPWdnX3cxNzQ0OTVjMTQzMDA4bDgzNjZnbm9wNzk5X3M4aG5wYTc2ZSZlbmNvZGVkX3VybD1ZMkZ6YVc1dkl5RXZZWFYwYUM5eVpXZHBjM1JsY2o5d2IzQjFjQT09JmNsaWNrX2lkPXM4aG5wYTc2ZQ%3D%3D&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjA%3D
203.34.80.159200 OK 0 B URL HTTP/2 sat.ugabartint.net/ie/e?m=Yzg5YzE5MDQ1YmMxYzc0ZmZmYTU3OWQxZjczZDEzNjYgPSBDYW52YXMgZWxlbWVudCBkb2Vzbid0IGhhdmUgYW55IG9mIHRoaXMgY29udGV4dCAtIHdlYmdsMixleHBlcmltZW50YWwtd2ViZ2wyLCB3ZWJnbCwgZXhwZXJpbWVudGFsLXdlYmdsLCBtb3otd2ViZ2wuIFdlYkdsIHN1cHBvcnQgaXMgZGlzYWJsZWQ%3D&h=aHR0cHM6Ly9jb2ZmZWUycGxheS5jb20vP3M9NjAmcmVmPWdnX3cxNzQ0OTVjMTQzMDA4bDgzNjZnbm9wNzk5X3M4aG5wYTc2ZSZlbmNvZGVkX3VybD1ZMkZ6YVc1dkl5RXZZWFYwYUM5eVpXZHBjM1JsY2o5d2IzQjFjQT09JmNsaWNrX2lkPXM4aG5wYTc2ZQ%3D%3D&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjA%3D
IP 203.34.80.159:0
ASN #209242 Cloudflare London, LLC
GET /ie/e?m=Yzg5YzE5MDQ1YmMxYzc0ZmZmYTU3OWQxZjczZDEzNjYgPSBDYW52YXMgZWxlbWVudCBkb2Vzbid0IGhhdmUgYW55IG9mIHRoaXMgY29udGV4dCAtIHdlYmdsMixleHBlcmltZW50YWwtd2ViZ2wyLCB3ZWJnbCwgZXhwZXJpbWVudGFsLXdlYmdsLCBtb3otd2ViZ2wuIFdlYkdsIHN1cHBvcnQgaXMgZGlzYWJsZWQ%3D&h=aHR0cHM6Ly9jb2ZmZWUycGxheS5jb20vP3M9NjAmcmVmPWdnX3cxNzQ0OTVjMTQzMDA4bDgzNjZnbm9wNzk5X3M4aG5wYTc2ZSZlbmNvZGVkX3VybD1ZMkZ6YVc1dkl5RXZZWFYwYUM5eVpXZHBjM1JsY2o5d2IzQjFjQT09JmNsaWNrX2lkPXM4aG5wYTc2ZQ%3D%3D&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjA%3D HTTP/1.1
Host: sat.ugabartint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:40:18 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 795553a98cbfb4eb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
sat.ugabartint.net/ie/js/c89c19045bc1c74fffa579d1f73d1366
203.34.80.159200 OK 0 B URL HTTP/2 sat.ugabartint.net/ie/js/c89c19045bc1c74fffa579d1f73d1366
IP 203.34.80.159:0
ASN #209242 Cloudflare London, LLC
POST /ie/js/c89c19045bc1c74fffa579d1f73d1366 HTTP/1.1
Host: sat.ugabartint.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 4144
Origin: https://coffee2play.com
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:40:19 GMT
content-type: application/json
cache-control: no-cache, private
access-control-allow-origin: https://coffee2play.com
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT, PATCH
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 795553b35cd6b4eb-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ggbets1.net/casino?ref=gg_w174495c143008l8366gnop799_s8hnpa76e&affdata%5Bsubdata%5D=c89c19045bc1c74fffa579d1f73d1366&affdata%5Bclick_id%5D=s8hnpa76e&affdata%5Bgeo%5D=no&affdata%5Brotator%5D=143008&affdata%5Blanding%5D=8366&affdata%5Bsub_id%5D=s8hnpa76e
203.30.189.19302 Found 0 B URL HTTP/2 ggbets1.net/casino?ref=gg_w174495c143008l8366gnop799_s8hnpa76e&affdata%5Bsubdata%5D=c89c19045bc1c74fffa579d1f73d1366&affdata%5Bclick_id%5D=s8hnpa76e&affdata%5Bgeo%5D=no&affdata%5Brotator%5D=143008&affdata%5Blanding%5D=8366&affdata%5Bsub_id%5D=s8hnpa76e
IP 203.30.189.19:0
ASN #209242 Cloudflare London, LLC
GET /casino?ref=gg_w174495c143008l8366gnop799_s8hnpa76e&affdata%5Bsubdata%5D=c89c19045bc1c74fffa579d1f73d1366&affdata%5Bclick_id%5D=s8hnpa76e&affdata%5Bgeo%5D=no&affdata%5Brotator%5D=143008&affdata%5Blanding%5D=8366&affdata%5Bsub_id%5D=s8hnpa76e HTTP/1.1
Host: ggbets1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://coffee2play.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 06 Feb 2023 16:40:20 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate, private
location: /en/casino?ref=gg_w174495c143008l8366gnop799_s8hnpa76e&affdata%5Bsubdata%5D=c89c19045bc1c74fffa579d1f73d1366&affdata%5Bclick_id%5D=s8hnpa76e&affdata%5Bgeo%5D=no&affdata%5Brotator%5D=143008&affdata%5Blanding%5D=8366&affdata%5Bsub_id%5D=s8hnpa76e
expires: Mon, 06 Feb 2023 16:40:20 GMT
set-cookie: uuid=669d1407-f971-4447-9798-d42e96e623d9; expires=Wed, 08 Mar 2023 16:40:20 GMT; Max-Age=2592000; path=/; secure; samesite=none
x-upstream: fpm
x-envoy-upstream-service-time: 23
x-frame-options: DENY
x-request-id: abba6084-7c82-44a6-86a7-fba17d38bc46
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 795553b96dc4b500-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ggbets1.net/en/casino?ref=gg_w174495c143008l8366gnop799_s8hnpa76e&affdata%5Bsubdata%5D=c89c19045bc1c74fffa579d1f73d1366&affdata%5Bclick_id%5D=s8hnpa76e&affdata%5Bgeo%5D=no&affdata%5Brotator%5D=143008&affdata%5Blanding%5D=8366&affdata%5Bsub_id%5D=s8hnpa76e
203.30.189.19200 OK 0 B URL HTTP/2 ggbets1.net/en/casino?ref=gg_w174495c143008l8366gnop799_s8hnpa76e&affdata%5Bsubdata%5D=c89c19045bc1c74fffa579d1f73d1366&affdata%5Bclick_id%5D=s8hnpa76e&affdata%5Bgeo%5D=no&affdata%5Brotator%5D=143008&affdata%5Blanding%5D=8366&affdata%5Bsub_id%5D=s8hnpa76e
IP 203.30.189.19:0
ASN #209242 Cloudflare London, LLC
GET /en/casino?ref=gg_w174495c143008l8366gnop799_s8hnpa76e&affdata%5Bsubdata%5D=c89c19045bc1c74fffa579d1f73d1366&affdata%5Bclick_id%5D=s8hnpa76e&affdata%5Bgeo%5D=no&affdata%5Brotator%5D=143008&affdata%5Blanding%5D=8366&affdata%5Bsub_id%5D=s8hnpa76e HTTP/1.1
Host: ggbets1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://coffee2play.com/
Connection: keep-alive
Cookie: uuid=669d1407-f971-4447-9798-d42e96e623d9
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:40:21 GMT
content-type: text/html; charset=UTF-8
cache-control: max-age=0, must-revalidate, private
link: </static/130237/assets/css/desktop.css>; rel="preload"; as="style",</static/130237/assets/css/games.css>; rel="preload"; as="style"
expires: Mon, 06 Feb 2023 16:40:21 GMT
set-cookie: actionPay=deleted; expires=Sun, 06 Feb 2022 16:40:20 GMT; Max-Age=0; path=/; secure; httponly; samesite=none
refCode=gg_w174495c143008l8366gnop799_s8hnpa76e; expires=Wed, 08 Mar 2023 16:40:20 GMT; Max-Age=2591999; path=/; secure; httponly; samesite=none
affdata=subdata%3Dc89c19045bc1c74fffa579d1f73d1366%26click_id%3Ds8hnpa76e%26geo%3Dno%26rotator%3D143008%26landing%3D8366%26sub_id%3Ds8hnpa76e; expires=Wed, 08 Mar 2023 16:40:20 GMT; Max-Age=2591999; path=/; secure; httponly; samesite=none
landingId=8366; expires=Wed, 08 Mar 2023 16:40:20 GMT; Max-Age=2591999; path=/; secure; httponly; samesite=none
first_entrypoint=L2VuL2Nhc2lubz9yZWY9Z2dfdzE3NDQ5NWMxNDMwMDhsODM2Nmdub3A3OTlfczhobnBhNzZlJmFmZmRhdGElNUJzdWJkYXRhJTVEPWM4OWMxOTA0NWJjMWM3NGZmZmE1NzlkMWY3M2QxMzY2JmFmZmRhdGElNUJjbGlja19pZCU1RD1zOGhucGE3NmUmYWZmZGF0YSU1QmdlbyU1RD1ubyZhZmZkYXRhJTVCcm90YXRvciU1RD0xNDMwMDgmYWZmZGF0YSU1QmxhbmRpbmclNUQ9ODM2NiZhZmZkYXRhJTVCc3ViX2lkJTVEPXM4aG5wYTc2ZQ%3D%3D; expires=Mon, 20 Feb 2023 16:40:21 GMT; Max-Age=1209600; path=/; secure; samesite=none
player_affiliation=casino; path=/; secure; httponly; samesite=lax
x-upstream: fpm
x-envoy-upstream-service-time: 310
x-frame-options: DENY
x-request-id: 8bd6750e-9fd0-4eef-9452-0f29b44d2560
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 795553ba2ef8b500-OSL
content-encoding: gzip
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-h2-pushed: </static/130237/assets/css/desktop.css>,</static/130237/assets/css/games.css>
X-Firefox-Spdy: h2
widget.yhelper.net/widget.js
203.30.189.107200 OK 0 B URL HTTP/2 widget.yhelper.net/widget.js
IP 203.30.189.107:0
ASN #209242 Cloudflare London, LLC
GET /widget.js HTTP/1.1
Host: widget.yhelper.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ggbets1.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:40:21 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Monday, 06-Feb-2023 16:40:21 UTC
cache-control: no-store, no-cache
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 795553bd6a78b527-OSL
X-Firefox-Spdy: h2
widget.yhelper.net/iframe/src/assets/icons/chat/24//1e6304ab.article.svg
203.30.189.107200 OK 0 B URL HTTP/2 widget.yhelper.net/iframe/src/assets/icons/chat/24//1e6304ab.article.svg
IP 203.30.189.107:0
ASN #209242 Cloudflare London, LLC
GET /iframe/src/assets/icons/chat/24//1e6304ab.article.svg HTTP/1.1
Host: widget.yhelper.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://widget.yhelper.net/iframe/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 06 Feb 2023 16:40:24 GMT
content-type: image/svg+xml
vary: Accept-Encoding
last-modified: Monday, 06-Feb-2023 16:40:24 UTC
cache-control: no-store, no-cache
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
cf-cache-status: MISS
server: cloudflare
cf-ray: 795553d2ea06b527-OSL
X-Firefox-Spdy: h2