Overview

URLwww.efilme-online.net/lords-of-chaos-2018-online-subtitrat-hd.html
IP 104.26.7.214 (United States)
ASN#13335 CLOUDFLARENET
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-10-24 06:48:39 UTC
StatusLoading report..
IDS alerts0
Blocklist alert12
urlquery alerts No alerts detected
Tags None

Domain Summary (59)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
click-v4.junmediadirect1.com (1) 0 No data No data 198.134.116.17 Unknown ranking
counter.yadro.ru (1) 7275 2019-10-14 20:58:23 UTC 2022-10-24 05:21:15 UTC 88.212.201.198
unibet.demdex.net (4) 338024 2019-01-20 20:22:05 UTC 2019-11-02 03:04:11 UTC 99.81.236.184
lowhardboiledadjoin.com (2) 0 2022-10-21 04:55:24 UTC 2022-10-24 05:55:04 UTC 173.233.137.60 Unknown ranking
cdn.sb4you1.com (3) 22321 2022-03-01 09:07:45 UTC 2022-10-24 04:07:29 UTC 172.64.110.27
fonts.gstatic.com (4) 0 2022-10-01 05:06:21 UTC 2022-10-24 04:01:20 UTC 216.58.207.195 Domain (gstatic.com) ranked at: 540
s.optnx.com (3) 20469 No data No data 95.211.229.247
a1s.unibet.com (1) 297625 2018-08-24 02:07:57 UTC 2020-04-28 05:20:01 UTC 85.184.96.5
firefox.settings.services.mozilla.com (2) 867 2021-08-28 03:57:17 UTC 2022-10-24 03:13:52 UTC 143.204.55.35
contile.services.mozilla.com (1) 1114 2021-05-27 18:32:35 UTC 2022-10-24 04:01:33 UTC 34.117.237.239
e1.o.lencr.org (5) 6159 No data No data 23.36.76.226
c.cachegorilla.com (1) 0 2022-05-03 12:36:00 UTC 2022-10-21 21:35:58 UTC 172.67.190.155 Domain (cachegorilla.com) ranked at: 254625
no.mariacasino.com (4) 0 No data No data 85.184.96.0 Domain (mariacasino.com) ranked at: 508551
zap.buzz (3) 54791 2019-02-21 18:56:19 UTC 2022-10-23 15:49:31 UTC 172.67.213.33
simplewebanalysis.com (1) 0 2022-09-23 10:15:47 UTC 2022-10-23 19:34:50 UTC 18.194.90.159 Unknown ranking
cdn.yourwebbars.com (1) 62037 2021-02-15 20:26:53 UTC 2022-10-24 04:07:29 UTC 104.26.7.19
ocsp2.globalsign.com (1) 1544 2013-04-10 22:43:21 UTC 2020-03-15 21:19:16 UTC 104.18.21.226
cdn-s5.cfeucdn.com (1) 305949 2020-05-28 15:48:55 UTC 2022-09-04 21:32:09 UTC 213.186.120.164
unseenreport.com (3) 0 2022-03-30 14:33:17 UTC 2022-10-24 05:55:10 UTC 192.243.61.225 Unknown ranking
h4ahsm.cfeucdn.com (1) 92871 2020-06-03 02:05:18 UTC 2022-10-23 10:18:23 UTC 84.16.243.193
ocsp.globalsign.com (1) 2075 2018-06-22 23:48:20 UTC 2020-05-02 20:58:10 UTC 104.18.21.226
makesboundlessvirtue.com (4) 0 2022-10-21 01:57:55 UTC 2022-10-24 05:55:48 UTC 173.233.137.44 Unknown ranking
ajax.googleapis.com (1) 12905 2019-10-15 19:27:59 UTC 2022-10-24 05:25:11 UTC 142.250.74.106
www.googletagmanager.com (1) 75 2022-10-01 11:18:53 UTC 2022-10-24 04:56:35 UTC 142.250.74.168
www.efilme-online.net (2) 0 2022-06-21 22:23:28 UTC 2022-10-22 19:45:39 UTC 104.26.6.214 Unknown ranking
q.xmlrtb.com (1) 57283 2022-09-20 11:14:21 UTC 2022-10-23 10:18:24 UTC 172.67.142.212
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
ocsp.digicert.com (12) 86 2012-06-27 22:09:06 UTC 2020-05-02 20:58:10 UTC 93.184.220.29
hqq.to (10) 57515 2021-11-03 10:43:40 UTC 2022-10-23 15:44:39 UTC 190.115.19.71
ocsp.sectigo.com (4) 487 2019-11-29 11:50:24 UTC 2021-09-17 20:05:40 UTC 104.18.32.68
errors.client.optimizely.com (8) 7604 2019-06-18 15:13:43 UTC 2020-02-10 05:37:44 UTC 3.215.196.133
r3.o.lencr.org (13) 344 No data No data 23.36.76.226
adserving.unibet.com (2) 98000 2015-05-26 06:56:53 UTC 2020-04-28 07:38:51 UTC 23.36.79.43
c.xmlrtb.com (1) 78694 2022-09-20 19:30:54 UTC 2022-10-22 23:39:28 UTC 172.67.142.212
script.crazyegg.com (5) 1992 2015-07-03 07:48:37 UTC 2020-02-29 22:05:25 UTC 104.19.148.8
atmosphereblankjustly.com (1) 0 2022-07-08 01:35:55 UTC 2022-10-02 17:25:49 UTC 192.243.59.12 Unknown ranking
ocsp.securetrust.com (1) 18792 No data No data 23.36.79.25
push.services.mozilla.com (1) 2140 2019-05-26 10:52:39 UTC 2020-05-03 10:09:39 UTC 52.41.98.34
alleviatepracticableaddicted.com (1) 0 2022-07-05 09:49:47 UTC 2022-10-23 10:18:44 UTC 192.243.61.227 Unknown ranking
img-getpocket.cdn.mozilla.net (4) 1631 2019-03-04 20:37:34 UTC 2020-02-19 04:43:25 UTC 34.120.237.76
cdn.optimizely.com (1) 694 2018-12-19 20:48:06 UTC 2020-05-02 23:07:11 UTC 23.38.200.155
fonts.googleapis.com (1) 8877 2019-10-15 15:11:46 UTC 2022-10-24 04:01:20 UTC 142.250.74.10
assets.adobedtm.com (5) 512 2019-07-06 05:02:59 UTC 2020-05-14 16:29:33 UTC 23.38.200.237
adpointrtb.com (2) 0 2022-08-29 14:47:09 UTC 2022-10-24 04:49:41 UTC 34.160.190.227 Unknown ranking
unibetlondonltd.d3.sc.omtrdc.net (2) 444877 2020-10-28 05:17:01 UTC 2022-10-24 05:36:57 UTC 15.236.176.210
www.efilme-online.net (2) 0 2022-06-21 22:23:28 UTC 2022-10-22 19:45:39 UTC 104.26.7.214 Unknown ranking
mc.yandex.ru (5) 2672 2012-05-21 09:38:30 UTC 2022-10-24 04:54:54 UTC 87.250.250.119
www.google-analytics.com (2) 40 2022-06-18 22:44:29 UTC 2022-10-24 05:28:14 UTC 216.239.36.178
c.popbutler.com (1) 0 2022-05-18 13:13:43 UTC 2022-10-21 08:27:44 UTC 104.21.72.243 Domain (popbutler.com) ranked at: 243221
a1s-cdn.unibet.com (1) 283505 2014-04-23 15:07:51 UTC 2020-04-04 05:20:05 UTC 85.184.96.5
service.maxymiser.net (3) 8733 2018-08-27 05:52:16 UTC 2020-03-09 04:20:28 UTC 104.110.7.230
welcome.mariacasino.com (13) 0 No data No data 108.161.188.196 Domain (mariacasino.com) ranked at: 508551
unpkg.com (3) 11693 2017-01-30 05:00:19 UTC 2022-10-24 04:03:57 UTC 104.16.126.175
testingmetriksbre.ru (1) 0 2022-06-30 21:55:42 UTC 2022-10-23 21:08:36 UTC 104.26.0.119 Unknown ranking
p.jwalf.com (1) 0 No data No data 44.207.60.131 Unknown ranking
banquetunarmedgrater.com (1) 0 2022-08-04 15:12:50 UTC 2022-10-24 04:07:28 UTC 192.243.61.225 Unknown ranking
a10682170820.cdn.optimizely.com (1) 325426 No data No data 104.110.8.48
ocsp.pki.goog (7) 175 2019-02-02 06:15:41 UTC 2020-05-02 20:58:16 UTC 142.250.74.3
ocsp.sca1b.amazontrust.com (4) 1015 2019-02-26 19:05:58 UTC 2019-03-27 04:05:54 UTC 143.204.42.88

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
 No alerts detected

mnemonic secure dns
 No alerts detected

Quad9 DNS
Scan Date Severity Indicator Comment
2022-10-24 2 atmosphereblankjustly.com Sinkholed
2022-10-24 2 alleviatepracticableaddicted.com Sinkholed
2022-10-23 2 lowhardboiledadjoin.com Sinkholed
2022-10-24 2 banquetunarmedgrater.com Sinkholed
2022-10-23 2 makesboundlessvirtue.com Sinkholed
2022-10-23 2 lowhardboiledadjoin.com Sinkholed
2022-10-23 2 makesboundlessvirtue.com Sinkholed
2022-10-23 2 makesboundlessvirtue.com Sinkholed
2022-10-23 2 makesboundlessvirtue.com Sinkholed
2022-10-23 2 unseenreport.com Sinkholed
2022-10-23 2 unseenreport.com Sinkholed
2022-10-23 2 unseenreport.com Sinkholed


Files

URL adserving.unibet.com/redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=26259 (...)
IP  23.36.79.43
Magic gzip compressed data, max compression, from Unix\012- data
Size 2050
MD5 1cbc557a8704b24af0bfb4c6b7742861
SHA1 8ce4064916d5b8db6458c5d25f3eb894c00ccdfd
SHA256 dae05ca36da3363f8c658557051126bab37b9f53801cdc11b1c9fe1071ce25bc
Analyzer Analysed Verdict Comment
VirusTotal 0/0  VirusTotal Report

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 104.26.7.214
Date UQ / IDS / BL URL IP
2023-01-22 17:09:37 +0000 0 - 0 - 1 bom.so/GMW3W5 104.26.7.214
2023-01-22 11:13:38 +0000 0 - 0 - 1 bom.so/GMW3W5 104.26.7.214
2023-01-16 03:27:43 +0000 0 - 0 - 0 bom.so/d3vbve 104.26.7.214
2023-01-13 12:26:38 +0000 0 - 0 - 0 bom.so/xHX3zY 104.26.7.214
2023-01-08 13:12:00 +0000 0 - 0 - 1 bom.so/GMW3W5 104.26.7.214


Last 5 reports on ASN: CLOUDFLARENET
Date UQ / IDS / BL URL IP
2023-02-09 03:00:03 +0000 0 - 0 - 2 win-rar.org/fileadmin/winrar-versions/winrar/ (...) 188.114.97.1
2023-02-09 02:59:41 +0000 0 - 0 - 40 spkdirect0.com/ 188.114.96.1
2023-02-09 02:59:33 +0000 0 - 1 - 0 lectortmo.com/viewer/d461a2beaf61bd518ee2ecd2 (...) 104.26.14.85
2023-02-09 02:59:06 +0000 0 - 0 - 2 k-storage.com/krnl_beta.exe 104.21.49.80
2023-02-09 02:59:05 +0000 0 - 0 - 2 k-storage.com/krnl_bootstrapper.exe 104.21.49.80


Last 1 reports on domain: efilme-online.net
Date UQ / IDS / BL URL IP
2022-10-24 06:48:39 +0000 0 - 0 - 12 www.efilme-online.net/lords-of-chaos-2018-onl (...) 104.26.7.214


No other reports with similar screenshot

JavaScript

Executed Scripts (91)

Executed Evals (12)
#1 JavaScript::Eval (size: 71) - SHA256: dcdd7e7e286c45c94638f28053384616d6ca9a1b396b0109cb51f1298ba342bb
(function() {
    return Math.round((new Date).getTime() / 1E3).toString()
})();
#2 JavaScript::Eval (size: 55) - SHA256: 14986cbd70f8b8a1770adf9800c113847daf392c2999dfff9dc71d2be98f3282
(function() {
    return visitor.getAnalyticsVisitorID()
})();
#3 JavaScript::Eval (size: 135) - SHA256: fc7b851f30df68c5cc6d1fb3f06c300b2b1d7271f76cc187224050270141f0ed
(function() {
    if (window.innerHeight) return window.innerHeight;
    d = screen.width + "x" + screen.height;
    return d.documentElement.offsetHeight
})();
#4 JavaScript::Eval (size: 62) - SHA256: adf0ca592504ef680d5ea02d5161b15be0572fd3e5b41d152b74f0c76aea6c42
(function() {
    return window.functions.getPageNameOldEvar1()
})();
#5 JavaScript::Eval (size: 61) - SHA256: 9259355921509ced00b4d7d3e76c151037a06c88a646cd7d47d5d9c96984697c
(function() {
    return window.functions.timeParting("n", "0")
})();
#6 JavaScript::Eval (size: 60) - SHA256: 9d51544cc513110b130345a977b1e9e630b5a7aa01518f7f7898758b79a9699f
(function() {
    return visitor.getMarketingCloudVisitorID()
})();
#7 JavaScript::Eval (size: 20) - SHA256: fc0d820f6f6693ccd6462b02714dcea358f75a12b72a7fe3f38e24168433f487
var bar = (x) => x + 1
#8 JavaScript::Eval (size: 12) - SHA256: 4ab4edee422a7a6e621718d1ae7180b13ba13f18c0ce3e7e3e26fd68e57e119c
class Foo {}
#9 JavaScript::Eval (size: 750) - SHA256: 56913c554613b95e59db6c25c29e10ecbf24ea08e88805682ee3fa15c032f5a5
function IZPLrZE(e) {
    if (('isTrusted' in e) && (e.isTrusted) && (!GcFm || !XMuJEMJg)) {
        GcFm = !0;
        XMuJEMJg = !0;
        document.removeEventListener('mousemove', IZPLrZE, passiveSupported ? {
            passive: true
        } : false);
        was_click = true;
        if (navigator.userAgent.toLowerCase().match(/wv/i)) {
            createcxt();
        }
        mmwZFh = 'b91ed6768bdb126b844e7d087b553573d4150a95';
        JPWAfaBm = '1666594107';
        NXEJ = 'e6815c48c3cf6aaec5ba6fa34cde324f4bcd5c6a';
    }
}
document.addEventListener('mousemove', IZPLrZE, passiveSupported ? {
    passive: true
} : false);
#10 JavaScript::Eval (size: 88) - SHA256: 5e05e2cf30322e8f71d65a22aa5f4a095923b67286a61d83b7787e3468f42f62
(function() {
    return "LP:" + BF_prop.LandingPageName.toString().replace(/:/ig, "").trim()
})();
#11 JavaScript::Eval (size: 54) - SHA256: fc490a09c28110ae2a7c965801ebeb5c572587f55c3524889f547dbcc34c1d81
(function() {
    return screen.width + "x" + screen.height
})();
#12 JavaScript::Eval (size: 132) - SHA256: 0a23e511994a2c03a725773de07810ff171878b9c0177f40a663038e4e251168
(function() {
    if (window.innerWidth) return window.innerWidth;
    d = screen.width + "x" + screen.height;
    return d.documentElement.offsetWidth
})();

Executed Writes (1)
#1 JavaScript::Write (size: 68) - SHA256: 6604e7359d43375f74af46ce09c369432a8512c1e42b8d301a38091cb668301a
< script src = "https://cdn.optimizely.com/js/10682170820.js" > < /script>


HTTP Transactions (171)


Request Response
                                        
                                            GET /lords-of-chaos-2018-online-subtitrat-hd.html HTTP/1.1 
Host: www.efilme-online.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         104.26.7.214
HTTP/1.1 301 Moved Permanently
                                        
Date: Mon, 24 Oct 2022 06:48:26 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 24 Oct 2022 07:48:26 GMT
Location: https://www.efilme-online.net/lords-of-chaos-2018-online-subtitrat-hd.html
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cHtrd9aypSCGHtjxVgnVPXKlwo7SkF%2BnhxQsGwpnWLbtRgGG1nVnP29DJXcSR5HQ0LDv7TAKNv8yF8qXFn0YW2N7YQRYLpU4D%2FwqsCQWEmES1zT0AYIEA7Ja%2FGXWK7MfRvrZm9EuUg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75f0c44c485eb500-OSL
alt-svc: h2=":443"; ma=60

                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Alert, Content-Length, Content-Type, Retry-After, Backoff
Cache-Control: max-age=3600
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Mon, 24 Oct 2022 05:52:56 GMT
Expires: Mon, 24 Oct 2022 06:40:09 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 dac7cf040932e0c072eeed10afdd7b3e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: WSSAA-FoyBinfKojUp30NA6E3haiw6A1LCH-zKC4BSQNpxL8kcBCbw==
Age: 3330


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    bdb8b66c705a7b996496d780f50c00b5
Sha1:   403ae92039fcc933870f51f913f78ccaf9652256
Sha256: c923ed2539f4ce9f4d43743c402fbb2060a52a4cbedbf14c5f5742ab718073d6
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "310C633350812C064E159275B6DBBDBA6D6A5991A54CCFCC23459320C6513572"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2423
Expires: Mon, 24 Oct 2022 07:28:49 GMT
Date: Mon, 24 Oct 2022 06:48:26 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "82D9EE4948FCE839F7EDB1F8490C4213CDED3912464A4169B0BF6A61278694BD"
Last-Modified: Sat, 22 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2190
Expires: Mon, 24 Oct 2022 07:24:56 GMT
Date: Mon, 24 Oct 2022 06:48:26 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: pxBzbdvJgnebHOOfn+Q8zYiOA2ishaufaARHNE7IvDy+La1bOFbyLmeU36TY+uVtHCITONAadao=
x-amz-request-id: 4Y9CDT2K4KNSWR7E
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 24 Oct 2022 06:08:24 GMT
age: 2402
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    67d5a988edcda47bc3b3b3f65d32b4b6
Sha1:   d4f0e0da8b3690cc7da925026d3414b68c7d954f
Sha256: 55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Mon, 24 Oct 2022 06:48:26 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            POST /s/gts1p5/zTg4bo_SWek HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 24 Oct 2022 06:48:26 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.35
HTTP/1.1 200 OK
Content-Type: application/json
                                        
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Mon, 24 Oct 2022 06:33:32 GMT
Expires: Mon, 24 Oct 2022 06:54:07 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 6T8NeEPi5t7m_SewuH8cYadonUKOlfxwnT6Cl8DONkjpGv22fnWoHQ==
Age: 895


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            POST /s/gts1p5/zTg4bo_SWek HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 24 Oct 2022 06:48:27 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1436
Cache-Control: max-age=92532
Date: Mon, 24 Oct 2022 06:48:27 GMT
Etag: "6354f613-1d7"
Expires: Tue, 25 Oct 2022 08:30:39 GMT
Last-Modified: Sun, 23 Oct 2022 08:06:43 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: zs20rUlXUqFcOk5IeMEHWA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         52.41.98.34
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: tyS27kD5pKIvC3NeT3GsZBHkS7I=

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "E4A3C5FF903B056F628EFD3196DE57E4AF170357E4CCEEB154F9DCCA912B1EBF"
Last-Modified: Sat, 22 Oct 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4161
Expires: Mon, 24 Oct 2022 07:57:48 GMT
Date: Mon, 24 Oct 2022 06:48:27 GMT
Connection: keep-alive

                                        
                                            GET /styles/global/embed_player.3.css?130 HTTP/1.1 
Host: hqq.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=ZWZNTis5YlZaUExrYlhSSUxWbU5Gdz09&autoplay=no
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         190.115.19.71
HTTP/2 200 OK
content-type: text/css; charset=UTF-8
                                        
server: ddos-guard
set-cookie: __ddg1_=h4dKyHvc0CKcPeLMb1sh; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 24-Oct-2023 06:48:27 GMT
date: Mon, 17 Oct 2022 10:45:52 GMT
vary: Accept-Encoding
last-modified: Wed, 09 Dec 2020 22:16:37 GMT
etag: W/"5fd14cc5-1701"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 590555
ddg-cache-status: HIT,MISS
content-length: 1623
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1623
Md5:    8e6c46db0d3b9b09cb250529f4e92245
Sha1:   78ccfc915538c39e35acb536eca217f2f12e7a0e
Sha256: 7a8726525e4b7e4a725b96f82dafba6d1da8b54d71c5d02144aca8b7d306bf65
                                        
                                            GET /js/video.jquery_plugs/modernizr.js?12 HTTP/1.1 
Host: hqq.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=ZWZNTis5YlZaUExrYlhSSUxWbU5Gdz09&autoplay=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         190.115.19.71
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: ddos-guard
set-cookie: __ddg1_=NMgBtm1vEWT8zbu5MM2M; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 24-Oct-2023 06:48:27 GMT
date: Mon, 17 Oct 2022 10:45:52 GMT
vary: Accept-Encoding
last-modified: Sun, 03 Jun 2018 17:19:35 GMT
etag: W/"5b142327-4cb"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 590555
ddg-cache-status: HIT,MISS
content-length: 652
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1227), with no line terminators
Size:   652
Md5:    aecce2cd69440bcd1b71a8f0ce204922
Sha1:   7bf5702d34c33349bead0bb2cb7ad2200d699196
Sha256: b9159c2d62fb50c02489b011962ed2549515067437b550834432787ff25a5dfb
                                        
                                            GET /js/d_check.js?34 HTTP/1.1 
Host: hqq.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=ZWZNTis5YlZaUExrYlhSSUxWbU5Gdz09&autoplay=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         190.115.19.71
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: ddos-guard
set-cookie: __ddg1_=4M4UfxhgMqKNQGAd2Fat; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 24-Oct-2023 06:48:27 GMT
date: Mon, 17 Oct 2022 10:54:47 GMT
vary: Accept-Encoding
last-modified: Thu, 27 Feb 2020 14:57:53 GMT
etag: W/"5e57d8f1-d8a"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 590020
ddg-cache-status: HIT,MISS
content-length: 1028
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (821)
Size:   1028
Md5:    841e4af4332ce934406a4e59a063aa98
Sha1:   fd8429c4c48157e134268b448d713b642f461af6
Sha256: fde29879f9e4795b74c36aa1a23b32f35f5f67131fc914be72e42f1fff8740d3
                                        
                                            GET /js/embed.205.js?736 HTTP/1.1 
Host: hqq.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=ZWZNTis5YlZaUExrYlhSSUxWbU5Gdz09&autoplay=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         190.115.19.71
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: ddos-guard
set-cookie: __ddg1_=XT9RIP7dLuecvLxhWf2M; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 24-Oct-2023 06:48:27 GMT
date: Mon, 17 Oct 2022 10:45:52 GMT
vary: Accept-Encoding
last-modified: Thu, 04 Aug 2022 18:07:34 GMT
etag: W/"62ec0ae6-298ce"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 590555
ddg-cache-status: HIT,MISS
content-length: 39845
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 text, with very long lines (3414)
Size:   39845
Md5:    a90103e09bb84e7a40056290782919c7
Sha1:   6df1efda05907116927ee40e029c3f28cb401340
Sha256: 7dc905c2441e5b327b9509396140a655251f9e94c56c80f54b684db09024efd8
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 536
Cache-Control: max-age=112529
Date: Mon, 24 Oct 2022 06:48:27 GMT
Etag: "635547b4-117"
Expires: Tue, 25 Oct 2022 14:03:56 GMT
Last-Modified: Sun, 23 Oct 2022 13:55:00 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /js/adv/fuckadblock.js?2 HTTP/1.1 
Host: hqq.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=ZWZNTis5YlZaUExrYlhSSUxWbU5Gdz09&autoplay=no
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         190.115.19.71
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: ddos-guard
set-cookie: __ddg1_=31tTPZS3EDx6ggLYdPa3; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 24-Oct-2023 06:48:27 GMT
date: Mon, 17 Oct 2022 10:45:52 GMT
vary: Accept-Encoding
last-modified: Tue, 27 Aug 2019 17:39:04 GMT
etag: W/"5d656ab8-369e"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 590555
ddg-cache-status: HIT,MISS
content-length: 3525
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   3525
Md5:    ec1ee09f3fac94172cb7563a95812487
Sha1:   77b7090fc3bb4431371fa6ed84e2623dd0015c30
Sha256: 94db3115fa9ba527b159c6c3d3b928c585774be570300801d274eac81806eda0
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 536
Cache-Control: max-age=112529
Date: Mon, 24 Oct 2022 06:48:27 GMT
Etag: "635547b4-117"
Expires: Tue, 25 Oct 2022 14:03:56 GMT
Last-Modified: Sun, 23 Oct 2022 13:55:00 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 536
Cache-Control: max-age=112529
Date: Mon, 24 Oct 2022 06:48:27 GMT
Etag: "635547b4-117"
Expires: Tue, 25 Oct 2022 14:03:56 GMT
Last-Modified: Sun, 23 Oct 2022 13:55:00 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "877646E95479EF83125505855D058363344B4F4A93C2075CB8A010F9E8764B8B"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19205
Expires: Mon, 24 Oct 2022 12:08:32 GMT
Date: Mon, 24 Oct 2022 06:48:27 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "42F8050AF7714EC6C71DDA3CFE9069A84457A275E9930778F572A4EEA911BA60"
Last-Modified: Sat, 22 Oct 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21600
Expires: Mon, 24 Oct 2022 12:48:27 GMT
Date: Mon, 24 Oct 2022 06:48:27 GMT
Connection: keep-alive

                                        
                                            GET /js/script-2.12.5.js HTTP/1.1 
Host: hqq.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=ZWZNTis5YlZaUExrYlhSSUxWbU5Gdz09&autoplay=no
Cookie: uid=kCLjdjxLFqMDplQnyJR-5Zjj*RSe0CaF
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         190.115.19.71
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
server: ddos-guard
set-cookie: __ddg1_=bxbIOGEXBmdopYwGFXuu; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 24-Oct-2023 06:48:27 GMT
date: Mon, 17 Oct 2022 10:54:51 GMT
vary: Accept-Encoding
last-modified: Tue, 01 Dec 2020 19:28:37 GMT
etag: W/"5fc69965-4cb8"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 590016
ddg-cache-status: HIT,MISS
content-length: 4429
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1242)
Size:   4429
Md5:    f2d89553185a342a98893760b5a27460
Sha1:   449a755c7c3e03946b5fab3ea9195b06c43b9ac1
Sha256: 28a5e10daa981bd5e7c28feb373ad68518723bd9eb5a1aabd9124a8d17fa5d2c
                                        
                                            GET /4a/f8/85/4af885339455b3882bf90cfa7e32caf8.js HTTP/1.1 
Host: atmosphereblankjustly.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.efilme-online.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.59.12
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.17.6
Date: Mon, 24 Oct 2022 06:48:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ac4cf30686f86a51f72e13c9321ef2bf
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (59397), with no line terminators
Size:   20320
Md5:    d23b84b77463d84c4aaef58389fe788e
Sha1:   6fd579f228d68a6ad4b4b27a416cc331cf603946
Sha256: cbaaf9e4bc6201c1af5d33caedc8f1480f84f0b7d76b1cd57a96ee7b203314ad

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 24 Oct 2022 06:48:28 GMT
Content-Length: 281
Connection: keep-alive
Last-Modified: Fri, 21 Oct 2022 13:05:15 GMT
Expires: Fri, 28 Oct 2022 13:05:14 GMT
Etag: "2fc10e3e9cddc189b38ea947da94d9f8482eda3a"
Cache-Control: max-age=367605,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75f0c457a852b51e-OSL

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "FBBA887C0A0A585A9619E755F6D2BF4EAF6FB410C39D3BB334D64D03CCDAB079"
Last-Modified: Fri, 21 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1491
Expires: Mon, 24 Oct 2022 07:13:19 GMT
Date: Mon, 24 Oct 2022 06:48:28 GMT
Connection: keep-alive

                                        
                                            GET /video_short.mp4 HTTP/1.1 
Host: h4ahsm.cfeucdn.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         84.16.243.193
HTTP/1.1 206 Partial Content
Content-Type: video/mp4
                                        
Date: Mon, 24 Oct 2022 06:48:27 GMT
Content-Length: 3078
Last-Modified: Sat, 03 Apr 2021 21:17:34 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "6068db6e-c06"
server: YouTube Frontend Proxy
Expires: Wed, 23 Nov 2022 06:48:27 GMT
Cache-Control: max-age=2592000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Origin,Range
Access-Control-Expose-Headers: Content-Range,Content-Length,ETag
Content-Range: bytes 0-3077/3078


--- Additional Info ---
Magic:  ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Size:   3078
Md5:    639ec085afd48ff720cb1716bb09c075
Sha1:   04789db6677b1e59ae5b2c8c3b565f7ad8bf5c52
Sha256: 7e3c990c8c3e6ad1a07710e7032c1ff22975d6322937e80b0446a07de1b227cb
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sca1b.amazontrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         143.204.42.88
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=109585
Date: Mon, 24 Oct 2022 06:48:28 GMT
Etag: "63553402-1d7"
Expires: Tue, 25 Oct 2022 13:14:53 GMT
Last-Modified: Sun, 23 Oct 2022 12:30:58 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 9dd61138197a68f8d69f12574aab6930.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: gVkifT92dIlXnRw87Bx3-SJkcwa6YTPAzzjuppDp4G23V1vhLgdS8A==
Age: 2635

                                        
                                            POST /gseccovsslca2018 HTTP/1.1 
Host: ocsp.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 24 Oct 2022 06:48:28 GMT
Content-Length: 938
Connection: keep-alive
Expires: Fri, 28 Oct 2022 03:20:14 GMT
ETag: "2814673c43659aa0ba413bfbbae9e551af579e07"
Last-Modified: Mon, 24 Oct 2022 03:20:15 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1059
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75f0c4598fd41c0e-OSL

                                        
                                            GET /stats HTTP/1.1 
Host: simplewebanalysis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.efilme-online.net
Connection: keep-alive
Referer: https://www.efilme-online.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         18.194.90.159
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
date: Mon, 24 Oct 2022 06:48:28 GMT
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.efilme-online.net
access-control-allow-credentials: true
set-cookie: uid_id2=0e53380a-7658-448f-a8aa-c13c32f72f89:3:1; expires=Thu, 21 Oct 2032 06:48:28 GMT; secure; SameSite=None
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   40
Md5:    7fcbd273b1922cae07ddc7da05042801
Sha1:   a7f09f364f7c2d95dfa1c168a0335eb28c884820
Sha256: d77fc91617f4b2a27a381a89b499edd0e8a5ef8d2f576bf46a51547af7f3b7ef
                                        
                                            GET /metrika/tag.js HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         87.250.250.119
HTTP/2 200 OK
content-type: application/javascript
                                        
content-length: 73219
date: Mon, 24 Oct 2022 06:48:28 GMT
access-control-allow-origin: *
etag: "6351126c-11e03"
expires: Mon, 24 Oct 2022 07:48:28 GMT
last-modified: Thu, 20 Oct 2022 12:18:36 GMT
cache-control: max-age=3600
content-encoding: br
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Unicode text, UTF-8 (with BOM) text, with very long lines (731)
Size:   73219
Md5:    64adf2282f72dc350e916cb82af41ab7
Sha1:   d5c10f65a7ac0cce6eb0c78df805965a9a3ad017
Sha256: 4942011d5f3623476ceff936e757245d89ce2af664558a7031497d370a3d3771
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "CFD303A55D99FD440671DAD9C41F8061859003E31090E54E9F2EB42AD7DEDB43"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14384
Expires: Mon, 24 Oct 2022 10:48:12 GMT
Date: Mon, 24 Oct 2022 06:48:28 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "FBBA887C0A0A585A9619E755F6D2BF4EAF6FB410C39D3BB334D64D03CCDAB079"
Last-Modified: Fri, 21 Oct 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15785
Expires: Mon, 24 Oct 2022 11:11:33 GMT
Date: Mon, 24 Oct 2022 06:48:28 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "426359AE8407FA774682A31F4840CF967F5660EA5E44A30A3CD7395C5B88E521"
Last-Modified: Sun, 23 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=603
Expires: Mon, 24 Oct 2022 06:58:31 GMT
Date: Mon, 24 Oct 2022 06:48:28 GMT
Connection: keep-alive

                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 24 Oct 2022 06:48:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.efilme-online.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         216.239.36.178
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 24 Oct 2022 06:41:09 GMT
expires: Mon, 24 Oct 2022 08:41:09 GMT
cache-control: public, max-age=7200
age: 439
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            GET /ab/0b/e2/ab0be2a44b7ecf91bdbd5cd360d84937.js HTTP/1.1 
Host: alleviatepracticableaddicted.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.61.227
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.22.0
Date: Mon, 24 Oct 2022 06:48:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 609aade108b8c8d61d02e89e69fa9ec6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (32144), with no line terminators
Size:   10761
Md5:    8107e38910dad787b53f45b52aa732f7
Sha1:   7b570658c35340236f273aae9516ca0c2aa8eeb2
Sha256: 842d75becf4f37f18e677c92f1964da9e7999cf2b0a350cbef6c2dedb3347fed

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 24 Oct 2022 06:48:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /metrika/advert.gif HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         87.250.250.119
HTTP/2 200 OK
content-type: image/gif
                                        
content-length: 43
date: Mon, 24 Oct 2022 06:48:28 GMT
access-control-allow-origin: *
etag: "6351126c-2b"
expires: Mon, 24 Oct 2022 07:48:28 GMT
accept-ranges: bytes
last-modified: Thu, 20 Oct 2022 12:18:36 GMT
cache-control: max-age=3600
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    df3e567d6f16d040326c7a0ea29a4f41
Sha1:   ea7df583983133b62712b5e73bffbcd45cc53736
Sha256: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
                                        
                                            POST /j/collect?v=1&_v=j98&a=1485919696&t=pageview&_s=1&dl=https%3A%2F%2Fwww.efilme-online.net%2Flords-of-chaos-2018-online-subtitrat-hd.html&ul=en-us&de=UTF-8&dt=Lords%20of%20Chaos%20(2018)%20Online%20Subtitrat%20HD%20%7C%20Filme%20Online%20HD%20Noi%20Gratis%20Subtitrate%20in%20Rom%C3%A2n%C4%83%202022&sd=24-bit&sr=1280x1024&vp=1268x939&je=0&_u=IEBAAEABAAAAACAAI~&jid=1650666051&gjid=568007483&cid=366275226.1666594108&tid=UA-231440649-1&_gid=74474298.1666594108&_r=1&_slc=1&z=480735031 HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://www.efilme-online.net
Connection: keep-alive
Referer: https://www.efilme-online.net/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.239.36.178
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin: https://www.efilme-online.net
date: Mon, 24 Oct 2022 06:48:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   2
Md5:    38684612f0c6bb6dfa16da92f4a6878f
Sha1:   6fe62d0dd7db314b7f9bb945672f078e01d27f0f
Sha256: a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
                                        
                                            POST /player/get_player_image.php HTTP/1.1 
Host: hqq.to
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 73
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=ZWZNTis5YlZaUExrYlhSSUxWbU5Gdz09&autoplay=no
Cookie: uid=kCLjdjxLFqMDplQnyJR-5Zjj*RSe0CaF
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         190.115.19.71
HTTP/2 200 OK
content-type: application/json
                                        
server: ddos-guard
set-cookie: __ddg1_=aPTYkx33j0JDwU4Srf58; Domain=.hqq.to; HttpOnly; Path=/; Expires=Tue, 24-Oct-2023 06:48:28 GMT
date: Mon, 24 Oct 2022 06:48:27 GMT
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
pragma: no-cache
x-file-located: temp, filename:../files/temp/video_images/x/n/15513789915m1nx-1.jpg
x-clickarr-add-e: 1
x-image-size: 20836
x-img-cr: j
x-origin-location: get_image
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
x-inferno-location: player
x-inferno-limit-req: PASSED
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   36721
Md5:    914a942c3f7ca0dc2c2ffbe732ee7b43
Sha1:   12182070d6c1167512bd13b0c1f59ecc1c89196d
Sha256: 70b26e276c7761c6783f0a5d9d0d13c0883b1b88ed6bbee62e825d3c459163c1
                                        
                                            GET /pixel/purst?dl=0&th=0&sc=0&rs=1984&rd=1984&fd=959&bv=22.8.v.1&tmpl=70 HTTP/1.1 
Host: lowhardboiledadjoin.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.efilme-online.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.60
HTTP/1.1 200 OK
                                        
Server: nginx/1.19.5
Date: Mon, 24 Oct 2022 06:48:28 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14195
Expires: Mon, 24 Oct 2022 10:45:03 GMT
Date: Mon, 24 Oct 2022 06:48:28 GMT
Connection: keep-alive


--- Additional Info ---
Magic:  data
Size:   60414
Md5:    ddcaace0006b0c681f1554fa26bc34d7
Sha1:   a98237ad3af8133d629cd9c8a839ce3818c23db5
Sha256: 78366d342d262d01bc708a410bf5958b5ee61e58b00c65aa33fd2cbaee5fd1ba
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14195
Expires: Mon, 24 Oct 2022 10:45:03 GMT
Date: Mon, 24 Oct 2022 06:48:28 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "724547DB3ED9F1779308E9DD6604664E6FFA3580CA076FBDC1DFB1B75591BBA4"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14195
Expires: Mon, 24 Oct 2022 10:45:03 GMT
Date: Mon, 24 Oct 2022 06:48:28 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd9782993-f413-4e6d-95c2-333fbe657f63.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10565
x-amzn-requestid: 77d1f33a-cf70-44b9-a589-0cdadbea8d82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelB0FDBoAMFvFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b53e-2a30ebbb731766f675647a98;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:22 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: MAguR4SfghsNzQUE6EIpLZ2bnc8yu8-YToIKS9mUCW6NhLLXtBjNew==
via: 1.1 95b0ac620fa3a80ee590ecf1cda1c698.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:56:14 GMT
age: 31934
etag: "71daf3c8a99c89c8437645e97c7f14dd10d02d30"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10565
Md5:    a2e664fa8596d38b4f74c45198a1d034
Sha1:   71daf3c8a99c89c8437645e97c7f14dd10d02d30
Sha256: 8f2cba60d7770cdfb781bfb95c33d9da1b03cab9ed5354b8a79d86e22b489663
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F21cfb8fe-4b68-43f0-a196-17c9a1dd3acb.png HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 10072
x-amzn-requestid: 2f26fcdb-0540-49ea-be46-83c00182fcc3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelB0FKvoAMFVFg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b53e-1be524647e3db4a211e4c4ff;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:22 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 28s2Fwd7CYJpmy57dsIok6owygvyqng_WwlfbKApRjznSlULtnSJqw==
via: 1.1 e77661e211afe9242e85e573f12d5534.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:56:12 GMT
age: 31936
etag: "bceb257123711c43994e5a03e9caf22eeee16423"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   10072
Md5:    af3d4b4d16ad8b30805be96afa6472e3
Sha1:   bceb257123711c43994e5a03e9caf22eeee16423
Sha256: 30d7fea8d87522ce3ba2abf2c47e0025af1b7c05d6b4ea9f26aaa1f06aff4a67
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "CD02387721308F6F4906CC5304457DB031EDA7F143E5099E5DD74C1BF574CDCD"
Last-Modified: Sat, 22 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3498
Expires: Mon, 24 Oct 2022 07:46:46 GMT
Date: Mon, 24 Oct 2022 06:48:28 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F8b4612fa-9557-465f-8ec2-dc7a447daaac.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 9495
x-amzn-requestid: f9246128-d6a3-49e0-982d-9f75d110aa2d
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelztGlqoAMFs8g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b67d-7f04a07955c3c9a8644475a0;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:47:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: FDwmWmTCnCZt2aCUx9Tb3r4RJ4co-0A1dAbABurYrJNcyGa6ZMmONw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 21:56:13 GMT
age: 31935
etag: "e071eb9837a242f41035da077dc6c9b0178d8f9f"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   9495
Md5:    6b24b0e9eeeecd44eafc5957dc5450db
Sha1:   e071eb9837a242f41035da077dc6c9b0178d8f9f
Sha256: 33e9c9c03180d2855606be0605c894180d81e151e2f4b4b2bacf5325c11152d4
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6e8ac15f-1a51-4bfe-ab4a-570fc480a976.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4434
x-amzn-requestid: 41e95a27-2955-4224-8d2c-f12d1254cda7
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: aelB0EQboAMFmMw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6355b53e-5cb99b700c84c99c2d9e52d7;Sampled=0
x-amzn-remapped-date: Sun, 23 Oct 2022 21:42:22 GMT
x-amz-cf-pop: SEA73-P2, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: OTe4NY6F7vvMR1vwdg53oUfynNgHOuyn9VPBf7ub1SqnXTgJRj8dXw==
via: 1.1 27f6faf9790b5a2877fb528fa31f7922.cloudfront.net (CloudFront), 1.1 a3bd0eb50c22e4d5fbda56a30b96002c.cloudfront.net (CloudFront), 1.1 google
date: Sun, 23 Oct 2022 22:05:54 GMT
age: 31354
etag: "1698d8d0ff47fc4e6dd20d99ceae84cfcdd69e86"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4434
Md5:    f12f21779aa94b557db8037ceefd15b2
Sha1:   1698d8d0ff47fc4e6dd20d99ceae84cfcdd69e86
Sha256: 0d33ee5a721c2f940ff1e7d5fae9abba3781f6d37e458a36285718466ecdcd10
                                        
                                            GET /progressbar.js@1.1.0/dist/progressbar.min.js HTTP/1.1 
Host: unpkg.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.16.126.175
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Mon, 24 Oct 2022 06:48:27 GMT
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7315-VGu3QlAvqjb4wruVTC8CgYdmBAQ"
via: 1.1 fly.io
fly-request-id: 01F3YGTHVETVB9B7TG2TW5GR8F
cf-cache-status: HIT
age: 15904871
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75f0c4560c6db50b-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (29325)
Size:   19207
Md5:    a94df4206a7670206824c819da487518
Sha1:   6d7485637e4e6e21c0e4814b6b984977183a02d1
Sha256: 473a0aec4d2bbd585b716a5091ef8dd2fd93e37f6cd3cea90af8f61c56b80087
                                        
                                            GET /jquery.cookie@1.4.1/jquery.cookie.js HTTP/1.1 
Host: unpkg.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.16.126.175
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
date: Mon, 24 Oct 2022 06:48:27 GMT
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sun, 27 Apr 2014 20:04:54 GMT
etag: W/"c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
via: 1.1 fly.io
fly-request-id: 01G75513388K1MR4R8RW1AYXTV-fra
cf-cache-status: HIT
age: 9637608
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 75f0c4560c71b50b-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   11972
Md5:    181e33b0632a785a91840a790227c6a7
Sha1:   e3e0032f0a5bf86a0aacc6567fa0a0831c3c3880
Sha256: a461c2e8fdd98d4f8e9bf7281288ca5893024896efecdd83123874271d7c4fce
                                        
                                            GET /watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fplayer%2Fembed_player.php%3Fvid%3DZWZNTis5YlZaUExrYlhSSUxWbU5Gdz09%26autoplay%3Dno&page-ref=https%3A%2F%2Fwww.efilme-online.net%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A606%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A1%3Adp%3A0%3Als%3A1162915633038%3Ahid%3A804067738%3Az%3A0%3Ai%3A20221024064828%3Aet%3A1666594108%3Arn%3A200744324%3Arqn%3A1%3Au%3A1666594108918686545%3Aw%3A800x450%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C217%2C0%2C%2C%2C%2C738%3Ans%3A1666594106609%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666594108%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Referer: https://hqq.to/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         87.250.250.119
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
content-length: 419
date: Mon, 24 Oct 2022 06:48:29 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://hqq.to
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 24-Oct-2022 06:48:29 GMT
last-modified: Mon, 24-Oct-2022 06:48:29 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Size:   419
Md5:    cb01d227342abfffb394d628e525744b
Sha1:   5455a078ff052ab21ebe6b030caabc73f97e2ec6
Sha256: 31ce8f77b5a425b3ed4fc2104fcd312e7ec0e180e115d37da911f60e188c82b0
                                        
                                            GET /advertisers.js HTTP/1.1 
Host: banquetunarmedgrater.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.efilme-online.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         192.243.61.225
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Server: nginx/1.22.0
Date: Mon, 24 Oct 2022 06:48:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6f817a0a8a6da28658f3c228f4610b0b
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1719
Cache-Control: max-age=142877
Date: Mon, 24 Oct 2022 06:48:29 GMT
Etag: "6355b9a4-118"
Expires: Tue, 25 Oct 2022 22:29:46 GMT
Last-Modified: Sun, 23 Oct 2022 22:01:08 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "FF3F7D002BF22B378ACC77E4DD3B1481609BE2C06E220603B74E610C171675C0"
Last-Modified: Sat, 22 Oct 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3414
Expires: Mon, 24 Oct 2022 07:45:23 GMT
Date: Mon, 24 Oct 2022 06:48:29 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 989
Cache-Control: max-age=94632
Date: Mon, 24 Oct 2022 06:48:29 GMT
Etag: "63550008-117"
Expires: Tue, 25 Oct 2022 09:05:41 GMT
Last-Modified: Sun, 23 Oct 2022 08:49:12 GMT
Server: ECS (amb/6B8D)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "BF3F9D16DB37CD23D250DC647E8DBFE73ED846B726500B8C9857611C0B2D95FC"
Last-Modified: Sun, 23 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19729
Expires: Mon, 24 Oct 2022 12:17:18 GMT
Date: Mon, 24 Oct 2022 06:48:29 GMT
Connection: keep-alive

                                        
                                            GET /netu.php HTTP/1.1 
Host: testingmetriksbre.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.26.0.119
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 24 Oct 2022 06:48:27 GMT
x-powered-by: PHP/7.1.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yrsrhpnzevpr6PbuqgOxrqzX4Xqm2YFnIt8DaO0E%2B2bip0Qd2x%2FzfWxd6j5Rtyb%2FHtQRt8V5FjknqYes5ssJBgfputWMmop%2FSCC7hnsgoAHy3UvLd%2BmsFGCgqhdKFLoBGkzddCt1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75f0c4562d20fabc-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with CRLF line terminators
Size:   29107
Md5:    712e161917a7462ff8c6b87a08722dc5
Sha1:   0e9c9233932099b862d00d96d47f4d0032f7f862
Sha256: a93b87ddf6e06693f1828f73140f5db4b3f6465f060768356cba275967e4f8d4
                                        
                                            GET /sbar.json?key=ab0be2a44b7ecf91bdbd5cd360d84937&uuid=0e53380a-7658-448f-a8aa-c13c32f72f89%3A3%3A1 HTTP/1.1 
Host: makesboundlessvirtue.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.44
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
                                        
Server: nginx/1.19.5
Date: Mon, 24 Oct 2022 06:48:29 GMT
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://hqq.to
Access-Control-Allow-Origin: https://hqq.to
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17334947; expires=Tue, 25 Oct 2022 06:48:29 GMT; secure; SameSite=None uid_id2=0e53380a-7658-448f-a8aa-c13c32f72f89:3:1; expires=Mon, 31 Oct 2022 06:48:29 GMT; secure; SameSite=None pdhtkv=true; expires=Tue, 25 Oct 2022 06:48:29 GMT; secure; SameSite=None uncs=1; expires=Tue, 25 Oct 2022 06:48:29 GMT; secure; SameSite=None pdhtkv29=true; expires=Tue, 25 Oct 2022 06:48:29 GMT; secure; SameSite=None uncs29=1; expires=Tue, 25 Oct 2022 06:48:29 GMT; secure; SameSite=None slecab0be2a44b7ecf91bdbd5cd360d84937=[3396716]; expires=Mon, 24 Oct 2022 06:48:34 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e42865144d53a911a371903b14320469
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (5717), with no line terminators
Size:   3262
Md5:    b78e3ac04503a01b9a9e51a3e6d27129
Sha1:   62ccd1a9927c25256909c81c91c01831474c6f85
Sha256: d45e86f872978e4b36dd226ecfea306b5a43867b75b3453a285d55b67011a386

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /pixel/purst?dl=0&th=0&sc=0&rs=2604&rd=2604&fd=990&bv=22.8.v.2&tmpl=136 HTTP/1.1 
Host: lowhardboiledadjoin.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.60
HTTP/1.1 200 OK
                                        
Server: nginx/1.19.5
Date: Mon, 24 Oct 2022 06:48:29 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2448
Cache-Control: max-age=127051
Date: Mon, 24 Oct 2022 06:48:29 GMT
Etag: "635578f8-117"
Expires: Tue, 25 Oct 2022 18:06:00 GMT
Last-Modified: Sun, 23 Oct 2022 17:25:12 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /ren.gif?sid=H4sIAAAAAAAC%2F1RSz4scxR%2Btzi58A9%2BTkouiMAcFRXe2f8x0zxgkGNeVxU02JP66iFZXVc%2BWW9PVqeqent3TkoDkOP4HvW%2F2B9EgEbwmyGwghwUho5eBuP%2BDCDl5kJksjn4un%2Ff6vcPr96lv9opT4qKgk5UrekcqRZebdbf2xueed7G2LtOiX%2Bu3wi%2FDxsWa6b3TDuvum7UPBdvSy77rua7nerVVaUSi%2B8tTETK71%2Fbqbbfe8Otes4G%2B%2BS%2B3hQNLHfDeKXkRko8XHzkXINkIaff%2BirBbuc7e%2FqBbKJprgx4%2F%2BiTdSnWZojuHiXGQpEdnbmj7ZPUhdHowiwvd%2B8cYyzFxHj9EnB6dhUTc25%2FljBVEipj%2FH2VvBKFGkHQEpm9D8icEYBxXN5B2D69qU9Lt5yqdqmOy%2BOxPyHJMFn%2B%2FgLT7w2Ul%2B7UbWhW51KlFP6kg%2ByPIzghZcYx85xxkeQyW34Lkv5DlZ%2BtIu%2FsbVmlIPnnNFc0gaLl0KQqbraVGo5Us0RalS8wLWOAnkZ%2B02rOCpBxBJiMoMQC1Cyisg0I6KBIHReagyyc15nle5HJG3VabsYBHIg6569Eo8ajnhi0UbPoPA%2BTZAEwNwMwuMrOLLTmAKX6G3axguQObE%2FR4hVIQlJagpASlJChzgrJXHXBlfVsdcmWL2Dvb%2FtkOqqHOO3v0QOcdkZK97JS8MC3OOX9riC0xqdHYjYVPG404EixpezGPeZPxIHR5q9EOIlhZQdpzoNbBjhyTVx68hUyOyf%2B%2BeIqYHsOqYzD5OmjxKmg5jHwXdHPYaLnYSQ83b96s5xpcV8jyReTbzp46JS%2FNThf8piDYyaWv4ivjP%2B7%2BBWYqZKbC1%2FIRQUfdGV7XJdm%2FrktLftzIctmVO3R61hs5zcXCdx%2BJ7VIbvrZiB3ffY1NhCu99LGy%2BTlMu044l31%2BWnAuzqg0T5MGa%2FUzE1wq7ebkwaZGtX3t%2Fda2bGWGt1OkIVI4JeXwCJsfk%2FE%2BT2Yt9%2Bel9SDOCKSp0ixNyNpD6GCzbhc3m%2Ba1egFFzT5w5KItqaPx4%2FlFJAiXmnMYV7L94PMd79g465hxofhtpt0LPVOipClQNYIuFYZ6Zk0u%2FBrNBrJxhrIyzHyujvn1erpWTWhQELg3bTS%2BKqIjiht9KQo9T6jdCPwxpgNyO2afNd%2F8GAAD%2F%2FwEAAP%2F%2FI%2FcZ1XwEAAA%3D HTTP/1.1 
Host: makesboundlessvirtue.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Cookie: u_pl=17334947; uid_id2=0e53380a-7658-448f-a8aa-c13c32f72f89:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecab0be2a44b7ecf91bdbd5cd360d84937=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.44
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.19.5
Date: Mon, 24 Oct 2022 06:48:30 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: dfe4e0ed6011a4bc7b077672612b1153
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "ADD008DA2C5EFF2E1E787E88D616CC7F3003C4EA5A5E81B9158DFA64CE290199"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3113
Expires: Mon, 24 Oct 2022 07:40:23 GMT
Date: Mon, 24 Oct 2022 06:48:30 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.76.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 346
ETag: "ADD008DA2C5EFF2E1E787E88D616CC7F3003C4EA5A5E81B9158DFA64CE290199"
Last-Modified: Mon, 24 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3113
Expires: Mon, 24 Oct 2022 07:40:23 GMT
Date: Mon, 24 Oct 2022 06:48:30 GMT
Connection: keep-alive

                                        
                                            GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.64.110.27
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Mon, 24 Oct 2022 06:48:30 GMT
content-length: 21845
last-modified: Wed, 03 Aug 2022 08:33:45 GMT
etag: "62ea32e9-5555"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7073041
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5iKby3qcY7HBvNVlzeVZiixaTW8eRb0hwoh7wRKzVj2OmDejO5WV%2Fjdn3LqIc9xM1OW%2FXJ4LuGlJK%2Be8i4%2FtH5Htz5KvPVe%2BClbSvhrsvoY966VNMoP1vrA%2BD7uSraH40mU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75f0c464ba44741f-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x292, components 3\012- data
Size:   21845
Md5:    e1f754e6014f2a7636aa19acdf37eaa7
Sha1:   72ded7fb65560b2702630d5208386654f294e8e9
Sha256: 8b9e400d61eb3c28929db8209c3136b14e2112d6eb8b4f504b74f6cca67b50fe
                                        
                                            GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html HTTP/1.1 
Host: cdn.yourwebbars.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.26.7.19
HTTP/2 200 OK
content-type: text/html
                                        
date: Mon, 24 Oct 2022 06:48:29 GMT
last-modified: Tue, 01 Feb 2022 10:33:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1179726
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CX3hhrKIEdqB1%2FlQygspwCYfJCywzvk7jSIYTSdoDOibQBAtZJ4Q%2BfAzF49fMyLzg3vLeppdSTla%2F%2F6lEhopiGxvbBTATA4DI8ApLTRJ%2BtTKvGbhlJI1XO3ihvcz8WjWOFdFxDM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75f0c4637a6bb500-OSL
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document, ASCII text
Size:   1086
Md5:    84af14aa63339d1c0e3247d8b98cf189
Sha1:   57a6454f59ee4e62056794d5f1de2bd4bc60eb59
Sha256: f3002299efe3a3deee9516230aafc8eb1744d6efd4a5e392a975d81460e18563
                                        
                                            GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/animate.css HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         172.64.110.27
HTTP/2 200 OK
content-type: text/css
                                        
date: Mon, 24 Oct 2022 06:48:30 GMT
last-modified: Tue, 17 Aug 2021 13:04:04 GMT
etag: W/"611bb3c4-1358d"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7072951
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=40Rs%2FkxypotZNEypFjKkdW%2B%2BHstM5t7%2B2250qauo9a1TmWbXStwr56h0MldCmagXgTbFq%2F%2BUA10LbZnYHuuzrdR16ARea4VO8RDOzbOjPUyME58%2Bh9dJ4cz2F6Nu%2FP8TjiM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75f0c4649a0e741f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   5161
Md5:    71c5a28184c878d6c7841fa5762d4329
Sha1:   b8e3241e70ad3fee54ccf71bae17aa5fdc9d1425
Sha256: 0e32a713d58d654adc2921e88431987c95b4cb7999da5caeda8503a5ab1ed048
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 24 Oct 2022 06:48:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 1720
Cache-Control: max-age=142877
Date: Mon, 24 Oct 2022 06:48:30 GMT
Etag: "6355b9a4-118"
Expires: Tue, 25 Oct 2022 22:29:47 GMT
Last-Modified: Sun, 23 Oct 2022 22:01:08 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 280

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 24 Oct 2022 06:48:30 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 22 Oct 2022 01:50:05 GMT
Expires: Sat, 29 Oct 2022 01:50:04 GMT
Etag: "d340fae0ae3eec9d819dbb83307e5fe0188dc4e9"
Cache-Control: max-age=413493,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75f0c4615b26b51e-OSL

                                        
                                            GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css HTTP/1.1 
Host: cdn.sb4you1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         172.64.110.27
HTTP/2 200 OK
content-type: text/css
                                        
date: Mon, 24 Oct 2022 06:48:30 GMT
last-modified: Mon, 31 Jan 2022 15:54:46 GMT
etag: W/"61f80646-e35"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 7072951
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XWiRRRc7YrH2o14KnHbNH2f1HKN95WiBYIikCIK8TAkfMRoQcIZ4iZ6wmaze9iWH49CYMTrZYKD7xB940L0kFAYYogBo97eG42QLqWLckh4gcSzW1vOu3bvk8D%2B%2B3iXkDqI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75f0c4649a17741f-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   1497
Md5:    970a3845df7f1230e6b9d9746c5b2019
Sha1:   b96238dfb3b00aaa70df058c2c5cdb3593830a22
Sha256: 2a0a7a5da2f504339aee84e8d26fca51b6922f7e9424fef2f57ffeafc067ec96
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 24 Oct 2022 06:48:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hqq.to
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:34:08 GMT
expires: Thu, 19 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 386062
last-modified: Wed, 11 May 2022 19:24:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Size:   15744
Md5:    15d9f621c3bd1599f0169dcf0bd5e63e
Sha1:   7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
Sha256: f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
                                        
                                            GET /pixel/sbs?c=1 HTTP/1.1 
Host: makesboundlessvirtue.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Cookie: u_pl=17334947; uid_id2=0e53380a-7658-448f-a8aa-c13c32f72f89:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecab0be2a44b7ecf91bdbd5cd360d84937=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.44
HTTP/1.1 200 OK
                                        
Server: nginx/1.19.5
Date: Mon, 24 Oct 2022 06:48:30 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range


--- Additional Info ---
Magic:  
Size:   0
Md5:    d41d8cd98f00b204e9800998ecf8427e
Sha1:   da39a3ee5e6b4b0d3255bfef95601890afd80709
Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hqq.to
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:34:08 GMT
expires: Thu, 19 Oct 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 386062
last-modified: Wed, 11 May 2022 19:24:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Size:   15860
Md5:    e9f5aaf547f165386cd313b995dddd8e
Sha1:   acdef5603c2387b0e5bffd744b679a24a8bc1968
Sha256: f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
                                        
                                            GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSy4sc1Ru9lRn4BX4rJRtFoRcKik5PVVc%2Fqg0SjOPI4CQTEl8b0fuqnuvcrlu5t6qrZ1ZDApJl%2Bx%2FUnJ4H0SAR3CZITyCLASGtm4Y4%2F4MIWbmQ7gy2fpvvnDpncep895u9%2FJT4yOlk5YrZUVrT5UbVr7zxeRBcrKyrJO9X%2BlHzy2b9YsX23mk3q%2F6blQ8l3zLLNT%2Fw%2FcAPKqvKytj0l6ciVHqvHVTbfrVeqwaNOvr2v9zlHhz1IHqn5EUoMV585F2A4iMk3fsr0m1lJn37g26uaWYseuLok2QrMUWC7hzG1kOcHJ25YdyT1YcwycEsLkzvHyNTY%2BI9fgiWHJ2FBOvtz3IyDZmAif%2Bj6I0g9QiKjsDNbSjxhABc4OoGku7hVWMLuv1cpVN1TBaf%2FQlVjMni7xeQdH%2B4rFW%2FcsPoPFMmcejHJVR%2FBNUZIc2Pke2cgyqOwbNbUOIXsvxsHUl3f8NpAyUmr%2FmyEYaRT5dazUa0VK9H8RKNKF3iQcjDWtyqxVF7VpBSI6h4BC0HoG4BufOQKw957CFPPXTFpMKDIGj5glM%2FanMeipZkTeEHtBUHNPCbEXI%2B%2FYcBsnQArgfgdhep3cWWGsDmP8NtlnDCg8sIeqJEIQkKR1BQgkIRFBlB0SsPhHY1Vx4K7XIWnO3a2Q7Lock6e%2FTAZB2ZkL30lLwwLc47f2uILTmpUOYzWaP1OmtJHrcDJphocBE2fRHV22ELTpVQ7hyo87CjxuSVB28hVWPyvy%2BegtFjOH0Mrl4HzV8FLYatmg%2B6OaxHPnaSw82bN6uZgTAl0mwR2ba3p0%2FJS7PThb9pSH5y6St2ZfzH3b%2FAbYnUlvhaPSLo6DvD66Yg%2B9dN4ciPG2mmumqHTs96I6OZXPjuI7ldGCvWVtzg7nt8KkzhvY%2Bly9ZpIlTSceT7y0oIaVeN5ZI8WHOfSXYtd5uXc5vk6fq191fXuqmVzimTjEDVmJDHJ%2BBqTM7%2FNJm92Jef3oeyI9i8RDc%2FIWcDZY7B0124dJ7fmQVYPfew1EORl0NbY%2FOPWhFoOeeUlXD%2F4myO99wddOw50Ow2km6Jni3R0yWoHsDlC8MstSeXfg1nA6a9IdPW22fa6m%2Bfl%2BvUpBL6osVkLFtM1hv1WHLBGg3m85izUEQRR%2BbG%2FNPGu38DAAD%2F%2FwEAAP%2F%2FoyPMPXwEAAA%3D HTTP/1.1 
Host: makesboundlessvirtue.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Cookie: u_pl=17334947; uid_id2=0e53380a-7658-448f-a8aa-c13c32f72f89:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecab0be2a44b7ecf91bdbd5cd360d84937=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         173.233.137.44
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.19.5
Date: Mon, 24 Oct 2022 06:48:30 GMT
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 01057edadf8f79bf3a001b816670d591
Strict-Transport-Security: max-age=0; includeSubdomains


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   7
Md5:    132d6af1b46048b45cf86cdee7991d31
Sha1:   eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
Sha256: ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c

Alerts:
  Blocklists:
    - quad9: Sinkholed
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.3
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 24 Oct 2022 06:48:30 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST /gsalphasha2g2 HTTP/1.1 
Host: ocsp2.globalsign.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.21.226
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 24 Oct 2022 06:48:30 GMT
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 28 Oct 2022 04:29:55 GMT
ETag: "be8f3f313855b677d1c8947118dbf26cd2ae1933"
Last-Modified: Mon, 24 Oct 2022 04:29:56 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 359
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 75f0c469a910b4ff-OSL


--- Additional Info ---
Magic:  data
Size:   1423
Md5:    758ac5e83502dda8e11fd1133db23bbb
Sha1:   be8f3f313855b677d1c8947118dbf26cd2ae1933
Sha256: 0a1cf9ce6b70daa0ca12764946e7e302c75c1d3f9acc8e44bf545b3fa6810188
                                        
                                            GET /cf?id=17458624894642172423&sid=B79SGewuO6N&subid=0000&fid=19177&redir=1 HTTP/1.1 
Host: c.cachegorilla.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.67.190.155
HTTP/2 302 Found
                                        
date: Mon, 24 Oct 2022 06:48:30 GMT
location: http://click-v4.junmediadirect1.com/click?i=YaJvrmI5vws_0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iI8Shg1c88%2FL7LGZZnljxb8LudmuGPvXbDyOoOCpYZA%2FIHRV6PX8faxlWeWCjLYmvfA60SyBmzJ5fWBQIe7EgRBXObvnnI8ZdckabrWCCFyhvssMrWHH7lzWg3eyM5Xb1U8%2F%2FPA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75f0c46658b9b4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6535
Cache-Control: max-age=100176
Date: Mon, 24 Oct 2022 06:48:31 GMT
Etag: "63550008-117"
Expires: Tue, 25 Oct 2022 10:38:07 GMT
Last-Modified: Sun, 23 Oct 2022 08:49:12 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279

                                        
                                            GET /cimp.php?data=TVRZMk5qVTVOREV3T1h4aFpUbG1ZekZoWXpGallUZ3pNakUwT0RrM05HVTJObU5tWm1aa1l6Vm1OQS0tfGh0dHA6Ly9hZHBvaW50cnRiLmNvbS9zY3JpcHQvczJpdXJsLnBocD9zdGFtYXQ9bSU3QyUyQyUyQ1EzZTc0M091b0dVM0JaOUdIMGRFZEhQM3hQLjgyOSUyQ1pnZjV5bEpnMFdEMGMtSlprSkM1d1BwcENmdGpHUW90VWNZRXd1aGI1bmhlQnlkN2xnTy1uaGdsRVpBR2xOSk5KSnlnYkpQOGF6RXdpU3V4bWpZRm1NTHhGUnl6bWJLZmlBLTVNU3N0WkMyZlpfclJkTU1IUGpuOGJES3NXdHc1eDZBSnR0Ym5URDhJMVVqOWpuSG4tcjJ2a3UtZkxYYU5OcURiVjdheHpvWExjNmFKcGZEc1FwSWlNeXAtVkxOZHg3eXdZY0NTanV6enhqM2NyYlNkeVY4YklGZDcwRUl5cm1FNGVld05RU25vcTFyTk13aWdadmxCYmNDaGZ3ZlBxM3NoZ3U3ekFuZGdRcDN2eXd6bmpXTXNOQXNnUzdnU0RoWlRuZmFrdXFTVUF0a1R3OVBRYzZjX19fNWZXZ1lYajlOWjJVRU9RMWt3YnpxQTJkMGI4MGlYeko0U29WSnpqNVc5ZTFlY2d1bDZHNkk0eXk2X1lvSlNHWnZGRzFYWFppZG05akhkOXZPd0VLWXNHU2U1aVZhQndFZ0RCMGJnRTd4c3JMbE1SRlQ3UTdfbzRTRDVkWnZDVWtyY2hPSXpyWl9LSEIyT21PNTJ2VEE4Q1BpSmVRJTJDJTJDJmNzaWQ9MjYyNTk1MSZzMT00ODA5NDI4Jm1kPTAmZXhvX2NpZD0zNTY3NTQ3fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8Z29nb2FuaW1lLm5sfDUwMzg1NHw4MTY4MDJ8OTcyNzY0fDQ4MDk0Mjh8NTE3fDM1Njc1NDd8MzgxMzk5Nzl8MTV8M3wwfDB8MjUzNDR8NDcyODI2fDExNC45MDgyNXw3MHxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDg0fDJ8MXx8Mzg2NTUzODE4fGQ0MWQ4Y2Q5OGYwMGIyMDRlOTgwMDk5OGVjZjg0MjdlfDF8MHx8MHwwfDB8MC4xMXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXw0fDMxNDMyNDR8fHwxfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfDZkMzllOWY5OGI5MmI0ODlmOTVjN2Q5NTMwNmRlYmRj HTTP/1.1 
Host: s.optnx.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         95.211.229.247
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 24 Oct 2022 06:48:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226356353f56bf94.526542503410631402%22%3B%7D; expires=Wed, 23 Oct 2024 06:48:31 GMT; path=; domain=.optnx.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (2106)
Size:   1577
Md5:    1479789497333aca779940a69617bd25
Sha1:   c278a8591763c4bc4d69124141b6f78538a93e39
Sha256: 232a5900c0db1d2da005c06aa7fb0e0fe0cf1a58505e03d150665e019bfb0769
                                        
                                            GET /cimp.php?data=TVRZMk5qVTVOREV3T1h4aFpUbG1ZekZoWXpGallUZ3pNakUwT0RrM05HVTJObU5tWm1aa1l6Vm1OQS0tfGh0dHA6Ly9hZHBvaW50cnRiLmNvbS9zY3JpcHQvczJpdXJsLnBocD9zdGFtYXQ9bSU3QyUyQyUyQ1EzZTc0M091b0dVM0JaOUdIMGRFZEhQM3hQLjgyOSUyQ1pnZjV5bEpnMFdEMGMtSlprSkM1d1BwcENmdGpHUW90VWNZRXd1aGI1bmhlQnlkN2xnTy1uaGdsRVpBR2xOSk5KSnlnYkpQOGF6RXdpU3V4bWpZRm1NTHhGUnl6bWJLZmlBLTVNU3N0WkMyZlpfclJkTU1IUGpuOGJES3NXdHc1eDZBSnR0Ym5URDhJMVVqOWpuSG4tcjJ2a3UtZkxYYU5OcURiVjdheHpvWExjNmFKcGZEc1FwSWlNeXAtVkxOZHg3eXdZY0NTanV6enhqM2NyYlNkeVY4YklGZDcwRUl5cm1FNGVld05RU25vcTFyTk13aWdadmxCYmNDaGZ3ZlBxM3NoZ3U3ekFuZGdRcDN2eXd6bmpXTXNOQXNnUzdnU0RoWlRuZmFrdXFTVUF0a1R3OVBRYzZjX19fNWZXZ1lYajlOWjJVRU9RMWt3YnpxQTJkMGI4MGlYeko0U29WSnpqNVc5ZTFlY2d1bDZHNkk0eXk2X1lvSlNHWnZGRzFYWFppZG05akhkOXZPd0VLWXNHU2U1aVZhQndFZ0RCMGJnRTd4c3JMbE1SRlQ3UTdfbzRTRDVkWnZDVWtyY2hPSXpyWl9LSEIyT21PNTJ2VEE4Q1BpSmVRJTJDJTJDJmNzaWQ9MjYyNTk1MSZzMT00ODA5NDI4Jm1kPTAmZXhvX2NpZD0zNTY3NTQ3fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8Z29nb2FuaW1lLm5sfDUwMzg1NHw4MTY4MDJ8OTcyNzY0fDQ4MDk0Mjh8NTE3fDM1Njc1NDd8MzgxMzk5Nzl8MTV8M3wwfDB8MjUzNDR8NDcyODI2fDExNC45MDgyNXw3MHxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDg0fDJ8MXx8Mzg2NTUzODE4fGQ0MWQ4Y2Q5OGYwMGIyMDRlOTgwMDk5OGVjZjg0MjdlfDF8MHx8MHwwfDB8MC4xMXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXw0fDMxNDMyNDR8fHwxfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfDZkMzllOWY5OGI5MmI0ODlmOTVjN2Q5NTMwNmRlYmRj&p=https%3A%2F%2Fgogoanime.nl&tested=1&check=4982d74cc5945eb5f443cbeab8c29c8c&screen_resolution=1280x1024&container_resolution=1920x1080&iframe=1 HTTP/1.1 
Host: s.optnx.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.optnx.com/cimp.php?data=TVRZMk5qVTVOREV3T1h4aFpUbG1ZekZoWXpGallUZ3pNakUwT0RrM05HVTJObU5tWm1aa1l6Vm1OQS0tfGh0dHA6Ly9hZHBvaW50cnRiLmNvbS9zY3JpcHQvczJpdXJsLnBocD9zdGFtYXQ9bSU3QyUyQyUyQ1EzZTc0M091b0dVM0JaOUdIMGRFZEhQM3hQLjgyOSUyQ1pnZjV5bEpnMFdEMGMtSlprSkM1d1BwcENmdGpHUW90VWNZRXd1aGI1bmhlQnlkN2xnTy1uaGdsRVpBR2xOSk5KSnlnYkpQOGF6RXdpU3V4bWpZRm1NTHhGUnl6bWJLZmlBLTVNU3N0WkMyZlpfclJkTU1IUGpuOGJES3NXdHc1eDZBSnR0Ym5URDhJMVVqOWpuSG4tcjJ2a3UtZkxYYU5OcURiVjdheHpvWExjNmFKcGZEc1FwSWlNeXAtVkxOZHg3eXdZY0NTanV6enhqM2NyYlNkeVY4YklGZDcwRUl5cm1FNGVld05RU25vcTFyTk13aWdadmxCYmNDaGZ3ZlBxM3NoZ3U3ekFuZGdRcDN2eXd6bmpXTXNOQXNnUzdnU0RoWlRuZmFrdXFTVUF0a1R3OVBRYzZjX19fNWZXZ1lYajlOWjJVRU9RMWt3YnpxQTJkMGI4MGlYeko0U29WSnpqNVc5ZTFlY2d1bDZHNkk0eXk2X1lvSlNHWnZGRzFYWFppZG05akhkOXZPd0VLWXNHU2U1aVZhQndFZ0RCMGJnRTd4c3JMbE1SRlQ3UTdfbzRTRDVkWnZDVWtyY2hPSXpyWl9LSEIyT21PNTJ2VEE4Q1BpSmVRJTJDJTJDJmNzaWQ9MjYyNTk1MSZzMT00ODA5NDI4Jm1kPTAmZXhvX2NpZD0zNTY3NTQ3fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8Z29nb2FuaW1lLm5sfDUwMzg1NHw4MTY4MDJ8OTcyNzY0fDQ4MDk0Mjh8NTE3fDM1Njc1NDd8MzgxMzk5Nzl8MTV8M3wwfDB8MjUzNDR8NDcyODI2fDExNC45MDgyNXw3MHxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDg0fDJ8MXx8Mzg2NTUzODE4fGQ0MWQ4Y2Q5OGYwMGIyMDRlOTgwMDk5OGVjZjg0MjdlfDF8MHx8MHwwfDB8MC4xMXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXw0fDMxNDMyNDR8fHwxfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfDZkMzllOWY5OGI5MmI0ODlmOTVjN2Q5NTMwNmRlYmRj
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226356353f56bf94.526542503410631402%22%3B%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

search
                                         95.211.229.247
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 24 Oct 2022 06:48:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226356353f56bf94.526542503410631402%22%3B%7D; expires=Wed, 23 Oct 2024 06:48:31 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: http://adpointrtb.com/script/s2iurl.php?stamat=m|,,Q3e743OuoGU3BZ9GH0dEdHP3xP.829,Zgf5ylJg0WD0c-JZkJC5wPppCftjGQotUcYEwuhb5nheByd7lgO-nhglEZAGlNJNJJygbJP8azEwiSuxmjYFmMLxFRyzmbKfiA-5MSstZC2fZ_rRdMMHPjn8bDKsWtw5x6AJttbnTD8I1Uj9jnHn-r2vku-fLXaNNqDbV7axzoXLc6aJpfDsQpIiMyp-VLNdx7ywYcCSjuzzxj3crbSdyV8bIFd70EIyrmE4eewNQSnoq1rNMwigZvlBbcChfwfPq3shgu7zAndgQp3vywznjWMsNAsgS7gSDhZTnfakuqSUAtkTw9PQc6c___5fWgYXj9NZ2UEOQ1kwbzqA2d0b80iXzJ4SoVJzj5W9e1ecgul6G6I4yy6_YoJSGZvFG1XXZidm9jHd9vOwEKYsGSe5iVaBwEgDB0bgE7xsrLlMRFT7Q7_o4SD5dZvCUkrchOIzrZ_KHB2OmO52vTA8CPiJeQ,,&csid=2625951&s1=4809428&md=0&exo_cid=3567547&exffir=eyJjIjoiNDk4MmQ3NGNjNTk0NWViNWY0NDNjYmVhYjhjMjljOGMiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxOTIweDEwODAiLCJpIjoiMSJ9
X-Robots-Tag: noindex, follow

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 24 Oct 2022 06:48:31 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 20:07:26 GMT
Expires: Thu, 27 Oct 2022 20:07:25 GMT
Etag: "4b181959f623d42f222519672e68ddeb480c4f6f"
Cache-Control: max-age=306533,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75f0c46ca840b51e-OSL

                                        
                                            GET /click?i=PhvoE56VePg_0 HTTP/1.1 
Host: click-v4.junmediadirect1.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         198.134.116.17
HTTP/1.1 302 Found
                                        
Server: nginx
Date: Mon, 24 Oct 2022 06:48:31 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://s.optnx.com/cimp.php?data=TVRZMk5qVTVOREV3T1h4aFpUbG1ZekZoWXpGallUZ3pNakUwT0RrM05HVTJObU5tWm1aa1l6Vm1OQS0tfGh0dHA6Ly9hZHBvaW50cnRiLmNvbS9zY3JpcHQvczJpdXJsLnBocD9zdGFtYXQ9bSU3QyUyQyUyQ0FpT2lOaEsydEdVM0JaOUdIMGRFZEhQM3hQLmFjMiUyQ1pnZjV5bEpnMFdEMGMtSlprSkM1d1BwcENmdGpHUW90VWNZRXd1aGI1bmhlQnlkN2xnTy1uaGdsRVpBR2xOSk5KSnlnYkpQOGF6RXdpU3V4bWpZRm1NTHhGUnl6bWJLZmlBLTVNU3N0WkMyZlpfclJkTU1IUGpuOGJES3NXdHc1eDZBSnR0Ym5URDhJMVVqOWpuSG4tcjJ2a3UtZkxYYU5OcURiVjdheHpvWExjNmFKcGZEc1FwSWlNeXAtVkxOZHg3eXdZY0NTanV6enhqM2NyYlNkeVY4YklGZDcwRUl5cm1FNGVld05RU210M0ZZZXUyM3NtQXFQekRrR3pqUWQ2LXVmUExMLXFrTndZRmJIUEZzRmxSZjFaaW5iQl9ONjNWQmljM2w5UHFFNXFQbmktMWxETzVqb3B5ZWlKNnBFUTU3Zzk2X3RIWUU0Ui1iN0Z2Z2dEOWl6OEVjOE1fbVR1cHJrV2xoS0RELXloNDY1R3FkQlBPWXRXanpEVjczVF9Db1VCSXlkclBUeWFXMXBUWDFtTjB2MEQycngyZFU0TDEzMGpJNlcwanBlNkw3NFFaMjJtQk9fdXZsWV9sa3NNd20tam1vVDBCVDFYR3UzOHN1UGJ3JTJDJTJDJmNzaWQ9MjYyNTk1MSZzMT00ODA5NDI4Jm1kPTAmZXhvX2NpZD0zNTY3NTQ3fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8Z29nb2FuaW1lLm5sfDUwMzg1NHw4MTY4MDJ8OTcyNzY0fDQ4MDk0Mjh8NTE3fDM1Njc1NDd8MzgxMzk5Nzl8MTV8M3wwfDB8MjUzNDR8NDcyODI2fDExNC45MDgyNXw3MHxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDg0fDJ8MXx8Mzg2NTUzODE4fGQ0MWQ4Y2Q5OGYwMGIyMDRlOTgwMDk5OGVjZjg0MjdlfDF8MHx8MHwwfDB8MC4xMXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXw0fDMxNDMyNDR8fHwxfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfGY3NDFhZTk1NzgzZjk1ZjJmY2RlNDkyYTg1N2I5ODhl
Pragma: no-cache

                                        
                                            GET /cf?id=6428629335743846081&sid=ZZgSPZ5SEkq&subid=37360000&fid=19263 HTTP/1.1 
Host: c.popbutler.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         104.21.72.243
HTTP/2 302 Found
                                        
date: Mon, 24 Oct 2022 06:48:31 GMT
location: http://click-v4.junmediadirect1.com/click?i=PhvoE56VePg_0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7yYRha7DxNhR%2FV5hq4hzQuaELTOQtaa5PkRdeeYLgo1MlDjUyK2GlpNz19hYvYxmwG7F%2B6onfcTotfOcdMRhNwMcQo4B6kSJuAbBW5ZhmT7FCqRo27nHEcckkDLcrYncJAk%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75f0c46d191cb515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, max speed, from Unix\012- data
Size:   1576
Md5:    5791d66c51323f504af5c8d5d1b36e6e
Sha1:   d5d3cdafa3ab60210c9206f0efbdc6ff71d24afd
Sha256: 77ae9f71dd9b3f386896c0968df5517fdb8dd3334e12c4cb661f4fd5b3fde9f0
                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         104.18.32.68
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Mon, 24 Oct 2022 06:48:31 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Thu, 20 Oct 2022 20:07:26 GMT
Expires: Thu, 27 Oct 2022 20:07:25 GMT
Etag: "4b181959f623d42f222519672e68ddeb480c4f6f"
Cache-Control: max-age=306533,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 75f0c46e0997b51e-OSL

                                        
                                            GET /redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=2625951-3816519153-0_Exoclick HTTP/1.1 
Host: adserving.unibet.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         23.36.79.43
HTTP/2 301 Moved Permanently
content-type: text/html
                                        
content-length: 0
location: https://no.mariacasino.com/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.com&btag=81750185_BA87A29957E64EE9AE71AF5839E679D6&sref=ADC&ADC=2625951-3816519153-0_Exoclick&affiliateId=1&pid=86524509&bid=37953
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Mon, 24 Oct 2022 06:48:31 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 24 Oct 2022 06:48:31 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86524509%2c%22BID%22%3a37953%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1666594111899)%5c%2f%22%2c%22CookieTag%22%3a%223795386524509451240919C20221024648%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228284425149%7c1%22%7d%5d; domain=.unibet.com; expires=Wed, 24-Oct-3021 06:48:31 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=21, origin; dur=34
X-Firefox-Spdy: h2

                                        
                                            GET /cimp.php?data=TVRZMk5qVTVOREV3T1h4aFpUbG1ZekZoWXpGallUZ3pNakUwT0RrM05HVTJObU5tWm1aa1l6Vm1OQS0tfGh0dHA6Ly9hZHBvaW50cnRiLmNvbS9zY3JpcHQvczJpdXJsLnBocD9zdGFtYXQ9bSU3QyUyQyUyQ0FpT2lOaEsydEdVM0JaOUdIMGRFZEhQM3hQLmFjMiUyQ1pnZjV5bEpnMFdEMGMtSlprSkM1d1BwcENmdGpHUW90VWNZRXd1aGI1bmhlQnlkN2xnTy1uaGdsRVpBR2xOSk5KSnlnYkpQOGF6RXdpU3V4bWpZRm1NTHhGUnl6bWJLZmlBLTVNU3N0WkMyZlpfclJkTU1IUGpuOGJES3NXdHc1eDZBSnR0Ym5URDhJMVVqOWpuSG4tcjJ2a3UtZkxYYU5OcURiVjdheHpvWExjNmFKcGZEc1FwSWlNeXAtVkxOZHg3eXdZY0NTanV6enhqM2NyYlNkeVY4YklGZDcwRUl5cm1FNGVld05RU210M0ZZZXUyM3NtQXFQekRrR3pqUWQ2LXVmUExMLXFrTndZRmJIUEZzRmxSZjFaaW5iQl9ONjNWQmljM2w5UHFFNXFQbmktMWxETzVqb3B5ZWlKNnBFUTU3Zzk2X3RIWUU0Ui1iN0Z2Z2dEOWl6OEVjOE1fbVR1cHJrV2xoS0RELXloNDY1R3FkQlBPWXRXanpEVjczVF9Db1VCSXlkclBUeWFXMXBUWDFtTjB2MEQycngyZFU0TDEzMGpJNlcwanBlNkw3NFFaMjJtQk9fdXZsWV9sa3NNd20tam1vVDBCVDFYR3UzOHN1UGJ3JTJDJTJDJmNzaWQ9MjYyNTk1MSZzMT00ODA5NDI4Jm1kPTAmZXhvX2NpZD0zNTY3NTQ3fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8Z29nb2FuaW1lLm5sfDUwMzg1NHw4MTY4MDJ8OTcyNzY0fDQ4MDk0Mjh8NTE3fDM1Njc1NDd8MzgxMzk5Nzl8MTV8M3wwfDB8MjUzNDR8NDcyODI2fDExNC45MDgyNXw3MHxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDg0fDJ8MXx8Mzg2NTUzODE4fGQ0MWQ4Y2Q5OGYwMGIyMDRlOTgwMDk5OGVjZjg0MjdlfDF8MHx8MHwwfDB8MC4xMXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXw0fDMxNDMyNDR8fHwxfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfGY3NDFhZTk1NzgzZjk1ZjJmY2RlNDkyYTg1N2I5ODhl&p=https%3A%2F%2Fgogoanime.nl&tested=1&check=4982d74cc5945eb5f443cbeab8c29c8c&screen_resolution=1280x1024&container_resolution=1920x1080&iframe=1 HTTP/1.1 
Host: s.optnx.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://s.optnx.com/cimp.php?data=TVRZMk5qVTVOREV3T1h4aFpUbG1ZekZoWXpGallUZ3pNakUwT0RrM05HVTJObU5tWm1aa1l6Vm1OQS0tfGh0dHA6Ly9hZHBvaW50cnRiLmNvbS9zY3JpcHQvczJpdXJsLnBocD9zdGFtYXQ9bSU3QyUyQyUyQ0FpT2lOaEsydEdVM0JaOUdIMGRFZEhQM3hQLmFjMiUyQ1pnZjV5bEpnMFdEMGMtSlprSkM1d1BwcENmdGpHUW90VWNZRXd1aGI1bmhlQnlkN2xnTy1uaGdsRVpBR2xOSk5KSnlnYkpQOGF6RXdpU3V4bWpZRm1NTHhGUnl6bWJLZmlBLTVNU3N0WkMyZlpfclJkTU1IUGpuOGJES3NXdHc1eDZBSnR0Ym5URDhJMVVqOWpuSG4tcjJ2a3UtZkxYYU5OcURiVjdheHpvWExjNmFKcGZEc1FwSWlNeXAtVkxOZHg3eXdZY0NTanV6enhqM2NyYlNkeVY4YklGZDcwRUl5cm1FNGVld05RU210M0ZZZXUyM3NtQXFQekRrR3pqUWQ2LXVmUExMLXFrTndZRmJIUEZzRmxSZjFaaW5iQl9ONjNWQmljM2w5UHFFNXFQbmktMWxETzVqb3B5ZWlKNnBFUTU3Zzk2X3RIWUU0Ui1iN0Z2Z2dEOWl6OEVjOE1fbVR1cHJrV2xoS0RELXloNDY1R3FkQlBPWXRXanpEVjczVF9Db1VCSXlkclBUeWFXMXBUWDFtTjB2MEQycngyZFU0TDEzMGpJNlcwanBlNkw3NFFaMjJtQk9fdXZsWV9sa3NNd20tam1vVDBCVDFYR3UzOHN1UGJ3JTJDJTJDJmNzaWQ9MjYyNTk1MSZzMT00ODA5NDI4Jm1kPTAmZXhvX2NpZD0zNTY3NTQ3fGh0dHBzfDkxLjkwLjQyLjE1NHxOT1J8NDF8Z29nb2FuaW1lLm5sfDUwMzg1NHw4MTY4MDJ8OTcyNzY0fDQ4MDk0Mjh8NTE3fDM1Njc1NDd8MzgxMzk5Nzl8MTV8M3wwfDB8MjUzNDR8NDcyODI2fDExNC45MDgyNXw3MHxVU0R8VVNEfDF8MXwyMnx8MXxOT1J8fDg0fDJ8MXx8Mzg2NTUzODE4fGQ0MWQ4Y2Q5OGYwMGIyMDRlOTgwMDk5OGVjZjg0MjdlfDF8MHx8MHwwfDB8MC4xMXwxfDB8ZXhjaGFuZ2VfbGlua3wwfDB8MzE0MzI0MnwtMXw0fDMxNDMyNDR8fHwxfDE0NDB8fDB8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChYMTE7IExpbnV4IHg4Nl82NDsgcnY6OTYuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC85Ni4wfE9LfGY3NDFhZTk1NzgzZjk1ZjJmY2RlNDkyYTg1N2I5ODhl
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226356353f56bf94.526542503410631402%22%3B%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin

search
                                         95.211.229.247
HTTP/1.1 302 Found
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Mon, 24 Oct 2022 06:48:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226356353f56bf94.526542503410631402%22%3B%7D; expires=Wed, 23 Oct 2024 06:48:31 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: http://adpointrtb.com/script/s2iurl.php?stamat=m|,,AiOiNhK2tGU3BZ9GH0dEdHP3xP.ac2,Zgf5ylJg0WD0c-JZkJC5wPppCftjGQotUcYEwuhb5nheByd7lgO-nhglEZAGlNJNJJygbJP8azEwiSuxmjYFmMLxFRyzmbKfiA-5MSstZC2fZ_rRdMMHPjn8bDKsWtw5x6AJttbnTD8I1Uj9jnHn-r2vku-fLXaNNqDbV7axzoXLc6aJpfDsQpIiMyp-VLNdx7ywYcCSjuzzxj3crbSdyV8bIFd70EIyrmE4eewNQSmt3FYeu23smAqPzDkGzjQd6-ufPLL-qkNwYFbHPFsFlRf1ZinbB_N63VBic3l9PqE5qPni-1lDO5jopyeiJ6pEQ57g96_tHYE4R-b7FvggD9iz8Ec8M_mTuprkWlhKDD-yh465GqdBPOYtWjzDV73T_CoUBIydrPTyaW1pTX1mN0v0D2rx2dU4L130jI6W0jpe6L74QZ22mBO_uvlY_lksMwm-jmoT0BT1XGu38suPbw,,&csid=2625951&s1=4809428&md=0&exo_cid=3567547&exffir=eyJjIjoiNDk4MmQ3NGNjNTk0NWViNWY0NDNjYmVhYjhjMjljOGMiLCJ0IjoiMSIsInNyIjoiMTI4MHgxMDI0IiwiY3IiOiIxOTIweDEwODAiLCJpIjoiMSJ9
X-Robots-Tag: noindex, follow

                                        
                                            GET /stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.com&btag=81750185_BA87A29957E64EE9AE71AF5839E679D6&sref=ADC&ADC=2625951-3816519153-0_Exoclick&affiliateId=1&pid=86524509&bid=37953 HTTP/1.1 
Host: no.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         85.184.96.0
HTTP/2 301 Moved Permanently
                                        
date: Mon, 24 Oct 2022 06:48:32 GMT
content-length: 0
location: https://no.mariacasino.com:443/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.com&btag=81750185_BA87A29957E64EE9AE71AF5839E679D6&sref=ADC&ADC=2625951-3816519153-0_Exoclick&affiliateId=1&pid=86524509&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.com%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A86524509-37953
set-cookie: JSESSIONID=node0k0f40yaps4xtvwgpwthtorl1737268.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict __ucbt=node0k0f40yaps4xtvwgpwthtorl17; Path=/; Domain=.mariacasino.com; Expires=Wed, 23-Oct-2024 06:48:32 GMT; Max-Age=63072000; Secure; SameSite=None uniattr=ST.0.T; Path=/; Domain=.mariacasino.com; Expires=Wed, 23-Oct-2024 06:48:32 GMT; Max-Age=63072000; Secure; SameSite=None uniattr_ref=; Path=/; Domain=.mariacasino.com; Expires=Wed, 23-Oct-2024 06:48:32 GMT; Max-Age=63072000; Secure; SameSite=None UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None affid=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None netwid=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None CLAIM_CODE=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None REGISTRATION_CODE=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None campaignId=2397257; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.com; Expires=Mon, 24-Oct-2022 06:48:47 GMT; Max-Age=15; Secure; SameSite=None affiliateId=1; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None B-TAG=81750185_BA87A29957E64EE9AE71AF5839E679D6; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None REGISTRATION_CODE=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None BID=37953; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None PID=86524509; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None CHID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None REFERER=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None BOCAID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None PRODUCT_ID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D81750185_BA87A29957E64EE9AE71AF5839E679D6%26sref%3DADC%26ADC%3D2625951-3816519153-0_Exoclick%26affiliateId%3D1%26pid%3D86524509%26bid%3D37953; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None AFFILIATE_CAMPAIGN_ID=2397257; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.com; Expires=Mon, 24-Oct-2022 06:48:47 GMT; Max-Age=15; Secure; SameSite=None campaignId=2397257; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.com; Expires=Mon, 24-Oct-2022 06:48:47 GMT; Max-Age=15; Secure; SameSite=None clientId=browser_desktop; Domain=no.mariacasino.com; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Mon, 24 Oct 2022 06:48:32 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2

                                        
                                            GET /stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.com&btag=81750185_BA87A29957E64EE9AE71AF5839E679D6&sref=ADC&ADC=2625951-3816519153-0_Exoclick&affiliateId=1&pid=86524509&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.com%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A86524509-37953 HTTP/1.1 
Host: no.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0k0f40yaps4xtvwgpwthtorl17; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_BA87A29957E64EE9AE71AF5839E679D6; BID=37953; PID=86524509; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D81750185_BA87A29957E64EE9AE71AF5839E679D6%26sref%3DADC%26ADC%3D2625951-3816519153-0_Exoclick%26affiliateId%3D1%26pid%3D86524509%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; clientId=browser_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         85.184.96.0
HTTP/2 301 Moved Permanently
                                        
date: Mon, 24 Oct 2022 06:48:32 GMT
content-length: 0
location: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?mktid=1:81750185:86524509-37953&btag=81750185_BA87A29957E64EE9AE71AF5839E679D6&bid=37953&campaignId=2397257&pid=86524509
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Mon, 24 Oct 2022 06:48:32 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.securetrust.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 86
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.79.25
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 638
Date: Mon, 24 Oct 2022 06:48:32 GMT
Connection: keep-alive

                                        
                                            GET /redirect.aspx?bid=37953&pid=2100237&sref=ADC&ADC=2625951-3816519153-0_Exoclick HTTP/1.1 
Host: adserving.unibet.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86524509%2c%22BID%22%3a37953%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1666594111899)%5c%2f%22%2c%22CookieTag%22%3a%223795386524509451240919C20221024648%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.36.79.43
HTTP/2 301 Moved Permanently
content-type: text/html
                                        
content-length: 0
location: https://no.mariacasino.com/stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.com&btag=81750185_A47DB2D1DA674D9680B4FA1E506FDFDA&sref=ADC&ADC=2625951-3816519153-0_Exoclick&affiliateId=1&pid=86524509&bid=37953
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Mon, 24 Oct 2022 06:48:32 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Mon, 24 Oct 2022 06:48:32 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86524509%2c%22BID%22%3a37953%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1666594111899)%5c%2f%22%2c%22CookieTag%22%3a%223795386524509451240919C20221024648%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228284425168%7c1%22%7d%5d; domain=.unibet.com; expires=Wed, 24-Oct-3021 06:48:32 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=20, origin; dur=36
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, max compression, from Unix\012- data
Size:   2050
Md5:    1cbc557a8704b24af0bfb4c6b7742861
Sha1:   8ce4064916d5b8db6458c5d25f3eb894c00ccdfd
Sha256: dae05ca36da3363f8c658557051126bab37b9f53801cdc11b1c9fe1071ce25bc

Alerts:
  File Analyzers:
    - virustotal: 0/0
                                        
                                            GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1 
Host: a1s-cdn.unibet.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86524509%2c%22BID%22%3a37953%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1666594111899)%5c%2f%22%2c%22CookieTag%22%3a%223795386524509451240919C20221024648%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         85.184.96.5
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 24 Oct 2022 06:48:32 GMT
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   956
Md5:    fd48e87ecd4d06d9c5df490b91dc813e
Sha1:   a65a437db44444634e4f41732c590c1d14433b3f
Sha256: 2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
                                        
                                            GET /ajax/libs/jquery/3.1.1/jquery.min.js HTTP/1.1 
Host: ajax.googleapis.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.106
HTTP/2 200 OK
content-type: text/javascript; charset=UTF-8
                                        
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30244
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 09:07:49 GMT
expires: Thu, 19 Oct 2023 09:07:49 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 423643
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (32030)
Size:   30244
Md5:    04ba0252a9f264db106d4eaab8df4ccb
Sha1:   cf52d9b3df7839c5c64fbf33aafeced74b3db750
Sha256: 397852429e768ffbd12a78ce4b94f14e3ab4afabf84acb07c0bb5b7798e6e0b2
                                        
                                            GET /cf?id=12897893398026460760&sid=k2mHN2AHw88&subid=0000&fid=19423&redir=1 HTTP/1.1 
Host: c.xmlrtb.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         172.67.142.212
HTTP/2 302 Found
                                        
date: Mon, 24 Oct 2022 06:48:31 GMT
location: http://c.popbutler.com/cf?id=6428629335743846081&sid=ZZgSPZ5SEkq&subid=37360000&fid=19263
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VmqGujUT5tWjB6GN3QSzdOhrDl%2FG3YFIZfQtOuD6coENh8F%2FTGXncSHhflvgHsySSusITOhe5HAJJvg%2FTxIXqSpKn5ipFN27Abzez25c7IQ5IGdYoyq8Ds3H0q%2B0dmM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75f0c46ba92eb51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 151 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size:   6303
Md5:    6be047bdf3d103b2414f7f6ab64d96b8
Sha1:   57818bdfe16383abe584b5c30de5f35eb55ebf20
Sha256: 38e2d3e7f261032cf0c558e28555c6425c30aa14014f31bbaad7d5176b7d4449
                                        
                                            GET /cdn/unibet/js/mmcore.js HTTP/1.1 
Host: service.maxymiser.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.110.7.230
HTTP/2 404 Not Found
                                        
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
cache-control: max-age=1800
date: Mon, 24 Oct 2022 06:48:32 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   10
Md5:    7605968e79d0ca095ab1231486d2b814
Sha1:   a007b420d19ceefa840f0373e050e3b51a4ab480
Sha256: 493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b
                                        
                                            GET /stan/campaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.com&btag=81750185_A47DB2D1DA674D9680B4FA1E506FDFDA&sref=ADC&ADC=2625951-3816519153-0_Exoclick&affiliateId=1&pid=86524509&bid=37953 HTTP/1.1 
Host: no.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0k0f40yaps4xtvwgpwthtorl17; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_BA87A29957E64EE9AE71AF5839E679D6; BID=37953; PID=86524509; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D81750185_BA87A29957E64EE9AE71AF5839E679D6%26sref%3DADC%26ADC%3D2625951-3816519153-0_Exoclick%26affiliateId%3D1%26pid%3D86524509%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257; clientId=browser_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         85.184.96.0
HTTP/2 301 Moved Permanently
                                        
date: Mon, 24 Oct 2022 06:48:32 GMT
content-length: 0
location: https://no.mariacasino.com:443/stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.com&btag=81750185_A47DB2D1DA674D9680B4FA1E506FDFDA&sref=ADC&ADC=2625951-3816519153-0_Exoclick&affiliateId=1&pid=86524509&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.com%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A86524509-37953
set-cookie: JSESSIONID=node0fgrfsnwk5o281r6eqaoqg58bb356830.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict __ucbt=node0k0f40yaps4xtvwgpwthtorl17; Path=/; Domain=.mariacasino.com; Expires=Wed, 23-Oct-2024 06:48:32 GMT; Max-Age=63072000; Secure; SameSite=None uniattr=ST.0.T; Path=/; Domain=.mariacasino.com; Expires=Wed, 23-Oct-2024 06:48:32 GMT; Max-Age=63072000; Secure; SameSite=None uniattr_ref=; Path=/; Domain=.mariacasino.com; Expires=Wed, 23-Oct-2024 06:48:32 GMT; Max-Age=63072000; Secure; SameSite=None UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None affid=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None netwid=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None CLAIM_CODE=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None REGISTRATION_CODE=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None campaignId=2397257; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.com; Expires=Mon, 24-Oct-2022 06:48:47 GMT; Max-Age=15; Secure; SameSite=None affiliateId=1; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None B-TAG=81750185_A47DB2D1DA674D9680B4FA1E506FDFDA; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None REGISTRATION_CODE=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None BID=37953; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None PID=86524509; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None CHID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None REFERER=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None UNIBET_REQUEST_URL=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None BOCAID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None PRODUCT_ID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFID=; Path=/; Domain=.mariacasino.com; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D81750185_A47DB2D1DA674D9680B4FA1E506FDFDA%26sref%3DADC%26ADC%3D2625951-3816519153-0_Exoclick%26affiliateId%3D1%26pid%3D86524509%26bid%3D37953; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None AFFILIATE_CAMPAIGN_ID=2397257; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.com; Expires=Mon, 24-Oct-2022 06:48:47 GMT; Max-Age=15; Secure; SameSite=None campaignId=2397257; Path=/; Domain=.mariacasino.com; Expires=Wed, 31-Jan-2024 22:58:59 GMT; Max-Age=40147827; Secure; SameSite=None framework.forceBigLandingArea=; Path=/; Domain=.mariacasino.com; Expires=Mon, 24-Oct-2022 06:48:47 GMT; Max-Age=15; Secure; SameSite=None
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Mon, 24 Oct 2022 06:48:32 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2

                                        
                                            GET /no/pop/casino/2022/livecasino.png HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?mktid=1:81750185:86524509-37953&btag=81750185_BA87A29957E64EE9AE71AF5839E679D6&bid=37953&campaignId=2397257&pid=86524509
Cookie: __ucbt=node0k0f40yaps4xtvwgpwthtorl17; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_BA87A29957E64EE9AE71AF5839E679D6; BID=37953; PID=86524509; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D81750185_BA87A29957E64EE9AE71AF5839E679D6%26sref%3DADC%26ADC%3D2625951-3816519153-0_Exoclick%26affiliateId%3D1%26pid%3D86524509%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.196
HTTP/2 200 OK
content-type: image/png
                                        
date: Mon, 24 Oct 2022 06:48:32 GMT
content-length: 20783
cache-control: public, max-age=900, immutable
content-md5: h9w/yaQKmw6P18BRmsJPVA==
last-modified: Mon, 17 Oct 2022 10:46:30 GMT
etag: "0x8DAB02CD9C39254"
x-ms-request-id: 86a6fa5e-401e-003f-6872-e7daa1000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 200 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size:   20783
Md5:    87dc3fc9a40a9b0e8fd7c0519ac24f54
Sha1:   908b0ca475f8da1d0380a6cb5caabafce2466aec
Sha256: a0fd031aa160b2679253c5952576a692e002c6be963c5935af3692ff50206eb4
                                        
                                            GET /no/pop/casino/2022/games.png HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?mktid=1:81750185:86524509-37953&btag=81750185_BA87A29957E64EE9AE71AF5839E679D6&bid=37953&campaignId=2397257&pid=86524509
Cookie: __ucbt=node0k0f40yaps4xtvwgpwthtorl17; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_BA87A29957E64EE9AE71AF5839E679D6; BID=37953; PID=86524509; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D81750185_BA87A29957E64EE9AE71AF5839E679D6%26sref%3DADC%26ADC%3D2625951-3816519153-0_Exoclick%26affiliateId%3D1%26pid%3D86524509%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.196
HTTP/2 200 OK
content-type: image/png
                                        
date: Mon, 24 Oct 2022 06:48:32 GMT
content-length: 8838
cache-control: public, max-age=900, immutable
content-md5: +9NkwYTRwq8kbdWjB5zp7Q==
last-modified: Mon, 17 Oct 2022 10:46:30 GMT
etag: "0x8DAB02CD9BC6777"
x-ms-request-id: e0a158b0-301e-0057-7072-e7bc31000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 234 x 200, 8-bit/color RGBA, non-interlaced\012- data
Size:   8838
Md5:    fbd364c184d1c2af246dd5a3079ce9ed
Sha1:   5c572431ced831a518e0c4adfed4372254f1eac1
Sha256: 2a09f891fb138e893fbc2fe522761e47307376143582e41016bf8aa54c4fdb77
                                        
                                            GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/satelliteLib-81fa49b12f4903c5e2b79397db5965ace0d8bfac.js HTTP/1.1 
Host: assets.adobedtm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.38.200.237
HTTP/2 200 OK
content-type: application/x-javascript
                                        
accept-ranges: bytes
etag: "bf8d7656a2457e257e3cf75a01e6a4b7:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:54 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 43737
cache-control: max-age=3600
expires: Mon, 24 Oct 2022 07:48:32 GMT
date: Mon, 24 Oct 2022 06:48:32 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  exported SGML document, ASCII text, with very long lines (32764)
Size:   43737
Md5:    57198fa839fd954656487c5a3bef02a7
Sha1:   060e710714194b067e8a17554de1f056f3c5fa64
Sha256: 0144349d38a845bda08cbc2654f89da13986be57ce76fa7f49488907aa392edd
                                        
                                            GET /no/pop/casino/2022/mga.png HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?mktid=1:81750185:86524509-37953&btag=81750185_BA87A29957E64EE9AE71AF5839E679D6&bid=37953&campaignId=2397257&pid=86524509
Cookie: __ucbt=node0k0f40yaps4xtvwgpwthtorl17; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_BA87A29957E64EE9AE71AF5839E679D6; BID=37953; PID=86524509; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D81750185_BA87A29957E64EE9AE71AF5839E679D6%26sref%3DADC%26ADC%3D2625951-3816519153-0_Exoclick%26affiliateId%3D1%26pid%3D86524509%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.196
HTTP/2 200 OK
content-type: image/png
                                        
date: Mon, 24 Oct 2022 06:48:32 GMT
content-length: 1454
cache-control: public, max-age=900, immutable
content-md5: 8054HXrSLcd0uYrIKitG9g==
last-modified: Mon, 17 Oct 2022 10:46:30 GMT
etag: "0x8DAB02CD9E2FCA0"
x-ms-request-id: 7071aec1-501e-000c-0974-e7850a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 152 x 60, 8-bit colormap, non-interlaced\012- data
Size:   1454
Md5:    f34e781d7ad22dc774b98ac82a2b46f6
Sha1:   b66cb9753b0f76a7590f62d3c6b8f645bdbae786
Sha256: 7898ba2cec328d50a75400c1e5a6f1f23974f4c0cc433472a24f28a82c7d01c7
                                        
                                            GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/scripts/satellite-5b0e7d5264746d144c000221.js HTTP/1.1 
Host: assets.adobedtm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.38.200.237
HTTP/2 200 OK
content-type: application/x-javascript
                                        
accept-ranges: bytes
etag: "accfdd9d5be1d7142fabad440365d15f:1554112916"
last-modified: Mon, 01 Apr 2019 10:01:56 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 228
cache-control: max-age=3600
expires: Mon, 24 Oct 2022 07:48:32 GMT
date: Mon, 24 Oct 2022 06:48:32 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   228
Md5:    f9f61cf08520dbe652f9085c0c5e1a43
Sha1:   f9333020f4b2f0446c5ce4fd69f14433102a71c5
Sha256: b27cb6d5a43aa222ba4bb45dfeec4211d1ed558d1d552ec160660c01db213782
                                        
                                            GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/dil-contents-4493d5fc39a384609f7eab6df1c4aef4ab6b834d.js HTTP/1.1 
Host: assets.adobedtm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.38.200.237
HTTP/2 200 OK
content-type: application/x-javascript
                                        
accept-ranges: bytes
etag: "18eab16a639a4773572307713440a929:1554112912"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 12666
cache-control: max-age=3600
expires: Mon, 24 Oct 2022 07:48:32 GMT
date: Mon, 24 Oct 2022 06:48:32 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (558)
Size:   12666
Md5:    fbdf335868cbf423af02de87750c1a45
Sha1:   8405d2f9b1b98d830e1b5bb2d8b9cf31460a9cc4
Sha256: ddc30198d101ed4d7f85eb14fcc0331154807320fe2b2443b814bedc43c4ace4
                                        
                                            GET /stan/redirecttocampaign.do?cmpId=2397257&affiliateId=1&unibetTarget=/no/pop/casino/2022/index.html&targetDomain=https://welcome.mariacasino.com&btag=81750185_A47DB2D1DA674D9680B4FA1E506FDFDA&sref=ADC&ADC=2625951-3816519153-0_Exoclick&affiliateId=1&pid=86524509&bid=37953&landingPageUrl=https%3A%2F%2Fwelcome.mariacasino.com%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%3Fmktid%3D1%3A81750185%3A86524509-37953 HTTP/1.1 
Host: no.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0k0f40yaps4xtvwgpwthtorl17; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_A47DB2D1DA674D9680B4FA1E506FDFDA; BID=37953; PID=86524509; clientId=browser_desktop; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D81750185_A47DB2D1DA674D9680B4FA1E506FDFDA%26sref%3DADC%26ADC%3D2625951-3816519153-0_Exoclick%26affiliateId%3D1%26pid%3D86524509%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         85.184.96.0
HTTP/2 301 Moved Permanently
                                        
date: Mon, 24 Oct 2022 06:48:32 GMT
content-length: 0
location: https://welcome.mariacasino.com/no/pop/casino/2022/index.html?mktid=1:81750185:86524509-37953&btag=81750185_A47DB2D1DA674D9680B4FA1E506FDFDA&bid=37953&campaignId=2397257&pid=86524509
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Mon, 24 Oct 2022 06:48:32 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
X-Firefox-Spdy: h2

                                        
                                            GET /js/10682170820.js HTTP/1.1 
Host: cdn.optimizely.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         23.38.200.155
HTTP/2 200 OK
content-type: text/javascript; charset=utf-8
                                        
x-amz-id-2: G/RBXLVjrIm+N1bISPinQz8YGddf4K6/LMmjjxlq+irzdB68uQPYALdeKBAnWZCgFeasjgF0n/0=
x-amz-request-id: BFGN4DY5GP3S6791
x-amz-replication-status: COMPLETED
last-modified: Fri, 21 Oct 2022 17:38:46 GMT
etag: "0eab2fec9f5b877f58ca88d9ff23e5fc"
x-amz-server-side-encryption: AES256
x-amz-meta-revision: 468481
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: Oh_zac0OBZpiuOdTVcpRYbdsTM82ag6d
accept-ranges: bytes
server: AmazonS3
content-length: 201154
vary: Accept-Encoding
cache-control: max-age=120
date: Mon, 24 Oct 2022 06:48:32 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="2";dur=0,cdnip;desc="23.38.200.155";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
access-control-max-age: 86400
access-control-expose-headers: x-amz-meta-revision
access-control-allow-headers: *
access-control-allow-methods: GET, HEAD
access-control-allow-origin: *
timing-allow-origin: *
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65468)
Size:   201154
Md5:    0eab2fec9f5b877f58ca88d9ff23e5fc
Sha1:   adb913dd57f8344ea8411aa82039323f94829e9f
Sha256: 326e576e9e3c9072843a0ed9ec2c4634ee172d52fabb392c54a4b7c7fbe201d8
                                        
                                            GET /no/pop/casino/2022/index.html?mktid=1:81750185:86524509-37953&btag=81750185_A47DB2D1DA674D9680B4FA1E506FDFDA&bid=37953&campaignId=2397257&pid=86524509 HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0k0f40yaps4xtvwgpwthtorl17; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_A47DB2D1DA674D9680B4FA1E506FDFDA; BID=37953; PID=86524509; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D81750185_A47DB2D1DA674D9680B4FA1E506FDFDA%26sref%3DADC%26ADC%3D2625951-3816519153-0_Exoclick%26affiliateId%3D1%26pid%3D86524509%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         108.161.188.196
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
date: Mon, 24 Oct 2022 06:48:32 GMT
cache-control: public, max-age=900, immutable
content-md5: LMuxmpy5vmbZZszcJRJ3Pw==
last-modified: Mon, 17 Oct 2022 10:46:29 GMT
etag: W/"0x8DAB02CD94155F9"
x-ms-request-id: 81bea73e-c01e-0053-4173-e73136000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  data
Size:   3881
Md5:    8555a6ab1d99ef96eff6b6c6b7b9fc07
Sha1:   5ee857188daf484fd24233d44b69881aa07080b4
Sha256: 06de23fa98c5bc2f70a15eef1406850d91bdf397536134b6ded6c67fdd9ca614
                                        
                                            GET /orval/tracking/lastclick.min.js HTTP/1.1 
Host: a1s.unibet.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86524509%2c%22BID%22%3a37953%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1666594111899)%5c%2f%22%2c%22CookieTag%22%3a%223795386524509451240919C20221024648%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         85.184.96.5
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Mon, 24 Oct 2022 06:48:32 GMT
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2

                                        
                                            GET /lxAR5ZJ HTTP/1.1 
Host: zap.buzz
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         172.67.213.33
HTTP/2 302 Found
content-type: text/html; charset=utf-8
                                        
date: Mon, 24 Oct 2022 06:48:29 GMT
location: https://q.cachegorilla.com/r?fid=B79SGewuO6N
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.Y1Y1PQ.PH9CRntavsDwIiXPDj5hWND4iLg; Expires=Mon, 24 Oct 2022 07:18:29 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XET6mPhm6fBXrjB331UsiN4M0eYZMhn9KqbAXn8iDCRhm8nZE7R6xN7%2BYA7v96Glp4JeOgpjd0ipE5FbUriTEc1h201oaGYL7S1dyylQqkPgpOWIOPM2q0KnOg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75f0c45f7f0fb51b-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Size:   294
Md5:    038f738e0e0d31c62789ba53006041f6
Sha1:   440ec4b858992a7fcae83a063b2ba03c31c9a424
Sha256: 6f731759b3b3cde4307686c54f4bdc3412ce4b65b8129764dba8a1755096a1dd
                                        
                                            GET /hit?rhttps%3A//www.efilme-online.net/;s1280*1024*24;uhttps%3A//hqq.to/player/embed_player.php%3Fvid%3DZWZNTis5YlZaUExrYlhSSUxWbU5Gdz09%26autoplay%3Dno;0.5975848410440114 HTTP/1.1 
Host: counter.yadro.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         88.212.201.198
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Server: nginx/1.17.9
Date: Mon, 24 Oct 2022 06:48:33 GMT
Content-Length: 43
Connection: keep-alive
Expires: Sat, 23 Oct 2021 21:00:00 GMT
Pragma: no-cache
Cache-control: no-cache
Access-Control-Allow-Origin: *
Strict-Transport-Security: max-age=86400


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    fc94fb0c3ed8a8f909dbc7630a0987ff
Sha1:   56d45f8a17f5078a20af9962c992ca4678450765
Sha256: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
                                        
                                            GET /cdn/unibet/js/mmcore.js HTTP/1.1 
Host: service.maxymiser.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.110.7.230
HTTP/2 404 Not Found
                                        
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
cache-control: max-age=1800
date: Mon, 24 Oct 2022 06:48:33 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   10
Md5:    7605968e79d0ca095ab1231486d2b814
Sha1:   a007b420d19ceefa840f0373e050e3b51a4ab480
Sha256: 493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b
                                        
                                            GET /2ba9756ce24e85b6613a5e44df81f3a5de8f7320/s-code-contents-dcbd0d7722c067386a5d09d13c84aaf7196c1b0d.js HTTP/1.1 
Host: assets.adobedtm.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         23.38.200.237
HTTP/2 200 OK
content-type: application/x-javascript
                                        
accept-ranges: bytes
etag: "9c4992909a83d52617e9948d1d1c4141:1554112914"
last-modified: Mon, 01 Apr 2019 10:01:52 GMT
server: AkamaiNetStorage
vary: Accept-Encoding
content-encoding: gzip
content-length: 29629
cache-control: max-age=3600
expires: Mon, 24 Oct 2022 07:48:33 GMT
date: Mon, 24 Oct 2022 06:48:33 GMT
access-control-allow-origin: https://welcome.mariacasino.com
timing-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (543)
Size:   29629
Md5:    d994c7b5e7b348492e630f9e201eed6c
Sha1:   927a06e00f5a9c23d2f9348c013cec4b459effac
Sha256: 7ca2a3f0bb133f07fb5c826b58e48089d90b0ce6e5ab0dce5de73550c5110d80
                                        
                                            GET /watch/54046198?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fplayer%2Fembed_player.php%3Fvid%3DZWZNTis5YlZaUExrYlhSSUxWbU5Gdz09%26autoplay%3Dno&page-ref=https%3A%2F%2Fwww.efilme-online.net%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A606%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1437549224201%3Ahid%3A804067738%3Az%3A0%3Ai%3A20221024064832%3Aet%3A1666594113%3Arn%3A262183396%3Arqn%3A1%3Au%3A1666594108918686545%3Aw%3A800x450%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C217%2C0%2C%2C%2C%2C738%3Aeu%3A1%3Ans%3A1666594106609%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666594113%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)ecs(1)fip(1)rqnl(1)ti(2) HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         87.250.250.119
HTTP/2 302 Found
                                        
location: /watch/54046198/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fplayer%2Fembed_player.php%3Fvid%3DZWZNTis5YlZaUExrYlhSSUxWbU5Gdz09%26autoplay%3Dno&page-ref=https%3A%2F%2Fwww.efilme-online.net%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A606%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1437549224201%3Ahid%3A804067738%3Az%3A0%3Ai%3A20221024064832%3Aet%3A1666594113%3Arn%3A262183396%3Arqn%3A1%3Au%3A1666594108918686545%3Aw%3A800x450%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C217%2C0%2C%2C%2C%2C738%3Aeu%3A1%3Ans%3A1666594106609%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666594113%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
date: Mon, 24 Oct 2022 06:48:33 GMT
access-control-allow-origin: https://hqq.to
set-cookie: yandexuid=37051321666594113; Expires=Tue, 24-Oct-2023 06:48:33 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure yuidss=37051321666594113; Expires=Tue, 24-Oct-2023 06:48:33 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure yabs-sid=485961781666594113; Path=/; SameSite=None; Secure i=GkGjywHbM1uQwOiCz/zRekjrLojtPjOHMwOAajsdFcIoPmgRDNHO/jV2SXbIQNMxl+DIj83rTaZvF9qo71CM6muKA3U=; Expires=Thu, 21-Oct-2032 06:48:32 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None ymex=1698130113.yrts.1666594113#1698130113.yrtsi.1666594113; Expires=Tue, 24-Oct-2023 06:48:33 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 24-Oct-2022 06:48:33 GMT
last-modified: Mon, 24-Oct-2022 06:48:33 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT)\012- data
Size:   1199
Md5:    0fc50fe0077c2d091ca05aa91daba75f
Sha1:   6a05d944d25fe2dbf36c1fb33a5096bcb1ada25c
Sha256: 4b469a08c52c411065253103c02ea37609c225f2b4c7c3842d90d0c6caa694f3
                                        
                                            GET /watch/54046198/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fplayer%2Fembed_player.php%3Fvid%3DZWZNTis5YlZaUExrYlhSSUxWbU5Gdz09%26autoplay%3Dno&page-ref=https%3A%2F%2Fwww.efilme-online.net%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Akqp6gvxtrlkq3u3woc7b0%3Afp%3A606%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A912%3Acn%3A2%3Adp%3A0%3Als%3A1437549224201%3Ahid%3A804067738%3Az%3A0%3Ai%3A20221024064832%3Aet%3A1666594113%3Arn%3A262183396%3Arqn%3A1%3Au%3A1666594108918686545%3Aw%3A800x450%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C217%2C0%2C%2C%2C%2C738%3Aeu%3A1%3Ans%3A1666594106609%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1666594113%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1 
Host: mc.yandex.ru
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Referer: https://hqq.to/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         87.250.250.119
HTTP/2 200 OK
content-type: application/json; charset=utf-8
                                        
content-length: 419
date: Mon, 24 Oct 2022 06:48:33 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://hqq.to
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 24-Oct-2022 06:48:33 GMT
last-modified: Mon, 24-Oct-2022 06:48:33 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Size:   419
Md5:    efccb74b62594707305d4226e6c3e739
Sha1:   edbfa52096575163ca80693155280fc31791c314
Sha256: f806e69ad514e5602da4a995a4710157a2800cd184d99e8529f4d7c2d123ffea
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmSU5fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15740
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 19:34:21 GMT
expires: Thu, 19 Oct 2023 19:34:21 GMT
cache-control: public, max-age=31536000
age: 386052
last-modified: Wed, 11 May 2022 19:24:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15740, version 1.0\012- data
Size:   15740
Md5:    b9c29351c46f3e8c8631c4002457f48a
Sha1:   e57e59c5780995ff2937ab2b511a769212974a87
Sha256: f75911313e1c7802c23345ab57e754d87801581706780c993fb23ff4e0fe62ef
                                        
                                            GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1 
Host: fonts.gstatic.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.mariacasino.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         216.58.207.195
HTTP/2 200 OK
content-type: font/woff2
                                        
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 19 Oct 2022 14:07:32 GMT
expires: Thu, 19 Oct 2023 14:07:32 GMT
cache-control: public, max-age=31536000
age: 405661
last-modified: Wed, 11 May 2022 19:24:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Size:   15920
Md5:    3a44e06eb954b96aa043227f3534189d
Sha1:   23cef6993ddb2b2979e8e7647fc3763694e2ba7d
Sha256: b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
                                        
                                            GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 24 Oct 2022 06:48:33 GMT
expires: Mon, 24 Oct 2022 06:48:33 GMT
cache-control: private, max-age=900
last-modified: Mon, 24 Oct 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 80712
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (62112)
Size:   80712
Md5:    095c4f19d7cfc0f5cf3a1fc68fb1a670
Sha1:   b1438b0c7b92bf41fefdb73cc68ae5624db75dc4
Sha256: 8e58036a842272b2e054a43bbca7ee439bbb4e8782c18ad04491b31bff4c15ac
                                        
                                            GET /no/pop/casino/2022/BlenderPro-ThinWeb.woff HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/styles.css
Cookie: __ucbt=node0k0f40yaps4xtvwgpwthtorl17; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_A47DB2D1DA674D9680B4FA1E506FDFDA; BID=37953; PID=86524509; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D81750185_A47DB2D1DA674D9680B4FA1E506FDFDA%26sref%3DADC%26ADC%3D2625951-3816519153-0_Exoclick%26affiliateId%3D1%26pid%3D86524509%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.196
HTTP/2 200 OK
content-type: application/font-woff
                                        
date: Mon, 24 Oct 2022 06:48:33 GMT
content-length: 49636
cache-control: public, max-age=900, immutable
content-md5: N7qErrrRHC4KzUlu7bC7dg==
last-modified: Mon, 17 Oct 2022 10:46:30 GMT
etag: "0x8DAB02CD98FDFAE"
x-ms-request-id: 5b95a8ac-501e-0041-3472-e74ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 49636, version 3.6\012- data
Size:   49636
Md5:    37ba84aebad11c2e0acd496eedb0bb76
Sha1:   42942446e1cfab8d0eaf7d23899203b2b2b64fe7
Sha256: 2d7cc2c9c9fef717010fcfa8fa6518079eaec1e63975a74b4fb78afb14d6ee5e
                                        
                                            GET /no/pop/casino/2022/BlenderPro-MediumWeb.woff HTTP/1.1 
Host: welcome.mariacasino.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.mariacasino.com/no/pop/casino/2022/styles.css
Cookie: __ucbt=node0k0f40yaps4xtvwgpwthtorl17; uniattr=ST.0.T; uniattr_ref=; campaignId=2397257; framework.forceBigLandingArea=; affiliateId=1; B-TAG=81750185_A47DB2D1DA674D9680B4FA1E506FDFDA; BID=37953; PID=86524509; AFFILIATE_REQUEST_URL=https%3A%2F%2Fno.mariacasino.com%2Fstan%2Fcampaign.do%3FcmpId%3D2397257%26affiliateId%3D1%26unibetTarget%3D%2Fno%2Fpop%2Fcasino%2F2022%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.mariacasino.com%26btag%3D81750185_A47DB2D1DA674D9680B4FA1E506FDFDA%26sref%3DADC%26ADC%3D2625951-3816519153-0_Exoclick%26affiliateId%3D1%26pid%3D86524509%26bid%3D37953; AFFILIATE_CAMPAIGN_ID=2397257
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers

search
                                         108.161.188.196
HTTP/2 200 OK
content-type: application/font-woff
                                        
date: Mon, 24 Oct 2022 06:48:33 GMT
content-length: 48766
cache-control: public, max-age=900, immutable
content-md5: 9ieTyut+WxEddQiwDAgmwg==
last-modified: Mon, 17 Oct 2022 10:46:30 GMT
etag: "0x8DAB02CD97C8199"
x-ms-request-id: 87d7ddbb-101e-0022-4772-e7d71d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
server: NetDNA-cache/2.2
x-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  Web Open Font Format, TrueType, length 48766, version 3.6\012- data
Size:   48766
Md5:    f62793caeb7e5b111d7508b00c0826c2
Sha1:   d003c52a07685156de00186014c777b7dde81573
Sha256: bac888a26184354a6038eb4ba3d87fdc3315c6e7fe0c19ec7cd1737f1720fc5a
                                        
                                            GET /cdn/unibet/js/mmcore.js HTTP/1.1 
Host: service.maxymiser.net
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         104.110.7.230
HTTP/2 404 Not Found
                                        
accept-ranges: bytes
content-length: 10
server: AkamaiNetStorage
cache-control: max-age=1800
date: Mon, 24 Oct 2022 06:48:33 GMT
access-control-allow-origin: *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text
Size:   10
Md5:    7605968e79d0ca095ab1231486d2b814
Sha1:   a007b420d19ceefa840f0373e050e3b51a4ab480
Sha256: 493fda53120050f85836032324409be6c6484f90a0755ae0c6a673ba7626818b
                                        
                                            GET /client_storage/a10682170820.html HTTP/1.1 
Host: a10682170820.cdn.optimizely.com
                                        
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.mariacasino.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         104.110.8.48
HTTP/2 200 OK
content-type: text/html; charset=utf-8
                                        
x-amz-id-2: IeYlXjOWzUFIehd64WwKlNFQ2CegaukT0kjr0IgRJArGleX8w80IHyiYrQWkC9ZWJsLplEZErgQ=
x-amz-request-id: EX4P0PQRSR9Q99XP
x-amz-replication-status: COMPLETED
last-modified: Fri, 21 Oct 2022 17:38:08 GMT
etag: "289cc9f533f8a9d735a6c75b6373503d"
x-amz-server-side-encryption: AES256
x-amz-meta-pci_enabled: False
content-encoding: gzip
x-amz-version-id: Zv6klPAMkf2MMxf.aHGYECgntCebNK20
accept-ranges: bytes
server: AmazonS3
content-length: 1010
vary: Accept-Encoding
cache-control: max-age=120
date: Mon, 24 Oct 2022 06:48:33 GMT
server-timing: cdn;desc="AkamaiION";dur=0,rtt;desc="2";dur=0,cdnip;desc="104.110.8.48";dur=0,cdnmap;desc="a4728.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security: max-age=15768000
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (1690)
Size:   1010
Md5:&nb