tickzoo.com/veronica-silesto-clips/
94.242.50.158200 OK 9.0 kB URL HTTP/1.1 tickzoo.com/veronica-silesto-clips/
IP 94.242.50.158:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (8047), with CRLF, LF line terminators
Hash 4e596eda693186c6e1a05d3467cc57bd
6f2b4985659f5973f7f3b2e8cbe0ce3527b6e59c
d9404f2daa18deec7ad6d3f8d77511b53066af25aad8a1607c323a64ade7d51a
GET /veronica-silesto-clips/ HTTP/1.1
Host: tickzoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
cache-control: no-cache
wpo-cache-status: cached
last-modified: Wed, 21 Dec 2022 04:51:03 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
content-encoding: gzip
vary: Accept-Encoding
date: Wed, 21 Dec 2022 09:23:15 GMT
server: LiteSpeed
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bbea1550fedd5eb9c265712fab75b137
2c2f981747898a380265f766345f2bb9c8c983fd
c728286e38c31a4d3f7a39702e0a5f69c14bf69e01a88bc4479714953fbda278
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C728286E38C31A4D3F7A39702E0A5F69C14BF69E01A88BC4479714953FBDA278"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7647
Expires: Wed, 21 Dec 2022 11:30:43 GMT
Date: Wed, 21 Dec 2022 09:23:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 04c14564c7083355371e41c5a09acada
ea488e34661be5420c798c7e26f193b4dee7bb37
d7e5c37d8e6cbed236670d050f84f288539642f7a41a54b0abd39357f7c42232
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "D7E5C37D8E6CBED236670D050F84F288539642F7A41A54B0ABD39357F7C42232"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14555
Expires: Wed, 21 Dec 2022 13:25:51 GMT
Date: Wed, 21 Dec 2022 09:23:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cf03270e3476f7482a2cc7ddc6a9e857
ab70d5ee87b01e0601f8e518bf36f97c8ceeba9a
43a4e796860a1481636dac103488cadc68c261d13cfe835d273efc368e569f97
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "43A4E796860A1481636DAC103488CADC68C261D13CFE835D273EFC368E569F97"
Last-Modified: Sun, 18 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18237
Expires: Wed, 21 Dec 2022 14:27:13 GMT
Date: Wed, 21 Dec 2022 09:23:16 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash dcd75ca6daca51c5e39d431468511793
07f76d3bf23d65c9110d810fa71a994e39e085d3
73672a816da4450fe2c938b08d7ae002d9ca29fdcbd3e29cc97084d826f8b459
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Retry-After, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 21 Dec 2022 08:34:35 GMT
content-type: application/json
age: 2921
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: UOs5xfVV2JpUeOdgXio2POJ15OQQph0/b49oz5niiIZZHWqA9OQOaMzMATqqP1NmT/uGt2OH7jM=
x-amz-request-id: 67R09C1AAG1VGB8G
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 21 Dec 2022 08:55:19 GMT
age: 1677
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 09:23:16 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
tickzoo.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
94.242.50.158200 OK 12 kB URL HTTP/2 tickzoo.com/wp-includes/css/dist/block-library/style.min.css?ver=6.1.1
IP 94.242.50.158:0
File type ASCII text, with very long lines (47826)
Hash 45b3843596f3eda24398e2c1f68ee268
4ad9a0e6ed85ca57c5d134aa5ca546e19910640d
f2784720bca9efcc4c4c3ab35d5fa3b523eb1915acc04a53273559907d352e36
GET /wp-includes/css/dist/block-library/style.min.css?ver=6.1.1 HTTP/1.1
Host: tickzoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 28 Dec 2022 09:23:04 GMT
content-type: text/css
last-modified: Wed, 16 Nov 2022 06:34:29 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 12489
date: Wed, 21 Dec 2022 09:23:04 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
tickzoo.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
94.242.50.158200 OK 4.2 kB URL HTTP/2 tickzoo.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
IP 94.242.50.158:0
File type ASCII text, with very long lines (11126)
Hash c41f3a82e911de81a1817131069bc7d2
1e883290a0b794916cead41e5f0705716fd77b89
e9791f24770f098ea30bb4d25e2e10bdedb97132d0bbf7d2bd79eedac22efa27
GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 HTTP/1.1
Host: tickzoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 28 Dec 2022 09:23:04 GMT
content-type: application/javascript
last-modified: Wed, 18 Nov 2020 09:06:06 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 4168
date: Wed, 21 Dec 2022 09:23:04 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
tickzoo.com/wp-content/plugins/posts-like-dislike/js/pld-frontend.js?ver=1.0.8
94.242.50.158200 OK 808 B URL HTTP/2 tickzoo.com/wp-content/plugins/posts-like-dislike/js/pld-frontend.js?ver=1.0.8
IP 94.242.50.158:0
Hash b3fc9c4fad481f5442839805a3c6691b
fc3dfa25da21c99ed69ed856d28821aa76d5d28d
e79208bf53363c9937bbb2f1f6268ae2f3e2febd3fc1938e16d27dc48b3f4a49
GET /wp-content/plugins/posts-like-dislike/js/pld-frontend.js?ver=1.0.8 HTTP/1.1
Host: tickzoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 28 Dec 2022 09:23:04 GMT
content-type: application/javascript
last-modified: Thu, 11 Aug 2022 23:48:00 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 808
date: Wed, 21 Dec 2022 09:23:04 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
tickzoo.com/wp-content/themes/tickzoo/js/script.js?ver=1.0
94.242.50.158200 OK 705 B URL HTTP/2 tickzoo.com/wp-content/themes/tickzoo/js/script.js?ver=1.0
IP 94.242.50.158:0
Hash 615dde8b074c6270659f7918c849d45a
d29cc6e10773df0396058294e44aad660264108c
b658d8b8fd25f30a25763fb7c67dde12e3a696d8c605cc31d1663bccf3a3758c
GET /wp-content/themes/tickzoo/js/script.js?ver=1.0 HTTP/1.1
Host: tickzoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 28 Dec 2022 09:23:05 GMT
content-type: application/javascript
last-modified: Sat, 10 Sep 2022 02:59:41 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 705
date: Wed, 21 Dec 2022 09:23:05 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
tickzoo.com/wp-content/themes/tickzoo/img/logo_merry.png
94.242.50.158200 OK 11 kB URL HTTP/2 tickzoo.com/wp-content/themes/tickzoo/img/logo_merry.png
IP 94.242.50.158:0
File type PNG image data, 190 x 62, 8-bit/color RGBA, non-interlaced\012- data
Hash 83f50f21999c948f53c901d3ff67b71c
8b3c028484dfd652564f2d4725e932a2e8811034
43c2a7b317c06c297e6dce42b6d79cc135db2b7dae20bc8a18681da12ece2379
GET /wp-content/themes/tickzoo/img/logo_merry.png HTTP/1.1
Host: tickzoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 28 Dec 2022 09:23:05 GMT
content-type: image/png
last-modified: Mon, 05 Dec 2022 03:16:33 GMT
accept-ranges: bytes
content-length: 10654
date: Wed, 21 Dec 2022 09:23:05 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
tickzoo.com/wp-content/themes/tickzoo/img/play.png
94.242.50.158200 OK 1.8 kB URL HTTP/2 tickzoo.com/wp-content/themes/tickzoo/img/play.png
IP 94.242.50.158:0
File type PNG image data, 60 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 3d99ad816ff3597ef08f6a5f4ca23bc1
11c24349fb30d7b2574749f1bea9aec1eb4e592a
42433dbdd73f6d8c7c474c8fb447827641e1027a00a7bdc57d4bff9eede0cf6f
GET /wp-content/themes/tickzoo/img/play.png HTTP/1.1
Host: tickzoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 28 Dec 2022 09:23:05 GMT
content-type: image/png
last-modified: Sat, 10 Sep 2022 02:59:41 GMT
accept-ranges: bytes
content-length: 1808
date: Wed, 21 Dec 2022 09:23:05 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
tickzoo.com/wp-includes/css/classic-themes.min.css?ver=1
94.242.50.158200 OK 188 B URL HTTP/2 tickzoo.com/wp-includes/css/classic-themes.min.css?ver=1
IP 94.242.50.158:0
Hash 8ac085745a5bcc97c54f8088973df029
4e065566e82d4623d0f5b4d9275d3ee29e15acd1
a0b69c3418ce7d86bcd33d370dec1ba31f2d9c143d932f52de7c4f98427a813f
GET /wp-includes/css/classic-themes.min.css?ver=1 HTTP/1.1
Host: tickzoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 28 Dec 2022 09:23:04 GMT
content-type: text/css
last-modified: Wed, 02 Nov 2022 06:36:33 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 188
date: Wed, 21 Dec 2022 09:23:04 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
tickzoo.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
94.242.50.158200 OK 31 kB URL HTTP/2 tickzoo.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.1
IP 94.242.50.158:0
File type ASCII text, with very long lines (65447)
Hash cc5a8bfbf7d31fbc3022dc05e964a95c
81edda48c2c2c97bf79dea1ec91b89105e4ba00b
651c822702a9ac476c260fd37dccab6c3da8306ff6dd922e9d68cfa7863bfe42
GET /wp-includes/js/jquery/jquery.min.js?ver=3.6.1 HTTP/1.1
Host: tickzoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 28 Dec 2022 09:23:04 GMT
content-type: application/javascript
last-modified: Wed, 02 Nov 2022 06:36:48 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 31046
date: Wed, 21 Dec 2022 09:23:04 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
tickzoo.com/wp-content/plugins/posts-like-dislike/css/fontawesome/css/all.min.css?ver=1.0.8
94.242.50.158200 OK 10 kB URL HTTP/2 tickzoo.com/wp-content/plugins/posts-like-dislike/css/fontawesome/css/all.min.css?ver=1.0.8
IP 94.242.50.158:0
File type ASCII text, with very long lines (46750)
Hash 73017cbfec83552465e48e82cdf7a203
2b48cde17cacca6f933470e8155e271bf7293147
d4860ca9e7e4351cf97dc59cffb59b84e30b9ea3ffa213f4d62546875335557c
GET /wp-content/plugins/posts-like-dislike/css/fontawesome/css/all.min.css?ver=1.0.8 HTTP/1.1
Host: tickzoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 28 Dec 2022 09:23:04 GMT
content-type: text/css
last-modified: Thu, 11 Aug 2022 23:47:58 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 10180
date: Wed, 21 Dec 2022 09:23:04 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c92a63593449265941bccd2401ec3927
09bd5c279a11c5067d75300053d70e4e678d7140
a137e34a2d19637a6fe63ba801ce97be1ded72584f8a90798b4c0910526a4429
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tickzoo.com/wp-content/plugins/posts-like-dislike/css/pld-frontend.css?ver=1.0.8
94.242.50.158200 OK 407 B URL HTTP/2 tickzoo.com/wp-content/plugins/posts-like-dislike/css/pld-frontend.css?ver=1.0.8
IP 94.242.50.158:0
Hash d6ff40ad2110fc1d103c2b0ac468893e
de4ffe07b67c58a217e15f0a0d55380d99da5cf7
2dd30daef1b029e3b27713f9c3611c4aa8db6699ad1a690f09b9aa39cee0f853
GET /wp-content/plugins/posts-like-dislike/css/pld-frontend.css?ver=1.0.8 HTTP/1.1
Host: tickzoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 28 Dec 2022 09:23:04 GMT
content-type: text/css
last-modified: Thu, 11 Aug 2022 23:47:59 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 407
date: Wed, 21 Dec 2022 09:23:04 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=G-JVP4ZSJDWB
142.250.74.40200 OK 76 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=G-JVP4ZSJDWB
IP 142.250.74.40:0
File type ASCII text, with very long lines (20080)
Hash 29bea14cb60bbe2c8d0a43c79fb63e5a
c13afc8e397b8f5be6f4b8b4e7cf2e7ddb668414
d6a2219cf18e58ed5940458e57c84136762b9b7753eb3214b12b7c7ac217b67a
GET /gtag/js?id=G-JVP4ZSJDWB HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Wed, 21 Dec 2022 09:23:16 GMT
expires: Wed, 21 Dec 2022 09:23:16 GMT
cache-control: private, max-age=900
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 76268
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash c92a63593449265941bccd2401ec3927
09bd5c279a11c5067d75300053d70e4e678d7140
a137e34a2d19637a6fe63ba801ce97be1ded72584f8a90798b4c0910526a4429
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9d5518b05926e5fc608ad00c4abf3e01
273178a68589773d7c28a2360e64685937a5caa6
c0401c937edee3f05e3e41ab2b09af061962bcfa8471f2d0a0d91c3fe732843d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/02/16593971026hkrf/16593971026hkrf-640x480-4.jpg
50.7.214.74200 OK 48 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/02/16593971026hkrf/16593971026hkrf-640x480-4.jpg
IP 50.7.214.74:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1276x718, components 3\012- data
Hash 2bd5ff56255fb3f42ab13ee1194b54ce
05826addcefd702679c80418432d0014dc964686
a7294c37969a396315f02f6d80e1095134dfa293e10cb8853f87e8bd8cc166dc
GET /flv/api/files/thumbs_new/2022/08/02/16593971026hkrf/16593971026hkrf-640x480-4.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 47643
last-modified: Tue, 02 Aug 2022 00:13:11 GMT
etag: "62e86c17-ba1b"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/15/1660514431w5o5f/1660514431w5o5f-640x480-2.jpg
50.7.214.74200 OK 11 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/15/1660514431w5o5f/1660514431w5o5f-640x480-2.jpg
IP 50.7.214.74:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 71x72, segment length 16, progressive, precision 8, 426x240, components 3\012- data
Hash 73612c887ee749afe824e084b03468ed
595f74cd34ccef199b1239b6e3233d8b7f77c7f0
ab36805e50a17e251c406670f65d247dae79981d20d6e847585352d1429f6975
GET /flv/api/files/thumbs_new/2022/08/15/1660514431w5o5f/1660514431w5o5f-640x480-2.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 10684
last-modified: Sun, 14 Aug 2022 22:02:55 GMT
etag: "62f9710f-29bc"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/05/02/1651457196cjdup/1651457196cjdup-640x480-1.jpg
50.7.214.74200 OK 48 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/05/02/1651457196cjdup/1651457196cjdup-640x480-1.jpg
IP 50.7.214.74:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 854x480, components 3\012- data
Hash e585a095d6946423c89620795f12a379
fcb15d63a04922ac8a0020b97fe792998fc2d84b
e2669d68dfcd1a5f371300996c78e2b9d16964244d5d499e28982cefc64b9e3b
GET /flv/api/files/thumbs_new/2022/05/02/1651457196cjdup/1651457196cjdup-640x480-1.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 48242
last-modified: Mon, 02 May 2022 02:09:17 GMT
etag: "626f3d4d-bc72"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/07/27/1658869459kp7n4/1658869459kp7n4-640x480-4.jpg
50.7.214.74200 OK 31 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/07/27/1658869459kp7n4/1658869459kp7n4-640x480-4.jpg
IP 50.7.214.74:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x720, components 3\012- data
Hash f562b05be061e289c69daa8103de5531
b16c1d216bfccbe5b81d1535e2025688fd10d039
61e30b3ad2cd035e18ad07f4f29cd66d5b62c2ae7ce5521629303422604fc55a
GET /flv/api/files/thumbs_new/2022/07/27/1658869459kp7n4/1658869459kp7n4-640x480-4.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 31054
last-modified: Tue, 26 Jul 2022 21:06:41 GMT
etag: "62e05761-794e"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/07/31/1659293857k1v14/1659293857k1v14-640x480-5.jpg
50.7.214.74200 OK 16 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/07/31/1659293857k1v14/1659293857k1v14-640x480-5.jpg
IP 50.7.214.74:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash ad51f7068c6d9e792664a09ea6104713
0ae46384263bafa4c1ca41a74bc4b1c90abdbf79
cc0732759e5efb9447af6980012fa1a9e915c59f04be2109a08bafc0a2368a07
GET /flv/api/files/thumbs_new/2022/07/31/1659293857k1v14/1659293857k1v14-640x480-5.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 15498
last-modified: Sun, 31 Jul 2022 19:04:32 GMT
etag: "62e6d240-3c8a"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/06/15/16553047074xsre/16553047074xsre-640x480-5.jpg
50.7.214.74200 OK 30 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/06/15/16553047074xsre/16553047074xsre-640x480-5.jpg
IP 50.7.214.74:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 854x480, components 3\012- data
Hash 0193f53ffab526c800f68f332c91e666
f324c0c53ec40f976edcb7af3247b7aa144415a4
1c1b7015a75368cc40c5b22384db1736998152cf0fd4ae7740489f4540a4ea08
GET /flv/api/files/thumbs_new/2022/06/15/16553047074xsre/16553047074xsre-640x480-5.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 30098
last-modified: Wed, 15 Jun 2022 14:56:51 GMT
etag: "62a9f333-7592"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/07/30/16591366948wy6u/16591366948wy6u-640x480-1.jpg
50.7.214.74200 OK 33 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/07/30/16591366948wy6u/16591366948wy6u-640x480-1.jpg
IP 50.7.214.74:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x720, components 3\012- data
Hash 21337c397dceec343a571067871415d8
b87f1f8c0d53d365e1d7e3375870558875b9b37d
021db22262408c391b685a7639d5fa2a47251db783e3979843e0e198f5d3f06a
GET /flv/api/files/thumbs_new/2022/07/30/16591366948wy6u/16591366948wy6u-640x480-1.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 32739
last-modified: Fri, 29 Jul 2022 23:20:20 GMT
etag: "62e46b34-7fe3"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 9d5518b05926e5fc608ad00c4abf3e01
273178a68589773d7c28a2360e64685937a5caa6
c0401c937edee3f05e3e41ab2b09af061962bcfa8471f2d0a0d91c3fe732843d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/11/1660188360joh7y/1660188360joh7y-640x480-3.jpg
50.7.214.74200 OK 18 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/11/1660188360joh7y/1660188360joh7y-640x480-3.jpg
IP 50.7.214.74:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 480x360, components 3\012- data
Hash 397430444f4600087480f140d0a4ffc1
8cce7460c6dd43455a095d3cbdfc37eebb1b7629
1ea84676e1427c0055b24a9689346d708fbbb6e2f940617da15f858d79f38cfe
GET /flv/api/files/thumbs_new/2022/08/11/1660188360joh7y/1660188360joh7y-640x480-3.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 18418
last-modified: Thu, 11 Aug 2022 03:28:09 GMT
etag: "62f47749-47f2"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
d.smopy.com/d/?resource=pubJS
23.235.244.226200 OK 12 kB URL HTTP/1.1 d.smopy.com/d/?resource=pubJS
IP 23.235.244.226:0
File type ASCII text, with very long lines (10335)
Hash 9e1d00a93709d7c7f0b76a357a894c69
12f3fe4dcf3184472e8698cbdb101d7e2e937118
b487fc8502f417a50bb9197aba6e732b6f6a42467f317a8f0a8b0e36f64d61d8
GET /d/?resource=pubJS HTTP/1.1
Host: d.smopy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tickzoo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Dec 2022 09:23:16 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
ETag: W/"8daf-BWERFZ5FZWDu/jkfZpl9DmCh5Ns"
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/05/1659671593mi4w1/1659671593mi4w1-640x480-2.jpg
50.7.214.74200 OK 54 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/05/1659671593mi4w1/1659671593mi4w1-640x480-2.jpg
IP 50.7.214.74:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 854x720, components 3\012- data
Hash 0e10fe081441f66cfd62f4195fd9c161
099c87a974178c8920fa2f5bb1c20cbfe6663e9c
0b2362e5c1b1089698ed5df5e43e42dccd7fa0cb4f74b7618d11257e7b0f8123
GET /flv/api/files/thumbs_new/2022/08/05/1659671593mi4w1/1659671593mi4w1-640x480-2.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 53960
last-modified: Fri, 05 Aug 2022 03:55:34 GMT
etag: "62ec94b6-d2c8"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/18/16607926503t1i1/16607926503t1i1-640x480-5.jpg
50.7.214.74200 OK 104 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/18/16607926503t1i1/16607926503t1i1-640x480-5.jpg
IP 50.7.214.74:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x720, components 3\012- data
Size 104 kB (104286 bytes)
Hash 4883100d675b6c135404a1d573eabfb8
0323a91d0a9c1f6650bca3c825683c0f1aa4118d
99b8812613bec6d335bc41a15bd4c8e8172042eb654487f927cebf10cbb828cf
GET /flv/api/files/thumbs_new/2022/08/18/16607926503t1i1/16607926503t1i1-640x480-5.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 104286
last-modified: Thu, 18 Aug 2022 03:23:38 GMT
etag: "62fdb0ba-1975e"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/07/18/1658095134ynx5e/1658095134ynx5e-640x480--190967.jpg
50.7.214.74200 OK 98 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/07/18/1658095134ynx5e/1658095134ynx5e-640x480--190967.jpg
IP 50.7.214.74:0
File type PNG image data, 356 x 200, 8-bit/color RGB, non-interlaced\012- data
Hash ea3ceb0918141968a94aa85349594432
8029070b7283894880b16343eb1199a0ed850034
5ad82ee2a2739abc05b7c172a4fc9b0827df5c02368445a2b3bf7fde8443a942
GET /flv/api/files/thumbs_new/2022/07/18/1658095134ynx5e/1658095134ynx5e-640x480--190967.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 97855
last-modified: Sun, 31 Jul 2022 02:53:02 GMT
etag: "62e5ee8e-17e3f"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/07/25/1658697218v3jja/1658697218v3jja-640x480-1.jpg
50.7.214.74200 OK 81 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/07/25/1658697218v3jja/1658697218v3jja-640x480-1.jpg
IP 50.7.214.74:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x720, components 3\012- data
Hash 8030213395f1fbf737c6e606389576b7
afa77831258962ddf73725d4a91fee4ab7366d4b
07b13ce714628036d753ed4dccc3c14ff81ed6b6491fa965f15f23b4c0babae1
GET /flv/api/files/thumbs_new/2022/07/25/1658697218v3jja/1658697218v3jja-640x480-1.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 81421
last-modified: Sun, 24 Jul 2022 21:22:26 GMT
etag: "62ddb812-13e0d"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/15/1660514477hxinz/1660514477hxinz-640x480--190967.jpg
50.7.214.74200 OK 115 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/15/1660514477hxinz/1660514477hxinz-640x480--190967.jpg
IP 50.7.214.74:0
File type PNG image data, 426 x 238, 8-bit/color RGB, non-interlaced\012- data
Size 115 kB (115424 bytes)
Hash f7c15367d41d6ae457869e0e719b44a6
961ab6032ba78a49ba618dc31ebf5d373e2092bb
8f83c1d28eedd3a227fc9a2f59fa00f13af7d64416ffc8768d3e158e25dac563
GET /flv/api/files/thumbs_new/2022/08/15/1660514477hxinz/1660514477hxinz-640x480--190967.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 115424
last-modified: Sun, 14 Aug 2022 22:15:48 GMT
etag: "62f97414-1c2e0"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/07/25/1658699211od2h9/1658699211od2h9-640x480-3.jpg
50.7.214.74200 OK 119 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/07/25/1658699211od2h9/1658699211od2h9-640x480-3.jpg
IP 50.7.214.74:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 960x720, components 3\012- data
Size 119 kB (118696 bytes)
Hash 24b5caf2d12ea1b070fe51c6fd3b0b23
00fc04e4efe31d02c675ad84e324a32848828732
98177f2006a591c4430b8038b100f09e626b92a0cef7645b2250bb8c169e302e
GET /flv/api/files/thumbs_new/2022/07/25/1658699211od2h9/1658699211od2h9-640x480-3.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 118696
last-modified: Sun, 24 Jul 2022 21:52:21 GMT
etag: "62ddbf15-1cfa8"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/11/24/16692483379f8yf/16692483379f8yf-640x480--190967.jpg
50.7.214.74200 OK 132 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/11/24/16692483379f8yf/16692483379f8yf-640x480--190967.jpg
IP 50.7.214.74:0
File type PNG image data, 356 x 200, 8-bit/color RGB, non-interlaced\012- data
Size 132 kB (132485 bytes)
Hash 788e208cc58af793ade2efede4cabb7a
bbc299f34578ae51f117c104602b7279b09902cb
d04c947b211538136ae0daaebe2e5ffaeb54868d3bc224e9488d91cffe099a2e
GET /flv/api/files/thumbs_new/2022/11/24/16692483379f8yf/16692483379f8yf-640x480--190967.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 132485
last-modified: Thu, 24 Nov 2022 01:00:05 GMT
etag: "637ec215-20585"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/15/1660514582odwk8/1660514582odwk8-640x480--190967.jpg
50.7.214.74200 OK 147 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/15/1660514582odwk8/1660514582odwk8-640x480--190967.jpg
IP 50.7.214.74:0
File type PNG image data, 426 x 238, 8-bit/color RGB, non-interlaced\012- data
Size 147 kB (147043 bytes)
Hash 720b5140ec3b5cb6777a95636b361859
8c8ffd57f77d2aa313a4cffb51acb18887104360
f8df42233d059801fc6e5959812824a20c4869b788f9d81882f26d51fd4fe6d0
GET /flv/api/files/thumbs_new/2022/08/15/1660514582odwk8/1660514582odwk8-640x480--190967.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 147043
last-modified: Sun, 14 Aug 2022 22:10:04 GMT
etag: "62f972bc-23e63"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/11/05/16676724173y3ha/16676724173y3ha-640x480--190967.jpg
50.7.214.74200 OK 336 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/11/05/16676724173y3ha/16676724173y3ha-640x480--190967.jpg
IP 50.7.214.74:0
File type PNG image data, 640 x 464, 8-bit/color RGB, non-interlaced\012- data
Size 336 kB (336024 bytes)
Hash 3aec3c3b7fd4881a849b635bba30be3f
33d1ed8fae2753799b3add6e6636cfb07e6b229f
91ca2dab6b750cea9e64b89758cc7cf2180fb6d656d76a91bd8283808cbeda1f
GET /flv/api/files/thumbs_new/2022/11/05/16676724173y3ha/16676724173y3ha-640x480--190967.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 336024
last-modified: Sat, 05 Nov 2022 18:28:04 GMT
etag: "6366ab34-52098"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/28/1661665356razc0/1661665356razc0-640x480--190967.jpg
50.7.214.74200 OK 307 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/08/28/1661665356razc0/1661665356razc0-640x480--190967.jpg
IP 50.7.214.74:0
File type PNG image data, 640 x 427, 8-bit/color RGB, non-interlaced\012- data
Size 307 kB (307059 bytes)
Hash f229d167e3a0fb2d920b26313ab78e1a
4eae767b1931745acb6759cc1b3539380620901a
542df6c8cc7ac18fc170502fcbb6f465944c129ca6b9c889ea05892d4bd839fa
GET /flv/api/files/thumbs_new/2022/08/28/1661665356razc0/1661665356razc0-640x480--190967.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:55 GMT
content-type: image/jpeg
content-length: 307059
last-modified: Sun, 28 Aug 2022 05:48:39 GMT
etag: "630b01b7-4af73"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:55 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1df332b5157eb638937bc0c35ea7dca0
7782566d8c7a9ef20cde7b06574b2839c1e45ec3
061a71ec46beeb152a345fbfe6faf52fe6a2c63c2405264fec3dd3a089a91d3a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5641
Cache-Control: max-age=109070
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:16 GMT
Etag: "63a1c189-117"
Expires: Thu, 22 Dec 2022 15:41:06 GMT
Last-Modified: Tue, 20 Dec 2022 14:07:05 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1df332b5157eb638937bc0c35ea7dca0
7782566d8c7a9ef20cde7b06574b2839c1e45ec3
061a71ec46beeb152a345fbfe6faf52fe6a2c63c2405264fec3dd3a089a91d3a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3815
Cache-Control: max-age=107244
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:16 GMT
Etag: "63a1c189-117"
Expires: Thu, 22 Dec 2022 15:10:40 GMT
Last-Modified: Tue, 20 Dec 2022 14:07:05 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1df332b5157eb638937bc0c35ea7dca0
7782566d8c7a9ef20cde7b06574b2839c1e45ec3
061a71ec46beeb152a345fbfe6faf52fe6a2c63c2405264fec3dd3a089a91d3a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5671
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:16 GMT
Last-Modified: Wed, 21 Dec 2022 07:48:46 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1df332b5157eb638937bc0c35ea7dca0
7782566d8c7a9ef20cde7b06574b2839c1e45ec3
061a71ec46beeb152a345fbfe6faf52fe6a2c63c2405264fec3dd3a089a91d3a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5641
Cache-Control: max-age=109070
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:16 GMT
Etag: "63a1c189-117"
Expires: Thu, 22 Dec 2022 15:41:06 GMT
Last-Modified: Tue, 20 Dec 2022 14:07:05 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
ka-f.fontawesome.com/releases/v6.2.1/css/free.min.css?token=1e1169734c
172.64.169.22200 OK 24 kB URL HTTP/2 ka-f.fontawesome.com/releases/v6.2.1/css/free.min.css?token=1e1169734c
IP 172.64.169.22:0
File type ASCII text, with very long lines (65321)
Hash b2388136e58a6c6f3bf762473937ca96
d5551b451c2607ca40f2876a6a6189081f8cd990
510400181f84600d1bcbb3da1b7cff3cf48b088494529310a82675fb9feb6a4c
GET /releases/v6.2.1/css/free.min.css?token=1e1169734c HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tickzoo.com/
Origin: http://tickzoo.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:16 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 14 Nov 2022 15:06:08 GMT
etag: W/"2dbe34367e935e2684b01124b0860d71"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 aa96b55d26f4ea74047e87b840fdea7c.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR52-C1
x-amz-cf-id: 4BQer-FLB40gxFgBA388ovuxr6CqXI-18phRL1ROiIGjKZ2F4LbYhA==
age: 1388355
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TH5%2Fu4iaJqsDNz8kdymMPKeSBTbwbP2UEgFc1FYR02WyfElrSej1BvmRzGgKEiKjKPhgcKNMTDT6fxYPEjMaM8Kkp18RELFF1VBJHyjH1QXkxyUeiVS0UGLBRM2ry3piUQdPkP1hUg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cf8ede2bf423d8-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash eadadfec0a65bce69128230cfa49f936
1ae7fbb4969315fc2d13cf0a63d1909c499147db
bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash eadadfec0a65bce69128230cfa49f936
1ae7fbb4969315fc2d13cf0a63d1909c499147db
bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash eadadfec0a65bce69128230cfa49f936
1ae7fbb4969315fc2d13cf0a63d1909c499147db
bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash eadadfec0a65bce69128230cfa49f936
1ae7fbb4969315fc2d13cf0a63d1909c499147db
bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
142.250.74.35200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 12924, version 1.0\012- data
Hash 4610010f425c140b99c88b6819ce1c02
a7e839aa0452ceeb6228de7c15062fe82cc6d1c3
7348a2eb48c9a681d6178433394c7037144d85b57ee33a11339d3a33fa1001a4
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://tickzoo.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12924
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 15 Dec 2022 08:00:18 GMT
expires: Fri, 15 Dec 2023 08:00:18 GMT
cache-control: public, max-age=31536000
age: 523378
last-modified: Wed, 27 Apr 2022 16:02:31 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
142.250.74.35200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 13036, version 1.0\012- data
Hash 0ad032b3d07aaf33b160ac4799dda40f
06b931e0d0bf37f5037d9e66d6feedfddd21c0ba
c124c88ca4fcb4336e97617647ef0d32441329371120c8eabaea0fea226560b0
GET /s/sourcesanspro/v21/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://tickzoo.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13036
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Dec 2022 19:28:49 GMT
expires: Thu, 14 Dec 2023 19:28:49 GMT
cache-control: public, max-age=31536000
age: 568467
last-modified: Wed, 27 Apr 2022 16:04:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 1df332b5157eb638937bc0c35ea7dca0
7782566d8c7a9ef20cde7b06574b2839c1e45ec3
061a71ec46beeb152a345fbfe6faf52fe6a2c63c2405264fec3dd3a089a91d3a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3815
Cache-Control: max-age=107244
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:16 GMT
Etag: "63a1c189-117"
Expires: Thu, 22 Dec 2022 15:10:40 GMT
Last-Modified: Tue, 20 Dec 2022 14:07:05 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
142.250.74.35200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 13052, version 1.0\012- data
Hash 7cf79fbd1df848510d7352274efc2401
5540b5a26cc7dfe25294c4eabe011e2c6cd60143
bc9a16cd945457ad9463cdaed95129b01c589466978dfee3d019d9c604b2171a
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3i54rwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://tickzoo.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 13052
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Dec 2022 19:38:22 GMT
expires: Thu, 14 Dec 2023 19:38:22 GMT
cache-control: public, max-age=31536000
age: 567894
last-modified: Wed, 27 Apr 2022 16:09:03 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
142.250.74.35200 OK 13 kB URL HTTP/2 fonts.gstatic.com/s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 12956, version 1.0\012- data
Hash 1c772d9d0531b187db80bcfc199c1786
c0c04fb334190e10dffed0dcc5c817c2a6041a15
122854df4f39cf922db317714c2ff0eccab27a1028c14a5aa2211f48b7e0eade
GET /s/sourcesanspro/v21/6xKydSBYKcSV-LCoeQqfX1RYOo3ik4zwlxdu.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://tickzoo.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 12956
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Dec 2022 15:42:42 GMT
expires: Wed, 20 Dec 2023 15:42:42 GMT
cache-control: public, max-age=31536000
age: 63634
last-modified: Wed, 27 Apr 2022 16:54:52 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash eadadfec0a65bce69128230cfa49f936
1ae7fbb4969315fc2d13cf0a63d1909c499147db
bbd8831dd832214747d09faca8a7092b1e72dbaec35ee513bf6663caaea3e488
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:16 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/s2/favicons?domain=https://1fichier.com/?q5xod9bu0zt36gkhcugq
142.250.74.164301 Moved Permanently 355 B URL HTTP/1.1 www.google.com/s2/favicons?domain=https://1fichier.com/?q5xod9bu0zt36gkhcugq
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 3b7024a3a13ac8b1282ca56f5508670d
3bc381e93585a67785213f738a3d0c78fc8cef71
db1b00ee89066feb029b8b7b7b93727d3c0c8378de6b505a7adaf6fa469a5e07
GET /s2/favicons?domain=https://1fichier.com/?q5xod9bu0zt36gkhcugq HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tickzoo.com/
HTTP/1.1 301 Moved Permanently
Location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://1fichier.com/?q5xod9bu0zt36gkhcugq&size=16
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Wed, 21 Dec 2022 09:23:16 GMT
Expires: Wed, 21 Dec 2022 09:53:16 GMT
Cache-Control: public, max-age=1800
Server: sffe
Content-Length: 355
X-XSS-Protection: 0
www.google.com/s2/favicons?domain=https://mega.nz/file/LiZBTSBT
142.250.74.164301 Moved Permanently 342 B URL HTTP/1.1 www.google.com/s2/favicons?domain=https://mega.nz/file/LiZBTSBT
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 1137397e8db78e7ac1cb12ebf50f02d8
7dc47aec08722d330cfb11d75c5ecea9fa59cb61
a181d80137489ff2147f8fb6bf972c044f65461682cf5f0291cf39ef875371e7
GET /s2/favicons?domain=https://mega.nz/file/LiZBTSBT HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tickzoo.com/
HTTP/1.1 301 Moved Permanently
Location: https://t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://mega.nz/file/LiZBTSBT&size=16
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Wed, 21 Dec 2022 09:23:16 GMT
Expires: Wed, 21 Dec 2022 09:53:16 GMT
Cache-Control: public, max-age=1800
Server: sffe
Content-Length: 342
X-XSS-Protection: 0
www.google.com/s2/favicons?domain=https://anonfiles.com/Dfi0V3l9y2/V3R0NIC4SILI3ST0CLIPS_rar
142.250.74.164301 Moved Permanently 371 B URL HTTP/1.1 www.google.com/s2/favicons?domain=https://anonfiles.com/Dfi0V3l9y2/V3R0NIC4SILI3ST0CLIPS_rar
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash 8e510169925abb1cec83b13d547e46ac
1a49fe303e561823f7e813f357df7ba02b3c1cd2
c9c001482a1fdd09a00cc5fdd1d3b0ac18c9a94caa993da7ba8e463640f60489
GET /s2/favicons?domain=https://anonfiles.com/Dfi0V3l9y2/V3R0NIC4SILI3ST0CLIPS_rar HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tickzoo.com/
HTTP/1.1 301 Moved Permanently
Location: https://t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://anonfiles.com/Dfi0V3l9y2/V3R0NIC4SILI3ST0CLIPS_rar&size=16
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Wed, 21 Dec 2022 09:23:16 GMT
Expires: Wed, 21 Dec 2022 09:53:16 GMT
Cache-Control: public, max-age=1800
Server: sffe
Content-Length: 371
X-XSS-Protection: 0
secure.gravatar.com/avatar/26687e10ef4437e1e8bb589542db3e85?s=32&d=mm&r=g
192.0.73.2200 OK 911 B URL HTTP/2 secure.gravatar.com/avatar/26687e10ef4437e1e8bb589542db3e85?s=32&d=mm&r=g
IP 192.0.73.2:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 32x32, components 3\012- data
Hash 4e38eb3c5f19349270980cadb65cb4b8
2ceac60ed9731fd29f032239988fb1ebacdaae0b
9ef33605db40f5dd37e194f4af592cd22a8a90f56da1a165b4a97c34efaa09eb
GET /avatar/26687e10ef4437e1e8bb589542db3e85?s=32&d=mm&r=g HTTP/1.1
Host: secure.gravatar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 21 Dec 2022 09:23:16 GMT
content-type: image/jpeg
content-length: 911
last-modified: Wed, 11 Jan 1984 08:00:00 GMT
link: <https://www.gravatar.com/avatar/26687e10ef4437e1e8bb589542db3e85?s=32&d=mm&r=g>; rel="canonical"
access-control-allow-origin: *
content-disposition: inline; filename="26687e10ef4437e1e8bb589542db3e85.png"
expires: Wed, 21 Dec 2022 09:28:16 GMT
cache-control: max-age=300
x-nc: HIT arn 2
accept-ranges: bytes
X-Firefox-Spdy: h2
tickzoo.com/wp-content/themes/tickzoo/css/tickzoo.css?ver=1.1
94.242.50.158200 OK 1.8 kB URL HTTP/2 tickzoo.com/wp-content/themes/tickzoo/css/tickzoo.css?ver=1.1
IP 94.242.50.158:0
Hash 84b88e63e9ef4a3138509385659d3cb3
c8c1828ce712b22de94b67e0992f311ad93979bc
cc9de297d86c046d7b74b7ace961625e0394020c332de7e551af8090fcbc9a74
GET /wp-content/themes/tickzoo/css/tickzoo.css?ver=1.1 HTTP/1.1
Host: tickzoo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cache-control: public, max-age=604800
expires: Wed, 28 Dec 2022 09:23:04 GMT
content-type: text/css
last-modified: Mon, 05 Dec 2022 03:21:25 GMT
accept-ranges: bytes
content-encoding: gzip
vary: Accept-Encoding
content-length: 3591
date: Wed, 21 Dec 2022 09:23:04 GMT
server: LiteSpeed
X-Firefox-Spdy: h2
t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://anonfiles.com/Dfi0V3l9y2/V3R0NIC4SILI3ST0CLIPS_rar&size=16
142.250.74.132200 OK 370 B URL HTTP/2 t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://anonfiles.com/Dfi0V3l9y2/V3R0NIC4SILI3ST0CLIPS_rar&size=16
IP 142.250.74.132:0
File type PNG image data, 16 x 16, 8-bit colormap, non-interlaced\012- data
Hash 3cd984443ed8de98320ab2e5f601ba12
45be5062ebaea2196b100b7a5fcb737c33522f48
7323d14964df19682e5b4adaa2a6511dd12fc09cb035ffe3ae677cc6ef0af66c
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://anonfiles.com/Dfi0V3l9y2/V3R0NIC4SILI3ST0CLIPS_rar&size=16 HTTP/1.1
Host: t0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tickzoo.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-location: https://anonfiles.com/img/favicon/favicon-32x32-anonfiles.png?1663359761
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 370
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 18 Dec 2022 20:13:06 GMT
expires: Sun, 25 Dec 2022 20:13:06 GMT
cache-control: public, max-age=604800
last-modified: Wed, 11 Apr 2018 00:49:59 GMT
content-type: image/png
age: 220211
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://mega.nz/file/LiZBTSBT&size=16
142.250.74.100200 OK 454 B URL HTTP/2 t2.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://mega.nz/file/LiZBTSBT&size=16
IP 142.250.74.100:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash b47dc0281a58eb5dcbefb21f7d9f2f8b
9ca10c8524a596da424cfe4ad62902b6c3107172
3bb219a803b2aafd036cd2c0133a3b41c9e97d6f22c48c5884aad12b9a8b4c89
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://mega.nz/file/LiZBTSBT&size=16 HTTP/1.1
Host: t2.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tickzoo.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-location: https://mega.nz/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 454
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 18 Dec 2022 20:56:14 GMT
expires: Sun, 25 Dec 2022 20:56:14 GMT
cache-control: public, max-age=604800
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
content-type: image/png
age: 217623
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://1fichier.com/?q5xod9bu0zt36gkhcugq&size=16
142.250.74.132200 OK 777 B URL HTTP/2 t0.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://1fichier.com/?q5xod9bu0zt36gkhcugq&size=16
IP 142.250.74.132:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash ea70b34ee38dc7e303778a47d2b46a13
58ae85c0048f4e0580992b0b8f5e5c3aa73fa499
62d589b58a50dbcc9fb91095fdddcde6a20574f085e60492b1fbbd2be693682a
GET /faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=https://1fichier.com/?q5xod9bu0zt36gkhcugq&size=16 HTTP/1.1
Host: t0.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://tickzoo.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
content-type: image/png
content-location: https://1fichier.com/favicon.ico
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/media-favicon
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="media-favicon"
report-to: {"group":"media-favicon","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/media-favicon"}]}
content-length: 777
date: Wed, 21 Dec 2022 09:23:17 GMT
expires: Wed, 28 Dec 2022 09:23:17 GMT
cache-control: public, max-age=604800
last-modified: Wed, 29 Nov 2017 12:34:19 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
hqq.to/js/video.jquery_plugs/modernizr.js?12
190.115.19.71200 OK 652 B URL HTTP/2 hqq.to/js/video.jquery_plugs/modernizr.js?12
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with very long lines (1227), with no line terminators
Hash aecce2cd69440bcd1b71a8f0ce204922
7bf5702d34c33349bead0bb2cb7ad2200d699196
b9159c2d62fb50c02489b011962ed2549515067437b550834432787ff25a5dfb
GET /js/video.jquery_plugs/modernizr.js?12 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/RFBhYmNtTllFUk9vMU5QT1I5UTBXQT09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=G8KaDXTMGEj8MAWAQDmD; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 21-Dec-2023 09:23:17 GMT
date: Mon, 17 Oct 2022 10:45:52 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 03 Jun 2018 17:19:35 GMT
etag: W/"5b142327-4cb"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 5611045
ddg-cache-status: HIT,MISS
content-length: 652
X-Firefox-Spdy: h2
hqq.to/js/d_check.js?34
190.115.19.71200 OK 1.0 kB IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with very long lines (821)
Hash 841e4af4332ce934406a4e59a063aa98
fd8429c4c48157e134268b448d713b642f461af6
fde29879f9e4795b74c36aa1a23b32f35f5f67131fc914be72e42f1fff8740d3
GET /js/d_check.js?34 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/RFBhYmNtTllFUk9vMU5QT1I5UTBXQT09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=PRQks1YOWrg5vHzHUfzG; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 21-Dec-2023 09:23:17 GMT
date: Mon, 17 Oct 2022 10:54:47 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 27 Feb 2020 14:57:53 GMT
etag: W/"5e57d8f1-d8a"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 5610510
ddg-cache-status: HIT,MISS
content-length: 1028
X-Firefox-Spdy: h2
hqq.to/js/embed.205.js?736
190.115.19.71200 OK 40 kB URL HTTP/2 hqq.to/js/embed.205.js?736
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type Unicode text, UTF-8 text, with very long lines (3414)
Hash a90103e09bb84e7a40056290782919c7
6df1efda05907116927ee40e029c3f28cb401340
7dc905c2441e5b327b9509396140a655251f9e94c56c80f54b684db09024efd8
GET /js/embed.205.js?736 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/RFBhYmNtTllFUk9vMU5QT1I5UTBXQT09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=aQ7G1RVmzAaERqmAgAM1; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 21-Dec-2023 09:23:17 GMT
date: Mon, 17 Oct 2022 10:45:52 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 04 Aug 2022 18:07:34 GMT
etag: W/"62ec0ae6-298ce"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 5611045
ddg-cache-status: HIT,MISS
content-length: 39845
X-Firefox-Spdy: h2
hqq.to/js/adv/fuckadblock.js?2
190.115.19.71200 OK 3.5 kB URL HTTP/2 hqq.to/js/adv/fuckadblock.js?2
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with CRLF line terminators
Hash ec1ee09f3fac94172cb7563a95812487
77b7090fc3bb4431371fa6ed84e2623dd0015c30
94db3115fa9ba527b159c6c3d3b928c585774be570300801d274eac81806eda0
GET /js/adv/fuckadblock.js?2 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/RFBhYmNtTllFUk9vMU5QT1I5UTBXQT09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=3iJ5X8NlE62s1nwQT2JT; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 21-Dec-2023 09:23:17 GMT
date: Mon, 17 Oct 2022 10:45:52 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 27 Aug 2019 17:39:04 GMT
etag: W/"5d656ab8-369e"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 5611045
ddg-cache-status: HIT,MISS
content-length: 3525
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Last-Modified, Retry-After, Content-Type, Alert, Pragma, ETag, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 21 Dec 2022 09:08:02 GMT
age: 915
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
hqq.to/styles/global/embed_player.3.css?130
190.115.19.71200 OK 1.6 kB URL HTTP/2 hqq.to/styles/global/embed_player.3.css?130
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash 8e6c46db0d3b9b09cb250529f4e92245
78ccfc915538c39e35acb536eca217f2f12e7a0e
7a8726525e4b7e4a725b96f82dafba6d1da8b54d71c5d02144aca8b7d306bf65
GET /styles/global/embed_player.3.css?130 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/RFBhYmNtTllFUk9vMU5QT1I5UTBXQT09
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=7DBrBjpUNqf3YSrwOxuQ; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 21-Dec-2023 09:23:17 GMT
date: Mon, 17 Oct 2022 10:45:52 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 09 Dec 2020 22:16:37 GMT
etag: W/"5fd14cc5-1701"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 5611045
ddg-cache-status: HIT,MISS
content-length: 1623
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash cbb0ca4081d8b3c077e7441952cc2dd8
31398e354e769ebf571101d8dd90a59f6437fe5f
69daf7d8760b2ff1b824db0de600dc1517597dceeafd3b7c8bccde1802de8df3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5271
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:17 GMT
Last-Modified: Wed, 21 Dec 2022 07:55:26 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279
commentsengine.com/js/js.load.1.js?3949073249939611
188.114.97.1200 OK 0 B URL HTTP/2 commentsengine.com/js/js.load.1.js?3949073249939611
IP 188.114.97.1:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /js/js.load.1.js?3949073249939611 HTTP/1.1
Host: commentsengine.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:17 GMT
content-type: application/javascript; charset=UTF-8
content-length: 0
last-modified: Thu, 14 Apr 2022 12:20:52 GMT
etag: "625811a4-0"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
x-cache-status-inferno-s: MISS
x-inferno-location: static
cf-cache-status: HIT
age: 17063922
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2kWoqyvJI8wNTrLYJFhLhiFftlF0rQkttEXDzqwS6TgMxxnD5dD7PwpSoVjGfiWU7fOhRKjHZQO8HRENMfKJ1SL13jj6yWuUJWAJA5epDvdYb8qo73MhG4kcY67lkymgE6b7GBI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8ee09f5bb4fa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hqq.to/e/RFBhYmNtTllFUk9vMU5QT1I5UTBXQT09
190.115.19.71200 OK 41 kB URL HTTP/2 hqq.to/e/RFBhYmNtTllFUk9vMU5QT1I5UTBXQT09
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash 0f9b192b83a855fd9bda7e551c560fec
54b536c2774fcfdf3413020d67630ec56f58024d
5be0d87d1c86bcd283d7dc2f5dd5a12e6fcefe39a614ed576afb2e277972975e
GET /e/RFBhYmNtTllFUk9vMU5QT1I5UTBXQT09 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=ErMmRZgRBG4ldf8wUzQ8; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 21-Dec-2023 09:23:16 GMT
date: Wed, 21 Dec 2022 09:23:16 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
link: <//hqq.to>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//signal.netu.tv>; rel=dns-prefetch; crossorigin,<//wss.commentsengine.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//deliver.vkcdnservice.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
x-origin-location: player
cache-control: public, stale-if-error=30, max-age=30
content-encoding: gzip
x-cache-status-inferno: EXPIRED
x-inferno-location: player
x-inferno-limit-req: PASSED
X-Firefox-Spdy: h2
ka-f.fontawesome.com/releases/v6.2.1/webfonts/free-fa-solid-900.woff2
172.64.169.22200 OK 150 kB URL HTTP/2 ka-f.fontawesome.com/releases/v6.2.1/webfonts/free-fa-solid-900.woff2
IP 172.64.169.22:0
File type Web Open Font Format (Version 2), TrueType, length 150500, version 770.768\012- data
Size 150 kB (150500 bytes)
Hash 69a76555beae5c43a59559396c1aeb54
7d2759002c67a66fc38a72dd0e395e2da3d41474
1494e2691e1c13a3f35cbc3e1b56c5187c10ffe220d1fdc58d99494a666244d4
GET /releases/v6.2.1/webfonts/free-fa-solid-900.woff2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: http://tickzoo.com
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:17 GMT
content-type: font/woff2
content-length: 150500
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Mon, 14 Nov 2022 15:15:23 GMT
etag: "69a76555beae5c43a59559396c1aeb54"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 2ef58ed55caca3380e66558d27160ee8.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR52-C1
x-amz-cf-id: Ph8AZq0G-HS1MS0wwmzvAKumMX5tPtnWpqhrpdbmoVd7UoobDGpegA==
age: 1387798
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GZsyNyVP67GRo1%2FteUWs7ke3ZVFtGcxhlQFpd%2Fw1GK%2BrCy6pnu%2BecExKNV9yEl2wFZsR5vdM0yUlmPIfKLZdkuH7BwJvk1AXqfMWHDQM9rHzjxGEIqH5gbdMPWxtsa73NkIYkBivxw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8ee05edc23d8-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash cbb0ca4081d8b3c077e7441952cc2dd8
31398e354e769ebf571101d8dd90a59f6437fe5f
69daf7d8760b2ff1b824db0de600dc1517597dceeafd3b7c8bccde1802de8df3
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4905
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:17 GMT
Last-Modified: Wed, 21 Dec 2022 08:01:32 GMT
Server: ECS (ska/F718)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash d0c2b6760f2b58f445446dd2276d5af4
aeedf417b1ebde86ce837ca02ba934abb938b1a4
8fe72d0ce839150559da5ddf46bf87d26b6b9cbe34d09641b29a53be24997c81
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4073
Cache-Control: max-age=89487
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:17 GMT
Etag: "63a17b2b-1d7"
Expires: Thu, 22 Dec 2022 10:14:44 GMT
Last-Modified: Tue, 20 Dec 2022 09:06:51 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
hqq.to/js/script-2.12.5.js
190.115.19.71200 OK 4.4 kB URL HTTP/2 hqq.to/js/script-2.12.5.js
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with very long lines (1242)
Hash f2d89553185a342a98893760b5a27460
449a755c7c3e03946b5fab3ea9195b06c43b9ac1
28a5e10daa981bd5e7c28feb373ad68518723bd9eb5a1aabd9124a8d17fa5d2c
GET /js/script-2.12.5.js HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/RFBhYmNtTllFUk9vMU5QT1I5UTBXQT09
Cookie: uid=MWPgZHEFxX1Q4YnCsRrq3zivGgheAqmY
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=0Lrk77wDsuLik634moeh; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 21-Dec-2023 09:23:17 GMT
date: Mon, 17 Oct 2022 10:54:51 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 01 Dec 2020 19:28:37 GMT
etag: W/"5fc69965-4cb8"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 5610506
ddg-cache-status: HIT,MISS
content-length: 4429
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 346 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b64b894855295650a57f3ec0804cba1
0e37da52019f55b2dcbadc0d61c3fb29b1e1f609
ea484fea089807121406a385c9765d5bd6a5254e67072c18b74aa9ebd4fb859f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "EA484FEA089807121406A385C9765D5BD6A5254E67072C18B74AA9EBD4FB859F"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4740
Expires: Wed, 21 Dec 2022 10:42:17 GMT
Date: Wed, 21 Dec 2022 09:23:17 GMT
Connection: keep-alive
hqq.to/cdn-cgi/trace
190.115.19.71404 Not Found 96 B IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 9ff72d56a8b743f362a38ec66f7aac16
0e43e723c6b5e311a098c8b0f1dc43c327a773fb
5518a3a1342d49c5a0091746e7b539610959e13f90eaf33ed3faa139a93a1f14
GET /cdn-cgi/trace HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://hqq.to/e/RFBhYmNtTllFUk9vMU5QT1I5UTBXQT09
Cookie: uid=MWPgZHEFxX1Q4YnCsRrq3zivGgheAqmY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: ddos-guard
set-cookie: __ddg1_=74E7SirtxLWfMzGG6Sch; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 21-Dec-2023 09:23:17 GMT
date: Wed, 21 Dec 2022 09:23:16 GMT
content-type: text/html; charset=UTF-8
x-origin-location: /
x-cache-status-inferno: MISS
x-inferno-location: /
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.187.39.66101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.187.39.66:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 9BGF4AvMndXcWM9WuEGXCg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: nO6Tfzi0LGJiekr6naK56mXvdLo=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 9268a6751ce12e3f10f71abfc4ae496d
685d327dab82ded746f5577fe441a6a13dd57a7b
3d71183c2d7d5ee48122caee2cc3bcece9892d1f19c61d13b14c1f148ff96975
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3D71183C2D7D5EE48122CAEE2CC3BCECE9892D1F19C61D13B14C1F148FF96975"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4214
Expires: Wed, 21 Dec 2022 10:33:31 GMT
Date: Wed, 21 Dec 2022 09:23:17 GMT
Connection: keep-alive
alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
173.233.137.36200 OK 11 kB URL HTTP/1.1 alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
IP 173.233.137.36:0
File type ASCII text, with very long lines (32133), with no line terminators
Hash def8c92f610a4db10cd420dbd30f3783
63ceafb299707fc649ed86f7346edac8b03815f8
796a6058b803589938d9908e33c1d439e3e7018214a95b8d220b5f65f75df064
Analyzer Verdict Alert quad9 Sinkholed
GET /a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js HTTP/1.1
Host: alleviatepracticableaddicted.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 21 Dec 2022 09:23:17 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9a78357b8bb6a14de89263e8ab1550cd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
testingmetriksbre.ru/netu.php
172.64.105.20200 OK 907 B URL HTTP/2 testingmetriksbre.ru/netu.php
IP 172.64.105.20:0
File type ASCII text, with very long lines (855), with CRLF line terminators
Hash 7b1c3839eb8dac0f7d9b6eaf0c89a91e
c5fd8654142548cbbbac6e389ad1fdc9bc450d92
c0718b25efb54e9b5a7d4f14f5010bc2f58861a404547f245d2ee07d3a5c7b64
GET /netu.php HTTP/1.1
Host: testingmetriksbre.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:17 GMT
content-type: application/javascript
x-powered-by: PHP/7.1.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=y7iMqXOQ8jUy5SCM7qLCgbKoeykL5bihjXezIpOaSWUWxIr5hgaKWSw0FHKpRB64nb5Oi23I9UoVXOGP3QRPps%2Bg6sR%2B6CPwhEM9OoVzfcbcexKuQErmZ427UNBH4M%2FTcH%2FMzUus1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cf8ee0edd923bd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@300;400;600;700&display=swap
142.250.74.106200 OK 76 kB URL HTTP/2 fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@300;400;600;700&display=swap
IP 142.250.74.106:0
Hash 55f60b470952e5d1981113e3e378a744
360368acda8db35d6e14065d893410e2b116ab1d
5770e8344f3afb43b3f86a47e7f0ee5a0a3cd84c766a21dce28995751965874e
GET /css2?family=Source+Sans+Pro:wght@300;400;600;700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tickzoo.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 21 Dec 2022 09:23:16 GMT
date: Wed, 21 Dec 2022 09:23:16 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a326391bbeaf29f1c39fe1710992a226
43f9589f95045ad725a1f96808d9c2a128e75b9c
f908ca5bc1d46aca407e63ac5f9b8f1024a82386eec2199537a9e46abd444f36
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F908CA5BC1D46ACA407E63AC5F9B8F1024A82386EEC2199537A9E46ABD444F36"
Last-Modified: Mon, 19 Dec 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16700
Expires: Wed, 21 Dec 2022 14:01:38 GMT
Date: Wed, 21 Dec 2022 09:23:18 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 794910540ee145fd481e25ac9e6b0f66
2f3bfdd29b6de02318151552bdc6108f879aef88
d3cddb0dcb0447473e98705457d39cd2787572757f1a83183b42d94ffe5ff396
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "D3CDDB0DCB0447473E98705457D39CD2787572757F1A83183B42D94FFE5FF396"
Last-Modified: Tue, 20 Dec 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11348
Expires: Wed, 21 Dec 2022 12:32:26 GMT
Date: Wed, 21 Dec 2022 09:23:18 GMT
Connection: keep-alive
simplewebanalysis.com/stats
18.195.193.92200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 18.195.193.92:0
File type ASCII text, with no line terminators
Hash 80c71d146c8e5fa4522e75e44ad04f16
75b39bda7dfc31969bf96bc3650ca34805ccf20e
6ee5a80b760dce45f70eba274736f3110999ad6822f34a1d5e6d053387df5f36
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:18 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://hqq.to
access-control-allow-credentials: true
set-cookie: uid_id2=f2a02236-dfbc-45f1-ace9-a1489e634c25:3:1; expires=Sat, 18 Dec 2032 09:23:18 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
spinalmultiple.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js
192.243.59.12200 OK 29 kB URL HTTP/1.1 spinalmultiple.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash 7619245e37f1b616cadf8836ce4ca720
51c8dfb97f877f1b94cf957dbda1b8ce4676d992
a183dff7830fe8fbd7ce063c820fa795314568d30872a3535956039f36fdcb3b
Analyzer Verdict Alert quad9 Sinkholed
GET /0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js HTTP/1.1
Host: spinalmultiple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 21 Dec 2022 09:23:18 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 3ed140acb6df0fa92561ad0334086829
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.pki.goog/s/gts1p5/mQ0hfpLFOZs
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/mQ0hfpLFOZs
IP 142.250.74.131:0
Hash c953e4a876ce0bd40c5aad3aa856b1a5
f194bff2ceca6fa15f7ffc4ec85adbc308cd7862
47c03f4738a529cc58ef97eae76ec1ebe1353e512f365974364d50b2237ece3f
POST /s/gts1p5/mQ0hfpLFOZs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:18 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/mQ0hfpLFOZs
142.250.74.131200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/mQ0hfpLFOZs
IP 142.250.74.131:0
Hash c953e4a876ce0bd40c5aad3aa856b1a5
f194bff2ceca6fa15f7ffc4ec85adbc308cd7862
47c03f4738a529cc58ef97eae76ec1ebe1353e512f365974364d50b2237ece3f
POST /s/gts1p5/mQ0hfpLFOZs HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:18 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
spinalmultiple.com/sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e&uuid=f2a02236-dfbc-45f1-ace9-a1489e634c25%3A3%3A1
192.243.59.12200 OK 4.1 kB URL HTTP/1.1 spinalmultiple.com/sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e&uuid=f2a02236-dfbc-45f1-ace9-a1489e634c25%3A3%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with very long lines (5739), with no line terminators
Hash b1b3a4c50d12dfe59acffe3389a730ef
51b5c487e489871d88c807b6aee0a23c7028d33d
251bcfbc12ed6124420a3bdac15f8122028fb299d08df0ce2f31073094c46df1
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=a6b0b8925d9b3a4154c035c24b4ed97e&uuid=f2a02236-dfbc-45f1-ace9-a1489e634c25%3A3%3A1 HTTP/1.1
Host: spinalmultiple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 21 Dec 2022 09:23:18 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://hqq.to
Access-Control-Allow-Origin: https://hqq.to
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17334956; expires=Thu, 22 Dec 2022 09:23:18 GMT; secure; SameSite=None
uid_id2=f2a02236-dfbc-45f1-ace9-a1489e634c25:3:1; expires=Wed, 28 Dec 2022 09:23:18 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 22 Dec 2022 09:23:18 GMT; secure; SameSite=None
uncs=1; expires=Thu, 22 Dec 2022 09:23:18 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 22 Dec 2022 09:23:18 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 22 Dec 2022 09:23:18 GMT; secure; SameSite=None
sleca6b0b8925d9b3a4154c035c24b4ed97e=[3870583]; expires=Wed, 21 Dec 2022 09:23:23 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d2a957dab3861a253879f4142832c061
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js
104.16.122.175200 OK 9.3 kB URL HTTP/2 unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js
IP 104.16.122.175:0
File type ASCII text, with very long lines (29325)
Hash 83d5daf9544d4ff4d4dc85e3e1df35fc
2de291318049be6ea68fb07bcb4211761102ce23
bced08348623081cfe3c062d26e30ab778703a4a1aebb95397395096d07656a3
GET /progressbar.js@1.1.0/dist/progressbar.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:17 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7315-VGu3QlAvqjb4wruVTC8CgYdmBAQ"
via: 1.1 fly.io
fly-request-id: 01F3YGTHVETVB9B7TG2TW5GR8F
cf-cache-status: HIT
age: 20925361
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 77cf8ee05f931c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
friendshipmale.com/sfp.js
172.64.108.35200 OK 29 kB URL HTTP/2 friendshipmale.com/sfp.js
IP 172.64.108.35:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 5ac01c4f15f46f4dd46935c0c7d29ddd
36ec12a12557b2105dba43bbb54fba9703d26dbf
db6e10ccb175a112135945f2afcd1d80578ef8a08e82dfd0e5cf8d76709f00cf
GET /sfp.js HTTP/1.1
Host: friendshipmale.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:18 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: d15642bfd96fcbf260cbb44b78270959
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 21 Dec 2022 09:23:17 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v46knJMS9%2FlmUZC2%2Bd6RlMQUTwQKc8Zxjd6KFZnnRcmns3QtwOK9rgN2QOaJDDJ1PW3ity8DhhxUvglq8mA0Iudg8Zegx6uJJU9OMo4%2B070U8Zr8X3KEiEl1fMKmQuPKcm%2FDnaU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8ee5aa7b71a5-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3189
Expires: Wed, 21 Dec 2022 10:16:27 GMT
Date: Wed, 21 Dec 2022 09:23:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3189
Expires: Wed, 21 Dec 2022 10:16:27 GMT
Date: Wed, 21 Dec 2022 09:23:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3189
Expires: Wed, 21 Dec 2022 10:16:27 GMT
Date: Wed, 21 Dec 2022 09:23:18 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash db151f8790fc80bb535b13560972296a
768a8261c1529ccdd5f7ecd2f3b4e65d8e6fa0d1
36b57f1a1229e6700cef5491018a90ec4fe375a4c7bb8e3c7ac8a4cf2ad73d5a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36B57F1A1229E6700CEF5491018A90EC4FE375A4C7BB8E3C7AC8A4CF2AD73D5A"
Last-Modified: Tue, 20 Dec 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3189
Expires: Wed, 21 Dec 2022 10:16:27 GMT
Date: Wed, 21 Dec 2022 09:23:18 GMT
Connection: keep-alive
marazma.com/zEel8G4
188.114.96.1200 OK 1.3 kB IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (343)
Hash bc12bd40db41ba6a07870134e961a2f1
4e15e4ff5dc77a5143b6705ccceebf5ed2317d06
c56247e3fd2572b60973c6e1f25a96c407a3f7ae273fe20b240bc5619e0d5a8c
GET /zEel8G4 HTTP/1.1
Host: marazma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://marazma.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:18 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AvUkaEbf0U7GrbERb6Ew1%2Fr4uiqG%2FdsLiU5qrMNCRGTY0aEOMywrK9rS4LW5pdZSM%2BcMbI%2BddtQxX3J1mdi9HSgJDUjDbSOQo5tzuic2NrAKNF82jePLtZKE6QoR0g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cf8ee98dc51bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefe0191e-7441-4083-843d-18a9446de816.jpeg
34.120.237.76200 OK 9.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefe0191e-7441-4083-843d-18a9446de816.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3bd6359db3b908389343275ee839466b
9094f8e9275252a8e9d5e65fd3e87851b2f80bd7
7380590a93f8a21907c39ddce2f51c599161f219522df4099e9c1a82bcd1e40e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fefe0191e-7441-4083-843d-18a9446de816.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9069
x-amzn-requestid: 103b5caf-fa82-4d66-97e6-99c77027f759
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ddt_DG_hoAMFoKA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a229f9-1a4accb80dbf5e9f2f696c85;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 21:32:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: D8V_RlBCxL1RHxtCyWkX7_IsCCrOdv2o1Wdic0N_aUz0qguhANp88A==
via: 1.1 d83ae0e1ba84e92e58bc1efc23a0c652.cloudfront.net (CloudFront), 1.1 29a825d8a219984d47bec4350779b558.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:37:41 GMT
age: 42337
etag: "9094f8e9275252a8e9d5e65fd3e87851b2f80bd7"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e90886bb18db45cb543f9e2ad623b222
92740688fc4bd3eb3ccd3bfc8c659410de066258
e18d6f1ea6654fd322e4eef0fc27e75ec54946f15579fa2749658414289decdf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E18D6F1EA6654FD322E4EEF0FC27E75EC54946F15579FA2749658414289DECDF"
Last-Modified: Tue, 20 Dec 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11727
Expires: Wed, 21 Dec 2022 12:38:45 GMT
Date: Wed, 21 Dec 2022 09:23:18 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d4aa7e9e3fe28e9c401786f7415171f7
8482a47175ff105957d640269bc14ee1fbc97448
2215ff2537f927e2baf4f713fc947afefc83b416719113ce516aa00f2a4e0708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd8c50f43-5bd1-47f3-9801-3d69c2401091.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11535
x-amzn-requestid: 4fb9a698-c429-49e1-a2c5-b9388f03b044
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: daGQIEuSoAMFnBg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a0b733-53b8088f0d8863f813b9967e;Sampled=0
x-amzn-remapped-date: Mon, 19 Dec 2022 19:10:43 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: axz1LSfJfBvAFuJl53Sl6Kh7r2R4FiTuDB3Xb_XI5AwXB20Gs4rg5A==
via: 1.1 5ab5dc09da67e3ea794ec8a82992cc88.cloudfront.net (CloudFront), 1.1 2c6b5dd77f1abe60653ce0454f344b64.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:49:59 GMT
age: 41599
etag: "8482a47175ff105957d640269bc14ee1fbc97448"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9917118c-5972-401b-b285-5393790dd2a9.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9917118c-5972-401b-b285-5393790dd2a9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b263902026f824265dafc8635785fc65
684efdc99b2b6243fd8a0e94a5ba9cc2147d7591
4c4198f2c893eddf2340ec6bc103f2b06dd4b5a588b81afb2fc0790a2ba148dc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F9917118c-5972-401b-b285-5393790dd2a9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10082
x-amzn-requestid: af563ab2-2bec-4393-89ed-c39d35dbb8ee
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ddt_CGMWoAMFw1A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a229f9-3f4fba7229f46d9f0356d9fd;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 21:32:41 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: VcyyaKnSAMh1uTLQWTg5mDlYLj-8zL-8rLx_tw84vDRvhBfEmTrcbA==
via: 1.1 c34da255183aa208dd1c722ff211f9b2.cloudfront.net (CloudFront), 1.1 21618d080c6bfbcd465fc55a167a8c1a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:37:41 GMT
age: 42337
etag: "684efdc99b2b6243fd8a0e94a5ba9cc2147d7591"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29b3c04e-49ca-4940-930e-747e6dec930f.jpeg
34.120.237.76200 OK 4.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29b3c04e-49ca-4940-930e-747e6dec930f.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 52b73d002ffbdebcf194c56f16138981
04a8f8ee413da353fca1058b9f7a4f7e8d08503b
093582d579d2dcba0a25bac60de27af1bd6e4c54287bc2107c7ffedada0a4616
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29b3c04e-49ca-4940-930e-747e6dec930f.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4746
x-amzn-requestid: cdafdc0a-0aa9-4fd9-9aa3-12b4ba0b5ac2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ddubDHEwoAMF2Aw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63a22aac-41f4751c24bfdd0d3dd23792;Sampled=0
x-amzn-remapped-date: Tue, 20 Dec 2022 21:35:40 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: RbuAmZvYSoVhzOpvGNR1CYJ-j4nH_r_u7s6PvLoacKYrQEkB8iup3g==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 7545e37b10b5fcf5e3df98185c85194a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 21:49:50 GMT
age: 41608
etag: "04a8f8ee413da353fca1058b9f7a4f7e8d08503b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29801943-e64a-496a-9777-304bfa4bf8ab.jpeg
34.120.237.76200 OK 8.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29801943-e64a-496a-9777-304bfa4bf8ab.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c7a4a364175255bc70af2b4b48b150e
5b13818d3ca80ad51b766cbcb6999f3bdea3484c
f0a2f5e81d56ae82e8ada8d853102b187f90509d49d2efb1c16a13355f1f03d1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29801943-e64a-496a-9777-304bfa4bf8ab.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8385
x-amzn-requestid: e07a6fa0-f538-4190-b052-5e86d071ba15
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: dVJSQElvoAMF-uQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-639ebc0e-194e6bc11941041d44c253fd;Sampled=0
x-amzn-remapped-date: Sun, 18 Dec 2022 07:06:54 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 0ev00JL4K-9As3Xw7q0CRbvObibbjlMt_iOR-dkXlpPW8C-6Lj0A9A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 760139201585481b26f947c5f776103a.cloudfront.net (CloudFront), 1.1 google
date: Tue, 20 Dec 2022 12:59:23 GMT
age: 73435
etag: "5b13818d3ca80ad51b766cbcb6999f3bdea3484c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
testingmetriksbre.ru/f.php?sid=212040
172.64.105.20200 OK 4.8 kB URL HTTP/2 testingmetriksbre.ru/f.php?sid=212040
IP 172.64.105.20:0
Hash ebe84788ecb7723b3ec861d20d34f838
bec495fd3fb16df7764f7ba32e69e73826162c3e
c85d5d6a6678e1c47b056e6b5708ba19ab3906d8949ff9e82727b4e03e1263e3
GET /f.php?sid=212040 HTTP/1.1
Host: testingmetriksbre.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:17 GMT
content-type: text/html; charset=UTF-8
x-powered-by: PHP/7.1.33
cache-control: no-store, no-cache, must-revalidate, max-age=0
x-robots-tag: noindex
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Xu%2FKZBaDpyxgYmhoY1jwVX6v08oktDcu5SDc1YP%2B2xJ%2FBMgny3Qgb6JAsbHRqiZxRwz8sfIJtJJEmnYumNHreJFdBxoLhQ8K3qOuHWJpSmXVkCWwF4hXcX0AFQJajaB5jzZGRmyk0A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cf8ee1def923bd-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 344 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b38adceee348afba68fa7f50a19d7df9
95f6a0e95e6fad7ace85be916fb18e7b4327dc44
caadb9f9378977efc7bf8a3eaa604a54bb0ca3c0c4421921d06bf04075b72306
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "CAADB9F9378977EFC7BF8A3EAA604A54BB0CA3C0C4421921D06BF04075B72306"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5975
Expires: Wed, 21 Dec 2022 11:02:54 GMT
Date: Wed, 21 Dec 2022 09:23:19 GMT
Connection: keep-alive
hundredscultureenjoyed.com/pixel/purst?dl=0&th=0&sc=0&rs=1853&rd=1853&fd=578&bv=22.10.v.10&tmpl=136
173.233.137.60200 OK 0 B URL HTTP/1.1 hundredscultureenjoyed.com/pixel/purst?dl=0&th=0&sc=0&rs=1853&rd=1853&fd=578&bv=22.10.v.10&tmpl=136
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1853&rd=1853&fd=578&bv=22.10.v.10&tmpl=136 HTTP/1.1
Host: hundredscultureenjoyed.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 21 Dec 2022 09:23:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
172.64.109.13200 OK 6.0 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/img/close.png
IP 172.64.109.13:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/chat/mob/ssp/v2/new/3/img/close.png HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:19 GMT
content-type: image/png
content-length: 5982
last-modified: Tue, 05 Jul 2022 10:43:39 GMT
etag: "62c415db-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3094319
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1Pq%2BbzBAYtnTwiPQSlPTFDgszzaXf62ATfNup%2BCIopriaoDvqXpthfqoO3HMjq1IcClcvN%2B8rsUENa6f2xfCjzS%2BNThORb%2BgKB6W2cKXKQ6ordqP7KoK0G%2FHk4l8BO1Ya4OMenMLnZz6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8eec59a17576-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
172.64.109.13200 OK 32 kB URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/jquery.min.js
IP 172.64.109.13:0
File type ASCII text, with very long lines (65451)
Hash 48ac8cd3e3f4bb803e86618af28275c2
7c525b69bd0dbd88a80b1e58daf813ea80f33856
0f25cdd21080eace31c8701389b147a42af263acb55f5143b6c7b2128d60435f
GET /sb/chat/mob/ssp/v2/new/3/js/jquery.min.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:19 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:58 GMT
etag: W/"62ceb706-15d94"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3094319
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zKQAmir1FfmCAlse%2Fpl5MPQC2t4U46VOu8mapEOPQqr0mXyWN8ZIu%2FtwcLbpE23zRoiEIzfP%2BBd1yruvyuobmIxvfDnFnKukopydRCX7Fv2w6kVvYry8PpzV39G3LatpOw5gQ%2FBIxUiB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8eec59aa7576-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ab0a93bbc87b59f90512473dbdca6cc5
4b8924c9b41bcedb94a18330989c5324abd2092a
41fa5aecf990aa564c5be814aae91e38e552b9b3326a175343c09da1e956288f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "41FA5AECF990AA564C5BE814AAE91E38E552B9B3326A175343C09DA1E956288F"
Last-Modified: Tue, 20 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11063
Expires: Wed, 21 Dec 2022 12:27:42 GMT
Date: Wed, 21 Dec 2022 09:23:19 GMT
Connection: keep-alive
cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/07/25/1658714770nu7v0/1658714770nu7v0-640x480-3.jpg
50.7.214.74200 OK 42 kB URL HTTP/2 cdn-s13.cfeucdn.com/flv/api/files/thumbs_new/2022/07/25/1658714770nu7v0/1658714770nu7v0-640x480-3.jpg
IP 50.7.214.74:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x720, components 3\012- data
Hash fef337105a2ca19a5148fe59c4a04a1b
35a40bd29d9dba7bd1bdc9d5eb9eb9b6590ad404
08d9b03a1452b3ea819a7fb6ee56eb0bd0f0c791796c25b4768460ab74317453
GET /flv/api/files/thumbs_new/2022/07/25/1658714770nu7v0/1658714770nu7v0-640x480-3.jpg HTTP/1.1
Host: cdn-s13.cfeucdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:27:58 GMT
content-type: image/jpeg
content-length: 41656
last-modified: Mon, 25 Jul 2022 02:24:32 GMT
etag: "62ddfee0-a2b8"
server: cloudflare
expires: Thu, 27 Nov 2121 09:27:58 GMT
cache-control: max-age=3122064000, public
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png
45.133.44.10200 OK 78 kB URL HTTP/2 cdn.cloudimagesb.com/si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash da6e8937f3fcec61da25fb1ea7f619e8
c1f12b107da32a253a8cd69ded672148eeda5743
29b3dcf70160206a05807816cf001886c4715a0fa27bf39170909041a50a2c6e
GET /si/59/92/d7/5992d7e81c8c076d0f9c30e952fcb498/1671506223.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:19 GMT
content-type: image/png
content-length: 78410
server: nginx/1.17.6
last-modified: Tue, 20 Dec 2022 03:17:11 GMT
etag: "63a12937-1324a"
expires: Fri, 23 Dec 2022 09:23:19 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 431b10765589fc37f9ef8381a89fa83e
6f0895aa7a383c7a45f36ba254b50d22d0e3420d
e95e471cd29b0ba898b4eda8b44f3cf2e02e597be374b1b4e37bf33a4079653f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6284
Cache-Control: max-age=94929
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:19 GMT
Etag: "63a187cc-117"
Expires: Thu, 22 Dec 2022 11:45:28 GMT
Last-Modified: Tue, 20 Dec 2022 10:00:44 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 431b10765589fc37f9ef8381a89fa83e
6f0895aa7a383c7a45f36ba254b50d22d0e3420d
e95e471cd29b0ba898b4eda8b44f3cf2e02e597be374b1b4e37bf33a4079653f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6284
Cache-Control: max-age=94929
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:19 GMT
Etag: "63a187cc-117"
Expires: Thu, 22 Dec 2022 11:45:28 GMT
Last-Modified: Tue, 20 Dec 2022 10:00:44 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 279
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hqq.to
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 14 Dec 2022 19:33:54 GMT
expires: Thu, 14 Dec 2023 19:33:54 GMT
cache-control: public, max-age=31536000
age: 568165
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=20860335
190.115.19.71200 OK 16 kB URL HTTP/2 hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=20860335
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash 992b787fbfc52cc6592a8e030deb3977
2f885c48f73fd18c9e692f5e7b2bb926579851e2
6f82023bdd45c9c255dfbcc542e309da8c34a082950a56b312c3513110b76679
GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=20860335 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/RFBhYmNtTllFUk9vMU5QT1I5UTBXQT09
Cookie: uid=MWPgZHEFxX1Q4YnCsRrq3zivGgheAqmY; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f2a02236-dfbc-45f1-ace9-a1489e634c25%3A3%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=spinalmultiple.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=cDHXxyX9vYbgBFtsy2dP; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 21-Dec-2023 09:23:19 GMT
date: Wed, 21 Dec 2022 09:23:18 GMT
content-type: application/json
access-control-allow-origin: *
x-inferno-location: banner
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 07a6388f202f4d4f3ae53eb422384751
b19333149bf7841bed24266801d522e67e0c7ac6
36abe155074ffbce81a7ae738dd205679b4857e45e49499ff4d33aee79e94d45
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "36ABE155074FFBCE81A7AE738DD205679B4857E45E49499FF4D33AEE79E94D45"
Last-Modified: Tue, 20 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1946
Expires: Wed, 21 Dec 2022 09:55:45 GMT
Date: Wed, 21 Dec 2022 09:23:19 GMT
Connection: keep-alive
d.pssy.xyz/d/?resource=bundler&nada=1&widgets=2295456:6,2303727:6,2292846:1,2292849:1,2292850:1,2292848:1&isct=undefined&reqc=1&ver=6b9f61c28c8ae174.1671614596569&page=aHR0cDovL3RpY2t6b28uY29tL3Zlcm9uaWNhLXNpbGVzdG8tY2xpcHMv
23.235.244.225200 OK 7.1 kB URL HTTP/1.1 d.pssy.xyz/d/?resource=bundler&nada=1&widgets=2295456:6,2303727:6,2292846:1,2292849:1,2292850:1,2292848:1&isct=undefined&reqc=1&ver=6b9f61c28c8ae174.1671614596569&page=aHR0cDovL3RpY2t6b28uY29tL3Zlcm9uaWNhLXNpbGVzdG8tY2xpcHMv
IP 23.235.244.225:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (21994), with no line terminators
Hash 063cd8762db75a90f1a2e4e0781b4d69
9374d25b5770674397427f6e95f73f6f9646435e
cece9c99ea3c50d67d4bdae036ed6a56df34505910a1c4c8d86541fbad91d8f4
Analyzer Verdict Alert quad9 Sinkholed
GET /d/?resource=bundler&nada=1&widgets=2295456:6,2303727:6,2292846:1,2292849:1,2292850:1,2292848:1&isct=undefined&reqc=1&ver=6b9f61c28c8ae174.1671614596569&page=aHR0cDovL3RpY2t6b28uY29tL3Zlcm9uaWNhLXNpbGVzdG8tY2xpcHMv HTTP/1.1
Host: d.pssy.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Origin: http://tickzoo.com
Connection: keep-alive
Referer: http://tickzoo.com/
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Dec 2022 09:23:19 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: Express
ETag: W/"55ed-OuRIbpX4evl8sIu7YrXp5po7sOU"
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://tickzoo.com
Content-Encoding: gzip
spinalmultiple.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebYtAcOCHekEC4QMHkIi7P2ObHipCSRVR0qgtCkLiMDsz6wwZ72xndr2OuUStVPVoJA4cN5%2BTRtCoon9AJORwQbmAOSBLEIm%2FAYkzsmPJ8A7z3jffO3zve%2B%2FhXnFGXBR0svGJ7kul6JWo7tbe2ZQp16Wtrd%2BteW7dvVrblOlyeLXWmz6m%2B77nRnX33doNwbb1Fd%2F1XNdzvdqqNCLRvSszFjI7ann1llsP%2FboXheiZ%2F2NbOLDUAe%2Bekdcg%2Bfi5rZ%2BfQbIR0s4P14XdznX23kedQtFcG3T54afpdqrLFJ1FmRgHSXo474a2Y0K%2BvQCdHs4ngO7uTydALMfE%2Bd1DnB7OZSLuHpwrjRVEipi%2FhLI7glAjSDoC0w8g%2Ba8EYBzrt5B2Hq9rU9Kdc5ZO2TG59M%2FfkOWYXPrzMtLO0xUle7U7WhW51KlFL6kgeyPI9ghZcYK870CWJ2D5fUhOkHYqSD55O%2FGp6%2FvB8hJPYrYURom3RJloLVEvbLbEchAyP5pZI%2BUIMhlBiQGovYjCOiikgyJxUGQOOnxSo1Ercd1GEidB0AwZY0HAWNRc5hEPwmbiomBT7QPk2QBMDcDMLjKzi205gCl%2BhN2qYLkDmxN0eYVSEJSWoKQEpSQoc4KyWx1wZX1bPebKFrE3z%2F48B9VQ5%2B09eqDztkjJXnZGXp0a5rxw%2FwjbYlKjy7EbN1t%2BxFtxQEMvCpkbRMwP41DwVkPAygrSXgC1DvpyTN44riOTY%2FL8F38gpiew6gRMvgJavAlaDhu%2BC7o1DJsu%2BukR5YXKl7bu3avnGlxXyPJLyHecPXVGXp8t7urLJQQ7vfZN%2F68bTy9%2FBWYqZKbCl%2FIngrZ6NLytS7J%2FW5eWPLuV5bIj%2B3S61Ds5zcXF7z8WO6U2fO26HXz3AZsS0%2FLorrD5TZpymbYtebIiORdmVRsmyPGa3RTxRmG3VgqTFtnNjQ9X1zqZEdZKnY5A5ZiQyRqYHJMXjz%2BfHexbTz6DNCOYokKnOCXzgNQnYNkubLbQbzWBUYueOHNQFtXQ%2BPHiU0kCJRaYxhXsf3C8qPfsI7SNA5o%2FmJ1p11ToqgpUDWCLi8M8M6fXfgtmgVg5w1gZZz9WRn19bq6Vk1rkhaIZNxuM81gw7jX8oBm4rs952GgJr4Xcjhl%2BefgvAAAA%2F%2F8BAAD%2F%2F0apzfqIBAAA
192.243.59.12200 OK 7 B URL HTTP/1.1 spinalmultiple.com/impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebYtAcOCHekEC4QMHkIi7P2ObHipCSRVR0qgtCkLiMDsz6wwZ72xndr2OuUStVPVoJA4cN5%2BTRtCoon9AJORwQbmAOSBLEIm%2FAYkzsmPJ8A7z3jffO3zve%2B%2FhXnFGXBR0svGJ7kul6JWo7tbe2ZQp16Wtrd%2BteW7dvVrblOlyeLXWmz6m%2B77nRnX33doNwbb1Fd%2F1XNdzvdqqNCLRvSszFjI7ann1llsP%2FboXheiZ%2F2NbOLDUAe%2Bekdcg%2Bfi5rZ%2BfQbIR0s4P14XdznX23kedQtFcG3T54afpdqrLFJ1FmRgHSXo474a2Y0K%2BvQCdHs4ngO7uTydALMfE%2Bd1DnB7OZSLuHpwrjRVEipi%2FhLI7glAjSDoC0w8g%2Ba8EYBzrt5B2Hq9rU9Kdc5ZO2TG59M%2FfkOWYXPrzMtLO0xUle7U7WhW51KlFL6kgeyPI9ghZcYK870CWJ2D5fUhOkHYqSD55O%2FGp6%2FvB8hJPYrYURom3RJloLVEvbLbEchAyP5pZI%2BUIMhlBiQGovYjCOiikgyJxUGQOOnxSo1Ercd1GEidB0AwZY0HAWNRc5hEPwmbiomBT7QPk2QBMDcDMLjKzi205gCl%2BhN2qYLkDmxN0eYVSEJSWoKQEpSQoc4KyWx1wZX1bPebKFrE3z%2F48B9VQ5%2B09eqDztkjJXnZGXp0a5rxw%2FwjbYlKjy7EbN1t%2BxFtxQEMvCpkbRMwP41DwVkPAygrSXgC1DvpyTN44riOTY%2FL8F38gpiew6gRMvgJavAlaDhu%2BC7o1DJsu%2BukR5YXKl7bu3avnGlxXyPJLyHecPXVGXp8t7urLJQQ7vfZN%2F68bTy9%2FBWYqZKbCl%2FIngrZ6NLytS7J%2FW5eWPLuV5bIj%2B3S61Ds5zcXF7z8WO6U2fO26HXz3AZsS0%2FLorrD5TZpymbYtebIiORdmVRsmyPGa3RTxRmG3VgqTFtnNjQ9X1zqZEdZKnY5A5ZiQyRqYHJMXjz%2BfHexbTz6DNCOYokKnOCXzgNQnYNkubLbQbzWBUYueOHNQFtXQ%2BPHiU0kCJRaYxhXsf3C8qPfsI7SNA5o%2FmJ1p11ToqgpUDWCLi8M8M6fXfgtmgVg5w1gZZz9WRn19bq6Vk1rkhaIZNxuM81gw7jX8oBm4rs952GgJr4Xcjhl%2BefgvAAAA%2F%2F8BAAD%2F%2F0apzfqIBAAA
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1RSz28bRRSebYtAcOCHekEC4QMHkIi7P2ObHipCSRVR0qgtCkLiMDsz6wwZ72xndr2OuUStVPVoJA4cN5%2BTRtCoon9AJORwQbmAOSBLEIm%2FAYkzsmPJ8A7z3jffO3zve%2B%2FhXnFGXBR0svGJ7kul6JWo7tbe2ZQp16Wtrd%2BteW7dvVrblOlyeLXWmz6m%2B77nRnX33doNwbb1Fd%2F1XNdzvdqqNCLRvSszFjI7ann1llsP%2FboXheiZ%2F2NbOLDUAe%2Bekdcg%2Bfi5rZ%2BfQbIR0s4P14XdznX23kedQtFcG3T54afpdqrLFJ1FmRgHSXo474a2Y0K%2BvQCdHs4ngO7uTydALMfE%2Bd1DnB7OZSLuHpwrjRVEipi%2FhLI7glAjSDoC0w8g%2Ba8EYBzrt5B2Hq9rU9Kdc5ZO2TG59M%2FfkOWYXPrzMtLO0xUle7U7WhW51KlFL6kgeyPI9ghZcYK870CWJ2D5fUhOkHYqSD55O%2FGp6%2FvB8hJPYrYURom3RJloLVEvbLbEchAyP5pZI%2BUIMhlBiQGovYjCOiikgyJxUGQOOnxSo1Ercd1GEidB0AwZY0HAWNRc5hEPwmbiomBT7QPk2QBMDcDMLjKzi205gCl%2BhN2qYLkDmxN0eYVSEJSWoKQEpSQoc4KyWx1wZX1bPebKFrE3z%2F48B9VQ5%2B09eqDztkjJXnZGXp0a5rxw%2FwjbYlKjy7EbN1t%2BxFtxQEMvCpkbRMwP41DwVkPAygrSXgC1DvpyTN44riOTY%2FL8F38gpiew6gRMvgJavAlaDhu%2BC7o1DJsu%2BukR5YXKl7bu3avnGlxXyPJLyHecPXVGXp8t7urLJQQ7vfZN%2F68bTy9%2FBWYqZKbCl%2FIngrZ6NLytS7J%2FW5eWPLuV5bIj%2B3S61Ds5zcXF7z8WO6U2fO26HXz3AZsS0%2FLorrD5TZpymbYtebIiORdmVRsmyPGa3RTxRmG3VgqTFtnNjQ9X1zqZEdZKnY5A5ZiQyRqYHJMXjz%2BfHexbTz6DNCOYokKnOCXzgNQnYNkubLbQbzWBUYueOHNQFtXQ%2BPHiU0kCJRaYxhXsf3C8qPfsI7SNA5o%2FmJ1p11ToqgpUDWCLi8M8M6fXfgtmgVg5w1gZZz9WRn19bq6Vk1rkhaIZNxuM81gw7jX8oBm4rs952GgJr4Xcjhl%2BefgvAAAA%2F%2F8BAAD%2F%2F0apzfqIBAAA HTTP/1.1
Host: spinalmultiple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Cookie: u_pl=17334956; uid_id2=f2a02236-dfbc-45f1-ace9-a1489e634c25:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 21 Dec 2022 09:23:19 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e2ff02787577b3fcb15b9433539d425b
Strict-Transport-Security: max-age=0; includeSubdomains
spinalmultiple.com/pixel/sbs?c=1
192.243.59.12200 OK 0 B URL HTTP/1.1 spinalmultiple.com/pixel/sbs?c=1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: spinalmultiple.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Cookie: u_pl=17334956; uid_id2=f2a02236-dfbc-45f1-ace9-a1489e634c25:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 21 Dec 2022 09:23:19 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc003b0e12dd3fc901aebb4adf96ce43
42ef3f2aeb3ff25cda16c24516f6782c124ad29f
de8b55a79eaf9aa32a42a577be844943f6164558e4f31232d39230bac39e8b4b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "DE8B55A79EAF9AA32A42A577BE844943F6164558E4F31232D39230BAC39E8B4B"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2348
Expires: Wed, 21 Dec 2022 10:02:27 GMT
Date: Wed, 21 Dec 2022 09:23:19 GMT
Connection: keep-alive
s.pssy.xyz/prbanners/2022/12/06/CNWaMXveBAUJnVimxkWy62TJn8LEp9.png
172.67.206.135200 OK 38 kB URL HTTP/1.1 s.pssy.xyz/prbanners/2022/12/06/CNWaMXveBAUJnVimxkWy62TJn8LEp9.png
IP 172.67.206.135:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash b94782d115fa8b16eb7d767fa6fe4f6c
1252eb126653e9014f3c531deb8a5005186b463a
00aa465fc340a9a3204cf4e3732ec7605372059dd990276078b1b536008eece6
Analyzer Verdict Alert quad9 Sinkholed
GET /prbanners/2022/12/06/CNWaMXveBAUJnVimxkWy62TJn8LEp9.png HTTP/1.1
Host: s.pssy.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tickzoo.com/
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 09:23:19 GMT
Content-Type: image/png
Content-Length: 38451
Connection: keep-alive
Last-Modified: Wed, 07 Dec 2022 00:49:39 GMT
ETag: "638fe323-9633"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 1834
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j4zrsaK7TUUXfWyNU%2BIzuqCoCcQzjiuEtYbewUV6JnEn2ohUQV%2FtgmzRKssKswlrLBlC6M1ozTdDrtAd6bXW35LurB9S7bGMzWvjIJbfryxbKLQKR3wIoy6gsvhu"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77cf8eef7e91fabc-OSL
alt-svc: h2=":443"; ma=60
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc003b0e12dd3fc901aebb4adf96ce43
42ef3f2aeb3ff25cda16c24516f6782c124ad29f
de8b55a79eaf9aa32a42a577be844943f6164558e4f31232d39230bac39e8b4b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "DE8B55A79EAF9AA32A42A577BE844943F6164558E4F31232D39230BAC39E8B4B"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2348
Expires: Wed, 21 Dec 2022 10:02:27 GMT
Date: Wed, 21 Dec 2022 09:23:19 GMT
Connection: keep-alive
s.pssy.xyz/prbanners/2019/03/29/KtMS3Ui41xw9NUALEtNKcp7wnR2h2F.jpeg
172.67.206.135200 OK 36 kB URL HTTP/1.1 s.pssy.xyz/prbanners/2019/03/29/KtMS3Ui41xw9NUALEtNKcp7wnR2h2F.jpeg
IP 172.67.206.135:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 728x90, components 3\012- data
Hash fc5e89b16857dbaa50e987265c179fe9
a2c6121aa02473d8117eea7d117ebfedc32f32ef
1a7a2938b7667a1b90b41eb7c35c9630034cb624c2446240be504477bf068469
Analyzer Verdict Alert quad9 Sinkholed
GET /prbanners/2019/03/29/KtMS3Ui41xw9NUALEtNKcp7wnR2h2F.jpeg HTTP/1.1
Host: s.pssy.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tickzoo.com/
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 09:23:19 GMT
Content-Type: image/jpeg
Content-Length: 35890
Connection: keep-alive
Last-Modified: Fri, 29 Mar 2019 12:44:01 GMT
ETag: "5c9e1311-8c32"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: HIT
Age: 3427
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=M6d6VhsyOl5yKFfqmfdDdkLSWDBybLlGaewkmU0FOkStgDIwYigUlMbhjPcVjA4nO4fr8VOijK5G7Oyu6RtYpoLtmVNZozD21NgFVeFnenj6sMvkckgeJ5Qv%2FJif"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77cf8eef7c411c12-OSL
alt-svc: h2=":443"; ma=60
s.pssy.xyz/prnotifications/2020/12/14/A3Ve2TX8HisMbfhKfYSQw78z6V8Ud2.png
172.67.206.135200 OK 121 kB URL HTTP/2 s.pssy.xyz/prnotifications/2020/12/14/A3Ve2TX8HisMbfhKfYSQw78z6V8Ud2.png
IP 172.67.206.135:0
File type PNG image data, 910 x 455, 8-bit/color RGBA, non-interlaced\012- data
Size 121 kB (121073 bytes)
Hash 7fc7340ed4a648f040c4f2d0daaf91d9
39060822e9b0ea5408cd9b36dc9711d706e05d78
e9938eca31168b40e1b09cb06b6075b8387584d5e56dc8502ab400293afc3611
Analyzer Verdict Alert quad9 Sinkholed
GET /prnotifications/2020/12/14/A3Ve2TX8HisMbfhKfYSQw78z6V8Ud2.png HTTP/1.1
Host: s.pssy.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:19 GMT
content-type: image/png
content-length: 121073
last-modified: Mon, 14 Dec 2020 14:08:29 GMT
etag: "5fd771dd-1d8f1"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 1774
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QaVccSatGfvM%2FjFGB1CEn1ZK5jk4NdBzlAD6%2BafZgw%2BJvIgKF99WJH0%2BOsCy22%2BCyhmfCCO5BJn%2FsyEBeWk0c7NyKn6aGCpGNv%2B%2FBghqWXbaHIWXfFSyAoJ5H%2Fp7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8eef9ca8b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s.pssy.xyz/prnotifications/2020/12/14/3ExgWpQErhSdyBPXcB61HZQGPYrdTR.png
172.67.206.135200 OK 263 kB URL HTTP/2 s.pssy.xyz/prnotifications/2020/12/14/3ExgWpQErhSdyBPXcB61HZQGPYrdTR.png
IP 172.67.206.135:0
Size 263 kB (262773 bytes)
Hash 86c7723e93fa922c3cc0fd456902252e
2c891fb86b99f42505b82d377b6b54086d940d2e
7ace1cfccc23855ec1eb35cdc744099cff1735d5e74d605ec2c51d1cfe18974a
Analyzer Verdict Alert quad9 Sinkholed
GET /prnotifications/2020/12/14/3ExgWpQErhSdyBPXcB61HZQGPYrdTR.png HTTP/1.1
Host: s.pssy.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:19 GMT
content-type: image/png
content-length: 215641
last-modified: Mon, 14 Dec 2020 14:08:29 GMT
etag: "5fd771dd-34a59"
access-control-allow-origin: *
cache-control: max-age=14400
cf-cache-status: HIT
age: 1774
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VBgL8EX53eipbXaJAq3oH4L%2BsvuTEX7c160AiykSZjhsRbCxkkl7U2%2FWtI87GyYYpKc8ycFqhV5JZxscjuwGmnM2r1VVb8Rn%2FzhVteU7Z7XoxWlD6U8Pus6CimVU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8eef9cb8b51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=78398763
190.115.19.71200 OK 336 B URL HTTP/2 hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=78398763
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash f0e08dc53db34af52e34ca5fd365a61c
bc2e720c79de07d9e61e3ac600c0e5167a8b057f
8908e04180eee7f80dfa573286cd9d014f0860f3f993462409909a0a536a9be1
GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=78398763 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/RFBhYmNtTllFUk9vMU5QT1I5UTBXQT09
Cookie: uid=MWPgZHEFxX1Q4YnCsRrq3zivGgheAqmY; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f2a02236-dfbc-45f1-ace9-a1489e634c25%3A3%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=spinalmultiple.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=Cu14T4J6QwBghZVHnLi2; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 21-Dec-2023 09:23:19 GMT
date: Wed, 21 Dec 2022 09:23:18 GMT
content-type: application/json
access-control-allow-origin: *
x-inferno-location: banner
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bc003b0e12dd3fc901aebb4adf96ce43
42ef3f2aeb3ff25cda16c24516f6782c124ad29f
de8b55a79eaf9aa32a42a577be844943f6164558e4f31232d39230bac39e8b4b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "DE8B55A79EAF9AA32A42A577BE844943F6164558E4F31232D39230BAC39E8B4B"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2348
Expires: Wed, 21 Dec 2022 10:02:27 GMT
Date: Wed, 21 Dec 2022 09:23:19 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9e43b0716feb9f72fe72030a7e9bfd34
5aad8ce4c0e2b037cc60b28890975bb1943e3336
bb42958e64cff98060fbc5931e8c52ac90e9c5c0e154543004d483af309248ff
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5790
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:19 GMT
Last-Modified: Wed, 21 Dec 2022 07:46:49 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 280
unseenreport.com/pxf.gif?uuid=f2a02236-dfbc-45f1-ace9-a1489e634c25&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1309&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=9
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=f2a02236-dfbc-45f1-ace9-a1489e634c25&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1309&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=9
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=f2a02236-dfbc-45f1-ace9-a1489e634c25&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1309&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=9 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 21 Dec 2022 09:23:19 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 93e8e16ec5a6ca031189ceb05541a1b9
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=f2a02236-dfbc-45f1-ace9-a1489e634c25&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1309&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=9
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=f2a02236-dfbc-45f1-ace9-a1489e634c25&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1309&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=9
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=f2a02236-dfbc-45f1-ace9-a1489e634c25&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0&dev=e&res=14.1309&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=9 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 21 Dec 2022 09:23:19 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d595204bf470788059c0412a3a936383
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 9e43b0716feb9f72fe72030a7e9bfd34
5aad8ce4c0e2b037cc60b28890975bb1943e3336
bb42958e64cff98060fbc5931e8c52ac90e9c5c0e154543004d483af309248ff
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5790
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:19 GMT
Last-Modified: Wed, 21 Dec 2022 07:46:49 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 280
s.pssy.xyz/prbanners/2022/12/20/csWJLtdXUt6LHnk2r8jHovFPvWot83.gif
172.67.206.135200 OK 51 kB URL HTTP/1.1 s.pssy.xyz/prbanners/2022/12/20/csWJLtdXUt6LHnk2r8jHovFPvWot83.gif
IP 172.67.206.135:0
File type gzip compressed data, max compression\012- data
Hash a2cd6a77c2835643bd9ba4717102f321
e38541d315bbdd4269bd083156163505e7b4841a
410b3dd9c87988d4933ccf4bf851b4e9516e942e4cdfaee386f98da991cfb6d9
Analyzer Verdict Alert quad9 Sinkholed
GET /prbanners/2022/12/20/csWJLtdXUt6LHnk2r8jHovFPvWot83.gif HTTP/1.1
Host: s.pssy.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://tickzoo.com/
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 09:23:19 GMT
Content-Type: image/gif
Content-Length: 50168
Connection: keep-alive
Last-Modified: Tue, 20 Dec 2022 10:36:01 GMT
ETag: "63a19011-c3f8"
Access-Control-Allow-Origin: *
Cache-Control: max-age=14400
CF-Cache-Status: REVALIDATED
Accept-Ranges: bytes
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=QvNLU4t482SC0mG82o1ECM%2BcPFbvw54hpB32q%2Bzv1q7hydcrgZxOqlZjmiYOjp0GmJl%2BbvEW5Mg8KhwVK63W7qpwv6NX2PN13eJDZi8YF1Enn28Fn9QUY6aXjXIm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77cf8eef7bc8b4ee-OSL
alt-svc: h2=":443"; ma=60
ocsp.sectigo.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash b02529ee7cbbc298e3bd3e7f1dd1493a
94c8d4526184a760b43d36e6007aa6e71cdbbe1b
80a0a89e8186d609d644f9940b658af50541b01c3ceba2a6835a7571b31754da
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 09:23:20 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 20 Dec 2022 13:50:07 GMT
Expires: Tue, 27 Dec 2022 13:50:06 GMT
Etag: "94c8d4526184a760b43d36e6007aa6e71cdbbe1b"
Cache-Control: max-age=533805,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 77cf8ef25c3d0b69-OSL
r3.o.lencr.org/
23.36.77.32200 OK 861 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 421cd350befb1e21581d4f6670e43d31
d184f96e5ee18631b21eb5b3eac878ce017e58cd
50e9da2ef63e04999c1038915e70797376621ee19e9442057387a8573e65288c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2EB169734A4A20DF01CB5F9BDE366A935AE7962E089CD65B591E8DFEEBEEE5CA"
Last-Modified: Tue, 20 Dec 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2150
Expires: Wed, 21 Dec 2022 09:59:10 GMT
Date: Wed, 21 Dec 2022 09:23:20 GMT
Connection: keep-alive
d.pssy.xyz/t.php
23.235.244.225200 OK 20 B IP 23.235.244.225:0
Hash 7029066c27ac6f5ef18d660d5741979a
46c6643f07aa7f6bfe7118de926b86defc5087c4
59869db34853933b239f1e2219cf7d431da006aa919635478511fabbfc8849d2
Analyzer Verdict Alert quad9 Sinkholed
GET /t.php HTTP/1.1
Host: d.pssy.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 21 Dec 2022 09:23:20 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: guid=17957a60-e6dc-47b2-92ba-4c9f7d79d27d; expires=Thu, 21-Dec-2023 09:23:20 GMT; Max-Age=31536000; path=/; domain=pssy.xyz; secure; SameSite=None
Access-Control-Allow-Origin: *
Content-Encoding: gzip
xml.poprtb.com/redirect?feed=491010&auth=OpDJQF&pubid=152420
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.poprtb.com/redirect?feed=491010&auth=OpDJQF&pubid=152420
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=491010&auth=OpDJQF&pubid=152420 HTTP/1.1
Host: xml.poprtb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxyz.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 21 Dec 2022 09:23:21 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=d_433774.459870
Pragma: no-cache
adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=d_433774.459870
23.36.79.43307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=d_433774.459870
IP 23.36.79.43:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=d_433774.459870 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxyz.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&sref=TRM&TRM=d_433774.459870&affiliateId=1&pid=86353596&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Wed, 21 Dec 2022 09:23:22 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Wed, 21 Dec 2022 09:23:22 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228589871237%7c1%22%7d%5d; domain=.unibet.com; expires=Fri, 21-Dec-3021 09:23:22 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=22, origin; dur=41
X-Firefox-Spdy: h2
www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&sref=TRM&TRM=d_433774.459870&affiliateId=1&pid=86353596&bid=37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&sref=TRM&TRM=d_433774.459870&affiliateId=1&pid=86353596&bid=37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&sref=TRM&TRM=d_433774.459870&affiliateId=1&pid=86353596&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxyz.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 21 Dec 2022 09:23:22 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&sref=TRM&TRM=d_433774.459870&affiliateId=1&pid=86353596&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A86353596-37950
set-cookie: JSESSIONID=node0nbtzl16rogxd17aa0rsqiidlv427859.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0nbtzl16rogxd17aa0rsqiidlv; Path=/; Domain=.unibet.nu; Expires=Fri, 20-Dec-2024 09:23:22 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Fri, 20-Dec-2024 09:23:22 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref="https://popxyz.com/"; Path=/; Domain=.unibet.nu; Expires=Fri, 20-Dec-2024 09:23:22 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=320665405_53F19708ACC347CFA3E64A708C6556EE; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=86353596; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=https%3A%2F%2Fpopxyz.com%2F; Path=/; Domain=.unibet.nu; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320665405_53F19708ACC347CFA3E64A708C6556EE%26sref%3DTRM%26TRM%3Dd_433774.459870%26affiliateId%3D1%26pid%3D86353596%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
referer: https://popxyz.com/
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Wed, 21 Dec 2022 09:23:22 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
hqq.to/js/video.counters.2.js?117
190.115.19.71200 OK 441 B URL HTTP/2 hqq.to/js/video.counters.2.js?117
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash 4c23bd1a73185d17c9629ae0ebf627a7
b0fc57ef86b0a0fb640c1216bb4d84f86b31d877
5f4902e415702f1c6518b03dc5da1a4ff237200de2e7e8cc9799a51b7a672aa7
GET /js/video.counters.2.js?117 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/RFBhYmNtTllFUk9vMU5QT1I5UTBXQT09
Cookie: uid=MWPgZHEFxX1Q4YnCsRrq3zivGgheAqmY; dom3ic8zudi28v8lr6fgphwffqoz0j6c=f2a02236-dfbc-45f1-ace9-a1489e634c25%3A3%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=spinalmultiple.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=wrUbJ7SqQWjNH1cXjK1Z; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 21-Dec-2023 09:23:22 GMT
date: Mon, 17 Oct 2022 10:54:57 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 06 Feb 2022 19:35:56 GMT
etag: W/"6200231c-2b8"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 5610505
ddg-cache-status: HIT,MISS
content-length: 441
X-Firefox-Spdy: h2
www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&sref=TRM&TRM=d_433774.459870&affiliateId=1&pid=86353596&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A86353596-37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&sref=TRM&TRM=d_433774.459870&affiliateId=1&pid=86353596&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A86353596-37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&sref=TRM&TRM=d_433774.459870&affiliateId=1&pid=86353596&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A86353596-37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxyz.com/
Connection: keep-alive
Cookie: __ucbt=node0nbtzl16rogxd17aa0rsqiidlv; uniattr=ST.0.T; uniattr_ref="https://popxyz.com/"; affiliateId=1; B-TAG=320665405_53F19708ACC347CFA3E64A708C6556EE; BID=37950; PID=86353596; REFERER=https%3A%2F%2Fpopxyz.com%2F; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320665405_53F19708ACC347CFA3E64A708C6556EE%26sref%3DTRM%26TRM%3Dd_433774.459870%26affiliateId%3D1%26pid%3D86353596%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Wed, 21 Dec 2022 09:23:22 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Wed, 21 Dec 2022 09:23:22 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55e33678b58e5354e4848b16e55d4152
256f88ab978f7019315098fc05a98f724f465cb4
8c721162eacf6edfc6d48554b9bda096626d9cf4b06f6cace1843f47860d47c3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "8C721162EACF6EDFC6D48554B9BDA096626D9CF4B06F6CACE1843F47860D47C3"
Last-Modified: Tue, 20 Dec 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17131
Expires: Wed, 21 Dec 2022 14:08:53 GMT
Date: Wed, 21 Dec 2022 09:23:22 GMT
Connection: keep-alive
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash cd36c285cfb3582ca37ad68165bf0ff7
5ee849538e8cc4d64cb16a8aaba29c5976c77b6e
543fbe0e4472241ab439d0794b0b782bcfa2d20d2e403a0277d6d7d465c287d7
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 09:23:22 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 25 Dec 2022 08:03:03 GMT
ETag: "5ee849538e8cc4d64cb16a8aaba29c5976c77b6e"
Last-Modified: Wed, 21 Dec 2022 08:03:04 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1365
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77cf8f015f2d0b41-OSL
ocsp.globalsign.com/gseccovsslca2018
104.18.21.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.21.226:0
Hash cc7d60a0c0e85f84aae52d6436fa734e
0ef180e2fb350fe3476562facf963afd7685baa3
6636b9a3adfbea9e10bd9b16df27b3bfae4233d9e23f1953c66faf7ba8321853
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 21 Dec 2022 09:23:22 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sun, 25 Dec 2022 07:17:05 GMT
ETag: "0ef180e2fb350fe3476562facf963afd7685baa3"
Last-Modified: Wed, 21 Dec 2022 07:17:06 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2615
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 77cf8f0169971bfe-OSL
cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
45.133.44.3200 OK 446 B URL HTTP/2 cdn.barscreative1.com/sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html
IP 45.133.44.3:0
ASN #39572 DataWeb Global Group B.V.
Hash 2ba32da63ca1528fa18571aee4bd1bde
2588eac663211860fbd734120fb03b70d4bfb073
93fd1f561774928ea10de60c6beb27879c94aa541b6a5d9056c97c3b4a2fc4f3
GET /sb/au/e6/d7/97/e6d797a3a7be0e7ec1877d1b33146dfa/1657714258.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:18 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Wed, 13 Jul 2022 12:11:03 GMT
etag: W/"62ceb657-4a6"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Wed, 21 Dec 2022 10:23:18 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/tag.js
93.158.134.119200 OK 74 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 93.158.134.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (659)
Hash df8b4b03a004f38931d767a7fc0af559
ab4c795e61914b8f1d2f3c894dc69b9a5d1e7997
7c555625298725867e7bb9e90139ce623ec77400078752c8effaa5b1b2ca1d05
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 73714
date: Wed, 21 Dec 2022 09:23:22 GMT
access-control-allow-origin: *
etag: "63a043d3-11ff2"
expires: Wed, 21 Dec 2022 10:23:22 GMT
last-modified: Mon, 19 Dec 2022 13:58:27 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
93.158.134.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 93.158.134.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 21 Dec 2022 09:23:22 GMT
access-control-allow-origin: *
etag: "63a043d3-2b"
expires: Wed, 21 Dec 2022 10:23:22 GMT
accept-ranges: bytes
last-modified: Mon, 19 Dec 2022 13:58:27 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
172.217.21.170200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 172.217.21.170:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Tue, 20 Dec 2022 17:25:38 GMT
expires: Wed, 20 Dec 2023 17:25:38 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
age: 57464
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
104.18.25.188200 OK 803 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (966), with no line terminators
Hash 0a688866b8c3e86db5b7e394a8fdd5cf
c6148585d3a34c4b169f00e8664cb8202033f517
e3695c19f39e79a43aa3046c08db98112d249e56265baa92f12a2ac94c5a5bd5
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3A5CF50"
x-ms-request-id: ca01fc72-d01e-004f-5078-066356000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 25256
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f034a0db517-OSL
content-encoding: br
X-Firefox-Spdy: h2
a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
85.184.96.5200 OK 956 B URL HTTP/2 a1s-cdn.unibet.com/unibet/bannerflow/scripts/master_tag.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
Hash fd48e87ecd4d06d9c5df490b91dc813e
a65a437db44444634e4f41732c590c1d14433b3f
2f786ae3f4577ed970f60aa7a9edf726300a740fdb360a8364db7ff4b7ca8e47
GET /unibet/bannerflow/scripts/master_tag.js HTTP/1.1
Host: a1s-cdn.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: application/javascript
content-length: 956
last-modified: Mon, 25 Apr 2022 12:19:34 GMT
etag: "3bc-5dd7996cc0ce1"
cache-control: max-age=1800, public, must-revalidate
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s-cdn.unibet.com; Path=/; SameSite=None; Secure
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash d433f1a68fdb1ea99ae86c14f66c9a70
fafe86063dc923afd69f365a5b0fb85d201b43ed
481054e5d7be824bf21e07a3aab6101b7a61fae6cc9a5c29414a992d663fbcd0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2149
Cache-Control: max-age=98359
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:22 GMT
Etag: "63a1a55d-116"
Expires: Thu, 22 Dec 2022 12:42:41 GMT
Last-Modified: Tue, 20 Dec 2022 12:06:53 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 278
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
104.18.25.188200 OK 100 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5740), with no line terminators
Size 100 kB (100540 bytes)
Hash bccf9f933784055c4a3a5b55b126bc0c
425a532a870e58e15d58198870819aab69a5243c
e12d3e57d87fd40ee8098b10797e5468de4a42c9f7287f327b2562e2cf6d6e18
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4CC7156"
x-ms-request-id: 4fc06b4d-901e-004e-1803-033c8a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 175863
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f033a08b517-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.25.188404 Not Found 16 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.25.188:0
File type XML 1.0 document text\012- XML document, Unicode text, UTF-8 (with BOM) text
Hash 31dd67855b607c1c9c62efd3de2aec0f
a3af797d5f6ecbd66d2441d5abc0c5cf99aecc9c
965d3ae5894b3fa99b31d4217b127c3ccd69dbf6eb57ce9df9fd8178c40213ee
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: application/xml
x-ms-request-id: 39705e10-001e-0011-241d-1588b6000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 183
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f043b07b517-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
104.18.25.188200 OK 12 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP 104.18.25.188:0
File type HTML document, Unicode text, UTF-8 text
Hash 20c1419d340e5dc9f4ef05dbfb73e33c
fe019f19da8b98e28894c28b7f83fabcfe9e1471
f6991eb276a06a1c36f3b4978a63a0ceb1af3ba62459dde810bcc419c010b049
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB50B45F5"
x-ms-request-id: 10dfb792-f01e-0077-0703-03c796000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 175863
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f0329f3b517-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
104.18.25.188200 OK 82 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1481), with no line terminators
Hash 488eb9cb2ea3999dfa0a2824747c7be2
346f031301c2be718ecbe7a5446851c73faf378e
7d50e799b7597a5dd568863886d69da36707903b241eb2932069020a98878dae
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3E60357"
x-ms-request-id: 16b99321-701e-000b-6a03-03e969000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 175862
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f034a0eb517-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
104.18.25.188200 OK 75 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1066), with no line terminators
Hash b553decb310d390c7c3aacaf288bb779
0fa79ceb52bef295d47bbf91f984a16779756125
60f9f0c1b039344ae8aeefb76c20a527750859d5b5434003411f8440320e40ca
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB39EA46F"
x-ms-request-id: a11628c9-801e-0042-7503-03ab82000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 175862
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f034a0ab517-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
104.18.25.188200 OK 5.5 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP 104.18.25.188:0
Hash c3a6345b35ff1913daf29a326bf5e349
e3dae9683fa7f8edc186785d7e4fff2c6ea68361
04aef1fc91629c9e53eab25169c3471bd31623b6acc08514dd281b38100a6e96
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB117460B"
x-ms-request-id: dbafa778-701e-0034-4703-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 175863
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f0329f1b517-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash adbc81aa65a60e499363accbbb7e5cd6
f2cd56c25839e7764e877aa696d764f89fd7f105
2372f18ba0bb5540f999ff9d16fb56118baaba7f74164318fd80dde66e63837e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 642
Cache-Control: max-age=89626
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:23 GMT
Etag: "63a18924-117"
Expires: Thu, 22 Dec 2022 10:17:09 GMT
Last-Modified: Tue, 20 Dec 2022 10:06:28 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 279
script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
104.19.148.8200 OK 1.6 kB URL HTTP/2 script.crazyegg.com/pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1
IP 104.19.148.8:0
File type JSON data\012- , ASCII text, with very long lines (4098), with no line terminators
Hash 12880d3cf113bbb8f90dcc635ab0ddd7
fa21978e8bc223db1edcfde7672a385b01057226
8c683a2f8e778f42faa24af60d7d2cbd2a7f4eb4406b28f229679fbe45f83387
GET /pages/data-scripts/0012/9242/site/welcome.unibet.com.json?t=1 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:23 GMT
content-type: application/json
content-length: 1592
access-control-expose-headers: CE-Version
ce-version: 11.5.14
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
last-modified: Wed, 21 Dec 2022 05:52:48 GMT
content-encoding: gzip
access-control-allow-origin: *
cf-cache-status: HIT
age: 12635
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f05186fb4fd-OSL
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js
104.19.148.8200 OK 29 kB URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP 104.19.148.8:0
File type ASCII text, with very long lines (57802)
Hash 9b192128fafb962044424d4f2fde004b
c2655e5b305381cb40f72bca41c99f07f1870074
0247517990411303070121734082c930b78fc724494f15929ecf4dfa8fe24ca0
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:23 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.14
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Wed, 21 Dec 2022 05:52:41 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 12642
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f04e82bb4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
secure.adnxs.com/seg?add=9755599
185.89.210.82307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=9755599
IP 185.89.210.82:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Wed, 21 Dec 2022 09:23:23 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: 29808fad-e4b7-47e5-8cfc-4bfe6721faa5
Set-Cookie: uuid2=2112925214472924332; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 21-Mar-2023 09:23:23 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
104.18.25.188200 OK 10 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP 104.18.25.188:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3676af2952755cbe9df18e10934ba465
d905d7c3ca0d0df68260470d53d211ecbd60b2ac
b0bb0961d89642c8cd96f4438235b23134b8e838d71a0e913fbfffe402be7df2
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Mon, 21 Nov 2022 12:34:13 GMT
etag: W/"0x8DACBBCB22FE05F"
x-ms-request-id: bf5a1d34-901e-003c-5a03-033bc5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 175863
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f034a13b517-OSL
content-encoding: br
X-Firefox-Spdy: h2
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
185.89.210.82200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
IP 185.89.210.82:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Wed, 21 Dec 2022 09:23:23 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: 4bb4a4fc-5ec2-49e3-9e1d-c0d315467451
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2C''i)V*D!]tbP6j2F-XstGt!@D>h$X-SE; SameSite=None; Path=/; Max-Age=7776000; Expires=Tue, 21-Mar-2023 09:23:23 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 952.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
assets-tracking.crazyegg.com/healthcheck
54.230.111.63200 OK 19 B URL HTTP/2 assets-tracking.crazyegg.com/healthcheck
IP 54.230.111.63:0
File type JSON data\012- , ASCII text
Hash d06f04fccf68d0b228a5923187ce1afd
5de9df9fdd66a91eed06e31981553d4ab9ccf490
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
GET /healthcheck HTTP/1.1
Host: assets-tracking.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 19
date: Mon, 31 Oct 2022 08:40:59 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: Access-Control-Allow-Origin
access-control-max-age: 31536000
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
etag: "d06f04fccf68d0b228a5923187ce1afd"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 60929bddfcfe8b3a510a9502ad6d8742.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ubX_qxqlOy9iSerimHOAW3j1hOaDd7Pdh5F8X9mhcjcvB-0GJiryaQ==
age: 4408945
X-Firefox-Spdy: h2
pagestates-tracking.crazyegg.com/healthcheck
54.230.111.22200 OK 19 B URL HTTP/2 pagestates-tracking.crazyegg.com/healthcheck
IP 54.230.111.22:0
File type JSON data\012- , ASCII text
Hash d06f04fccf68d0b228a5923187ce1afd
5de9df9fdd66a91eed06e31981553d4ab9ccf490
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
GET /healthcheck HTTP/1.1
Host: pagestates-tracking.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/json
content-length: 19
date: Mon, 14 Nov 2022 03:38:26 GMT
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
access-control-expose-headers: Access-Control-Allow-Origin
access-control-max-age: 31536000
last-modified: Fri, 08 Jul 2022 22:25:51 GMT
etag: "d06f04fccf68d0b228a5923187ce1afd"
accept-ranges: bytes
server: AmazonS3
x-cache: Hit from cloudfront
via: 1.1 ab09332bca1a3bd382d2e408f65b98d2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _UGI7e0ub9etWjf0uZTeqRoTnz5uPomfsfNw3pmCUGwedbgimwbNaQ==
age: 3217498
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash cba02a74e9b5c96ed9f17c7210d8fa60
97f6c9a73d7306110d7926b9dc295b97c1c55844
b515ef58be498336c6659740defd7d993e64594ff825d187f54648bf576d0665
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4033
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 21 Dec 2022 09:23:23 GMT
Last-Modified: Wed, 21 Dec 2022 08:16:10 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s94933661222596?AQB=1&ndh=1&pf=1&t=21%2F11%2F2022%209%3A23%3A44%203%200&mid=63953271537707523574817493240342339267&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A86353596-37950%26btag%3D320665405_53F19708ACC347CFA3E64A708C6556EE%26bid%3D37950%26campaignId%3D2799402%26pid%3D86353596&r=https%3A%2F%2Fpopxyz.com%2F&cc=GBP&ch=bf_landingpage&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A86353596-37950%26btag%3D320665405_53F19708ACC347CFA3E64A708C6556EE%26bid%3D37950%26campaignId%3D2799402%26pid%3D86353596&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=9%3A23%20AM%7CWednesday&v6=9%3A23%20AM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1671614624&v21=Not%20Logged-In&c73=unibet&c74=63953271537707523574817493240342339267&v99=63953271537707523574817493240342339267&v120=popunder&v121=1%3A320665405%3A86353596-37950&v122=NONE&v124=2799402&v125=320665405_53F19708ACC347CFA3E64A708C6556EE&v126=86353596&v127=37950&v134=1671614624&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1920&bh=1080&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
15.188.95.229200 OK 43 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s94933661222596?AQB=1&ndh=1&pf=1&t=21%2F11%2F2022%209%3A23%3A44%203%200&mid=63953271537707523574817493240342339267&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A86353596-37950%26btag%3D320665405_53F19708ACC347CFA3E64A708C6556EE%26bid%3D37950%26campaignId%3D2799402%26pid%3D86353596&r=https%3A%2F%2Fpopxyz.com%2F&cc=GBP&ch=bf_landingpage&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A86353596-37950%26btag%3D320665405_53F19708ACC347CFA3E64A708C6556EE%26bid%3D37950%26campaignId%3D2799402%26pid%3D86353596&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=9%3A23%20AM%7CWednesday&v6=9%3A23%20AM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1671614624&v21=Not%20Logged-In&c73=unibet&c74=63953271537707523574817493240342339267&v99=63953271537707523574817493240342339267&v120=popunder&v121=1%3A320665405%3A86353596-37950&v122=NONE&v124=2799402&v125=320665405_53F19708ACC347CFA3E64A708C6556EE&v126=86353596&v127=37950&v134=1671614624&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1920&bh=1080&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP 15.188.95.229:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s94933661222596?AQB=1&ndh=1&pf=1&t=21%2F11%2F2022%209%3A23%3A44%203%200&mid=63953271537707523574817493240342339267&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A86353596-37950%26btag%3D320665405_53F19708ACC347CFA3E64A708C6556EE%26bid%3D37950%26campaignId%3D2799402%26pid%3D86353596&r=https%3A%2F%2Fpopxyz.com%2F&cc=GBP&ch=bf_landingpage&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A86353596-37950%26btag%3D320665405_53F19708ACC347CFA3E64A708C6556EE%26bid%3D37950%26campaignId%3D2799402%26pid%3D86353596&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=9%3A23%20AM%7CWednesday&v6=9%3A23%20AM%7CWednesday&v11=GBP&c14=New&v14=New&c16=1671614624&v21=Not%20Logged-In&c73=unibet&c74=63953271537707523574817493240342339267&v99=63953271537707523574817493240342339267&v120=popunder&v121=1%3A320665405%3A86353596-37950&v122=NONE&v124=2799402&v125=320665405_53F19708ACC347CFA3E64A708C6556EE&v126=86353596&v127=37950&v134=1671614624&s=1280x1024&c=24&j=1.6&v=N&k=N&bw=1920&bh=1080&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
date: Wed, 21 Dec 2022 09:23:23 GMT
expires: Tue, 20 Dec 2022 09:23:23 GMT
last-modified: Thu, 22 Dec 2022 09:23:23 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3589765027610361856-4619803031954629034
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
104.18.25.188200 OK 2.1 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP 104.18.25.188:0
File type HTML document, ASCII text
Hash 88d6b4cff7b53a3bd3405db42465ebd2
a5b98143b2dddf621efc2dbb02d76af52bf58c2d
a9a43195da24bd83015da83b277e26bc9b0b0347ef8eea6554384ed49a3a294d
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB5157DAD"
x-ms-request-id: 88d0ed66-201e-0074-2503-0326f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 175863
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f0339f6b517-OSL
content-encoding: br
X-Firefox-Spdy: h2
tracking.crazyegg.com/clock?t=1671614624599&tk=49f5480a39da8ce7e59e73633af4ed5a
34.247.113.167200 OK 26 B URL HTTP/2 tracking.crazyegg.com/clock?t=1671614624599&tk=49f5480a39da8ce7e59e73633af4ed5a
IP 34.247.113.167:0
File type ASCII text, with no line terminators
Hash 3e3c37cf169d08bba377901b37131736
bb35621d6efec7863343cf5f093516b9f230537d
5dcf27d4a823cf91772abcb9aa24e5f1032365c070265294cd8f17f1f6cacdc8
GET /clock?t=1671614624599&tk=49f5480a39da8ce7e59e73633af4ed5a HTTP/1.1
Host: tracking.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: awselb/2.0
date: Wed, 21 Dec 2022 09:23:23 GMT
content-type: text/plain
content-length: 26
cache-control: no-store
access-control-allow-origin: *
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4C5466A"
x-ms-request-id: 0b580569-d01e-0060-1f03-036e9d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 175863
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f033a05b517-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/widget/betslip/betslip.js
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/widget/betslip/betslip.js
IP 104.18.25.188:0
GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: V3DcYDl/+4NNEoCqe8670A==
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
etag: W/"0x8D67ACF6D112CB5"
x-ms-request-id: 556a432d-701e-0079-3f03-03ee26000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 175863
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f040adeb517-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
104.16.174.188200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg
IP 104.16.174.188:0
GET /resources/18-plus-adbfd412-ffe0-4780-a5c3-1b540d6ceed3.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:23 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: DtBEzXf8HuXNecd90Rx/1w==
last-modified: Fri, 27 Nov 2020 14:00:01 GMT
etag: W/"0x8D892DCBC244A27"
x-ms-request-id: f9c36029-201e-0105-665e-a57399000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 469
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f06eaf60b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/animate.css
IP 172.64.109.13:0
GET /sb/chat/mob/ssp/v2/new/3/css/animate.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:19 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-135d1"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1130302
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YaOgMLGq%2BwAM1%2BZe0pfHWgvF%2F0HO%2FIQpy1VR2XeeKJNuUgrJZ7x%2Boj04GA3bBANcsbqHBR4ozrs1ZO%2ByYCjCF92jh4SCFi%2FOnX0KfrUAm%2F7MUNlAO7HOCmGwKGHxu64vRUTCEUDROUYI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8eec29847576-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.popxperts.com/qpad49Q
104.21.39.130301 Moved Permanently 0 B URL HTTP/2 www.popxperts.com/qpad49Q
IP 104.21.39.130:0
GET /qpad49Q HTTP/1.1
Host: www.popxperts.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://popxyz.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 21 Dec 2022 09:23:19 GMT
location: https://popxperts.com/qpad49Q
cache-control: max-age=3600
expires: Wed, 21 Dec 2022 10:23:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X5QrwzFHUcMmoVg1Zjr%2BSujUfI%2BX1u4LmitFgnMhY7eTqQH1Wt235gtacLDKvw8hMsSyOsFu%2B5obiwDLP74ThRcHVKfhzuUTHhV%2F0uwixLApzWVyrX9%2BeTCc8wwmcNHFDVXzwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8eee1c55b515-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxyz.com/
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: 3j1KK5ReHy/6ckOVwt+Uag==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
x-ms-request-id: a524bd24-201e-0006-321d-1521bd000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f016fbab517-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB1D5BF7A"
x-ms-request-id: 5d879bd0-f01e-002a-0703-03cd12000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 175863
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f0339feb517-OSL
content-encoding: br
X-Firefox-Spdy: h2
hqq.to/player/get_player_image.php
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/player/get_player_image.php
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
POST /player/get_player_image.php HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 74
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/e/RFBhYmNtTllFUk9vMU5QT1I5UTBXQT09
Cookie: uid=MWPgZHEFxX1Q4YnCsRrq3zivGgheAqmY
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=cyM6ixa0KVahJzYSZ9Rd; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 21-Dec-2023 09:23:17 GMT
date: Wed, 21 Dec 2022 09:23:16 GMT
content-type: application/json
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
pragma: no-cache
x-file-located: temp, filename:../files/temp/video_images/0/v/1658714770nu7v0-3.jpg
x-clickarr-add-e: 1
x-image-size: 41656
x-img-cr: j
x-origin-location: get_image
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
x-inferno-location: player
x-inferno-limit-req: PASSED
X-Firefox-Spdy: h2
marazma.com/static/css/style.css
188.114.96.1200 OK 0 B URL HTTP/2 marazma.com/static/css/style.css
IP 188.114.96.1:0
GET /static/css/style.css HTTP/1.1
Host: marazma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://marazma.com/Jr1zAzZ
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:18 GMT
content-type: text/css
last-modified: Thu, 08 Dec 2022 21:31:03 GMT
etag: W/"63925797-76c83"
cache-control: max-age=14400
cf-cache-status: HIT
age: 2606
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sCnR%2BI3OBc%2F90h2Fm9FJnhq%2FHJYmobTvH8k01u2Vv6BuoBW%2FWFCfbQ9l%2FL%2BEqno5UrWmONVS48TRl%2BTESU23xHkJG4sRrUfT4twRZ%2Ff4%2FTWzZXhdDX5Tpi0dF5jYHA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8ee94d7e1bfe-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
104.16.174.188200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP 104.16.174.188:0
GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:23 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: aecbdf5c-c01e-0126-115e-a51c52000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 469
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f06eaf90b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2
hqq.to/ad/api/popunder.js
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/ad/api/popunder.js
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /ad/api/popunder.js HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/e/RFBhYmNtTllFUk9vMU5QT1I5UTBXQT09
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=rSo8wFcpH4A3cC6uTtbl; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 21-Dec-2023 09:23:17 GMT
date: Fri, 15 Jul 2022 10:51:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 15 Sep 2021 14:06:22 GMT
etag: W/"6141fdde-15"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
x-cache-status-inferno-s: HIT
x-inferno-location: static
accept-ranges: bytes
age: 13732358
ddg-cache-status: HIT,HIT
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4BDF480"
x-ms-request-id: 88d0ed69-201e-0074-2803-0326f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 175863
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f033a01b517-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/custom.js
IP 104.18.25.188:0
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: d013a120-f01e-003a-7703-03087a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 25249
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f0339fab517-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.25.188404 Not Found 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: application/xml
x-ms-request-id: 39705e10-001e-0011-241d-1588b6000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 183
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f034a12b517-OSL
content-encoding: br
X-Firefox-Spdy: h2
zap.buzz/Jr1zAzZ
104.21.53.136302 Found 0 B IP 104.21.53.136:0
GET /Jr1zAzZ HTTP/1.1
Host: zap.buzz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://popxyz.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 21 Dec 2022 09:23:19 GMT
content-type: text/html; charset=utf-8
location: https://xml.poprtb.com/redirect?feed=491010&auth=OpDJQF&pubid=152420
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.Y6LQhw.70TLLH7BYOlAAjHNUzp-xABO3sI; Expires=Wed, 21 Dec 2022 09:53:19 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3riGzNsaWlgGUEHsQD7AMKmhFwOcXYaRsnHefPyxly0ZWtIJLda6Z6zgYz4iIvZnjDQIi7qCvSrgedOaxthWf%2BI%2BHA4kndu8hmcawvVvEYZLbnh4hcGcX5tT8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cf8ef01fb71c0a-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 0 B URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
172.64.132.15200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 172.64.132.15:0
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: text/css
x-amz-id-2: bDlIamUY1QfJPc4QlUBnXFv1f1qQDGvTvEH6wm5EFeK9XBcJboUVX25kNqwZs6Ih/vyIsNf6eIM=
x-amz-request-id: 39MR148XF08XCMJM
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 2146218
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Jo0OaTqHDWQQ0sEPM3d%2FblHxGH7E44k7wZbzpUUOmPVbUgFP95jKY0aUDO5C8GQUZwvn7eSzQlGbwrT%2Bc17r%2B%2F49n5af468sFSrBde%2BwkK%2BnDPxx%2FMSJB6sDwHYBF3cFThthn9x1"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cf8f03bf0a71ae-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/css/style.css
IP 172.64.109.13:0
GET /sb/chat/mob/ssp/v2/new/3/css/style.css HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:19 GMT
content-type: text/css
last-modified: Wed, 13 Jul 2022 12:13:55 GMT
etag: W/"62ceb703-1229"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1130302
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Nvs9w4dTCJPZZv%2BvX0per5hKC73qmTIwWd6Wj8g1pVp%2BHjFAxqjJDu7NeFg0P%2FZ%2F0NAQ2mGvwJ%2FdC33Dpd5GtGLlfD0cpsJwhJBMZGtTBf19ZZdmx%2FZAKDExV6Fhw%2BXPA8NresG6q%2FrF"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8eec29827576-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
172.64.109.13200 OK 0 B URL HTTP/2 cdn.creative-bars1.com/sb/chat/mob/ssp/v2/new/3/js/script.js
IP 172.64.109.13:0
GET /sb/chat/mob/ssp/v2/new/3/js/script.js HTTP/1.1
Host: cdn.creative-bars1.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:19 GMT
content-type: application/javascript
last-modified: Wed, 13 Jul 2022 12:13:56 GMT
etag: W/"62ceb704-17f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1130302
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bT0V5U9cZ%2BShs5bdBp8Mggs9cEIpxRm6gBGKHRx1QgCFA0tvVBAJRKNpVLX6pGslVRdkcFWqL4O9EZLbacA5MXhWl3pdodxaOImJJcOrC8F6ylhzz%2BEJEdRcrI6mGT8BL%2BPev%2BGcTaIA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8eed0a407576-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js?464337
104.19.148.8200 OK 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js?464337
IP 104.19.148.8:0
GET /pages/scripts/0012/9242.js?464337 HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:23 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.14
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Wed, 21 Dec 2022 05:52:41 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 12642
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f04f838b4fd-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
unpkg.com/jquery@2.2.4/dist/jquery.min.js
104.16.122.175200 OK 0 B URL HTTP/2 unpkg.com/jquery@2.2.4/dist/jquery.min.js
IP 104.16.122.175:0
GET /jquery@2.2.4/dist/jquery.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:17 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Fri, 20 May 2016 17:24:42 GMT
etag: W/"14e4a-abtp4lyn1e8JNTF1hOYVPz/ZqIw"
via: 1.1 fly.io
fly-request-id: 01G754SVY4BFC19MXYRYRMED91-fra
cf-cache-status: HIT
age: 14658098
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 77cf8ee05f951c12-OSL
content-encoding: br
X-Firefox-Spdy: h2
www.marazma.com/zEel8G4
104.21.0.191301 Moved Permanently 0 B IP 104.21.0.191:0
GET /zEel8G4 HTTP/1.1
Host: www.marazma.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://marazma.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 301 Moved Permanently
date: Wed, 21 Dec 2022 09:23:18 GMT
location: https://marazma.com/zEel8G4
cache-control: max-age=3600
expires: Wed, 21 Dec 2022 10:23:18 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9AbuxZcCfdpAGXVnj7B0VXnBperEc2sX0aIpqcPYj6KpGvrfM8hmxGjRJNbQO3mV40lkzrcqvyJ9VjU2r0nQB%2BdTOgdx5m6BAOjSnFixMUVuVmTpJx3gf2NbOh0n0S8l0FI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8ee978e7b4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
104.18.25.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP 104.18.25.188:0
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:86353596-37950&btag=320665405_53F19708ACC347CFA3E64A708C6556EE&bid=37950&campaignId=2799402&pid=86353596
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a86353596%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1671614602170)%5c%2f%22%2c%22CookieTag%22%3a%223795086353596451240919C20221221923%22%7d%5d
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:22 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB2079DB0"
x-ms-request-id: 24a2aae3-d01e-004f-0203-036356000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 175863
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f0339fcb517-OSL
content-encoding: br
X-Firefox-Spdy: h2
popxyz.com/Jr1zAzZ
172.67.181.82200 OK 0 B IP 172.67.181.82:0
GET /Jr1zAzZ HTTP/1.1
Host: popxyz.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://marazma.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:19 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4%2B2LlYPB2Z8Gjx3z1nNLwhC3%2FOwEgw1HCR7PYo6%2FG7QzGFgxeuVgbVkAVXaNCcuXgflH0oluh37ilrS0scXWnfOw2Q%2F0DIgLtPRzJstt5NkDXfXpbsHiLrbZMKrN"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 77cf8eed496db500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
kit.fontawesome.com/1e1169734c.js
104.18.23.52200 OK 0 B URL HTTP/2 kit.fontawesome.com/1e1169734c.js
IP 104.18.23.52:0
GET /1e1169734c.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: http://tickzoo.com
Connection: keep-alive
Referer: http://tickzoo.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:16 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: FyfSg1do1aEKvZQAhh9i
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 77cf8edb1bb31c16-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
104.16.174.188200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP 104.16.174.188:0
GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 21 Dec 2022 09:23:23 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 0c05a17a-201e-0074-2dff-f626f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 525
vary: Accept-Encoding
server: cloudflare
cf-ray: 77cf8f06daf30b3d-OSL
content-encoding: br
X-Firefox-Spdy: h2