504 B IP
ASN #20940 Akamai International B.V.
Hash 91a50ba757c5ca46c896205a21d87a49
0b48953a685631845a7034c8948077de0e60de80
15d10fabb92098e81e218740ae04059fe6340c321ee70325db46f6c9cb7ad817
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "15D10FABB92098E81E218740AE04059FE6340C321EE70325DB46F6C9CB7AD817"
Last-Modified: Thu, 18 Jul 2024 07:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10722
Expires: Fri, 19 Jul 2024 17:26:55 GMT
Date: Fri, 19 Jul 2024 14:28:13 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash c746d0145c03aa7156aa6a21d8cd2d41
8fb7cb950f28012e8bf42cf02c7598862c66e21f
c695ccd93d9e45c8d7b4b08201a3fe45221658531fa0a54f778dadcc2479399e
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "C695CCD93D9E45C8D7B4B08201A3FE45221658531FA0A54F778DADCC2479399E"
Last-Modified: Thu, 18 Jul 2024 07:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12793
Expires: Fri, 19 Jul 2024 18:01:26 GMT
Date: Fri, 19 Jul 2024 14:28:13 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash ba83fc82f22d464fbc0a613d3224fdef
b8d2b3e057c0d01c05e3891f5b5cdaf09e001d3b
17205f996d5ce1462adb970516597f51763582906181b875e45b5b7535f38b8f
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "17205F996D5CE1462ADB970516597F51763582906181B875E45B5B7535F38B8F"
Last-Modified: Thu, 18 Jul 2024 08:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4038
Expires: Fri, 19 Jul 2024 15:35:31 GMT
Date: Fri, 19 Jul 2024 14:28:13 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash 42e531d59be85c09ecc215208470d19e
75ec72c8c8e1de19407837d46d2ad7119770cdb0
38125115e22a9a58bf2df205bb09ae6c6fef4948b9de15b2f15f37d19aedf6a9
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "38125115E22A9A58BF2DF205BB09AE6C6FEF4948B9DE15B2F15F37D19AEDF6A9"
Last-Modified: Thu, 18 Jul 2024 07:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11339
Expires: Fri, 19 Jul 2024 17:37:13 GMT
Date: Fri, 19 Jul 2024 14:28:14 GMT
Connection: keep-alive
HEAD vivosoccer.xyz/vivo/9.php
200 OK 25 kB URL HEAD HTTP/3 vivosoccer.xyz/vivo/9.php
IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerLet's Encrypt
Subjectvivosoccer.xyz
Fingerprint56:21:8F:48:CC:54:41:03:46:55:2E:68:73:D2:EB:32:09:3E:16:AE
ValidityTue, 11 Jun 2024 17:53:36 GMT - Mon, 09 Sep 2024 17:53:35 GMT
File type JavaScript source, ASCII text, with very long lines (63154)
Hash 82523e6b5edfa5f58e9acd8e0140fe15
250ea2d8c87ee25f3a3308dfaa02ba887bb09e70
5e4aa0f78a5df90a296f5b3940032c4157e3315a62b4e414dc8a31ee366c9866
GET /vivo/9.php HTTP/1.1
Host: vivosoccer.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V68DiiFqggYMBhyNvY1L%2Fxi4kXCRhoza74AE72JHecR6LS8aJjEQ75a%2BQOlL%2FCQRMAV5JewSCYXINt6zWZuyODjvXqSKGDMPfs0nW1njtYgbatTfjeZIWy7u%2F3I6YFnGIA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5b65933c0956b9-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET cdn.jsdelivr.net/npm/@clappr/player@latest/dist/clappr.min.js
200 OK 170 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/@clappr/player@latest/dist/clappr.min.js
IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 170 kB (169818 bytes)
Hash dab2d64437710247c214acc3b9330c41
bd540e94b5d09675672c524fb018902bd6a1a388
d2fbcb1544ff003e2c11bf04bb7d97c44d32442fd55d7a9df324c2133ae1648b
GET /npm/@clappr/player@latest/dist/clappr.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vivosoccer.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.6.0
x-jsd-version-type: version
etag: W/"9871a-vVQOlLXQlnVnLFJPsBiQK9aho4g"
content-encoding: br
accept-ranges: bytes
age: 16681
date: Fri, 19 Jul 2024 14:28:14 GMT
x-served-by: cache-fra-eddf8230062-FRA, cache-hel1410024-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 169818
X-Firefox-Spdy: h2
GET cdn.jsdelivr.net/clappr/latest/clappr.min.js
200 OK 132 kB URL GET HTTP/2 cdn.jsdelivr.net/clappr/latest/clappr.min.js
IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 132 kB (131690 bytes)
Hash bca50774306ac9c46fe0925a99901c4f
0fac4589ac73332b6cace09c7cc3a662d298faaa
cbcf0e85e906f9e8caf296fc6fd0cb8fcfb69b31e9ac570d63bd837fcf743f6f
GET /clappr/latest/clappr.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vivosoccer.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"8156e-D6xFiaxzMytsrOCcfMOmYtKY+qo"
content-encoding: br
accept-ranges: bytes
date: Fri, 19 Jul 2024 14:28:14 GMT
age: 229061
x-served-by: cache-fra-etou8220143-FRA, cache-hel1410024-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 131690
X-Firefox-Spdy: h2
504 B IP
ASN #20940 Akamai International B.V.
Hash b289fe644b0ac4dd7a66f1f08faf9f34
390e1659c094adff3990800fb59bdc659b5b92a8
2612c80542efbb7237933e95a8651fd68acc281279a0312580991a9a96975724
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "2612C80542EFBB7237933E95A8651FD68ACC281279A0312580991A9A96975724"
Last-Modified: Thu, 18 Jul 2024 07:36:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9277
Expires: Fri, 19 Jul 2024 17:02:51 GMT
Date: Fri, 19 Jul 2024 14:28:14 GMT
Connection: keep-alive
HEAD vivosoccer.xyz/vivo/9.php
200 OK 0 B URL HEAD HTTP/3 vivosoccer.xyz/vivo/9.php
IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerLet's Encrypt
Subjectvivosoccer.xyz
Fingerprint56:21:8F:48:CC:54:41:03:46:55:2E:68:73:D2:EB:32:09:3E:16:AE
ValidityTue, 11 Jun 2024 17:53:36 GMT - Mon, 09 Sep 2024 17:53:35 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /vivo/9.php HTTP/1.1
Host: vivosoccer.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vivosoccer.xyz/vivo/9.php
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Fri, 19 Jul 2024 14:28:14 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3kamfgNeJApSTtJVub%2BvYeQ10QHwvHG9HnbbEn%2FStQIOBOuMvY%2B91rmppvcLdl1KIBspWww%2FVy%2BqtCesDi5O%2BwdFi8TqMn5xirVcXPI2xkLWvrHqo%2B5DWw3J%2Bdjmr7XBtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5b6597cc9156bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET cdn.jsdelivr.net/npm/@clappr/player@latest/dist/clappr.min.js
200 OK 170 kB URL GET HTTP/2 cdn.jsdelivr.net/npm/@clappr/player@latest/dist/clappr.min.js
IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Size 170 kB (169818 bytes)
Hash dab2d64437710247c214acc3b9330c41
bd540e94b5d09675672c524fb018902bd6a1a388
d2fbcb1544ff003e2c11bf04bb7d97c44d32442fd55d7a9df324c2133ae1648b
GET /npm/@clappr/player@latest/dist/clappr.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vivosoccer.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
content-length: 169818
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.6.0
x-jsd-version-type: version
etag: W/"9871a-vVQOlLXQlnVnLFJPsBiQK9aho4g"
content-encoding: br
accept-ranges: bytes
date: Fri, 19 Jul 2024 14:28:14 GMT
age: 16681
x-served-by: cache-fra-eddf8230062-FRA, cache-hel1410030-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
504 B IP
ASN #20940 Akamai International B.V.
Hash dd88fb5d8d8932a04a0356362683fa99
ff691f38403cc43ab4df0c354f9742eb8e36f086
fa219d5b5af261b1a24dfc64a79905e24add1ad544718bd9c8bfcc796e4ce59c
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "FA219D5B5AF261B1A24DFC64A79905E24ADD1AD544718BD9C8BFCC796E4CE59C"
Last-Modified: Thu, 18 Jul 2024 08:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19032
Expires: Fri, 19 Jul 2024 19:45:26 GMT
Date: Fri, 19 Jul 2024 14:28:14 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash 5c0fbbb3c5793943b2368cf7df4b933f
fce41926317be75489d57da347008b2430959443
6f53ca91ee66b2549698fd3a1b4525bcf54c9275aac988c2116d5b9e75a89cbd
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6F53CA91EE66B2549698FD3A1B4525BCF54C9275AAC988C2116D5B9E75A89CBD"
Last-Modified: Thu, 18 Jul 2024 07:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15750
Expires: Fri, 19 Jul 2024 18:50:44 GMT
Date: Fri, 19 Jul 2024 14:28:14 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash 5c0fbbb3c5793943b2368cf7df4b933f
fce41926317be75489d57da347008b2430959443
6f53ca91ee66b2549698fd3a1b4525bcf54c9275aac988c2116d5b9e75a89cbd
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6F53CA91EE66B2549698FD3A1B4525BCF54C9275AAC988C2116D5B9E75A89CBD"
Last-Modified: Thu, 18 Jul 2024 07:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15750
Expires: Fri, 19 Jul 2024 18:50:44 GMT
Date: Fri, 19 Jul 2024 14:28:14 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash 5c0fbbb3c5793943b2368cf7df4b933f
fce41926317be75489d57da347008b2430959443
6f53ca91ee66b2549698fd3a1b4525bcf54c9275aac988c2116d5b9e75a89cbd
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "6F53CA91EE66B2549698FD3A1B4525BCF54C9275AAC988C2116D5B9E75A89CBD"
Last-Modified: Thu, 18 Jul 2024 07:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15693
Expires: Fri, 19 Jul 2024 18:49:47 GMT
Date: Fri, 19 Jul 2024 14:28:14 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash dd88fb5d8d8932a04a0356362683fa99
ff691f38403cc43ab4df0c354f9742eb8e36f086
fa219d5b5af261b1a24dfc64a79905e24add1ad544718bd9c8bfcc796e4ce59c
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "FA219D5B5AF261B1A24DFC64A79905E24ADD1AD544718BD9C8BFCC796E4CE59C"
Last-Modified: Thu, 18 Jul 2024 08:34:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18956
Expires: Fri, 19 Jul 2024 19:44:10 GMT
Date: Fri, 19 Jul 2024 14:28:14 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash dbf7ce2c9d30d2fc020953625cfbd820
76dec6ab6ee3b9c9a706049f7109b2820cf434c9
4c482fe98ecd91a57b52952a9495bce77abf77a13a062406367e9b1232052a52
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "4C482FE98ECD91A57B52952A9495BCE77ABF77A13A062406367E9B1232052A52"
Last-Modified: Thu, 18 Jul 2024 07:16:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20390
Expires: Fri, 19 Jul 2024 20:08:05 GMT
Date: Fri, 19 Jul 2024 14:28:15 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash 55bfddc726e66b60fe1fb8b3ef2c0f2a
bb7d8ad41354b4135d6cacd4e43e6c1d346ee221
55fedf81d1cf28635e16d1fe36b838844636be2b8135398cd2ec542fabb76c2c
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "55FEDF81D1CF28635E16D1FE36B838844636BE2B8135398CD2EC542FABB76C2C"
Last-Modified: Thu, 18 Jul 2024 12:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19904
Expires: Fri, 19 Jul 2024 19:59:59 GMT
Date: Fri, 19 Jul 2024 14:28:15 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash 55bfddc726e66b60fe1fb8b3ef2c0f2a
bb7d8ad41354b4135d6cacd4e43e6c1d346ee221
55fedf81d1cf28635e16d1fe36b838844636be2b8135398cd2ec542fabb76c2c
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "55FEDF81D1CF28635E16D1FE36B838844636BE2B8135398CD2EC542FABB76C2C"
Last-Modified: Thu, 18 Jul 2024 12:20:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19950
Expires: Fri, 19 Jul 2024 20:00:45 GMT
Date: Fri, 19 Jul 2024 14:28:15 GMT
Connection: keep-alive
111 kB URL clck.littlecdn.com/web/static/300x250/13.png
IP
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size 111 kB (110676 bytes)
Hash c6596c7e59d3d6174903c44cabd1fd43
d50bbf6468ac21ca6618bd87fed137385ddde6b6
16d98868b11479eae8eea4ba34203505bf809f7054483dcda7f85b260f107f9d
GET /web/static/300x250/13.png HTTP/1.1
Host: clck.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: image/png
content-length: 110676
last-modified: Wed, 15 May 2024 10:17:41 GMT
etag: "c6596c7e59d3d6174903c44cabd1fd43"
expires: Sat, 20 Jul 2024 11:31:42 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 10593
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5b659a8ff5b50f-OSL
X-Firefox-Spdy: h2
126 kB URL clck.littlecdn.com/web/static/728x90/12.png
IP
File type PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced
Size 126 kB (125597 bytes)
Hash 70ea816b32fdcf7128fabd8f8682ad98
7bd0f5201f773c5993c54ed4ea3bfd94349d7e23
844bb8a13392c4b4bb1e2276253e44ac373ac29c5401474d6bc09a1171d92019
GET /web/static/728x90/12.png HTTP/1.1
Host: clck.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: image/png
content-length: 125597
last-modified: Wed, 15 May 2024 10:18:02 GMT
etag: "70ea816b32fdcf7128fabd8f8682ad98"
expires: Sat, 20 Jul 2024 12:11:13 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 8222
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5b659a9811b50f-OSL
X-Firefox-Spdy: h2
OPTIONS frgmffuftivmcl.com/
200 OK 0 B IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerLet's Encrypt
Subjectfrgmffuftivmcl.com
Fingerprint9A:AB:B3:69:31:5F:CE:B9:AE:47:1E:7C:3C:EB:0B:36:4A:87:52:47
ValidityThu, 18 Jul 2024 11:05:22 GMT - Wed, 16 Oct 2024 11:05:21 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS / HTTP/1.1
Host: frgmffuftivmcl.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: HEAD
Access-Control-Request-Headers: content-type
Referer: https://vivosoccer.xyz/
Origin: https://vivosoccer.xyz
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://vivosoccer.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400
X-Firefox-Spdy: h2
GET my.rtmark.net/gid.js?userId=00809e98ee7649d5eedeaff76d81afe6
200 OK 65 B URL GET HTTP/2 my.rtmark.net/gid.js?userId=00809e98ee7649d5eedeaff76d81afe6
IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint4B:EF:80:EB:90:B5:8C:01:82:25:B6:92:59:BE:A9:6A:C7:83:75:8E
ValidityFri, 05 Jul 2024 22:30:11 GMT - Thu, 03 Oct 2024 22:30:10 GMT
Hash 7c54378910e6d84a36485c1158277335
7fc62a812eb5b1eef6bac6cf08a29ea3cc10a6f6
f3cf1ef398e68cf6e9edc76a8f66b4493758df764841dd2bfca5bfec63dc7c6b
GET /gid.js?userId=00809e98ee7649d5eedeaff76d81afe6 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivosoccer.xyz
DNT: 1
Connection: keep-alive
Referer: https://vivosoccer.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://vivosoccer.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00809e98ee7649d5eedeaff76d81afe6; expires=Sat, 19 Jul 2025 14:28:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
103 kB URL clck.littlecdn.com/web/static/300x250/15.png
IP
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Size 103 kB (103063 bytes)
Hash b7beb5fa064ad75347a98306a1eb1df1
c5b0f9a2c31a412a2def0c7440719ed11317774c
5874039fc00793bd2a6a3d5f8a2861bc91ab9663aa22b8596902b1d3473eee4b
GET /web/static/300x250/15.png HTTP/1.1
Host: clck.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: image/png
content-length: 103063
last-modified: Wed, 15 May 2024 10:17:42 GMT
etag: "b7beb5fa064ad75347a98306a1eb1df1"
expires: Sat, 20 Jul 2024 11:33:51 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 10464
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5b659b78d0b50f-OSL
X-Firefox-Spdy: h2
504 B IP
ASN #20940 Akamai International B.V.
Hash b54ec597c40424a6bd14c6e2c0c46253
e3a18acee55e417bf01f5f82b228f07423374c4e
bd8201f332af168fb0102bd06070fad4066d7c863a0c12c7ee2b6bc2b9996bcf
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BD8201F332AF168FB0102BD06070FAD4066D7C863A0C12C7EE2B6BC2B9996BCF"
Last-Modified: Fri, 19 Jul 2024 03:30:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13609
Expires: Fri, 19 Jul 2024 18:15:04 GMT
Date: Fri, 19 Jul 2024 14:28:15 GMT
Connection: keep-alive
GET zuhempih.com/btag.min.js
200 OK 2.4 kB IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerLet's Encrypt
Subjectzuhempih.com
Fingerprint9D:36:64:88:91:53:8E:C5:BF:FF:18:E8:10:AF:A1:86:AD:C3:A8:B4
ValiditySun, 30 Jun 2024 04:07:52 GMT - Sat, 28 Sep 2024 04:07:51 GMT
File type JavaScript source, ASCII text, with very long lines (5993), with no line terminators
Hash 49e1a304070ba01ebbaf4b37f46b8b3b
c148b8b831febcbf7a439d08b7e7d6d531b53da8
f37f04b1ccc860be2b3b27544eb2145c82aa86aa50386d828bc97b175b18fedc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /btag.min.js HTTP/1.1
Host: zuhempih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://usgate.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:14 GMT
content-type: application/javascript
x-trace-id: 89e4fde666da6a93af8058b15795e917
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
504 B IP
ASN #20940 Akamai International B.V.
Hash b54ec597c40424a6bd14c6e2c0c46253
e3a18acee55e417bf01f5f82b228f07423374c4e
bd8201f332af168fb0102bd06070fad4066d7c863a0c12c7ee2b6bc2b9996bcf
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BD8201F332AF168FB0102BD06070FAD4066D7C863A0C12C7EE2B6BC2B9996BCF"
Last-Modified: Fri, 19 Jul 2024 03:30:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13609
Expires: Fri, 19 Jul 2024 18:15:04 GMT
Date: Fri, 19 Jul 2024 14:28:15 GMT
Connection: keep-alive
99 kB URL clck.littlecdn.com/web/static/300x250/14.png
IP
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Hash ce7ae1a20c3ae46ace667c88afd97c21
a0fc81e47133c9b4172b70f1c2c8306b470f95ed
4ac7fa7b9cb173f3aa46c0b81fa7bc44a5a55d28d542e0100d9c45b279fc898d
GET /web/static/300x250/14.png HTTP/1.1
Host: clck.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: image/png
content-length: 99097
last-modified: Wed, 15 May 2024 10:17:42 GMT
etag: "ce7ae1a20c3ae46ace667c88afd97c21"
expires: Sat, 20 Jul 2024 11:31:51 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 10584
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5b659c0989b50f-OSL
X-Firefox-Spdy: h2
504 B IP
ASN #20940 Akamai International B.V.
Hash b54ec597c40424a6bd14c6e2c0c46253
e3a18acee55e417bf01f5f82b228f07423374c4e
bd8201f332af168fb0102bd06070fad4066d7c863a0c12c7ee2b6bc2b9996bcf
POST / HTTP/1.1
Host: r11.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "BD8201F332AF168FB0102BD06070FAD4066D7C863A0C12C7EE2B6BC2B9996BCF"
Last-Modified: Fri, 19 Jul 2024 03:30:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13609
Expires: Fri, 19 Jul 2024 18:15:04 GMT
Date: Fri, 19 Jul 2024 14:28:15 GMT
Connection: keep-alive
18 kB URL clck.littlecdn.com/web/static/728x90/6.png
IP
File type PNG image data, 728 x 90, 8-bit colormap, non-interlaced
Hash d6f5427ef6ccc3b36c393f051b72b437
1d41a0cea1d7062befe685ece3db276e792dadfa
f57a58d5bf1eec7ebb8925952c4b1b1b2fc7e8458dde17f7a7ebefca2b9a6092
GET /web/static/728x90/6.png HTTP/1.1
Host: clck.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: image/png
content-length: 18215
last-modified: Mon, 17 Jul 2023 11:26:55 GMT
etag: "d6f5427ef6ccc3b36c393f051b72b437"
expires: Sat, 20 Jul 2024 11:42:38 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 9937
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5b659c29cab50f-OSL
X-Firefox-Spdy: h2
65 B URL my.rtmark.net/gid.js?userId=00809e6b5a30476af895582f53f319dc
IP
Certificate IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint4B:EF:80:EB:90:B5:8C:01:82:25:B6:92:59:BE:A9:6A:C7:83:75:8E
ValidityFri, 05 Jul 2024 22:30:11 GMT - Thu, 03 Oct 2024 22:30:10 GMT
Hash 7c54378910e6d84a36485c1158277335
7fc62a812eb5b1eef6bac6cf08a29ea3cc10a6f6
f3cf1ef398e68cf6e9edc76a8f66b4493758df764841dd2bfca5bfec63dc7c6b
GET /gid.js?userId=00809e6b5a30476af895582f53f319dc HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://usgate.xyz
DNT: 1
Connection: keep-alive
Referer: https://usgate.xyz/
Cookie: ID=00809e98ee7649d5eedeaff76d81afe6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://usgate.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00809e98ee7649d5eedeaff76d81afe6; expires=Sat, 19 Jul 2025 14:28:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
65 B URL my.rtmark.net/gid.js?userId=00809ea991d04330f9666805acf4534b
IP
Certificate IssuerLet's Encrypt
Subjectrtmark.net
Fingerprint4B:EF:80:EB:90:B5:8C:01:82:25:B6:92:59:BE:A9:6A:C7:83:75:8E
ValidityFri, 05 Jul 2024 22:30:11 GMT - Thu, 03 Oct 2024 22:30:10 GMT
Hash 7c54378910e6d84a36485c1158277335
7fc62a812eb5b1eef6bac6cf08a29ea3cc10a6f6
f3cf1ef398e68cf6e9edc76a8f66b4493758df764841dd2bfca5bfec63dc7c6b
GET /gid.js?userId=00809ea991d04330f9666805acf4534b HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://usgate.xyz
DNT: 1
Connection: keep-alive
Referer: https://usgate.xyz/
Cookie: ID=00809e98ee7649d5eedeaff76d81afe6
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://usgate.xyz
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=00809e98ee7649d5eedeaff76d81afe6; expires=Sat, 19 Jul 2025 14:28:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
504 B IP
ASN #20940 Akamai International B.V.
Hash 6853881b882f45b43c6b748d235e1302
a02955c6a4d93ca063e537c07d3e931fb1ecfda2
815647ec3729467888d906ac597237ac4f1dcb8de892fbee602b3650da81ae9b
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "815647EC3729467888D906AC597237AC4F1DCB8DE892FBEE602B3650DA81AE9B"
Last-Modified: Thu, 18 Jul 2024 07:19:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13260
Expires: Fri, 19 Jul 2024 18:09:15 GMT
Date: Fri, 19 Jul 2024 14:28:15 GMT
Connection: keep-alive
GET upheezez.net/5/7210422
200 OK 34 kB IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
File type gzip compressed data, max speed, from Unix
Hash dc8b269c1b4b8e5668250428c88962a5
c559cf8829551d46e69663fb72b686a6cd5cef3e
0c7858c4872d1eebea422b020ece30ae1f6165d59feab36cf1fa2f8dae479d3e
GET /5/7210422 HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: application/javascript
x-trace-id: bcd0334d079c33894dea6c5ac3afcee5
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00809e6b5a30476af895582f53f319dc; expires=Sat, 19 Jul 2025 14:28:15 GMT; path=/; secure; SameSite=None
oaidts=1721399295; expires=Sat, 19 Jul 2025 14:28:15 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
GET upheezez.net/5/7210411
200 OK 34 kB IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
File type gzip compressed data, max speed, from Unix
Hash 04c3433276a601b43d62ed309bef66d5
1560dfafa68a65ae3de6b2d67dd382a33356293c
63529b5e4fff1177c26f75d6300787b68a7a2b76295e758167d0d2dbf72bb89d
GET /5/7210411 HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: application/javascript
x-trace-id: 5304e6aeb5bfa9cc60d972cb25ef530f
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00809e02b7c2472fffb6e78c416d75ba; expires=Sat, 19 Jul 2025 14:28:15 GMT; path=/; secure; SameSite=None
oaidts=1721399295; expires=Sat, 19 Jul 2025 14:28:15 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
GET wowstrk.online/hlsch9_2312_1198.png
200 OK 3.5 MB URL GET HTTP/2 wowstrk.online/hlsch9_2312_1198.png
IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerGoogle Trust Services
Subjectwowstrk.online
Fingerprint51:0A:A2:90:50:BD:67:B8:4D:3D:35:51:61:91:73:FA:B4:5C:F2:30
ValiditySat, 22 Jun 2024 11:44:17 GMT - Fri, 20 Sep 2024 11:44:16 GMT
Size 3.5 MB (3462960 bytes)
Hash 4a5a7cfd044a59c174ac181d80861096
392ef4ba68efcd4819288ab2064142a301af4ce5
0774dbe2e5bb4d9d3cc7ffba2581c1327dce9d3056c7dbf0bbb94d0f3bb5c26d
GET /hlsch9_2312_1198.png HTTP/1.1
Host: wowstrk.online
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivosoccer.xyz
DNT: 1
Connection: keep-alive
Referer: https://vivosoccer.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: image/png
content-length: 3462960
last-modified: Fri, 19 Jul 2024 14:27:46 GMT
etag: "669a77e2-34d730"
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: X-requested-With, Accept, Content-Type, Origin
cache-control: max-age=2, no-store, must-revalidate, proxy-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
referrer-policy: strict-origin
access-control-allow-origin: *
cf-cache-status: HIT
age: 20
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vQdeKgvKxBtfF9PtEQiVKDiT9xgkBQuvDSTwuwjojKFZM7xPkA1Sid1hrps0gNKSVye7ixOVOURsZ%2Bpf9Y18LG7oBU9JjMNBMNJtk6Uabdasrwn%2FDv982pwYJJZ0EL7Z1w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5b659e397756b9-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET scoresports786.com/chunklist/hlsch9.m3u8?wmsAuthSign=c2VydmVyX3RpbWU9Ny8xOS8yMDI0IDI6Mjg6MTQgUE0maGFzaF92YWx1ZT0weUU0c0F5dFYzbFJMY1AzRzV4aGlBPT0mdmFsaWRtaW51dGVzPTcyMCZpZD05MS45MC40Mi4xNTQmc3RybV9sZW49NQ==
200 OK 211 B URL GET HTTP/2 scoresports786.com/chunklist/hlsch9.m3u8?wmsAuthSign=c2VydmVyX3RpbWU9Ny8xOS8yMDI0IDI6Mjg6MTQgUE0maGFzaF92YWx1ZT0weUU0c0F5dFYzbFJMY1AzRzV4aGlBPT0mdmFsaWRtaW51dGVzPTcyMCZpZD05MS45MC40Mi4xNTQmc3RybV9sZW49NQ==
IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerGoogle Trust Services
Subjectscoresports786.com
Fingerprint47:F5:4F:C0:AC:67:12:68:32:C9:04:12:55:AF:D9:43:B0:06:C6:13
ValidityFri, 19 Jul 2024 04:22:54 GMT - Thu, 17 Oct 2024 04:22:53 GMT
Hash 1e6b3dfc597ccf18393fffd365b8c020
e6a293967231d69e39d25735b38ddea53b3e4887
c6ad3843bd680a1a5bc128c8d139def3c5881c663714823427bd7516f34ed539
GET /chunklist/hlsch9.m3u8?wmsAuthSign=c2VydmVyX3RpbWU9Ny8xOS8yMDI0IDI6Mjg6MTQgUE0maGFzaF92YWx1ZT0weUU0c0F5dFYzbFJMY1AzRzV4aGlBPT0mdmFsaWRtaW51dGVzPTcyMCZpZD05MS45MC40Mi4xNTQmc3RybV9sZW49NQ== HTTP/1.1
Host: scoresports786.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivosoccer.xyz
DNT: 1
Connection: keep-alive
Referer: https://vivosoccer.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: application/vnd.apple.mpegurl
last-modified: Fri, 19 Jul 2024 14:28:15 GMT
etag: W/"669a77ff-2ff"
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: X-requested-With, Accept, Content-Type, Origin
cache-control: max-age=2, no-store, must-revalidate, proxy-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self' http: https: data: blob: 'unsafe-inline'
referrer-policy: strict-origin
access-control-allow-origin: *
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fchA1%2F%2F3M%2BGdmxA4puKiS9IEbsl%2Bf8lMQjuxQZOrZ62ha%2BYXBb%2B61qgt3eo266Nf22xRGNH1wUFIV1KUVQ4hPXIacCES%2Fan2Nig%2BlWFJhphoEd02iExb5bjVK5H0MsG0ddFSh6E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5b659def3b56cb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET waisheph.com/5/6270443
200 OK 32 kB IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerLet's Encrypt
Subjectwaisheph.com
FingerprintA9:9F:23:12:64:A6:36:AE:9C:77:73:4B:FC:36:7C:CB:37:71:6B:81
ValidityTue, 18 Jun 2024 23:53:23 GMT - Mon, 16 Sep 2024 23:53:22 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Hash 2ac42375efed2a2828c987acc0b90218
9c00d16c33fbf97468dba0e699f27f704aafa045
b4f8fa6591417c82e95f82d28b0f0f6883c0df32c84d36248d0edaf53b5c34f0
GET /5/6270443 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vivosoccer.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: application/javascript
x-trace-id: 2aa94f8346ceaa3b4b2393b15eb05741
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00809edac4a148d2f19ec1e4e3169dd5; expires=Sat, 19 Jul 2025 14:28:15 GMT; path=/; secure; SameSite=None
oaidts=1721399295; expires=Sat, 19 Jul 2025 14:28:15 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
0 B URL upheezez.net/?rb=_pWNchEYpASe_Kyc85Kx2iZE7Nk18ic-pdKWgbyn8mKrQ8DnKsbGSPajgLL77uTOKj7ZONokJNfL-yobZc2-tT8Kczbo7W9vbrqTzKqAxdJRsCzw_sA3Kcrl6w2B-fm_5GfpGIe_rDaWVAzcmzaO7gqpozH1nVH3e0OwXQHrTvT7Hj3QwGfElS5BM2560WpdPF8p-aS9CJrVf4D722ym0E5TrKnNS7tGfO_-09hL9vU%3D&request_ab2=0&zoneid=7210422&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&bs=db086845-0575-4425-84bc-184fc8bbe7ed&wasm=1&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
IP
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?rb=_pWNchEYpASe_Kyc85Kx2iZE7Nk18ic-pdKWgbyn8mKrQ8DnKsbGSPajgLL77uTOKj7ZONokJNfL-yobZc2-tT8Kczbo7W9vbrqTzKqAxdJRsCzw_sA3Kcrl6w2B-fm_5GfpGIe_rDaWVAzcmzaO7gqpozH1nVH3e0OwXQHrTvT7Hj3QwGfElS5BM2560WpdPF8p-aS9CJrVf4D722ym0E5TrKnNS7tGfO_-09hL9vU%3D&request_ab2=0&zoneid=7210422&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&bs=db086845-0575-4425-84bc-184fc8bbe7ed&wasm=1&userId=00809e98ee7649d5eedeaff76d81afe6&m=link HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://usgate.xyz/
Origin: https://usgate.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=00809ed453194c50efcebc19cdd27321; oaidts=1721399295
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 19 Jul 2024 14:28:15 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://usgate.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
0 B URL upheezez.net/?rb=pjlwaeFUEK79B8BIogtcQZyDsR1bSp6nVNTR_SjP3vPlwoHR0kgma2Bh94bZUwoncKjC6vm4wN-aQDq-0LcOY7Y9s69sqNp-7qY6U56Ce0uPZCewXF8ZwlqAiI7zRW1mvZ_rVnaTB7neuotkxjICOE4d2Lk_TU0A4SoL1ElhXA5_K5jmiZ_sgKqYqomZ0n9elYOHvgaXYiMD-FNddsZv65et8fRLThXbdH-5O8iLYFc%3D&request_ab2=0&zoneid=7210411&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&bs=bd79ba98-7ede-4976-bf87-6dc4da5fa508&wasm=1&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
IP
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?rb=pjlwaeFUEK79B8BIogtcQZyDsR1bSp6nVNTR_SjP3vPlwoHR0kgma2Bh94bZUwoncKjC6vm4wN-aQDq-0LcOY7Y9s69sqNp-7qY6U56Ce0uPZCewXF8ZwlqAiI7zRW1mvZ_rVnaTB7neuotkxjICOE4d2Lk_TU0A4SoL1ElhXA5_K5jmiZ_sgKqYqomZ0n9elYOHvgaXYiMD-FNddsZv65et8fRLThXbdH-5O8iLYFc%3D&request_ab2=0&zoneid=7210411&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=-1&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&bs=bd79ba98-7ede-4976-bf87-6dc4da5fa508&wasm=1&userId=00809e98ee7649d5eedeaff76d81afe6&m=link HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://usgate.xyz/
Origin: https://usgate.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=00809ed453194c50efcebc19cdd27321; oaidts=1721399295
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 19 Jul 2024 14:28:15 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://usgate.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
0 B URL upheezez.net/?rb=CFc6-kT-6fpjVcar84sPLWQMvE-kVhPXkLRaxWzUKo7qPHgBMpL1eYJzMjTVpGRAwapp_2-NA54qNk8M6u8VabvHWO8t5Rq7fntiPbdIGzo5c9E7xkR1afBiRx0D87_RSwhPafrt8mub8a1cH203o8eAhe3Pl9fziSxm_TmoQGHEB4-FF1K1MMaVw76yJjyr-a1_KSM1Ww5jBmFeR28Xok0XG4X-M85PT6_8XIv5Eho%3D&request_ab2=0&zoneid=7210411&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=90&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&bs=bd79ba98-7ede-4976-bf87-6dc4da5fa508&wasm=1&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
IP
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?rb=CFc6-kT-6fpjVcar84sPLWQMvE-kVhPXkLRaxWzUKo7qPHgBMpL1eYJzMjTVpGRAwapp_2-NA54qNk8M6u8VabvHWO8t5Rq7fntiPbdIGzo5c9E7xkR1afBiRx0D87_RSwhPafrt8mub8a1cH203o8eAhe3Pl9fziSxm_TmoQGHEB4-FF1K1MMaVw76yJjyr-a1_KSM1Ww5jBmFeR28Xok0XG4X-M85PT6_8XIv5Eho%3D&request_ab2=0&zoneid=7210411&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=90&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&bs=bd79ba98-7ede-4976-bf87-6dc4da5fa508&wasm=1&userId=00809e98ee7649d5eedeaff76d81afe6&m=link HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://usgate.xyz/
Origin: https://usgate.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=00809ed453194c50efcebc19cdd27321; oaidts=1721399295
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 19 Jul 2024 14:28:15 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://usgate.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
GET waisheph.com/5/6270443/?abt_opts=1&js_build=iclick-v1.851.0&userId=00809e98ee7649d5eedeaff76d81afe6
200 OK 2.2 kB URL GET HTTP/2 waisheph.com/5/6270443/?abt_opts=1&js_build=iclick-v1.851.0&userId=00809e98ee7649d5eedeaff76d81afe6
IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerLet's Encrypt
Subjectwaisheph.com
FingerprintA9:9F:23:12:64:A6:36:AE:9C:77:73:4B:FC:36:7C:CB:37:71:6B:81
ValidityTue, 18 Jun 2024 23:53:23 GMT - Mon, 16 Sep 2024 23:53:22 GMT
File type gzip compressed data, max speed, from Unix
Hash a61e061c70caa55ce7e3b632a1570118
677d410e20465c6809288eb510bc913d2df66481
bb5a804c367ec0f23f825a58d37d81a0a30ba00feeb04311969df9039b7efc0b
GET /5/6270443/?abt_opts=1&js_build=iclick-v1.851.0&userId=00809e98ee7649d5eedeaff76d81afe6 HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivosoccer.xyz
DNT: 1
Connection: keep-alive
Referer: https://vivosoccer.xyz/
Cookie: OAID=00809edac4a148d2f19ec1e4e3169dd5; oaidts=1721399295
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:16 GMT
content-type: application/json
x-trace-id: e0679e743006fd8922b92cae642c930e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vivosoccer.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00809e98ee7649d5eedeaff76d81afe6; expires=Sat, 19 Jul 2025 14:28:16 GMT; path=/; secure; SameSite=None
oaidts=1721399296; expires=Sat, 19 Jul 2025 14:28:16 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 26 Jul 2024 14:28:16 GMT; path=/; secure; SameSite=None
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
504 B IP
ASN #20940 Akamai International B.V.
Hash 1543efa0b06a3c4484d059961f9cf2d0
1aef10797a9524ff91b70e87f41e935a2dbf1917
a8fc1fb00fc3ee458f9a31d619be4cc4a9e7263f980deb8323a5a6ba69c03f8d
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A8FC1FB00FC3EE458F9A31D619BE4CC4A9E7263F980DEB8323A5A6BA69C03F8D"
Last-Modified: Thu, 18 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2464
Expires: Fri, 19 Jul 2024 15:09:20 GMT
Date: Fri, 19 Jul 2024 14:28:16 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash 1543efa0b06a3c4484d059961f9cf2d0
1aef10797a9524ff91b70e87f41e935a2dbf1917
a8fc1fb00fc3ee458f9a31d619be4cc4a9e7263f980deb8323a5a6ba69c03f8d
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A8FC1FB00FC3EE458F9A31D619BE4CC4A9E7263F980DEB8323A5A6BA69C03F8D"
Last-Modified: Thu, 18 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2420
Expires: Fri, 19 Jul 2024 15:08:36 GMT
Date: Fri, 19 Jul 2024 14:28:16 GMT
Connection: keep-alive
504 B IP
ASN #20940 Akamai International B.V.
Hash 1543efa0b06a3c4484d059961f9cf2d0
1aef10797a9524ff91b70e87f41e935a2dbf1917
a8fc1fb00fc3ee458f9a31d619be4cc4a9e7263f980deb8323a5a6ba69c03f8d
POST / HTTP/1.1
Host: r10.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 504
ETag: "A8FC1FB00FC3EE458F9A31D619BE4CC4A9E7263F980DEB8323A5A6BA69C03F8D"
Last-Modified: Thu, 18 Jul 2024 07:17:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2464
Expires: Fri, 19 Jul 2024 15:09:20 GMT
Date: Fri, 19 Jul 2024 14:28:16 GMT
Connection: keep-alive
GET upheezez.net/5/7210422
200 OK 44 kB IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
File type gzip compressed data, max speed, from Unix
Hash 8fe15936268a913947aafdbf2aff204f
95b4e13d3d9f889537ef95cc1edf00e761b957c6
0bcfe8a6cae46c7222200b0aa0ad54c755de3119c42ae5b8ae34f568825d8817
GET /5/7210422 HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: application/javascript
x-trace-id: 3b5c5e1042f24399e10d4ea0f7a68629
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00809ed453194c50efcebc19cdd27321; expires=Sat, 19 Jul 2025 14:28:15 GMT; path=/; secure; SameSite=None
oaidts=1721399295; expires=Sat, 19 Jul 2025 14:28:15 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
GET vivosoccer.xyz/favicon.ico
404 Not Found 11 kB URL GET HTTP/3 vivosoccer.xyz/favicon.ico
IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerLet's Encrypt
Subjectvivosoccer.xyz
Fingerprint56:21:8F:48:CC:54:41:03:46:55:2E:68:73:D2:EB:32:09:3E:16:AE
ValidityTue, 11 Jun 2024 17:53:36 GMT - Mon, 09 Sep 2024 17:53:35 GMT
File type HTML document, ASCII text, with CRLF, LF line terminators
Hash f28344b2c3ebd92750cff6d05c31a011
a2eec0b3e87267d45e2eeb02761d15592defb517
401c2d52b6b3b6c8b9378521bc81eb167e1bb98999d2c30862d9d865e43c8e00
GET /favicon.ico HTTP/1.1
Host: vivosoccer.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vivosoccer.xyz/vivo/9.php
Cookie: prefetchAd_7628732=true
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 404 Not Found
date: Fri, 19 Jul 2024 14:28:16 GMT
content-type: text/html
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
cf-cache-status: BYPASS
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vsbdvu0n5nkHxcgb1sueIBMI29YZtvZPil7HzPipNMziH8EGx8emizXKZl5x87vKsTGSOcnEOdA05a5e3GGu43Ml%2BgskPUpK1ZcgJ0M4bVWZnB%2F5CEdsZadbyLPcliLGpw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5b65a3a98d56bb-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET waisheph.com/?rb=cboQ_X_y9pgGgmSwYBTdna66MYTxpxtDcRvveioHRQ6CE8AV2A-8kfMMq4WIgwSGoV3DSWRNYpUimJ8Cy5bRsb3aZN4PuS_CcNKX6jCuwz38o5aZtsGG-Zc1m1gzTFvTeiuUcI9f_7s2uf-3p_57wvTQ6Z7SiaFxuuVcfZrnm75VOwAUqfh5M94NvJ0aFUTHvHF_disJFtK-KSge-O3dksKArGI95BkcgRdgOEmZb7YXST4ftIxP7r_mEPQZBH_M1OHjn3O4ovGgh0tS&request_ab2=1312621&zoneid=6270443&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=2&pl=https%3A%2F%2Fvivosoccer.xyz%2Fvivo%2F9.php&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=e4e68986-2d09-44af-a289-ce58b1789dd5&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
200 OK 8.4 kB URL GET HTTP/2 waisheph.com/?rb=cboQ_X_y9pgGgmSwYBTdna66MYTxpxtDcRvveioHRQ6CE8AV2A-8kfMMq4WIgwSGoV3DSWRNYpUimJ8Cy5bRsb3aZN4PuS_CcNKX6jCuwz38o5aZtsGG-Zc1m1gzTFvTeiuUcI9f_7s2uf-3p_57wvTQ6Z7SiaFxuuVcfZrnm75VOwAUqfh5M94NvJ0aFUTHvHF_disJFtK-KSge-O3dksKArGI95BkcgRdgOEmZb7YXST4ftIxP7r_mEPQZBH_M1OHjn3O4ovGgh0tS&request_ab2=1312621&zoneid=6270443&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=2&pl=https%3A%2F%2Fvivosoccer.xyz%2Fvivo%2F9.php&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=e4e68986-2d09-44af-a289-ce58b1789dd5&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerLet's Encrypt
Subjectwaisheph.com
FingerprintA9:9F:23:12:64:A6:36:AE:9C:77:73:4B:FC:36:7C:CB:37:71:6B:81
ValidityTue, 18 Jun 2024 23:53:23 GMT - Mon, 16 Sep 2024 23:53:22 GMT
File type gzip compressed data, max speed, from Unix
Hash ab2fbcf8fe329de082f8d811b053b9a1
d9871feebbbfe13685511e1a22bea38e6e06aed5
257b24a49c58630008be5d3a02e2516d31197fb77644458e027d5b1dce294f03
GET /?rb=cboQ_X_y9pgGgmSwYBTdna66MYTxpxtDcRvveioHRQ6CE8AV2A-8kfMMq4WIgwSGoV3DSWRNYpUimJ8Cy5bRsb3aZN4PuS_CcNKX6jCuwz38o5aZtsGG-Zc1m1gzTFvTeiuUcI9f_7s2uf-3p_57wvTQ6Z7SiaFxuuVcfZrnm75VOwAUqfh5M94NvJ0aFUTHvHF_disJFtK-KSge-O3dksKArGI95BkcgRdgOEmZb7YXST4ftIxP7r_mEPQZBH_M1OHjn3O4ovGgh0tS&request_ab2=1312621&zoneid=6270443&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=2&pl=https%3A%2F%2Fvivosoccer.xyz%2Fvivo%2F9.php&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=1&bs=e4e68986-2d09-44af-a289-ce58b1789dd5&userId=00809e98ee7649d5eedeaff76d81afe6&m=link HTTP/1.1
Host: waisheph.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vivosoccer.xyz/
Origin: https://vivosoccer.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=00809e98ee7649d5eedeaff76d81afe6; oaidts=1721399296; syncedCookie=true
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:16 GMT
content-type: application/json
x-trace-id: 8539c97a0cddd956cc8537dad0c95dfe
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vivosoccer.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00809e98ee7649d5eedeaff76d81afe6; expires=Sat, 19 Jul 2025 14:28:16 GMT; path=/; secure; SameSite=None
oaidts=1721399296; expires=Sat, 19 Jul 2025 14:28:16 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 26 Jul 2024 14:28:16 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
8.1 kB URL clck.littlecdn.com/web/static/728x90/16.png
IP
File type PNG image data, 728 x 90, 8-bit/color RGBA, non-interlaced
Hash 67b5bc6b975d6053271e9349da2b7c97
88c60c939ff031e94dca61f60362126648da1717
6c7ae1362eb4fc043cd5baa612bae639224fdd8e0e25b0a2ceaf4f63d22592d0
GET /web/static/728x90/16.png HTTP/1.1
Host: clck.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:25 GMT
content-type: image/png
content-length: 8118
last-modified: Thu, 16 May 2024 11:22:56 GMT
etag: "67b5bc6b975d6053271e9349da2b7c97"
expires: Sat, 20 Jul 2024 12:25:31 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 7374
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5b65db4e0fb50f-OSL
X-Firefox-Spdy: h2
GET zuhempih.com/btag.min.js
200 OK 11 kB IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerLet's Encrypt
Subjectzuhempih.com
Fingerprint9D:36:64:88:91:53:8E:C5:BF:FF:18:E8:10:AF:A1:86:AD:C3:A8:B4
ValiditySun, 30 Jun 2024 04:07:52 GMT - Sat, 28 Sep 2024 04:07:51 GMT
File type gzip compressed data, max speed, from Unix
Hash 8d6eb486316c77cde0756e681676e04d
7cb0aec6dac1a782bbef5021578e36ccb95cba6a
62d26eb4382ef6f335d20bdf4e3d396e160e33a10d7fa0ff6a4a52d235d2a897
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /btag.min.js HTTP/1.1
Host: zuhempih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://usgate.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:25 GMT
content-type: application/javascript
x-trace-id: f9a27aa5d8f18764a61b82ed4af2a58e
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
39 kB URL clck.littlecdn.com/web/static/300x250/3.png
IP
File type PNG image data, 300 x 250, 8-bit colormap, non-interlaced
Hash aa84a9575265dfd979fc3dbfe4b3ce86
f61ba9eca54e0a4e276a940a55b0d753aaa5e4a0
68017f0eda42ac4a6c1206c0290de9cc88546b9a1d90b7d9b379b795ee5d4e9f
GET /web/static/300x250/3.png HTTP/1.1
Host: clck.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:25 GMT
content-type: image/png
content-length: 39260
last-modified: Mon, 17 Jul 2023 11:26:21 GMT
etag: "aa84a9575265dfd979fc3dbfe4b3ce86"
expires: Sat, 20 Jul 2024 11:33:37 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 10488
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5b65db5e31b50f-OSL
X-Firefox-Spdy: h2
18 kB URL clck.littlecdn.com/web/static/728x90/6.png
IP
File type PNG image data, 728 x 90, 8-bit colormap, non-interlaced
Hash d6f5427ef6ccc3b36c393f051b72b437
1d41a0cea1d7062befe685ece3db276e792dadfa
f57a58d5bf1eec7ebb8925952c4b1b1b2fc7e8458dde17f7a7ebefca2b9a6092
GET /web/static/728x90/6.png HTTP/1.1
Host: clck.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:25 GMT
content-type: image/png
content-length: 18215
last-modified: Mon, 17 Jul 2023 11:26:55 GMT
etag: "d6f5427ef6ccc3b36c393f051b72b437"
expires: Sat, 20 Jul 2024 11:42:38 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 9947
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5b65db5e34b50f-OSL
X-Firefox-Spdy: h2
0 B URL upheezez.net/?rb=bDJaYt3VOGst6xDgYTsMlAy682ddt_DtHKCwEUHe7-USWaMnGWUtXel2jgJvRi1KlpGfNhs7SRwq87gfieWETbZiHCxtteJe7_kQuQEl-Y6difF7DLoqbRPEVQPCGqGHXLXdnTI85gEkZaDMVv7M9zKupOpwcyWBFiuNiblpxCrwfiTa6EUIJ8Q-bVH99SZ4sd_7IY0m3EmFYoWjqbA-s_Yn8Mcy3i8-CwTmqw%3D%3D&request_ab2=0&zoneid=7210422&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=db086845-0575-4425-84bc-184fc8bbe7ed&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
IP
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?rb=bDJaYt3VOGst6xDgYTsMlAy682ddt_DtHKCwEUHe7-USWaMnGWUtXel2jgJvRi1KlpGfNhs7SRwq87gfieWETbZiHCxtteJe7_kQuQEl-Y6difF7DLoqbRPEVQPCGqGHXLXdnTI85gEkZaDMVv7M9zKupOpwcyWBFiuNiblpxCrwfiTa6EUIJ8Q-bVH99SZ4sd_7IY0m3EmFYoWjqbA-s_Yn8Mcy3i8-CwTmqw%3D%3D&request_ab2=0&zoneid=7210422&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=db086845-0575-4425-84bc-184fc8bbe7ed&userId=00809e98ee7649d5eedeaff76d81afe6&m=link HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://usgate.xyz/
Origin: https://usgate.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=00809ed453194c50efcebc19cdd27321; oaidts=1721399295
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 19 Jul 2024 14:28:25 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://usgate.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
0 B URL upheezez.net/?rb=uK6-fc0FQAZ0ivzglkRmFEPqvCMixvhmaB-fAbWW5hAX9MTiJWLBwIi4niD4Hezu91UB2eKATPs_l5d6D4hxmuic4lXfQKN1IVs-YXf0SHvgCp9ZonoAy38Z-jwLqY_PZ6PbVCkoPWszzm7stmvpDZf_6vYex6t0xjuQZPV8uza0yLqk3voQMvGBXRRYqgpGMhysV4Y59R3bkhOrFuHDEvcQ8bXFrNKkXNMNcg%3D%3D&request_ab2=0&zoneid=7210411&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=90&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=bd79ba98-7ede-4976-bf87-6dc4da5fa508&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
IP
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?rb=uK6-fc0FQAZ0ivzglkRmFEPqvCMixvhmaB-fAbWW5hAX9MTiJWLBwIi4niD4Hezu91UB2eKATPs_l5d6D4hxmuic4lXfQKN1IVs-YXf0SHvgCp9ZonoAy38Z-jwLqY_PZ6PbVCkoPWszzm7stmvpDZf_6vYex6t0xjuQZPV8uza0yLqk3voQMvGBXRRYqgpGMhysV4Y59R3bkhOrFuHDEvcQ8bXFrNKkXNMNcg%3D%3D&request_ab2=0&zoneid=7210411&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=90&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=bd79ba98-7ede-4976-bf87-6dc4da5fa508&userId=00809e98ee7649d5eedeaff76d81afe6&m=link HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://usgate.xyz/
Origin: https://usgate.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=00809ed453194c50efcebc19cdd27321; oaidts=1721399295
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 19 Jul 2024 14:28:25 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://usgate.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
0 B URL upheezez.net/?rb=1UEGy9nlq1LYC8E2vqRm_AI_9tVH9nfVuAx7VzDSiyj4SJR1fhRPmmswkyhU5upSV9g5wij3kY_g-lF9AvipQs-PIQgtlmUNYui2bXMI81_sJmDZ01O103cQP61cAXNuKHQr6hDF1624P-Ja43wb2OCMgSwJOiiOoDksgZbNwU-jQUpkXcZZrEpi3MsM4CwL6R1uarwbIa-ib-pb1U24Ae7JnsxLycdqYdfK8g%3D%3D&request_ab2=0&zoneid=7210422&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=db086845-0575-4425-84bc-184fc8bbe7ed&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
IP
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?rb=1UEGy9nlq1LYC8E2vqRm_AI_9tVH9nfVuAx7VzDSiyj4SJR1fhRPmmswkyhU5upSV9g5wij3kY_g-lF9AvipQs-PIQgtlmUNYui2bXMI81_sJmDZ01O103cQP61cAXNuKHQr6hDF1624P-Ja43wb2OCMgSwJOiiOoDksgZbNwU-jQUpkXcZZrEpi3MsM4CwL6R1uarwbIa-ib-pb1U24Ae7JnsxLycdqYdfK8g%3D%3D&request_ab2=0&zoneid=7210422&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=db086845-0575-4425-84bc-184fc8bbe7ed&userId=00809e98ee7649d5eedeaff76d81afe6&m=link HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://usgate.xyz/
Origin: https://usgate.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=00809ed453194c50efcebc19cdd27321; oaidts=1721399295
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 19 Jul 2024 14:28:25 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://usgate.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
0 B URL upheezez.net/?rb=b0CR8Wkr5B863VjWPZ69FJcL2hGIQd8vii0Ai1nJIut6pL1P20D7ETAIYgvVf9q8pv1PEJLF0-X_ROG1WD9TNjGIe8PWO21Z8Ntqi0B5Fkv0ab8rkoTsmRA3ZNcu5Vnq_dvxGcKn-e-xjTJ5ltdBA2103AkopoON-XjTETxoHXSDYDlDzKYBhfIeYEtGBu3rpAPubjI7AEAJWFUlCmEmfPtqGfj4GI0ezJtWKA%3D%3D&request_ab2=0&zoneid=7210422&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=db086845-0575-4425-84bc-184fc8bbe7ed&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
IP
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?rb=b0CR8Wkr5B863VjWPZ69FJcL2hGIQd8vii0Ai1nJIut6pL1P20D7ETAIYgvVf9q8pv1PEJLF0-X_ROG1WD9TNjGIe8PWO21Z8Ntqi0B5Fkv0ab8rkoTsmRA3ZNcu5Vnq_dvxGcKn-e-xjTJ5ltdBA2103AkopoON-XjTETxoHXSDYDlDzKYBhfIeYEtGBu3rpAPubjI7AEAJWFUlCmEmfPtqGfj4GI0ezJtWKA%3D%3D&request_ab2=0&zoneid=7210422&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=db086845-0575-4425-84bc-184fc8bbe7ed&userId=00809e98ee7649d5eedeaff76d81afe6&m=link HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://usgate.xyz/
Origin: https://usgate.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=00809ed453194c50efcebc19cdd27321; oaidts=1721399295
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 19 Jul 2024 14:28:25 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://usgate.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
0 B URL upheezez.net/?rb=RfAtlpiRu44TgcnDoz0YP48ciXKKcxK_mSq8KQUjK-yXjW8RK-8Bp-eKHXVKYZLpI4A9mEZjWcaYBahoAiODw3FV_Vd4u5YopV6y4cdnIIGhT5DgajxiXhD1Qgsr1aCa70WMphP7V-KsVhm9LgYO3d3tM9OpU6qe7w97DGzMpe7cwjUsP6Tnpb5S0aK9H1jteve3Nvq2OlSlq54hZDmsDhQWqqrJMHLm33M6Jw%3D%3D&request_ab2=0&zoneid=7210411&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=90&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=bd79ba98-7ede-4976-bf87-6dc4da5fa508&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
IP
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?rb=RfAtlpiRu44TgcnDoz0YP48ciXKKcxK_mSq8KQUjK-yXjW8RK-8Bp-eKHXVKYZLpI4A9mEZjWcaYBahoAiODw3FV_Vd4u5YopV6y4cdnIIGhT5DgajxiXhD1Qgsr1aCa70WMphP7V-KsVhm9LgYO3d3tM9OpU6qe7w97DGzMpe7cwjUsP6Tnpb5S0aK9H1jteve3Nvq2OlSlq54hZDmsDhQWqqrJMHLm33M6Jw%3D%3D&request_ab2=0&zoneid=7210411&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=90&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=bd79ba98-7ede-4976-bf87-6dc4da5fa508&userId=00809e98ee7649d5eedeaff76d81afe6&m=link HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://usgate.xyz/
Origin: https://usgate.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=00809ed453194c50efcebc19cdd27321; oaidts=1721399295
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 19 Jul 2024 14:28:25 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://usgate.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
GET grapseex.com/btag.min.js
200 OK 12 kB IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerLet's Encrypt
Subjectgrapseex.com
Fingerprint26:C9:85:5E:B6:ED:CC:95:0D:FC:5A:F0:EF:1F:81:36:83:B3:68:48
ValidityWed, 12 Jun 2024 04:11:20 GMT - Tue, 10 Sep 2024 04:11:19 GMT
File type gzip compressed data, max speed, from Unix
Hash e45aaf5de6d44834324a20e3ccc78d45
2ec6c19399e4bef8876be04a5d943d7f9d728298
b9c15764c3b04e48bbd317e4b413fd979c14ca8e62be3e22cf9c5f57695dc5a7
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /btag.min.js HTTP/1.1
Host: grapseex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://usgate.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:25 GMT
content-type: application/javascript
x-trace-id: 509d23e5b66cd10f1fb95ecaa56e5a4f
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
GET clck.littlecdn.com/web/static/728x90/1.png
200 OK 17 kB URL GET HTTP/2 clck.littlecdn.com/web/static/728x90/1.png
IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerGoogle Trust Services
Subjectlittlecdn.com
FingerprintA0:03:0A:C6:F1:78:80:C6:34:9C:84:30:07:9C:46:DA:7C:BF:5C:FD
ValiditySun, 07 Jul 2024 03:30:08 GMT - Sat, 05 Oct 2024 03:30:07 GMT
File type PNG image data, 728 x 91, 8-bit colormap, non-interlaced
Hash b6e47b331443c58429ccc360253c1181
3dfe750a19bdc17be344c1e24d6bbcd47739fa7f
cf60d4649fa1e50bde2798e1d7b9ab9958fb242eb9638572529af49f1160ed65
GET /web/static/728x90/1.png HTTP/1.1
Host: clck.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:35 GMT
content-type: image/png
content-length: 16612
last-modified: Mon, 17 Jul 2023 11:26:51 GMT
etag: "b6e47b331443c58429ccc360253c1181"
expires: Sat, 20 Jul 2024 11:33:40 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 10495
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5b661b1c7bb50f-OSL
X-Firefox-Spdy: h2
GET zuhempih.com/btag.min.js
200 OK 15 kB IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerLet's Encrypt
Subjectzuhempih.com
Fingerprint9D:36:64:88:91:53:8E:C5:BF:FF:18:E8:10:AF:A1:86:AD:C3:A8:B4
ValiditySun, 30 Jun 2024 04:07:52 GMT - Sat, 28 Sep 2024 04:07:51 GMT
File type gzip compressed data, max speed, from Unix
Hash b1f2bf7af563d3a993428247e1862bba
c3908be9d26bb6e75f8f4f1f6f83fa589973234c
b1c99e6ae46da9e97ad4ad8681a306863dcf99c9399f380ef8c738ac245d70fd
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /btag.min.js HTTP/1.1
Host: zuhempih.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://usgate.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:35 GMT
content-type: application/javascript
x-trace-id: 5530bf306dbd95d322104cf834e6d77b
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
GET clck.littlecdn.com/web/static/300x250/9.png
200 OK 77 kB URL GET HTTP/2 clck.littlecdn.com/web/static/300x250/9.png
IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerGoogle Trust Services
Subjectlittlecdn.com
FingerprintA0:03:0A:C6:F1:78:80:C6:34:9C:84:30:07:9C:46:DA:7C:BF:5C:FD
ValiditySun, 07 Jul 2024 03:30:08 GMT - Sat, 05 Oct 2024 03:30:07 GMT
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Hash bf72eb93e6de6eef729e0570cad4faa4
6adf9ef1fb0526d1b51aa81a2399a22a90158965
a7e38d89063347127fcc0f217133c57e178f941f41343d78663cdfc6a5204aea
GET /web/static/300x250/9.png HTTP/1.1
Host: clck.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:35 GMT
content-type: image/png
content-length: 76976
last-modified: Tue, 30 Apr 2024 12:15:33 GMT
etag: "bf72eb93e6de6eef729e0570cad4faa4"
expires: Sat, 20 Jul 2024 11:31:56 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 10599
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5b661b5ce0b50f-OSL
X-Firefox-Spdy: h2
GET grapseex.com/btag.min.js
200 OK 18 kB IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerLet's Encrypt
Subjectgrapseex.com
Fingerprint26:C9:85:5E:B6:ED:CC:95:0D:FC:5A:F0:EF:1F:81:36:83:B3:68:48
ValidityWed, 12 Jun 2024 04:11:20 GMT - Tue, 10 Sep 2024 04:11:19 GMT
File type gzip compressed data, max speed, from Unix
Hash 3674fb37d3cf9f8389caec867652b625
31a563bfc0e0a719a06855540b1ccb6cbac203f4
01cdc8e31c10eb103c245de517da797116e378c948ed1ec0624d2509eae83657
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /btag.min.js HTTP/1.1
Host: grapseex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://usgate.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:35 GMT
content-type: application/javascript
x-trace-id: ed8da6d25047b0ecaab3c58acbc5ca54
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
GET upheezez.net/?rb=zHutmSfHG0bWzajpF2tCYP3ogVNzblRadU2rH28ew2su6JgV_ZBn20kPtIheqbd0W_u9n8MURtTitKIWcG3rVx4_W_YZhHftjLhgk1B4UMtUIC2QExNehwt2HwawjYBT8KEwyzzMG4FQxfBStpl1gOpzaEKoosl2N4i5tdMeNG795bDhl3kWtl7yEEK89fT-J4G4xZ5eyxBt7drMucJMIAPM_0CN-1nIIDqSsA%3D%3D&request_ab2=0&zoneid=7210411&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=90&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=bd79ba98-7ede-4976-bf87-6dc4da5fa508&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
204 No Content 0 B URL GET HTTP/2 upheezez.net/?rb=zHutmSfHG0bWzajpF2tCYP3ogVNzblRadU2rH28ew2su6JgV_ZBn20kPtIheqbd0W_u9n8MURtTitKIWcG3rVx4_W_YZhHftjLhgk1B4UMtUIC2QExNehwt2HwawjYBT8KEwyzzMG4FQxfBStpl1gOpzaEKoosl2N4i5tdMeNG795bDhl3kWtl7yEEK89fT-J4G4xZ5eyxBt7drMucJMIAPM_0CN-1nIIDqSsA%3D%3D&request_ab2=0&zoneid=7210411&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=90&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=bd79ba98-7ede-4976-bf87-6dc4da5fa508&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?rb=zHutmSfHG0bWzajpF2tCYP3ogVNzblRadU2rH28ew2su6JgV_ZBn20kPtIheqbd0W_u9n8MURtTitKIWcG3rVx4_W_YZhHftjLhgk1B4UMtUIC2QExNehwt2HwawjYBT8KEwyzzMG4FQxfBStpl1gOpzaEKoosl2N4i5tdMeNG795bDhl3kWtl7yEEK89fT-J4G4xZ5eyxBt7drMucJMIAPM_0CN-1nIIDqSsA%3D%3D&request_ab2=0&zoneid=7210411&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=90&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=bd79ba98-7ede-4976-bf87-6dc4da5fa508&userId=00809e98ee7649d5eedeaff76d81afe6&m=link HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://usgate.xyz/
Origin: https://usgate.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=00809ed453194c50efcebc19cdd27321; oaidts=1721399295
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 19 Jul 2024 14:28:36 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://usgate.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
GET upheezez.net/?rb=10k4KTCnRavK_sEVcTou9iEK7bC0KgpYHq2RkBGO1aIrK0pdVewlKhHcUkAsnsh_UpbQu5Cy59n0-cK_jrpDrqCepcwp3PMcStDQfC83ofw1QNOweubtcMJW6-tdcEq9VrUdS1ik0H6VRykE0pJrLtLvZgh9WesgF1SfBIbTVGmHCVhfl-be8EBXwY5O-2QRWcIgn42sJSd1mnQrk1MDWPZFA0yYofuRqw7mbQ%3D%3D&request_ab2=0&zoneid=7210422&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=db086845-0575-4425-84bc-184fc8bbe7ed&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
204 No Content 0 B URL GET HTTP/2 upheezez.net/?rb=10k4KTCnRavK_sEVcTou9iEK7bC0KgpYHq2RkBGO1aIrK0pdVewlKhHcUkAsnsh_UpbQu5Cy59n0-cK_jrpDrqCepcwp3PMcStDQfC83ofw1QNOweubtcMJW6-tdcEq9VrUdS1ik0H6VRykE0pJrLtLvZgh9WesgF1SfBIbTVGmHCVhfl-be8EBXwY5O-2QRWcIgn42sJSd1mnQrk1MDWPZFA0yYofuRqw7mbQ%3D%3D&request_ab2=0&zoneid=7210422&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=db086845-0575-4425-84bc-184fc8bbe7ed&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?rb=10k4KTCnRavK_sEVcTou9iEK7bC0KgpYHq2RkBGO1aIrK0pdVewlKhHcUkAsnsh_UpbQu5Cy59n0-cK_jrpDrqCepcwp3PMcStDQfC83ofw1QNOweubtcMJW6-tdcEq9VrUdS1ik0H6VRykE0pJrLtLvZgh9WesgF1SfBIbTVGmHCVhfl-be8EBXwY5O-2QRWcIgn42sJSd1mnQrk1MDWPZFA0yYofuRqw7mbQ%3D%3D&request_ab2=0&zoneid=7210422&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=db086845-0575-4425-84bc-184fc8bbe7ed&userId=00809e98ee7649d5eedeaff76d81afe6&m=link HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://usgate.xyz/
Origin: https://usgate.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=00809ed453194c50efcebc19cdd27321; oaidts=1721399295
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Fri, 19 Jul 2024 14:28:36 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://usgate.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
GET grapseex.com/btag.min.js
200 OK 2.4 kB IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerLet's Encrypt
Subjectgrapseex.com
Fingerprint26:C9:85:5E:B6:ED:CC:95:0D:FC:5A:F0:EF:1F:81:36:83:B3:68:48
ValidityWed, 12 Jun 2024 04:11:20 GMT - Tue, 10 Sep 2024 04:11:19 GMT
File type JavaScript source, ASCII text, with very long lines (5993), with no line terminators
Hash 49e1a304070ba01ebbaf4b37f46b8b3b
c148b8b831febcbf7a439d08b7e7d6d531b53da8
f37f04b1ccc860be2b3b27544eb2145c82aa86aa50386d828bc97b175b18fedc
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /btag.min.js HTTP/1.1
Host: grapseex.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://usgate.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:35 GMT
content-type: application/javascript
x-trace-id: 99461b4a8e16d070bba069056055bcb7
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
GET upheezez.net/5/7210422
200 OK 34 kB IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Hash 08da988e83197416815c740947ce250e
8c41bfbfb474d0db355430a76d2562a7e9b3dc13
7029556c3b89817121076a3966cc1443b4a4207f76ca926d0fe66720b350e367
GET /5/7210422 HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: OAID=00809ed453194c50efcebc19cdd27321; oaidts=1721399295
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:35 GMT
content-type: application/javascript
x-trace-id: c5863f20c274d5c7ecfe4eabd104e09e
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00809ed453194c50efcebc19cdd27321; expires=Sat, 19 Jul 2025 14:28:35 GMT; path=/; secure; SameSite=None
oaidts=1721399295; expires=Sat, 19 Jul 2025 14:28:35 GMT; path=/; secure; SameSite=None
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
GET upheezez.net/?rb=EXuLao7i7_aN1xlTUzQjvKiH0887X7S4KRDb1XSeM5FDgzKVuHotYlWnV2lMcgabCJb1oK8BAREkOvAoulssyrlTQbXFwDisjhWsiAO-GjJVNeGcwnF6YMRM_rKlTjk390LbJoVHTf0D9-ZLfBMVN9Sg-W85N8v1gSohJ1-oXSLhBhdHNOLu9PNXQJeZMfYvRFsgvg9gGu7WrFWKyb6pAxpUeugwWEZd9-xpDQ%3D%3D&request_ab2=0&zoneid=7210411&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=90&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=bd79ba98-7ede-4976-bf87-6dc4da5fa508&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
204 No Content 0 B URL GET HTTP/2 upheezez.net/?rb=EXuLao7i7_aN1xlTUzQjvKiH0887X7S4KRDb1XSeM5FDgzKVuHotYlWnV2lMcgabCJb1oK8BAREkOvAoulssyrlTQbXFwDisjhWsiAO-GjJVNeGcwnF6YMRM_rKlTjk390LbJoVHTf0D9-ZLfBMVN9Sg-W85N8v1gSohJ1-oXSLhBhdHNOLu9PNXQJeZMfYvRFsgvg9gGu7WrFWKyb6pAxpUeugwWEZd9-xpDQ%3D%3D&request_ab2=0&zoneid=7210411&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=90&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=bd79ba98-7ede-4976-bf87-6dc4da5fa508&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?rb=EXuLao7i7_aN1xlTUzQjvKiH0887X7S4KRDb1XSeM5FDgzKVuHotYlWnV2lMcgabCJb1oK8BAREkOvAoulssyrlTQbXFwDisjhWsiAO-GjJVNeGcwnF6YMRM_rKlTjk390LbJoVHTf0D9-ZLfBMVN9Sg-W85N8v1gSohJ1-oXSLhBhdHNOLu9PNXQJeZMfYvRFsgvg9gGu7WrFWKyb6pAxpUeugwWEZd9-xpDQ%3D%3D&request_ab2=0&zoneid=7210411&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=90&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=bd79ba98-7ede-4976-bf87-6dc4da5fa508&userId=00809e98ee7649d5eedeaff76d81afe6&m=link HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://usgate.xyz/
Origin: https://usgate.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=00809ed453194c50efcebc19cdd27321; oaidts=1721399295
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx
date: Fri, 19 Jul 2024 14:28:36 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://usgate.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
GET usgate.xyz/z/za/301.php
200 OK 781 B IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerGoogle Trust Services
Subjectusgate.xyz
FingerprintEB:0F:DC:A3:F0:D1:D4:FC:7A:AA:CA:C8:7E:36:F8:89:ED:E5:02:7A
ValidityMon, 17 Jun 2024 16:52:50 GMT - Sun, 15 Sep 2024 16:52:49 GMT
File type HTML document, ASCII text, with very long lines (842), with no line terminators
Hash 70dbac48ad8758ec60ef8bef294a4d70
65f2d2f1706ea99ade83f7021a2191cffbb54b4f
15f50d1cf2e5e16b5fd71768a41a789a045ea005d562471f49b825420dced272
GET /z/za/301.php HTTP/1.1
Host: usgate.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 19 Jul 2024 14:28:25 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TEzt5dZJHnTMKaISoQDvOTowv823gvrIsNUblTDlE6albDrKFwfViGU5NB%2FwmIKRkIZ4BY%2BMPVi8%2F4jpn0bqyMQFgnR9m63rTsOk%2FW8IAh%2F4MEOZKatxjg%2Bhx8mf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5b65d97eba56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
GET clck.littlecdn.com/web/static/300x250/18.png
0 B URL GET clck.littlecdn.com/web/static/300x250/18.png
IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerGoogle Trust Services
Subjectlittlecdn.com
FingerprintA0:03:0A:C6:F1:78:80:C6:34:9C:84:30:07:9C:46:DA:7C:BF:5C:FD
ValiditySun, 07 Jul 2024 03:30:08 GMT - Sat, 05 Oct 2024 03:30:07 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /web/static/300x250/18.png HTTP/1.1
Host: clck.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://usgate.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
GET cufultahaur.com/5/7628732
200 OK 83 kB URL GET HTTP/2 cufultahaur.com/5/7628732
IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerLet's Encrypt
Subjectcufultahaur.com
Fingerprint02:77:54:F2:4B:EE:A9:ED:3A:FC:1E:02:9D:B3:8A:83:7A:BD:89:8B
ValidityMon, 17 Jun 2024 04:26:42 GMT - Sun, 15 Sep 2024 04:26:41 GMT
File type JavaScript source, ASCII text, with very long lines (65536), with no line terminators
Hash c3038ebfd77a3c7a6748a8de862a9df3
e2deef32523806cfab1c05908c130c1adf62dabe
e3bf5faadb77e4688771d2e54f78b619b22cb701d692ebab3f401dd873b630e1
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /5/7628732 HTTP/1.1
Host: cufultahaur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vivosoccer.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:14 GMT
content-type: application/javascript
x-trace-id: af2c0b72d37d801c722e157d02a3aef5
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://yonmewon.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=00809e98ee7649d5eedeaff76d81afe6; expires=Sat, 19 Jul 2025 14:28:14 GMT; path=/; secure; SameSite=None
oaidts=1721399294; expires=Sat, 19 Jul 2025 14:28:14 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
GET cdn.jsdelivr.net/clappr.level-selector/latest/level-selector.min.js
200 OK 9.5 kB URL GET HTTP/2 cdn.jsdelivr.net/clappr.level-selector/latest/level-selector.min.js
IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT
File type JavaScript source, ASCII text, with very long lines (9737), with no line terminators
Hash 7779e243940f31727e30e3919ed2d90c
6743fff547b5a1ede0f3200c497ee8b3df1d93d8
0b70fe3da2ea8ca92be86290b6c5fcc9c49fd0bc011b429d9aa9216a8f66a4e2
GET /clappr.level-selector/latest/level-selector.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vivosoccer.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
etag: W/"2524-9Cxz5uiSAcz1rVE5FbtBguw6QQw"
content-encoding: br
accept-ranges: bytes
date: Fri, 19 Jul 2024 14:28:14 GMT
age: 2635673
x-served-by: cache-fra-eddf8230115-FRA, cache-hel1410024-HEL
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 3219
X-Firefox-Spdy: h2
GET upheezez.net/?rb=dus5wurlJy7x85bUPST_6f6UA7QueP-VuJx9yz_mvApceLufV5e9AX-f4io_QEucv4aWMUNVSD1z3991V5zbBOMEGKZ_ZuOgXet4Kkcg18UWwkFgO2E8gLkLcN3zfGxwruXgOOOfI2TaWUTxEJ2NPLK9sIq5vEr3j98K29gR-dl8sYrkL2rwP6BP9B8tf-FjpBMErvvzeYmnMpio64k-ZdZxp7dWWdx5xzKVhg%3D%3D&request_ab2=0&zoneid=7210422&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=db086845-0575-4425-84bc-184fc8bbe7ed&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
204 No Content 0 B URL GET HTTP/2 upheezez.net/?rb=dus5wurlJy7x85bUPST_6f6UA7QueP-VuJx9yz_mvApceLufV5e9AX-f4io_QEucv4aWMUNVSD1z3991V5zbBOMEGKZ_ZuOgXet4Kkcg18UWwkFgO2E8gLkLcN3zfGxwruXgOOOfI2TaWUTxEJ2NPLK9sIq5vEr3j98K29gR-dl8sYrkL2rwP6BP9B8tf-FjpBMErvvzeYmnMpio64k-ZdZxp7dWWdx5xzKVhg%3D%3D&request_ab2=0&zoneid=7210422&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=db086845-0575-4425-84bc-184fc8bbe7ed&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerLet's Encrypt
Subjectupheezez.net
Fingerprint61:CF:2D:50:51:99:5E:C2:AE:48:45:A6:1E:FA:A3:67:18:D1:02:CA
ValidityFri, 19 Jul 2024 02:18:43 GMT - Thu, 17 Oct 2024 02:18:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /?rb=dus5wurlJy7x85bUPST_6f6UA7QueP-VuJx9yz_mvApceLufV5e9AX-f4io_QEucv4aWMUNVSD1z3991V5zbBOMEGKZ_ZuOgXet4Kkcg18UWwkFgO2E8gLkLcN3zfGxwruXgOOOfI2TaWUTxEJ2NPLK9sIq5vEr3j98K29gR-dl8sYrkL2rwP6BP9B8tf-FjpBMErvvzeYmnMpio64k-ZdZxp7dWWdx5xzKVhg%3D%3D&request_ab2=0&zoneid=7210422&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=150&wiw=-1&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=0&wfc=2&pl=about%3Ablank&drf=&np=1&pt=0&nb=1&ng=0&ix=1&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&wasm=-1&bs=db086845-0575-4425-84bc-184fc8bbe7ed&userId=00809e98ee7649d5eedeaff76d81afe6&m=link HTTP/1.1
Host: upheezez.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://usgate.xyz/
Origin: https://usgate.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=00809ed453194c50efcebc19cdd27321; oaidts=1721399295
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx
date: Fri, 19 Jul 2024 14:28:36 GMT
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://usgate.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
GET cufultahaur.com/?rb=tQwVmDEH0TvhLxgjsH_bqoU7DkjZmqrgfUrYxDgYuHKVi8jqQKONAftloIkam2tkPgvfEzxvp5IbXEfdZ4b910l5tEf8mKGQbfuAYE5_6kE4amniv0vuXjAPL4PFoz8Xc3ncZg8NnSr5xr2B1idCRYVYJmXXpdpwag_hj4S4FzleYA5E2rKdtxo_upgdZSXthSgz8_Myd8CaaPGTgUYYfc7bliaboXXyURRKYncmxIzbHkGbb-F7yCndrJowP1omc_qkitT1nro%3D&request_ab2=0&zoneid=7628732&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=2&pl=https%3A%2F%2Fvivosoccer.xyz%2Fvivo%2F9.php&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&bs=d81f7864-301e-44ac-aa37-84f9818fe2f6&wasm=1&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
200 OK 2.6 kB URL GET HTTP/2 cufultahaur.com/?rb=tQwVmDEH0TvhLxgjsH_bqoU7DkjZmqrgfUrYxDgYuHKVi8jqQKONAftloIkam2tkPgvfEzxvp5IbXEfdZ4b910l5tEf8mKGQbfuAYE5_6kE4amniv0vuXjAPL4PFoz8Xc3ncZg8NnSr5xr2B1idCRYVYJmXXpdpwag_hj4S4FzleYA5E2rKdtxo_upgdZSXthSgz8_Myd8CaaPGTgUYYfc7bliaboXXyURRKYncmxIzbHkGbb-F7yCndrJowP1omc_qkitT1nro%3D&request_ab2=0&zoneid=7628732&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=2&pl=https%3A%2F%2Fvivosoccer.xyz%2Fvivo%2F9.php&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&bs=d81f7864-301e-44ac-aa37-84f9818fe2f6&wasm=1&userId=00809e98ee7649d5eedeaff76d81afe6&m=link
IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerLet's Encrypt
Subjectcufultahaur.com
Fingerprint02:77:54:F2:4B:EE:A9:ED:3A:FC:1E:02:9D:B3:8A:83:7A:BD:89:8B
ValidityMon, 17 Jun 2024 04:26:42 GMT - Sun, 15 Sep 2024 04:26:41 GMT
File type troff or preprocessor input, ASCII text, with very long lines (2612), with no line terminators
Hash c7edee22254925d653d75259761cc6b0
bb1c56064a0418ff1cd448c3d17d1fc1d7c5cee9
ad482a4e7a205bf251d4ce2c39db17ff64e43a9393613681649b1b0444249534
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /?rb=tQwVmDEH0TvhLxgjsH_bqoU7DkjZmqrgfUrYxDgYuHKVi8jqQKONAftloIkam2tkPgvfEzxvp5IbXEfdZ4b910l5tEf8mKGQbfuAYE5_6kE4amniv0vuXjAPL4PFoz8Xc3ncZg8NnSr5xr2B1idCRYVYJmXXpdpwag_hj4S4FzleYA5E2rKdtxo_upgdZSXthSgz8_Myd8CaaPGTgUYYfc7bliaboXXyURRKYncmxIzbHkGbb-F7yCndrJowP1omc_qkitT1nro%3D&request_ab2=0&zoneid=7628732&js_build=iclick-v1.851.0&jsp=1&fs=0&cf=0&sw=1280&sh=1024&wih=1024&wiw=1280&ww=1280&wh=1024&sah=1024&wx=0&wy=0&cw=1280&wfc=2&pl=https%3A%2F%2Fvivosoccer.xyz%2Fvivo%2F9.php&drf=&np=1&pt=0&nb=1&ng=0&ix=0&nw=1&tb=false&btz=UTC&bto=0&wgl=&js_build=iclick-v1.851.0&navlng=en-US&pnt=0&pnrc=0&bs=d81f7864-301e-44ac-aa37-84f9818fe2f6&wasm=1&userId=00809e98ee7649d5eedeaff76d81afe6&m=link HTTP/1.1
Host: cufultahaur.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://vivosoccer.xyz/
Origin: https://vivosoccer.xyz
DNT: 1
Connection: keep-alive
Cookie: OAID=00809e98ee7649d5eedeaff76d81afe6; oaidts=1721399294
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Fri, 19 Jul 2024 14:28:15 GMT
content-type: application/json
x-trace-id: 1904f920f1655411d69ec7975b9e5ae6
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model
access-control-allow-origin: https://vivosoccer.xyz
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=00809e98ee7649d5eedeaff76d81afe6; expires=Sat, 19 Jul 2025 14:28:15 GMT; path=/; secure; SameSite=None
oaidts=1721399295; expires=Sat, 19 Jul 2025 14:28:15 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 26 Jul 2024 14:28:15 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
GET clck.littlecdn.com/web/static/300x250/18.png
200 OK 9.9 kB URL GET HTTP/2 clck.littlecdn.com/web/static/300x250/18.png
IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerGoogle Trust Services
Subjectlittlecdn.com
FingerprintA0:03:0A:C6:F1:78:80:C6:34:9C:84:30:07:9C:46:DA:7C:BF:5C:FD
ValiditySun, 07 Jul 2024 03:30:08 GMT - Sat, 05 Oct 2024 03:30:07 GMT
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced
Hash 999dd7d06b10848480fe396a1fc4052a
45f992ce322b16b0d1a5ac3b6a52c71ed4e1617f
20385e0ca7ed99c8f3e1a6554fd8e7d830dfba5eff959bc82c5bb9bdb96e5c0b
GET /web/static/300x250/18.png HTTP/1.1
Host: clck.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:35 GMT
content-type: image/png
content-length: 9938
last-modified: Thu, 16 May 2024 11:20:14 GMT
etag: "999dd7d06b10848480fe396a1fc4052a"
expires: Sat, 20 Jul 2024 11:32:21 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 10574
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5b661b0c5ab50f-OSL
X-Firefox-Spdy: h2
GET clck.littlecdn.com/web/static/300x250/4.png
200 OK 12 kB URL GET HTTP/2 clck.littlecdn.com/web/static/300x250/4.png
IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerGoogle Trust Services
Subjectlittlecdn.com
FingerprintA0:03:0A:C6:F1:78:80:C6:34:9C:84:30:07:9C:46:DA:7C:BF:5C:FD
ValiditySun, 07 Jul 2024 03:30:08 GMT - Sat, 05 Oct 2024 03:30:07 GMT
File type PNG image data, 300 x 250, 8-bit colormap, non-interlaced
Hash 5dcde62b114a6dcbf72713c623e453fd
94486b5d893f4531c139326f2bd601db76438dab
664a6bd86517161735dc294decff6c6bd1a2745453985cfa4136153ea01eb446
GET /web/static/300x250/4.png HTTP/1.1
Host: clck.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:35 GMT
content-type: image/png
content-length: 12329
last-modified: Mon, 17 Jul 2023 11:26:22 GMT
etag: "5dcde62b114a6dcbf72713c623e453fd"
expires: Sat, 20 Jul 2024 11:31:42 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 10613
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5b661b2c8db50f-OSL
X-Firefox-Spdy: h2
GET usgate.xyz/z/za/301.php
200 OK 781 B IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerGoogle Trust Services
Subjectusgate.xyz
FingerprintEB:0F:DC:A3:F0:D1:D4:FC:7A:AA:CA:C8:7E:36:F8:89:ED:E5:02:7A
ValidityMon, 17 Jun 2024 16:52:50 GMT - Sun, 15 Sep 2024 16:52:49 GMT
File type HTML document, ASCII text, with very long lines (842), with no line terminators
Hash 70dbac48ad8758ec60ef8bef294a4d70
65f2d2f1706ea99ade83f7021a2191cffbb54b4f
15f50d1cf2e5e16b5fd71768a41a789a045ea005d562471f49b825420dced272
GET /z/za/301.php HTTP/1.1
Host: usgate.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://vivosoccer.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZdabTDdyVEnWv41P%2Bx9jI1vLwN4FQz%2BFsvb%2F91%2BHYS9D1COU15sopmTS3doGG52wGo92zjvsi5FoXAW12McAc8fCyHXPQ7FYh5sQTtWXCpcfk09Cdvggdp%2BC51p9"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5b6597982956b7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
GET designworkshop.store/hlsch9_2312_1199.png
0 B URL GET designworkshop.store/hlsch9_2312_1199.png
IP
Requested by https://vivosoccer.xyz/vivo/9.php
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /hlsch9_2312_1199.png HTTP/1.1
Host: designworkshop.store
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivosoccer.xyz
DNT: 1
Connection: keep-alive
Referer: https://vivosoccer.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
GET clck.littlecdn.com/web/static/728x90/4.png
200 OK 16 kB URL GET HTTP/2 clck.littlecdn.com/web/static/728x90/4.png
IP
Requested by https://usgate.xyz/z/za/301.php
Certificate IssuerGoogle Trust Services
Subjectlittlecdn.com
FingerprintA0:03:0A:C6:F1:78:80:C6:34:9C:84:30:07:9C:46:DA:7C:BF:5C:FD
ValiditySun, 07 Jul 2024 03:30:08 GMT - Sat, 05 Oct 2024 03:30:07 GMT
File type PNG image data, 728 x 90, 8-bit colormap, non-interlaced
Hash 19f8001de8f8436767d08d3370385da3
5c3fe2f62f318fea1bb29681dadfe3c1ebb34095
2fa6598de19412b3b9bc759ffbb72e22a260b8ae86a4513d3cc66b9f9b5c7977
GET /web/static/728x90/4.png HTTP/1.1
Host: clck.littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 19 Jul 2024 14:28:35 GMT
content-type: image/png
content-length: 15954
last-modified: Mon, 17 Jul 2023 11:26:54 GMT
etag: "19f8001de8f8436767d08d3370385da3"
expires: Sat, 20 Jul 2024 11:42:55 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 9940
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 8a5b661b6ce6b50f-OSL
X-Firefox-Spdy: h2
GET usgate.xyz/z/za/301.php
200 OK 781 B IP
Requested by https://vivosoccer.xyz/vivo/9.php
Certificate IssuerGoogle Trust Services
Subjectusgate.xyz
FingerprintEB:0F:DC:A3:F0:D1:D4:FC:7A:AA:CA:C8:7E:36:F8:89:ED:E5:02:7A
ValidityMon, 17 Jun 2024 16:52:50 GMT - Sun, 15 Sep 2024 16:52:49 GMT
File type HTML document, ASCII text, with very long lines (842), with no line terminators
Hash 70dbac48ad8758ec60ef8bef294a4d70
65f2d2f1706ea99ade83f7021a2191cffbb54b4f
15f50d1cf2e5e16b5fd71768a41a789a045ea005d562471f49b825420dced272
GET /z/za/301.php HTTP/1.1
Host: usgate.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Fri, 19 Jul 2024 14:28:35 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1%2FSGK6HHvBl1vyeXmeSYmbLlABWidDkiY368gWiH36vYF8x8kHc8U7ADvT%2B76JE5OkAc%2BjPTtQkUlkKYsa3FKbHaz4FW3GkQrDbPWv9PJzmz%2FRcHlBvk9Ezt3IYB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 8a5b6619b87f56af-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
104.21.67.121
151.101.65.229
139.45.197.245
23.36.76.226
188.114.96.1
0.0.0.0