Overview

URLwww.onlyhgames.com/go.php?id=oxoour52j6qzuw2
IP 94.242.50.158 (Russia)
ASN#43317 FNK LLC
UserAgentMozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Referer
Report completed2022-11-25 22:12:03 UTC
StatusLoading report..
IDS alerts0
Blocklist alert1
urlquery alerts No alerts detected
Tags None

Domain Summary (41)

Fully Qualifying Domain Name Rank First Seen Last Seen IP Comment
4.adsco.re (1) 19179 No data No data 162.252.214.5
push.services.mozilla.com (1) 2140 No data No data 35.162.125.72
a.exosrv.com (1) 28991 No data No data 185.76.9.26
firefox.settings.services.mozilla.com (2) 867 No data No data 34.102.187.140
poweredby.jads.co (3) 30525 No data No data 185.94.236.246
lruxfmkonbyi.s4.adsco.re (1) 0 No data No data 185.200.116.90 Domain (adsco.re) ranked at: 8541
main.realsrv.com (1) 91110 No data No data 95.211.229.248
my.rtmark.net (1) 9054 No data No data 139.45.195.8
ocsp.sectigo.com (2) 487 No data No data 172.64.155.188
content-signature-2.cdn.mozilla.net (1) 1152 No data No data 34.160.144.191
ads.exoclick.com (2) 32908 No data No data 205.185.216.10
www.googletagmanager.com (1) 75 No data No data 142.250.74.168
www.google-analytics.com (1) 40 No data No data 142.250.74.174
s3t3d2y8.afcdn.net (5) 0 No data No data 185.76.9.16 Unknown ranking
r3.o.lencr.org (12) 344 No data No data 23.36.77.32
img-getpocket.cdn.mozilla.net (6) 1631 No data No data 34.120.237.76
e1.o.lencr.org (1) 6159 No data No data 23.36.77.32
tsyndicate.com (1) 13042 No data No data 94.130.164.161
ww62.qqjar.ru (1) 0 No data No data 76.223.26.96 Domain (qqjar.ru) ranked at: 143440
js.juicyads.com (1) 57029 No data No data 143.204.55.76
www.betteradsystem.com (1) 220795 No data No data 185.76.9.15
ocsp.pki.goog (2) 175 No data No data 142.250.74.35
contile.services.mozilla.com (1) 1114 No data No data 34.117.237.239
6.adsco.re (1) 17812 No data No data 104.17.167.186
lruxfmkonbyi.n4.adsco.re (1) 0 No data No data 38.132.109.186 Domain (adsco.re) ranked at: 8541
adsco.re (1) 8541 No data No data 162.252.214.5
betteradsystem.com (1) 106354 No data No data 162.252.213.208
a.realsrv.com (1) 10080 No data No data 185.76.9.25
goplayhere.com (1) 0 No data No data 172.67.187.242 Unknown ranking
ocsp.digicert.com (8) 86 No data No data 93.184.220.29
highlevelcount.com (1) 0 No data No data 104.21.30.122 Unknown ranking
www.facebook.com (2) 99 No data No data 157.240.200.35
syndication.exosrv.com (2) 20827 No data No data 95.211.229.248
runative-syndicate.com (1) 31587 No data No data 148.251.19.25
main.exdynsrv.com (2) 91821 No data No data 95.211.229.246
main.exoclick.com (2) 33599 No data No data 95.211.229.248
ads.exosrv.com (1) 37145 No data No data 185.76.9.16
www.onlyhgames.com (2) 0 No data No data 94.242.50.158 Unknown ranking
qqjar.ru (1) 143440 No data No data 185.38.110.121
syndication.traffichaus.com (1) 53588 No data No data 66.254.114.233
iadoremakingpics.com (1) 170567 No data No data 172.67.164.27

Network Intrusion Detection Systemsinfo

Suricata /w Emerging Threats Pro
 No alerts detected

Blocklists

OpenPhish
 No alerts detected

PhishTank
 No alerts detected

Fortinet's Web Filter
Scan Date Severity Indicator Comment
2022-11-25 2 ww62.qqjar.ru/ Malware

mnemonic secure dns
 No alerts detected

Quad9 DNS
 No alerts detected


Files

No files detected

Recent reports on same IP/ASN/Domain/Screenshot

Last 5 reports on IP: 94.242.50.158
Date UQ / IDS / BL URL IP
2023-01-07 19:04:20 +0000 0 - 1 - 0 miatips.online/ 94.242.50.158
2022-12-21 09:23:28 +0000 0 - 4 - 15 tickzoo.com/veronica-silesto-clips/ 94.242.50.158
2022-12-05 14:59:31 +0000 0 - 0 - 8 tickzoo.com/knotted-2/ 94.242.50.158
2022-11-25 22:12:03 +0000 0 - 0 - 1 www.onlyhgames.com/go.php?id=oxoour52j6qzuw2 94.242.50.158
2022-10-23 03:39:37 +0000 0 - 0 - 5 can.si/PPYb5 94.242.50.158


Last 5 reports on ASN: FNK LLC
Date UQ / IDS / BL URL IP
2023-02-07 08:57:54 +0000 0 - 6 - 11 megaup.net/1be7q/otomi-games.com_JREW5UXK.rar 91.209.70.182
2023-02-06 23:16:39 +0000 0 - 6 - 5 megaup.net/18tpo/Hearts_Of_Iron_IV_v1.12.1.rar 91.209.70.182
2023-02-06 16:50:01 +0000 0 - 6 - 5 megaup.net/d9bX/ShellShock.Nam.67.rar 91.209.70.182
2023-02-06 12:48:40 +0000 0 - 6 - 6 megaup.net/19K2r/The_Past_Within.rar 91.209.70.182
2023-02-06 08:53:57 +0000 0 - 6 - 5 megaup.net/1a3rq/Moonscars.v1.4.008.rar 91.209.70.182


Last 1 reports on domain: onlyhgames.com
Date UQ / IDS / BL URL IP
2022-11-25 22:12:03 +0000 0 - 0 - 1 www.onlyhgames.com/go.php?id=oxoour52j6qzuw2 94.242.50.158


No other reports with similar screenshot

JavaScript

Executed Scripts (33)

Executed Evals (140)
#1 JavaScript::Eval (size: 17) - SHA256: 5c5bb18e544cb67f765d8a6d2c774838d3ae95df9b62f25660c64554a7302d8e
document.referrer
#2 JavaScript::Eval (size: 36) - SHA256: 436179ef4964c80a03e62015696ba10c5ae70602c6538d07f50b75f35bd72a27
document.documentElement.clientWidth
#3 JavaScript::Eval (size: 29) - SHA256: 876f3c9374f7069c7cabd0907ddad5466010a649a0f34984e5e2cc72f64878a5
navigator.hardwareConcurrency
#4 JavaScript::Eval (size: 23) - SHA256: 76fae4cd7853897c738cd23148b2ebab825379d6ba153e245965183cc3304082
navigator.battery.level
#5 JavaScript::Eval (size: 37) - SHA256: 6530649612f535f1adde48ecf8b5de0677e9b5d77db12eb3dfd90b79b363559e
HTMLCanvasElement.prototype.toDataURL
#6 JavaScript::Eval (size: 30) - SHA256: c2ea2223b59cfea384b15228f4cdc0f7337d4909e20e97e2fa42648ef8ecf610
window.webkitRTCPeerConnection
#7 JavaScript::Eval (size: 16) - SHA256: d6b5ca1760fc8b29e007efc9c8d2cf7e8a2395825f6f77dada95483fc3171bdf
navigator.onLine
#8 JavaScript::Eval (size: 23) - SHA256: c5d184acbefde172c402f1100cb756d11e8a1c83484977f1d5975bc65a79a7c5
navigator.cookieEnabled
#9 JavaScript::Eval (size: 47) - SHA256: 423946cdca01d4915fdc795bb03491ce4251b32ed1717a7c0146ce14c838d373
window.opener.screenX || window.opener.screenLeft
#10 JavaScript::Eval (size: 29) - SHA256: cb6f5b3573826ffd9a881e026fd85eb842d31266833666399582737149c5fc14
navigator.connection.saveData
#11 JavaScript::Eval (size: 22) - SHA256: 6e880572810251d722d33109fc0420864f46d69522d25a1df47338c553e38e07
window.isSecureContext
#12 JavaScript::Eval (size: 19) - SHA256: fc5a1ffc9513896711ec2c788490995715c8d32ccda8c4e2c68a9bd8cb214e77
document.innerWidth
#13 JavaScript::Eval (size: 27) - SHA256: 1c82db5b05628505080952437a7fd64f03942b6e8ec97f799f4f867eaf492134
typeof window.ondevicelight
#14 JavaScript::Eval (size: 15) - SHA256: da82a56eb8524f5d12a2afcf2c5d0cb6184f26995167212a0ccb3bc2ba0def36
document.hidden
#15 JavaScript::Eval (size: 30) - SHA256: 44e10caa26e37d5f8678a008f0d667c1975fbaec0f613439eb60694249001780
navigator.languages.toString()
#16 JavaScript::Eval (size: 20) - SHA256: a5e2bc908c3bd3196d273564d073484f9905d13817490eca5aa249e701139cdc
typeof window.chrome
#17 JavaScript::Eval (size: 22) - SHA256: 28be88d787b6e773eaf5d0818a6c62446ce628dd8ec0659c6f78410588838337
window.toolbar.visible
#18 JavaScript::Eval (size: 18) - SHA256: 0200f755a2c13b9335fe39b3a88f696c334e518e8407780c4731d8e6be966c4e
window.outerHeight
#19 JavaScript::Eval (size: 26) - SHA256: 2638f8c5d74932a6dfe72bc21a585ef3525f7e26bd3dbb1f480071141c325af1
navigator.msMaxTouchPoints
#20 JavaScript::Eval (size: 30) - SHA256: b6a3c0492b8e7ae0ff680b4806058d22f740029707c1f7dda3cad6f985020ba3
(new Date).getTimezoneOffset()
#21 JavaScript::Eval (size: 29) - SHA256: d01a385e50e8e57c5f15bc18b82e1304ed42dcbe38967d66a30a786e39ed847b
performance.timing.connectEnd
#22 JavaScript::Eval (size: 22) - SHA256: c49e342522959187d587f89ed7dde961d8df29cec6b02dce869f4aa1ac3ef254
window.mozInnerScreenX
#23 JavaScript::Eval (size: 26) - SHA256: e5a13721b456c9e090f80944728fc91767f5ae01b01f59160e73ff2c7cacc587
window.locationbar.visible
#24 JavaScript::Eval (size: 24) - SHA256: 38be2b1c1c886666cd4ac85d71bb8b65e51d95c7c5f40b0c575f7d196a0442cd
window.statusbar.visible
#25 JavaScript::Eval (size: 37) - SHA256: 0e27576eb1e9c067b58d47b8749be97d9e94c1e3d67cdf541784148cd80a04b1
MouseEvent.WEBKIT_FORCE_AT_MOUSE_DOWN
#26 JavaScript::Eval (size: 23) - SHA256: fac21d8a86a99b88e4eb395a35aa2970ffb8ffdac1b12280959be2c117e3a09c
window.devicePixelRatio
#27 JavaScript::Eval (size: 29) - SHA256: 12c1e4b959357815447bdfe9fde3665a628e0cd4bbd622c9915820ea57fe01e3
window.InstallTrigger.install
#28 JavaScript::Eval (size: 59) - SHA256: f8aac102dc71390ed9b53b485b34d036f4c871e18d7015b307b95c8f1dcd9fa1
window.external.getHostEnvironmentValue("os-architecture");
#29 JavaScript::Eval (size: 25) - SHA256: 0098b3fb5f82abbebff8c293e42863b93e210b01f0032c4147fe1457f5b48a93
window.offscreenBuffering
#30 JavaScript::Eval (size: 19) - SHA256: 9b078b8e24e4655c21a5876570daac97f2ddc241bfdb259644582b6a7a60930b
navigator.userAgent
#31 JavaScript::Eval (size: 20) - SHA256: 1b0f9a28e673c21b9a668e2973157b075ac420eda7f39fd5727a77bb32b45ffe
navigator.appVersion
#32 JavaScript::Eval (size: 24) - SHA256: a097c9a52546fb53f0340afda7f34b4e47b836e551135e5ad0b5339ebb314a30
window.opener.outerWidth
#33 JavaScript::Eval (size: 32) - SHA256: 1138f8c1bb11f4a5f7d8354b8c8a642ef94c9c741d76a7f476bac6473b7de085
window.screenY || window.screenTop
#34 JavaScript::Eval (size: 17) - SHA256: b18f7c2e4dbfe2926b0413634f7cd6781be55e27b4b885dc68a8f740a80d72e1
window.innerWidth
#35 JavaScript::Eval (size: 23) - SHA256: 2ef7ca07ed70c4ffbc59b1d3fa8df8cd2be1bfc66d1604246926066c9f44fd0c
screen.orientation.type
#36 JavaScript::Eval (size: 25) - SHA256: 329a9b85817fb7d3bb2492cbcb23f12b14cf9abd181473b838250e3b745fab50
navigator.connection.type
#37 JavaScript::Eval (size: 17) - SHA256: e0bc19473df9795cd42be5da545b5a6828d31527b4ffa3769564f735abec0deb
document.hasFocus
#38 JavaScript::Eval (size: 41) - SHA256: af18ee7d06fe2ee2da28af260ea0c78923664ecbc220f3ce395c50b1822dab7a
window.performance.memory.jsHeapSizeLimit
#39 JavaScript::Eval (size: 10) - SHA256: f73e4e03067983dd5196907f86c9020b174651f1bd0b5d291b217dc927ff068f
screen.top
#40 JavaScript::Eval (size: 17) - SHA256: 13e19bbb45d0bb1d1915240763b5bca4ddef99d01edd749954115168c7842c9c
navigator.buildID
#41 JavaScript::Eval (size: 24) - SHA256: 893fe12669f916947d99616b788aa245f8b45c5b8b34544df4114a6a789217ab
navigator.systemLanguage
#42 JavaScript::Eval (size: 27) - SHA256: e94a47b072c1a87127e88c17e992124bcf93c5d0d6b4e96c73a909444a7cd0d6
window.mozRTCPeerConnection
#43 JavaScript::Eval (size: 18) - SHA256: 793401a4baa2fb67b2049b633d5ebb8c25d2dc67d41071aabd7c180ddbdd2599
navigator.cpuClass
#44 JavaScript::Eval (size: 17) - SHA256: b4a3a83fe09d48db0c0b4416fefb19af5f9e069c12d2af8793a18f159574bb79
window.outerWidth
#45 JavaScript::Eval (size: 18) - SHA256: 64e360e85164e7675724c7fe1ed681b25a138c51d437bac5ff97e8910ccf2aa7
window.innerHeight
#46 JavaScript::Eval (size: 19) - SHA256: b37d024d71bdbd575b951acfa9a59a5e84dc2f9d7c89748081ccb862ff3c9033
navigator.vendorSub
#47 JavaScript::Eval (size: 29) - SHA256: 9c27754d9297bf8d4022ded2628940ae5a837c7d7d130b197c3dc80627a453e2
HTMLElement.prototype.animate
#48 JavaScript::Eval (size: 12) - SHA256: 20dbc48604a9afee27f0eaf4b84634fabbf1b2c09f78e795896b6fa1747b154a
window.alert
#49 JavaScript::Eval (size: 13) - SHA256: 32c6c6c6d07bb5224356b89b5de1adc4c02b1f7b2f464830005443afc6624e85
window.google
#50 JavaScript::Eval (size: 24) - SHA256: 6b5c93eab3b74dadfbe0f6c5949ab9f1ec8f012df8f49495664b96b51881ed85
window.RTCPeerConnection
#51 JavaScript::Eval (size: 17) - SHA256: 51c1083130407a8772738aa2380eb5a583240a47d98f2204b124c06fd11aabd5
top.frames.length
#52 JavaScript::Eval (size: 25) - SHA256: 63d0de96ffe6e24d709e64517f883a6e6a72e3629aea379ee43b727541794c64
navigator.browserLanguage
#53 JavaScript::Eval (size: 33) - SHA256: 0b543b4a53bd5beb9a294e018ea9a8c704e5487af1227121d60699a5ec715c5d
navigator.connection.effectieType
#54 JavaScript::Eval (size: 32) - SHA256: d0ea77c33d12565615b751dd5d753895e6287577bc0cfe0522961048b211daa6
navigator.connection.downlinkMax
#55 JavaScript::Eval (size: 29) - SHA256: a9dc93ae3dc52ac584bff8e382bf1db1f87b8e3a54243eae8d1e3badb180e834
navigator.connection.downlink
#56 JavaScript::Eval (size: 34) - SHA256: 9e0e45f2f824eefaed5af40bcadf2c0ce7943df52cda4c3d67ddb03583418dab
window.ScriptEngineMinorVersion();
#57 JavaScript::Eval (size: 17) - SHA256: d204422e9d49293ab422bfabae9607635876cb30f77215f133603bac691f6f4b
document.location
#58 JavaScript::Eval (size: 30) - SHA256: 55ef02d9591328210e59a68fcd1945791f4d0f70cdc7cd3999eb4ba175adbafb
performance.timing.redirectEnd
#59 JavaScript::Eval (size: 26) - SHA256: 7510742fba4d25113b6124987e97cba40776bc5030a6a3678974dc8ba075bf81
window.personalbar.visible
#60 JavaScript::Eval (size: 108) - SHA256: 8eab171b0d256cf386d222b71fbf5380f2051b67452dbd83f41401a6216a789c
!!document.fullscreen || !!document.mozFullscreen || !!document.webkitIsFullScreen || !!document.fullScreenElement
#61 JavaScript::Eval (size: 20) - SHA256: 6b612f597a0ed972ce30182713c197e510528ac68ff1711b560641d5f47afefa
navigator.productSub
#62 JavaScript::Eval (size: 18) - SHA256: 318e5db431b7c9515f38ae97da21d7c4e75ec281aea96271c0d0f4e22b35df92
navigator.language
#63 JavaScript::Eval (size: 25) - SHA256: de1b699e93a44c66a069974d1603aee656a6e063b19b8bbf5b09946a3a1b9904
window.opener.innerHeight
#64 JavaScript::Eval (size: 32) - SHA256: 8d8003d5d1afbb2b7118b1f14afe89138588ed08982c3e8ff31dd4123e7cb076
performance.timing.responseStart
#65 JavaScript::Eval (size: 24) - SHA256: 89e4c05e12e12f5bdf85a4fb89bad572dd85256091add09fdb9c6e42e703e2bb
document.visibilityState
#66 JavaScript::Eval (size: 22) - SHA256: b19d05a8d492320ab4db4d74ea0e9e90374bed47a18e805f8018ebb00af0c23c
window.menubar.visible
#67 JavaScript::Eval (size: 25) - SHA256: 791b28f4c489619d78906b8af22fbc11b48c0576134d36470ef92468e47da29c
navigator.appMinorVersion
#68 JavaScript::Eval (size: 16) - SHA256: d17194a96291e963420dd3361221101c8fdb7d8d382fc8993563576d3fd29dd6
navigator.vendor
#69 JavaScript::Eval (size: 22) - SHA256: 4b14cf9e41e192a741c1cb8ec58f13b0495941f984f312bec01ab28807fe99ab
navigator.deviceMemory
#70 JavaScript::Eval (size: 12) - SHA256: 27f88609267c27a6f4e778dcb686f1f2fdf0f4f7cd29ad34826b916266ae45a8
window.close
#71 JavaScript::Eval (size: 15) - SHA256: 2daa1a91b2430e9867296c9cb26d1483785954a9bdd66f79b2c754bab7092cae
typeof __gCrWeb
#72 JavaScript::Eval (size: 22) - SHA256: 526c9d85cebcd21526a3b7ffdb87a9c2b6229e00b0bf210634abf6c84e0ad143
navigator.msDoNotTrack
#73 JavaScript::Eval (size: 26) - SHA256: e495f8780d35a18d80e09be6211760313cd30ac601a5c7478f9ddf4ebf8536ba
navigator.pdfViewerEnabled
#74 JavaScript::Eval (size: 37) - SHA256: 998158f6df4183edd82539e6dc971d32f50bc7ee075f64d4abc46d3011a9da27
document.documentElement.clientHeight
#75 JavaScript::Eval (size: 17) - SHA256: 031688cb60b9631e34bc623cf81a9eeef73de67ca290d15cccfaa65399420932
screen.colorDepth
#76 JavaScript::Eval (size: 32) - SHA256: 90190e51d410f9862884d5984262f9e1b8e46dd1010b50f1c22c9ef3fa1565fc
window.opener.offscreenBuffering
#77 JavaScript::Eval (size: 34) - SHA256: 3db042ba8dbf234b0ba7ed8b47e5c8cb58b267af983635a41652258f1e282c0c
window.ScriptEngineBuildVersion();
#78 JavaScript::Eval (size: 40) - SHA256: ba8f16658b19940e1168ca8394756fb18272a9ef95d5fb11442ba56601568687
performance.timing.secureConnectionStart
#79 JavaScript::Eval (size: 11) - SHA256: 2c6631ee0cabea9afb499cec860aab5fcf40ed956651a0b0ea7b3411e1a31cd9
window.open
#80 JavaScript::Eval (size: 16) - SHA256: cd74e6a3b779a514972758fa195725f40176261af18fbcd246e5f401a3ecf849
screen.availLeft
#81 JavaScript::Eval (size: 17) - SHA256: c66ced51cafdeb3a9e3544b0b2e7de4c955a4cd347c4d7b5d74f36923df5a7bd
navigator.product
#82 JavaScript::Eval (size: 24) - SHA256: 15dde2f8fcb5a8a423088da92307a50f6ba6c59577490e49e2ae24a15c75c2bd
window.clientInformation
#83 JavaScript::Eval (size: 6) - SHA256: 4cd6c2914887dd4a68e4c9ffbed8b077f048cf795d6cfa0b801d43e0ea5a1560
screen
#84 JavaScript::Eval (size: 27) - SHA256: bc9c06f981e7daa0478c449324d4010cdbc3c83c9a95879b99a0b531f5cabb87
window.navigator.standalone
#85 JavaScript::Eval (size: 21) - SHA256: 561f7f2574775993811ac7bc852a2054ede9fb58a62eb0804030e1ff877f4350
document.webkitHidden
#86 JavaScript::Eval (size: 21) - SHA256: 61e43d202b6cd0ebf29ac8014115fcb890eb5593c4160b9ae285206ca911bce6
window.history.length
#87 JavaScript::Eval (size: 33) - SHA256: 511e9d231c9360fcb7670f7cbaffb35bf8180f124fc080ebbfa5962d4c8bb089
window.screenX || window.screenLeft
#88 JavaScript::Eval (size: 19) - SHA256: c26c62a09a687d08a3ef9d9a960c5ae2ad47fecc853b4fb0380d71586d260a1b
window.opener == null
#89 JavaScript::Eval (size: 31) - SHA256: 043b61c407c6f51e3a4ee18efee76fac227501d805df309988fc1494ae0a30dc
performance.timing.connectStart
#90 JavaScript::Eval (size: 31) - SHA256: df3486f2ca74e18e1c81ba55663a8dd4e668e36fed82949b9cca595051bd5064
performance.timing.requestStart
#91 JavaScript::Eval (size: 36) - SHA256: a7dc60bd6993c201941ea0bfc5218f7fea0bc015ee5dc88e658db78d98f8d98a
performance.timing.domainLookupStart
#92 JavaScript::Eval (size: 12) - SHA256: bc1a6bd7f4ddbcd78987ea609d4595bdf2422cb1be9e85af5d6c199f62000d6c
screen.width
#93 JavaScript::Eval (size: 18) - SHA256: addd231a2f2807fb0b4ebdadd2bc23ae2a1cb93a92b07fa6e20ee9af832a8b47
navigator.platform
#94 JavaScript::Eval (size: 29) - SHA256: 95b2bbef556b3dc3b807638cb7b08274af9b8998def0c82d81e3a1517100d68f
performance.timing.fetchStart
#95 JavaScript::Eval (size: 30) - SHA256: ca1a06e2314f272f03bc401a7ae0f4056692895b060fd13c00280536b6c56e85
performance.timing.responseEnd
#96 JavaScript::Eval (size: 28) - SHA256: ef184af14e9e4c14bc286dcbd2a00161c209ce5cf6f9e30c4e7de6d929e9aa4d
typeof document.ontouchstart
#97 JavaScript::Eval (size: 31) - SHA256: 7f96f13e41030d403da6d3c41ed3e161053572b43346d4e7c6ade69c0861d6ca
typeof document.visibilityState
#98 JavaScript::Eval (size: 46) - SHA256: 30f73e7f08c8e6a25fec00672f75fa725d3fa7a30bf847fb1dcb0115ec2f8607
Intl.DateTimeFormat().resolvedOptions().locale
#99 JavaScript::Eval (size: 52) - SHA256: b218e02bbc9cda846447b2e8fff62bc41f7f5b0e12ad8adfc05380f8df3288a4
window.external.getHostEnvironmentValue("os-build");
#100 JavaScript::Eval (size: 24) - SHA256: ebca0f427d949e5889ac01faf63de6370743bddd0169c9354c84bc47e3e8a0b1
window.opener.innerWidth
#101 JavaScript::Eval (size: 6) - SHA256: 44ff7b02c80d38b26dd6aa31d9470aed81b32e10331a3c994fb1a9945fd847ba
window
#102 JavaScript::Eval (size: 17) - SHA256: 9094a3d888951e5671f4b6dce42ef291cd071cb196d8761fef42c010ecf5b142
navigator.plugins
#103 JavaScript::Eval (size: 19) - SHA256: 63fd63a33ca43f07ce872672d604657ec0fbfbe24bec43f4b322c0f7a1c2ce25
document.hasFocus()
#104 JavaScript::Eval (size: 26) - SHA256: 92f68565a2781a0fbd595ff5c54717d6b87c6cf19d42c7f3d3d4c81193bb2cb4
navigator.battery.charging
#105 JavaScript::Eval (size: 24) - SHA256: 15eb7e222abfc64660d0f94c04053839498df20ea9ac9a13a201701a56ce3bf6
typeof window.chrome.csi
#106 JavaScript::Eval (size: 36) - SHA256: 4105e0401cf30138cd3ec66def6e14b091f0617777c14cd703ba3e8be17d5777
performance.navigation.redirectCount
#107 JavaScript::Eval (size: 14) - SHA256: 28d9693460ce57dd4e01742e50a1baa10cbed3fa6c20c2a69f02424f80fb9a2e
!(top == window)
#108 JavaScript::Eval (size: 20) - SHA256: dfafe4f2e08c006ec277e8042267c6237512a1a93bfcf57657420d4becc0a97b
window.mozPaintCount
#109 JavaScript::Eval (size: 17) - SHA256: f8b516a2a0538b8599ab0452be3f3aa473cf3b0c510275d0a30565cefd564701
screen.pixelDepth
#110 JavaScript::Eval (size: 48) - SHA256: e7678fa8be4ae3ca69e517858903bb107391f9de7ae346a75288b81b57630269
Intl.DateTimeFormat().resolvedOptions().timeZone
#111 JavaScript::Eval (size: 13) - SHA256: 56e57af29d4af8b1fb7008dbfdf84a764970a6673f1f19165f1a8498ce903d93
screen.height
#112 JavaScript::Eval (size: 15) - SHA256: de7f7b137340e1d218833d7afef73ea711325f139a4428eed317ca0374f67c91
navigator.oscpu
#113 JavaScript::Eval (size: 22) - SHA256: 42c1dc825c7afb2edca4a8bca3f669784ae08b69226a5ec5044ee7600fccb397
window.mozInnerScreenY
#114 JavaScript::Eval (size: 11) - SHA256: c42b2a75055edd538c357b5923a7eca102ebf4e63f14d7d8b6fa2778d6b1cdd2
screen.left
#115 JavaScript::Eval (size: 17) - SHA256: e5ee82e31ec94cc385b3637227b4435f0547b3d0a4aa60cdda1d8fada4779df3
screen.availWidth
#116 JavaScript::Eval (size: 18) - SHA256: c1fcce173bd0b08415367c934d5db7c4ed130c7f83a485c91682873bff2954ee
screen.availHeight
#117 JavaScript::Eval (size: 17) - SHA256: c03ab22471edc55763f012b82b8d32f981b31ca921a55cc4a663b8bd953b96e7
screen.deviceYDPI
#118 JavaScript::Eval (size: 27) - SHA256: d411f352f2428265f0fc9f43b7429dafafad74f69cf4022cd51d9df23a67f157
performance.navigation.type
#119 JavaScript::Eval (size: 25) - SHA256: 11ae4500086472eb307c6d2459f0d1446b2cc02b1afda7925d800e2d49f1c9d1
window.opener.outerHeight
#120 JavaScript::Eval (size: 34) - SHA256: de98f45cade0178e1fd1a8257ab99e8431b3d5b35a393217e74ad6caa4efed60
performance.timing.domainLookupEnd
#121 JavaScript::Eval (size: 12) - SHA256: 5191a526bd66a118a4a51956503fdcf4555cc92b48b9a426d04a7af25d3980e1
window.brave
#122 JavaScript::Eval (size: 51) - SHA256: 8c6276b2ab288fa398c4bc128bf765ffc10696c7adb7b2db18019870fa29cbdd
window.external.getHostEnvironmentValue("os-mode");
#123 JavaScript::Eval (size: 25) - SHA256: cfab5312f1cfff1e8162225ab27453306ff627f512bcf18225c0a305ca093e1c
window.scrollbars.visible
#124 JavaScript::Eval (size: 46) - SHA256: b1101545a9bed4591a67166c932701b5ec44cb1976bb9df3d584fa2ab8ba8245
window.opener.screenY || window.opener.screenTop
#125 JavaScript::Eval (size: 24) - SHA256: ae3766b014bf6a5b6452d14a9f1de103d584e98933db2577122c136bfb9eb0c6
navigator.connection.rtt
#126 JavaScript::Eval (size: 20) - SHA256: 3f3d3b81e8706983e30a63da7389e8cd3e70bd7778063d63f748984c42007425
IntersectionObserver
#127 JavaScript::Eval (size: 50) - SHA256: 203d92af34680f7fe84b0047f738fae4e2d401f5d28af8d70f067dc77f5acb6a
window.external.getHostEnvironmentValue("os-sku");
#128 JavaScript::Eval (size: 20) - SHA256: 6af0594857ab3b4e97420ca6bf7e098fc0901e86860d2e6a26cdf1d176c37dec
navigator.doNotTrack
#129 JavaScript::Eval (size: 34) - SHA256: fa103a26e90f8e37ab2371d0dd320ca199c0ff194f4ded9cee3ccfa85c22f713
window.ScriptEngineMajorVersion();
#130 JavaScript::Eval (size: 18) - SHA256: 17720ad70d18a072962c7509a9e8f79d6227be2728fb0e89dafb5a1edbc19f40
window.console.log
#131 JavaScript::Eval (size: 25) - SHA256: 02665a4c106fc96e71ef5a17511cf353ec3f5cccb82ec9fce719b23967728897
typeof window.WebAssembly
#132 JavaScript::Eval (size: 20) - SHA256: 3688d7e88d248ea850c456f0233738d10695a410a3dec97785ca7422c3f562c1
document.innerHeight
#133 JavaScript::Eval (size: 15) - SHA256: 4f61f9e962c8c1d90b453b461dd9431c1d3a6a706e61ab5c2a9faf6a71aea93f
screen.availTop
#134 JavaScript::Eval (size: 21) - SHA256: 023250096bcba5a18a624685884b3126896db722289f3281cea8ec5cc63476e7
navigator.appCodeName
#135 JavaScript::Eval (size: 22) - SHA256: e924fcaf65b8ea057cb30e32bbdf04fdafe2bde622539d6d1abc466b050917d5
navigator.userLanguage
#136 JavaScript::Eval (size: 27) - SHA256: c66fd00bf884bbcc3f43284fb1c86bcea447ce653124ca7b7202d0e5fd30ae08
window.opener.location.href
#137 JavaScript::Eval (size: 17) - SHA256: 13871edf9ac7e58046d0f0d03811464e388c3f2323eebc6b61954c79dc883459
screen.deviceXDPI
#138 JavaScript::Eval (size: 24) - SHA256: 4b653dda0da63fbe970902ed9a8dc33f1f0555edd3d9f2ae1ad8ed9284632d72
navigator.maxTouchPoints
#139 JavaScript::Eval (size: 9) - SHA256: ebf49dcd836f810084c14e0f2dab4dc1768bbdc5980481bf201fcf76771dff7a
navigator
#140 JavaScript::Eval (size: 4) - SHA256: 1bbd174404efbce95f1af489ef93f4aa0f4d55718f24c3504682216afa7b7fb1
eval

Executed Writes (3)
#1 JavaScript::Write (size: 92) - SHA256: 5be7a855856bbb73c30cdc2e6fd0c9370c6286f8ac03047d868267c37c233d41
< script type = "application/javascript"
src = "https://ads.exoclick.com/ad99uip8i.php" > < /script>
#2 JavaScript::Write (size: 25) - SHA256: b58b3589543febad94ede41ded40e6f2700307f363b72eb3e4f461cfb79cc8b9
< span id = 'cntdwn' > < /span>
#3 JavaScript::Write (size: 490) - SHA256: 09636d530f5f0ca82a0cc0c26d20759e6cf912f6edf03142e17050ad67751790
< iframe src = "https://syndication.exosrv.com/ads-iframe-display.php?idzone=2889662&amp;type=160x600&amp;p=https%3A//www.onlyhgames.com/go.php%3Fid%3Doxoour52j6qzuw2&amp;dt=1669414310056&amp;sub=&amp;tags=&amp;cookieconsent=true&amp;screen_resolution=1280x1024&amp;el=&quot; "
sandbox = "allow-forms allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts"
scrolling = "no"
marginwidth = "0"
marginheight = "0"
width = "160"
height = "600"
frameborder = "0" > < /iframe>


HTTP Transactions (79)


Request Response
                                        
                                            GET /go.php?id=oxoour52j6qzuw2 HTTP/1.1 
Host: www.onlyhgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1

search
                                         94.242.50.158
HTTP/1.1 303 See Other
content-type: text/html
                                        
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-length: 711
date: Fri, 25 Nov 2022 22:11:50 GMT
server: LiteSpeed
location: https://www.onlyhgames.com/go.php?id=oxoour52j6qzuw2
vary: User-Agent
cache-control: public


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   711
Md5:    98591fa6405701aef9e54a2755947c5d
Sha1:   58f3bc59cddb278cf46982e7d117948268ef5173
Sha256: f25f95f73984e742829fee2561e3114af2c08401932e04df9b0c781d8c899df4
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8799
Expires: Sat, 26 Nov 2022 00:38:29 GMT
Date: Fri, 25 Nov 2022 22:11:50 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2198
Cache-Control: max-age=132962
Date: Fri, 25 Nov 2022 22:11:50 GMT
Etag: "63809972-1d7"
Expires: Sun, 27 Nov 2022 11:07:52 GMT
Last-Modified: Fri, 25 Nov 2022 10:31:14 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3978
Expires: Fri, 25 Nov 2022 23:18:08 GMT
Date: Fri, 25 Nov 2022 22:11:50 GMT
Connection: keep-alive

                                        
                                            GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1 
Host: content-signature-2.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         34.160.144.191
HTTP/2 200 OK
content-type: binary/octet-stream
                                        
x-amz-id-2: wqTFknXTsFAZdsyDzQtk6+5JyWAyFKPct0wTyrM3UQ+eYxz0/ANLk/pwqsMh1HXJU9w7IuWdMbk=
x-amz-request-id: 06KMM74W1B5FDEQ0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 21:43:59 GMT
age: 1671
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PEM certificate\012- , ASCII text
Size:   5348
Md5:    9ebddc2b260d081ebbefee47c037cb28
Sha1:   492bad62a7ca6a74738921ef5ae6f0be5edebf39
Sha256: 74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
                                        
                                            GET /v1/ HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 21:19:09 GMT
cache-control: public,max-age=3600
age: 3161
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Size:   939
Md5:    4d7e4eed097b9c4e5d509419f1cfc85a
Sha1:   290bb3d428a7c6330e2e3d73a952b16f820896c8
Sha256: 0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
                                        
                                            GET /v1/tiles HTTP/1.1 
Host: contile.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.117.237.239
HTTP/2 200 OK
content-type: application/json
                                        
server: nginx
date: Fri, 25 Nov 2022 22:11:50 GMT
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with no line terminators
Size:   12
Md5:    23e88fb7b99543fb33315b29b1fad9d6
Sha1:   a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
Sha256: 7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
                                        
                                            GET /ad_track.js HTTP/1.1 
Host: ads.exoclick.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         205.185.216.10
HTTP/1.1 200 OK
Content-Type: application/javascript
                                        
Date: Fri, 25 Nov 2022 22:11:50 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 221
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"3ac21caf363100082c3f8c53986"
X-HW: 1669414310.dop201.sk1.t,1669414310.cds232.sk1.shn,1669414310.dop201.sk1.t,1669414310.cds026.sk1.c
Access-Control-Allow-Origin: *, *


--- Additional Info ---
Magic:  HTML document, ASCII text, with very long lines (368), with no line terminators
Size:   221
Md5:    1aaf2775a48a6417574972dfbbe2797b
Sha1:   8562ab1dc5691c9026e9cdea6e0a84787a48be34
Sha256: 88479a62209f6f242c8f8b93461fa93aadbbaf07fab1152d806fba1b69f99aa1
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 22:11:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            GET /ad99uip8i.php HTTP/1.1 
Host: ads.exoclick.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         205.185.216.10
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 25 Nov 2022 22:11:50 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 50
Accept-Ranges: bytes
Server: nginx
Cache-Control: max-age=10800
X-HW: 1669414310.dop201.sk1.t,1669414310.cds232.sk1.shn,1669414310.dop201.sk1.t,1669414310.cds262.sk1.c
Access-Control-Allow-Origin: *, *


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   50
Md5:    06d4faa411b83f9b0a030cf2b68ec904
Sha1:   ec633929782d2f0224a127a303023506262226ca
Sha256: d4d18940a5b8abeaf48fd08e6d97a5990ef5ea98070dbca9577585fada3ef826
                                        
                                            GET /gtag/js?id=UA-96564504-1 HTTP/1.1 
Host: www.googletagmanager.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.168
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
                                        
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 25 Nov 2022 22:11:50 GMT
expires: Fri, 25 Nov 2022 22:11:50 GMT
cache-control: private, max-age=900
last-modified: Fri, 25 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43605
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1921)
Size:   43605
Md5:    0c986cb30f7d6d362c947f218f038019
Sha1:   a6203d78d62c22c9aae3dc30c47212f244ea9efc
Sha256: b6ab3aec80394e9aa53beaf5768846c3dc35171475f11c4fa32a01a907417e11
                                        
                                            POST /gts1c3 HTTP/1.1 
Host: ocsp.pki.goog
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         142.250.74.35
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 22:11:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 22:11:50 GMT
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 20:27:05 GMT
Expires: Fri, 02 Dec 2022 20:27:04 GMT
Etag: "8651b4d4d93ae308142eb3a9f7bde8d9c0713430"
Cache-Control: max-age=597913,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76fdb8f0efd21bfa-OSL

                                        
                                            GET /js/jads.js HTTP/1.1 
Host: poweredby.jads.co
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.94.236.246
HTTP/1.1 301 Moved Permanently
Content-Type: text/html
                                        
Server: nginx
Date: Fri, 25 Nov 2022 22:11:50 GMT
Content-Length: 178
Connection: keep-alive
Location: jads2.js


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Size:   178
Md5:    cd2e0e43980a00fb6a2742d3afd803b8
Sha1:   81ffbd1712afe8cdf138b570c0fc9934742c33c1
Sha256: bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
                                        
                                            GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1 
Host: firefox.settings.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.102.187.140
HTTP/2 200 OK
content-type: application/json
                                        
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 22:11:11 GMT
cache-control: public,max-age=3600
age: 39
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Size:   329
Md5:    0333b0655111aa68de771adfcc4db243
Sha1:   63f295a144ac87a7c8e23417626724eeca68a7eb
Sha256: 60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
                                        
                                            GET /ads-iframe-display.php?idzone=2889662&type=160x600&p=https%3A//www.onlyhgames.com/go.php%3Fid%3Doxoour52j6qzuw2&dt=1669414310056&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1 
Host: syndication.exosrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         95.211.229.248
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
                                        
Server: nginx
Date: Fri, 25 Nov 2022 22:11:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263813da6cb8c53.762723252167268917%22%3B%7D; expires=Sun, 24 Nov 2024 22:11:50 GMT; path=; domain=.exosrv.com; Secure; SameSite=none impressions=cmmsxrbonxgxaalsbbboageicmmsxaeenxgxaalsmleergeimacslbecnxgxaaabssxamgeislsaroornxgxaalsbbboageicxbmsbxcnxgxaalsbbboageioslmrxlrnxgxaalscasrogeiccmmlmlcnxgxaalsombbogeialbsereanxgxaablmmosmgeioslmrxbrnxgxaalslalexgeicxbmsbcenxgxaalsbmacmgeioslmrxlsnxgxaaloeexasgeicxbmsbocnxgxaalsoboaxgeicxbmsboenxgxaalceramlgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaablbccmbgeiccmmlleanxgxaalxrsemmgeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaabocrlxogeimacslbeenxgxaaboslelageioslmroemnxgxaalceramlgeioslmrxbmnxgxaalssbrcxgeicaxsscmbnxgxaalsombbogeicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaalsmleergeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaalsbbboageimcclsoeonxgxaamxaacblgeimacslbeonxgxaaloesaslgeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaalscasrogeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaammemsrlgeimcclsxlcnxgxaamrscxmxgeimaecseranxgxaabrlemaegeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaalosseolgeicaormbmbnxgxaalosseolgeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaalolablsgeimcclsxconxgxaalsbbboageimcclsxmenxgxaalsmleergeialbserxonxgxaabascxmogeimccloscenxgxaamabsxrmgeimcclsxxonxgxaalsbbboageimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaaloarmmlgeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaalsxarlegeimacslbeanxgxaablxaelxgeialbserecnxgxaalssbrcxgeiccmmllecnxgxaalolbrrmgeisaeeasslnxgxaabrbeccogeimcclossanxgxaabrlemaegeimcclsxronxgxaaloaroaageimaecseabnxgxaabrlemaegeimrblelrcnxgxaabrlemaegeimrblxemonxgxaabrlemaegeimcclsxcanxgxaablrbexmgeimaecsxoonxgxaabmalbxxgeircsxcxscnxgxaabbxeomsgeicaormbbenxgxaalexxbcxgeiabeocmconxgxaablxrcmmgeimcclsxxcnxgxaalesmxrsgeimrblxeeanxgxaablsaloageimaecsemanxgxaablsaloageimaecselonxgxaaloaroaageimcclsxacnxgxaalxmmoorgeimcclselenxgxaalsbbboageimaecsxronxgxaalxmmoorgeimaecsxsenxgxaalxmmoorgeimaecsercnxgxaalxmmoorgeimaecsembnxgxaalxmmoorgeimaecselenxgxaalxmmoorgeiaaxcabeenxgxaalsoboragxcceimmxsrbmensgxaalsobormgxcceimmxccmeonxgxaalsoboaxgxcceimxcbrxlonxgxaalsoboaxgxcceimeembecensgxaalsselelgxcceimmxsrbaonsgxaalsselelgxcceimrxccosbnsgxaalssocbxgxcceimeembescncgxaalssocbxgxcceimxlbalcenogxaalssolsmgxcceimxlbmxlonogxaalssolsmgxcceimexexabbnxgxaalsssecmgxcceiarmcbbbbnxgxaalsssxbbgxcceicmarxbbonsgxaalsssxbbgxcceimaaaeroanxgxaalsssxbbgxcceimcrxeocanxgxaalsssxlagxcceimxeocbabnxgxaalssslolgxcceimxeoxsbenrgxaalssbxeegxcceimxeoxsacnrgxaalssbrcxgxcceimxlbmxlenogxaalsslbacgxcceimaslbmcanxgxaalsceoorgxcceimrxmbacanxgxaalsceolbgxcceimrxbrloonxgxaalscecmcgxcceimrxbrloanxgxaalscecmcgxcceimrxbrlobnxgxaalscecmcgxcceiaaxcamlanxgxaalscoxrsgxcceimrxccosanogxaalscoxrsgxcceimaslbmccnxgxaalscorregxcceimmxerboonxgxaalscrxsegxcceimaslbmconxgxaalscrsmsgxcceimemlxmcbnxgxaalscramsgxcceialbbbllanxgxaalscmmmagxcceiaaxcamlenxgxaalscbexagxcceimocbmmmcnxgxaalsremobgxcceimocbmmmanxgxaalsremobgxcceimocbmmacnxgxaalsremobgxcceialbmlesenxgxaalsrebmmgxcceimmxsrbabncgxaalsrebmmgxcceimaooleronxgxaalsrxbsegxcceimaoolemonxgxaalsrxbsegxcceimmexemlanrgxaalsrxbsegxcceimraeelabnxgxaalsrxlmmgxcceicloaecocnxgxaalsrxlmmgxcceimmxerbocnxgxaalsrclmxgxcceimmxcxslenxgxaalsrclmxgxcceialbbebsancgxaalsrmlmsgxcceixaoossalnsgxaalsaearxgxcceimaoobbebnxgxaalsaorlrgxcceimrxccosonxgxaalsmeossgxcceixaoosscrnxgxaalsmeossgxcceimeembesonxgxaalsmeossgxcceicloaxxabnxgxaalsmoaxlgxcceimmooobranogxaalsmsxacgxcceimxlbmoconsgxaalsmrxergxcceimaoobrbansgxaalsmrxergxcceimaecobobnxgxaalsmleergeimaoobrbcnsgxaalsmleergxcceimmexebeenogxaalsmleergxcceimrmaobxanogxaalsmleergxcceiaaxcambbnxgxaalsmlolegxcceimrmbbrmbnsgxaalsbolalgxcceircmbbroanxgxaalsbsxomgxcceirreacmsbnxgxaalsbsxomgxcceimsacexoonxgxaalsbsxomgxcceimxeemleanxgxaalsbsxomgxcceimasbmxsbnxgxaalsbreomgxcceimemlxbocncgxaalsbrcllgxcceialbbebsbnxgxaalsbrcllgxcceialrexeoonxgxaalsbabbegxcceimcssmlrensgxaalsbmacmgxcceimaecomoanxgxaalsbbboageimrblxxoenxgxaalsbmacmgeislmbecesnxgxaalsbbboagxoaeimxlbmxbbnogxaalsbbboagxcceimaecobsbnxgxaalsbbboageimrblxosonxgxaalsbbboageialrexexbnxgxaalsbblsmgxcceimmooobrbnxgxaalslablsgxcceimxlbmoscnogxaalslalexgxcceicloaxxmonxgxaalslalexgxcceimxlbmosenogxaalslalexgxcceimxeemblensgxaalslmcbsgxcceimmexebeonxgxaalcerrrxgxcceimmexemlcnxgxaalcerrrxgxcceimxxerrxenxgxaalceramlgxcceimmossscencgxaalcerabogxcceimmosssconsgxaalcerabogxcceimxlbmosanogxaalceaelegxcceimeelaclonxgxaalcxsoorgaeimrmbbrrbnxgxaalcxssxbgxcceimrmbbraonxgxaalcxssxbgxcceimrmbbrcanxgxaalcxssxbgxcceimxxrecsanxgxaalcxsralgxcceiaaxcamlcnxgxaalcxsrmegxcceimcoaxmxcnxgxaalcxsrmegxcceialbmmbbenxgxaalcxsrmegxcceimcoaxmxonxgxaalcxsrmegxcceialbmmbmbnxgxaalcxcsxxgxcce; expires=Sat, 26 Nov 2022 22:11:51 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1207)
Size:   1169
Md5:    6f878039c88e0f668b30001c2ad9fb9f
Sha1:   fc9c70dbe8f0df68f8a74a63fec11030ad941c06
Sha256: 43738f1991cc6a53fa3cc6e5b34cbf69f98edcf7fabac9c9eb0039f85b147aa4
                                        
                                            GET /analytics.js HTTP/1.1 
Host: www.google-analytics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         142.250.74.174
HTTP/2 200 OK
content-type: text/javascript
                                        
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 25 Nov 2022 20:41:08 GMT
expires: Fri, 25 Nov 2022 22:41:08 GMT
cache-control: public, max-age=7200
age: 5443
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (1325)
Size:   20039
Md5:    47e6f374ca946fddd5b59871b325736c
Sha1:   baa9282efc8785e84d247c3bff518eaa45f101c4
Sha256: 16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
                                        
                                            GET / HTTP/1.1 
Host: 6.adsco.re
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.onlyhgames.com
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         104.17.167.186
HTTP/2 200 OK
content-type: text/plain;charset=UTF-8
                                        
date: Fri, 25 Nov 2022 22:11:51 GMT
content-length: 0
access-control-allow-origin: https://www.onlyhgames.com
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fdb8f4bcffb506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 4740
Cache-Control: max-age=130440
Date: Fri, 25 Nov 2022 22:11:51 GMT
Etag: "638085ab-1d7"
Expires: Sun, 27 Nov 2022 10:25:51 GMT
Last-Modified: Fri, 25 Nov 2022 09:06:51 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /splash.php?native-settings=1&idzone=3467257&p=https%3A%2F%2Fwww.onlyhgames.com%2Fgo.php%3Fid%3Doxoour52j6qzuw2 HTTP/1.1 
Host: syndication.exosrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.onlyhgames.com
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         95.211.229.248
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 25 Nov 2022 22:11:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://www.onlyhgames.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263813da718c591.945370712905773744%22%3B%7D; expires=Sun, 24 Nov 2024 22:11:51 GMT; path=; domain=.exosrv.com; Secure; SameSite=none impressions=cmmsxrbonxgxaalsbbboageicmmsxaeenxgxaalsmleergeimacslbecnxgxaaabssxamgeislsaroornxgxaalsbbboageicxbmsbxcnxgxaalcxcsxxgeioslmrxlrnxgxaalscasrogeiccmmlmlcnxgxaalsombbogeialbsereanxgxaablmmosmgeioslmrxbrnxgxaalslalexgeicxbmsbcenxgxaalsbmacmgeioslmrxlsnxgxaaloeexasgeicxbmsbocnxgxaalsoboaxgeicxbmsboenxgxaalceramlgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaablbccmbgeiccmmlleanxgxaalxrsemmgeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaabocrlxogeimacslbeenxgxaaboslelageioslmroemnxgxaalceramlgeioslmrxbmnxgxaalssbrcxgeicaxsscmbnxgxaalsombbogeicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaalsmleergeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaalsbbboageimcclsoeonxgxaamxaacblgeimacslbeonxgxaaloesaslgeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaalscasrogeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaammemsrlgeimcclsxlcnxgxaamrscxmxgeimaecseranxgxaabrlemaegeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaalosseolgeicaormbmbnxgxaalosseolgeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaalolablsgeimcclsxconxgxaalsbbboageimcclsxmenxgxaalsmleergeialbserxonxgxaabascxmogeimccloscenxgxaamabsxrmgeimcclsxxonxgxaalsbbboageimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaaloarmmlgeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaalsxarlegeimacslbeanxgxaablxaelxgeialbserecnxgxaalssbrcxgeiccmmllecnxgxaalolbrrmgeisaeeasslnxgxaabrbeccogeimcclossanxgxaabrlemaegeimcclsxronxgxaaloaroaageimaecseabnxgxaabrlemaegeimrblelrcnxgxaabrlemaegeimrblxemonxgxaabrlemaegeimcclsxcanxgxaablrbexmgeimaecsxoonxgxaabmalbxxgeircsxcxscnxgxaabbxeomsgeicaormbbenxgxaalexxbcxgeiabeocmconxgxaablxrcmmgeimcclsxxcnxgxaalesmxrsgeimrblxeeanxgxaablsaloageimaecsemanxgxaablsaloageimaecselonxgxaaloaroaageimcclsxacnxgxaalxmmoorgeimcclselenxgxaalsbbboageimaecsxronxgxaalxmmoorgeimaecsxsenxgxaalxmmoorgeimaecsercnxgxaalxmmoorgeimaecsembnxgxaalxmmoorgeimaecselenxgxaalxmmoorgeiaaxcabeenxgxaalsoboragxcceimmxsrbmensgxaalsobormgxcceimmxccmeonxgxaalsoboaxgxcceimxcbrxlonxgxaalsoboaxgxcceimeembecensgxaalsselelgxcceimmxsrbaonsgxaalsselelgxcceimrxccosbnsgxaalssocbxgxcceimeembescncgxaalssocbxgxcceimxlbalcenogxaalssolsmgxcceimxlbmxlonogxaalssolsmgxcceimexexabbnxgxaalsssecmgxcceiarmcbbbbnxgxaalsssxbbgxcceicmarxbbonsgxaalsssxbbgxcceimaaaeroanxgxaalsssxbbgxcceimcrxeocanxgxaalsssxlagxcceimxeocbabnxgxaalssslolgxcceimxeoxsbenrgxaalssbxeegxcceimxeoxsacnrgxaalssbrcxgxcceimxlbmxlenogxaalsslbacgxcceimaslbmcanxgxaalsceoorgxcceimrxmbacanxgxaalsceolbgxcceimrxbrloonxgxaalscecmcgxcceimrxbrloanxgxaalscecmcgxcceimrxbrlobnxgxaalscecmcgxcceiaaxcamlanxgxaalscoxrsgxcceimrxccosanogxaalscoxrsgxcceimaslbmccnxgxaalscorregxcceimmxerboonxgxaalscrxsegxcceimaslbmconxgxaalscrsmsgxcceimemlxmcbnxgxaalscramsgxcceialbbbllanxgxaalscmmmagxcceiaaxcamlenxgxaalscbexagxcceimocbmmmcnxgxaalsremobgxcceimocbmmmanxgxaalsremobgxcceimocbmmacnxgxaalsremobgxcceialbmlesenxgxaalsrebmmgxcceimmxsrbabncgxaalsrebmmgxcceimaooleronxgxaalsrxbsegxcceimaoolemonxgxaalsrxbsegxcceimmexemlanrgxaalsrxbsegxcceimraeelabnxgxaalsrxlmmgxcceicloaecocnxgxaalsrxlmmgxcceimmxerbocnxgxaalsrclmxgxcceimmxcxslenxgxaalsrclmxgxcceialbbebsancgxaalsrmlmsgxcceixaoossalnsgxaalsaearxgxcceimaoobbebnxgxaalsaorlrgxcceimrxccosonxgxaalsmeossgxcceixaoosscrnxgxaalsmeossgxcceimeembesonxgxaalsmeossgxcceicloaxxabnxgxaalsmoaxlgxcceimmooobranogxaalsmsxacgxcceimxlbmoconsgxaalsmrxergxcceimaoobrbansgxaalsmrxergxcceimaecobobnxgxaalsmleergeimaoobrbcnsgxaalsmleergxcceimmexebeenogxaalsmleergxcceimrmaobxanogxaalsmleergxcceiaaxcambbnxgxaalsmlolegxcceimrmbbrmbnsgxaalsbolalgxcceircmbbroanxgxaalsbsxomgxcceirreacmsbnxgxaalsbsxomgxcceimsacexoonxgxaalsbsxomgxcceimxeemleanxgxaalsbsxomgxcceimasbmxsbnxgxaalsbreomgxcceimemlxbocncgxaalsbrcllgxcceialbbebsbnxgxaalsbrcllgxcceialrexeoonxgxaalsbabbegxcceimcssmlrensgxaalsbmacmgxcceimaecomoanxgxaalsbbboageimrblxxoenxgxaalsbmacmgeislmbecesnxgxaalsbbboagxoaeimxlbmxbbnogxaalsbbboagxcceimaecobsbnxgxaalsbbboageimrblxosonxgxaalsbbboageialrexexbnxgxaalsbblsmgxcceimmooobrbnxgxaalslablsgxcceimxlbmoscnogxaalslalexgxcceicloaxxmonxgxaalslalexgxcceimxlbmosenogxaalslalexgxcceimxeemblensgxaalslmcbsgxcceimmexebeonxgxaalcerrrxgxcceimmexemlcnxgxaalcerrrxgxcceimxxerrxenxgxaalceramlgxcceimmossscencgxaalcerabogxcceimmosssconsgxaalcerabogxcceimxlbmosanogxaalceaelegxcceimeelaclonxgxaalcxsoorgaeimrmbbrrbnxgxaalcxssxbgxcceimrmbbraonxgxaalcxssxbgxcceimrmbbrcanxgxaalcxssxbgxcceimxxrecsanxgxaalcxsralgxcceiaaxcamlcnxgxaalcxsrmegxcceimcoaxmxcnxgxaalcxsrmegxcceialbmmbbenxgxaalcxsrmegxcceimcoaxmxonxgxaalcxsrmegxcceialbmmbmbnxgxaalcxcsxxgxcceimxlbmoobnxgxaalcxcsxxgxcceialbbebrenxgxaalcxcsxxgxcceimcssmlrcnxgxaalcxcsxxgxcce; expires=Sat, 26 Nov 2022 22:11:51 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C3467257%7C71987228%7C100644%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C72f33e74bbfcbaa60c3f6362a0c9d603%7C0%7Conlyhgames.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 26 Nov 2022 22:11:51 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C3467257%7C69880850%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C72f33e74bbfcbaa60c3f6362a0c9d603%7C0%7Conlyhgames.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 26 Nov 2022 22:11:51 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C3467257%7C41873814%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C72f33e74bbfcbaa60c3f6362a0c9d603%7C0%7Conlyhgames.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 26 Nov 2022 22:11:51 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C3467257%7C74337954%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C72f33e74bbfcbaa60c3f6362a0c9d603%7C0%7Conlyhgames.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 26 Nov 2022 22:11:51 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip


--- Additional Info ---
Magic:  JSON data\012- , ASCII text, with very long lines (7184), with no line terminators
Size:   3918
Md5:    03eed81aaabecbba83a9be7b4a153c1b
Sha1:   db4af50eaa0fff31cf1ebcd13cb61a90710d1a6d
Sha256: 7712edbb8e7c076ab32293cc51017a03a92cfcf49191b17187383336437bed4c
                                        
                                            GET / HTTP/1.1 
Host: 4.adsco.re
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.onlyhgames.com
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         162.252.214.5
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 25 Nov 2022 22:11:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://www.onlyhgames.com
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   62
Md5:    adde5febc7b5b6c2c759ec735cce83a0
Sha1:   77ec17be8a9970ff04663294d41c590d0d24fde4
Sha256: ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "5CBEA6C7563210C36EE5D4E603971F207BC3E992644299D5E63B2FB14E942C30"
Last-Modified: Thu, 24 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11990
Expires: Sat, 26 Nov 2022 01:31:41 GMT
Date: Fri, 25 Nov 2022 22:11:51 GMT
Connection: keep-alive

                                        
                                            GET /js/jads2.js HTTP/1.1 
Host: poweredby.jads.co
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.onlyhgames.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.94.236.246
HTTP/1.1 200 OK
Content-Type: application/x-javascript
                                        
Server: nginx
Date: Fri, 25 Nov 2022 22:11:51 GMT
Last-Modified: Mon, 11 Jul 2022 00:36:11 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"62cb707b-eae"
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with very long lines (3758), with no line terminators
Size:   1719
Md5:    558e1b61fc513016183a3812938e79fb
Sha1:   5f72ea61a2aad8f7a0956321d3fd8524db70eddf
Sha256: a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
                                        
                                            GET / HTTP/1.1 
Host: push.services.mozilla.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LkFsPJTtdYBRnmqOhc4gRQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket

search
                                         35.162.125.72
HTTP/1.1 101 Switching Protocols
                                        
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: OWPjkYC8eRLSxfXCg//D/xj219w=

                                        
                                            POST / HTTP/1.1 
Host: lruxfmkonbyi.n4.adsco.re
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.onlyhgames.com
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         38.132.109.186
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Fri, 25 Nov 2022 22:11:51 GMT
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
Connection: close
ETag: "5b5f2f9a-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes

                                        
                                            GET /widget-branding-logo.png HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.76.9.16
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 25 Nov 2022 22:11:51 GMT
content-length: 1547
last-modified: Mon, 15 Apr 2019 09:03:59 GMT
etag: "5cb448ff-60b"
expires: Fri, 30 Jun 2023 16:01:02 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195204
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ1Sa+b/o6DCAA
x-77-nzt-ray: c0a4cc28e6d34850a73d8163f7c53028
x-cache: HIT
x-age: 12755107
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 94 x 28, 8-bit/color RGBA, non-interlaced\012- data
Size:   1547
Md5:    7a95be207bf27c9a91720b8ac81976ca
Sha1:   6412e94ce13924fede8b1bec73cb8e049b76688c
Sha256: 5325d5beb64d82d48d3f7d78b606ee93b8e975a55868bba038905329ed1044b9
                                        
                                            GET /library/676799/c8dcd8132d19fbaf195eccaab075f2180db8dd70.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.76.9.16
HTTP/2 200 OK
content-type: image/webp
                                        
date: Fri, 25 Nov 2022 22:11:51 GMT
content-length: 9956
last-modified: Thu, 04 Nov 2021 10:09:14 GMT
etag: "6183b14a-26e4"
expires: Fri, 30 Jun 2023 15:10:16 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195325
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ3UMKf/KqDCAA
x-77-nzt-ray: c0a4cc28e6d34850a73d8163ef12a528
x-cache: HIT
x-age: 12754986
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   9956
Md5:    21a6ba0d15d51f90b0bb08adaf869ea0
Sha1:   c8dcd8132d19fbaf195eccaab075f2180db8dd70
Sha256: 31487f3242ccf67da001889b69026904d3f5c116d64f5ae642b633fbb941cf45
                                        
                                            GET /library/41682/78a03b0c6ac66e6d15c4a77f8c89efc293afe0d3.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.76.9.16
HTTP/2 200 OK
content-type: image/webp
                                        
date: Fri, 25 Nov 2022 22:11:51 GMT
content-length: 7042
last-modified: Sun, 28 Nov 2021 14:52:02 GMT
etag: "61a39792-1b82"
expires: Fri, 30 Jun 2023 13:04:14 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688196811
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ3C15D/XJrCAA
x-77-nzt-ray: c0a4cc28e6d34850a73d81632c14d828
x-cache: HIT
x-age: 12753500
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   7042
Md5:    1a91d573cf9079f9b92cd2f404b215cd
Sha1:   78a03b0c6ac66e6d15c4a77f8c89efc293afe0d3
Sha256: f4d7dcae74909da8ae39f3b4542a16fa0f07b5a5bf8f4202e50ca80737e1beea
                                        
                                            GET /library/623611/26c94b1b9322fb1f2558083727af47e58151007e.webp HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.76.9.16
HTTP/2 200 OK
content-type: image/webp
                                        
date: Fri, 25 Nov 2022 22:11:51 GMT
content-length: 6782
last-modified: Wed, 03 Nov 2021 19:29:43 GMT
etag: "6182e327-1a7e"
expires: Fri, 30 Jun 2023 11:12:51 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195209
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ3NvJn/nqDCAA
x-77-nzt-ray: c0a4cc28e6d34850a73d8163b7eceb28
x-cache: HIT
x-age: 12755102
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Size:   6782
Md5:    ac7f0a83b67d9661811c62d68cdd2074
Sha1:   26c94b1b9322fb1f2558083727af47e58151007e
Sha256: 24c3c958813cf663205712c9a41003d3c5f304d3a90301d63847ab46047fc66f
                                        
                                            GET /library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg HTTP/1.1 
Host: s3t3d2y8.afcdn.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.76.9.16
HTTP/2 200 OK
content-type: image/jpeg
                                        
date: Fri, 25 Nov 2022 22:11:51 GMT
content-length: 25056
last-modified: Thu, 30 Mar 2017 09:55:25 GMT
etag: "58dcd60d-61e0"
expires: Fri, 30 Jun 2023 14:29:46 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195223
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ3EvjP/kKDCAA
x-77-nzt-ray: c0a4cc28e6d34850a73d8163181a0b29
x-cache: HIT
x-age: 12755088
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Size:   25056
Md5:    dbe31828ea0277ab9845bf67aa749927
Sha1:   cc7211683ae26562c2df637755f311868f37c8ea
Sha256: 6499cca4ce115e6dcb44a71342a5c705f938fbffbe5c410b55e60051a417b917
                                        
                                            POST /p HTTP/1.1 
Host: adsco.re
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 1804
Origin: https://www.onlyhgames.com
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         162.252.214.5
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 25 Nov 2022 22:11:51 GMT
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Access-Control-Allow-Origin: https://www.onlyhgames.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   170
Md5:    f7f6c6a81d41397b2a37893e3e1cf33f
Sha1:   62788c942aaa05c75525169e6f50acdd52c779bb
Sha256: 1be405bb07c248b5925af71e1c0767f037d056229c6f16cc90c05b020c67287e
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "28E3CA79D5926A23DF04584DEA6C930EB385A9AF0C6FE54001D3FB8D34742513"
Last-Modified: Thu, 24 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7948
Expires: Sat, 26 Nov 2022 00:24:19 GMT
Date: Fri, 25 Nov 2022 22:11:51 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: ocsp.sectigo.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         172.64.155.188
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Date: Fri, 25 Nov 2022 22:11:52 GMT
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 09:39:42 GMT
Expires: Thu, 01 Dec 2022 09:39:41 GMT
Etag: "8130c083c102b18a7d08004b50da90fd80f479d9"
Cache-Control: max-age=472668,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76fdb8fa78121bfa-OSL

                                        
                                            GET /gbWHsV.asp?_=BAYAY4E9pwFjgT2ngAGBAsAAII0y4JldSpL9B1vXu6a0r2DCH9xZByiIei0PwHRqfh66wQBHMEUCIHtk9tbg8aSWM7JzRU12HXzkY0tpshUCRhkEFsp3zTyVAiEAwSX4bGDgArToMi__SDYVa5diYVMS8cLVWMh22IU0UY0&v=4&cszemJXg=770823&minBid=&WiKUuykj=0,0&HKIZolTh=&WOflvrdP=&s=1280,1024,1,1280,1024,0 HTTP/1.1 
Host: betteradsystem.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         162.252.213.208
HTTP/2 200 OK
content-type: text/javascript;charset=UTF-8
                                        
access-control-allow-origin: *
asf: 9
popads-ec: ASB
content-length: 44
date: Fri, 25 Nov 2022 22:11:52 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with no line terminators
Size:   44
Md5:    d5f0a25e4d3522d56d48ce7bc3e518fb
Sha1:   86794caff58f7fee6e684c2ba7195f970a8d6f4c
Sha256: 9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
                                        
                                            POST / HTTP/1.1 
Host: lruxfmkonbyi.s4.adsco.re
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.onlyhgames.com
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.200.116.90
HTTP/1.1 200 OK
Content-Type: text/html
                                        
Date: Fri, 25 Nov 2022 22:11:52 GMT
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16055
Expires: Sat, 26 Nov 2022 02:39:28 GMT
Date: Fri, 25 Nov 2022 22:11:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16055
Expires: Sat, 26 Nov 2022 02:39:28 GMT
Date: Fri, 25 Nov 2022 22:11:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16055
Expires: Sat, 26 Nov 2022 02:39:28 GMT
Date: Fri, 25 Nov 2022 22:11:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16055
Expires: Sat, 26 Nov 2022 02:39:28 GMT
Date: Fri, 25 Nov 2022 22:11:53 GMT
Connection: keep-alive

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16055
Expires: Sat, 26 Nov 2022 02:39:28 GMT
Date: Fri, 25 Nov 2022 22:11:53 GMT
Connection: keep-alive

                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:47:56 GMT
age: 1437
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   7993
Md5:    92c78302bcce1568eb6a5563100b932c
Sha1:   43d1dec7fc06879988c9c3cadd800cc8145df988
Sha256: 0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 13882
x-amzn-requestid: 9022b0b3-31d5-4149-a969-02514f11b95a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvzNHjMoAMFWMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9347-0e8354a02bef623644714e31;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:40:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DYBcunpyI0FBJsJGh1kKpFI3X8kzCkO3mCxzUtWnaMKBT-Bv-zkq3Q==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:59:20 GMT
age: 753
etag: "1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   13882
Md5:    64d79191f005c9876b952c5f948aa0f7
Sha1:   1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a
Sha256: 00fb36c3d322e8302c5ce202d6d4119d637510cd6f3b63e1347781ec3bb9d7fc
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 05:04:28 GMT
age: 61645
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   4309
Md5:    841a4b110022a99ddea6f7bf66df0fa1
Sha1:   126771b86638108050cf57c0d12faa27f80f0edb
Sha256: 240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5MlzpHpq7auKLSAYikINuPAylXI11VJL3xxIJ9Dyub-7rjQaPfg0WQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 04:23:00 GMT
age: 64133
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   3955
Md5:    4006a9037ab5f28dca62b0aa7a704c41
Sha1:   74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
Sha256: 556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 11743
x-amzn-requestid: 9ab0aba7-5cd1-4f6c-8984-dc221e1cbf8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cICD-F7joAMFqmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe3b2-152ba5f1495a44447356cdab;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: drCPrU5rprybHXLSQXEDaLkXde7oANRnFLmSiduDCZsg3Df-rAnBSg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:54:45 GMT
age: 1028
etag: "b0ddc1555d2506177adcdcea77864d75f1245d07"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   11743
Md5:    8784bb7a8b88736a6016f712e3183bf3
Sha1:   b0ddc1555d2506177adcdcea77864d75f1245d07
Sha256: 8e331713b0ad0b5670dd33dfdadde665e076a40ddb80905d4df89876d49803d8
                                        
                                            GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg HTTP/1.1 
Host: img-getpocket.cdn.mozilla.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         34.120.237.76
HTTP/2 200 OK
content-type: image/jpeg
                                        
server: nginx
content-length: 8006
x-amzn-requestid: 78aab013-df11-464b-a1c7-ee41b7e77b40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-AHSrIAMFvKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38c-4d795f410a57fc2c21d7075d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jhLdTvsf0fQqbEAf_2O3Vqn-RfZwyFYDpjm6_kSp9eg8w3z2AbEu6g==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:54:45 GMT
age: 1028
etag: "5d15fd672e968d59b541e4d5d0d01cd5e69f4075"
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Size:   8006
Md5:    8b6ee13d43732f7c764a49500d092865
Sha1:   5d15fd672e968d59b541e4d5d0d01cd5e69f4075
Sha256: fc3623d527147e1c6aab399251ed8d527e6eefdee6ad7183f00df2613498bfe4
                                        
                                            GET /adshow.php?adzone=648146 HTTP/1.1 
Host: poweredby.jads.co
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         185.94.236.246
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 25 Nov 2022 22:11:54 GMT
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=e302b3513ac2a8e24d4f9429e2e0dd0a; expires=Sat, 25-Nov-2023 22:11:51 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co juicy_data_1=YTowOnt9; expires=Mon, 28-Nov-2022 22:11:51 GMT; Max-Age=259197; path=/; SameSite=None; Secure; domain=jads.co juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 28-Nov-2022 22:11:51 GMT; Max-Age=259197; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Size:   1579
Md5:    4bb124ec965168c35d4c0c48ca1e88e5
Sha1:   33f28e9ab2b9a6fb1d7079478450532c0420e27e
Sha256: 2ef7ecfa339aa25bd444af950bc49d20ad7a42a8cc84efa5eecf2acd5f3ab8b3
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 337
Cache-Control: max-age=148385
Date: Fri, 25 Nov 2022 22:11:55 GMT
Etag: "6380dcfb-117"
Expires: Sun, 27 Nov 2022 15:25:00 GMT
Last-Modified: Fri, 25 Nov 2022 15:19:23 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 337
Cache-Control: max-age=148385
Date: Fri, 25 Nov 2022 22:11:55 GMT
Etag: "6380dcfb-117"
Expires: Sun, 27 Nov 2022 15:25:00 GMT
Last-Modified: Fri, 25 Nov 2022 15:19:23 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 6287
Cache-Control: max-age=100303
Date: Fri, 25 Nov 2022 22:11:55 GMT
Etag: "638009eb-118"
Expires: Sun, 27 Nov 2022 02:03:38 GMT
Last-Modified: Fri, 25 Nov 2022 00:18:51 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /popunder1000.js HTTP/1.1 
Host: a.realsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers

search
                                         185.76.9.25
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 25 Nov 2022 22:11:50 GMT
etag: W/"1063790cabf57ffff66ecc0cab2"
expires: Thu, 24 Nov 2022 17:05:30 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669417569
server: CDN77-Turbo
x-77-nzt: AblMCRRjtyz/dR0AAA
x-77-nzt-ray: af585630369e798ea63d816323cb012e
x-cache: HIT
x-age: 7541
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  ASCII text, with very long lines (65536), with no line terminators
Size:   58794
Md5:    dfa071d5122fd10728face475e3e61b8
Sha1:   fd10bd25a7c7b66b0cddbcf877ead9eaa419464c
Sha256: 62b512503f2b57fd96a3e82c9b67fe70a611a278aa1b983e4e68b7f37f602c05
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "941E5441730C4558040E0DECDEC018FF15DAD6ABC6BE4858C6417F2E941DBCBD"
Last-Modified: Thu, 24 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11682
Expires: Sat, 26 Nov 2022 01:26:37 GMT
Date: Fri, 25 Nov 2022 22:11:55 GMT
Connection: keep-alive

                                        
                                            GET /iframe/62334d9893a2a?iframe&ag_custom_domain=onlyhgames.com HTTP/1.1 
Host: goplayhere.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site

search
                                         172.67.187.242
HTTP/2 200 OK
content-type: text/html
                                        
date: Fri, 25 Nov 2022 22:11:55 GMT
set-cookie: c_aed3abb6d12cbb09d94fdac2bed4bd03=1; Expires=Sat, 26-Nov-22 22:11:55 GMT; Domain=goplayhere.com; Path=/; Secure; SameSite=None z_b5fb765df2374c173c96a35204fbe7ca=1; Expires=Sat, 26-Nov-22 22:11:55 GMT; Domain=goplayhere.com; Path=/; Secure; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BWkppbEh0WR3KChnkJqtFFeBKww322vHW4F8VktysH1MnqroZgN6ptVc5cEEM4xLpMGTJWgthHFYYX9QNI9hjm0r0Gbhe1%2FT2upE2F0%2B96E%2FgZ7syypfRGpaF2m8tvrJ3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fdb90d1cdf1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2414)
Size:   1029
Md5:    805aeb0d68b9454e995c5f45358c80ec
Sha1:   a3f452fdf2c9ee99cada546cba8e779abacf45b3
Sha256: 1e7e9f6c9af597d2bf38c1ceab11133b4ec78140a822b5f40695a42e6cd0e6f6
                                        
                                            GET /tag.php?goal=ecd938f748969c750709ba2e8deeba23 HTTP/1.1 
Host: main.realsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         95.211.229.248
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 25 Nov 2022 22:11:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A83751%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-11-25%22%3B%7D%7D; expires=Sat, 25 Nov 2023 22:11:55 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

                                        
                                            POST / HTTP/1.1 
Host: e1.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 345
ETag: "0AD184E87A0F2307E8E9ABF837353795E3014165DB70113D480E5A1A14F3DAF7"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2888
Expires: Fri, 25 Nov 2022 23:00:03 GMT
Date: Fri, 25 Nov 2022 22:11:55 GMT
Connection: keep-alive

                                        
                                            GET /api/v1/retargeting/set/a56bbc85-b77d-4219-bfc4-e832384180bb HTTP/1.1 
Host: runative-syndicate.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         148.251.19.25
HTTP/2 200 OK
content-type: text/plain; charset=utf-8
                                        
server: nginx
date: Fri, 25 Nov 2022 22:11:55 GMT
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: 2254dfb6a308e0e6
set-cookie: ts_rt_a56bbc85-b77d-4219-bfc4-e832384180bb=AAMC; expires=Sat, 25 Nov 2023 22:11:55 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   35
Md5:    c2196de8ba412c60c22ab491af7b1409
Sha1:   5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
Sha256: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
                                        
                                            GET /tag.php?goal=47dd92b1071a4ea3bd1564629f4b030c HTTP/1.1 
Host: main.exdynsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         95.211.229.246
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 25 Nov 2022 22:11:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A22614%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-11-25%22%3B%7D%7D; expires=Sat, 25 Nov 2023 22:11:55 GMT; path=/; domain=.exdynsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

                                        
                                            GET /tag.php?goal=ecd938f748969c750709ba2e8deeba23 HTTP/1.1 
Host: main.exdynsrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         95.211.229.246
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 25 Nov 2022 22:11:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A83751%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-11-25%22%3B%7D%7D; expires=Sat, 25 Nov 2023 22:11:55 GMT; path=/; domain=.exdynsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

                                        
                                            GET /img.gif?f=sync&lr=1&partner=231cd49a7855e5ab09961d63fb71270a509dc35327a759c7694c3f89594943d0 HTTP/1.1 
Host: my.rtmark.net
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         139.45.195.8
HTTP/2 200 OK
content-type: image/gif
                                        
server: nginx
date: Fri, 25 Nov 2022 22:11:55 GMT
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=be0ca6603a3e4cb5afc2d79dd0c3dd51; expires=Sat, 25 Nov 2023 22:11:55 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   43
Md5:    b4491705564909da7f9eaf749dbbfbb1
Sha1:   279315d507855c6a4351e1e2c2f39dd9cd2fccd8
Sha256: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
                                        
                                            GET /api/v1/retargeting/set/0a1ebf4e-f1a4-4146-916d-6962c02eca57 HTTP/1.1 
Host: tsyndicate.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         94.130.164.161
HTTP/2 200 OK
content-type: text/plain; charset=utf-8
                                        
server: nginx
date: Fri, 25 Nov 2022 22:11:55 GMT
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: f7d0f2057028dc3d
set-cookie: ts_rt_0a1ebf4e-f1a4-4146-916d-6962c02eca57=AAMC; expires=Sat, 25 Nov 2023 22:11:55 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  GIF image data, version 89a, 1 x 1\012- data
Size:   35
Md5:    c2196de8ba412c60c22ab491af7b1409
Sha1:   5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
Sha256: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "21F1573DD46F32944F3CE68A6DDEF1C9EA850B891C34BEC64AEEFEDAB5CF13BC"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6475
Expires: Fri, 25 Nov 2022 23:59:50 GMT
Date: Fri, 25 Nov 2022 22:11:55 GMT
Connection: keep-alive

                                        
                                            GET /bnr/4/be3/7117de/be37117de58a98e01af5ac3a8285a80a.png HTTP/1.1 
Host: iadoremakingpics.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         172.67.164.27
HTTP/2 200 OK
content-type: image/png
                                        
date: Fri, 25 Nov 2022 22:11:55 GMT
content-length: 157545
last-modified: Fri, 25 Jun 2021 15:56:02 GMT
etag: "60d5fc92-26769"
expires: Sat, 26 Nov 2022 22:11:55 GMT
cache-control: max-age=1382400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CJmAKEv3Ea%2FvvUfuj01wzF%2FNQm57vlrOHCgXHC9XyX1Wmih8%2BJZKHrSuI9nIzs37aO%2B2k5HjKAlsQuDwG33NWvjoJZgpHOLp0Xdr8vFVMKDN8OHNJaxluDNkxfNpCidNenZoIaY5wA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fdb90e7ab81c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  PNG image data, 160 x 600, 8-bit/color RGBA, non-interlaced\012- data
Size:   157545
Md5:    56575f5cd825c6e31fc1b49b67d66f9a
Sha1:   36d1cbb2218caf411f72803f757f8fd01ee915ad
Sha256: 3a0a4d6586c6a99c47f0f18c38464445d3df3e38da194fcaa68cc563e05ab540
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 2837
Cache-Control: max-age=96853
Date: Fri, 25 Nov 2022 22:11:55 GMT
Etag: "638009eb-118"
Expires: Sun, 27 Nov 2022 01:06:08 GMT
Last-Modified: Fri, 25 Nov 2022 00:18:51 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280

                                        
                                            GET /retarget/add?retargeting_code=1&add=1&retargeting_id=3959 HTTP/1.1 
Host: qqjar.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.38.110.121
HTTP/2 301 Moved Permanently
content-type: text/html; charset=utf-8
                                        
location: http://ww62.qqjar.ru/
content-length: 56
date: Fri, 25 Nov 2022 22:11:55 GMT
X-Firefox-Spdy: h2


--- Additional Info ---
Magic:  HTML document, ASCII text
Size:   56
Md5:    e7f3bc1c05df4fc5a40e4074387e53c1
Sha1:   54e08140c634483ac1f01d5e8be33d27681d8a42
Sha256: 883816d4551ae5769a1285e153c31ee553afb87391dd7c343253a9f066f75d34
                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3254
Cache-Control: 'max-age=158059'
Date: Fri, 25 Nov 2022 22:11:55 GMT
Last-Modified: Fri, 25 Nov 2022 21:17:41 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

                                        
                                            POST / HTTP/1.1 
Host: r3.o.lencr.org
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         23.36.77.32
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Server: nginx
Content-Length: 503
ETag: "214B76C5891AF9AA8B95612EB947AE7575384570532B825022755F220FB27F62"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3845
Expires: Fri, 25 Nov 2022 23:16:00 GMT
Date: Fri, 25 Nov 2022 22:11:55 GMT
Connection: keep-alive

                                        
                                            GET /tr?id=794325588036871&ev=PageView&noscript=1 HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 25 Nov 2022 22:11:55 GMT
X-Firefox-Spdy: h2

                                        
                                            GET /tr?id=1414481212224503&ev=PageView&noscript=1 HTTP/1.1 
Host: www.facebook.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         157.240.200.35
HTTP/2 200 OK
content-type: text/plain
                                        
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 25 Nov 2022 22:11:55 GMT
X-Firefox-Spdy: h2

                                        
                                            POST / HTTP/1.1 
Host: ocsp.digicert.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

search
                                         93.184.220.29
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
                                        
Accept-Ranges: bytes
Age: 3254
Cache-Control: 'max-age=158059'
Date: Fri, 25 Nov 2022 22:11:55 GMT
Last-Modified: Fri, 25 Nov 2022 21:17:41 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471

                                        
                                            GET /adserve/r.php?k=CAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322780791 HTTP/1.1 
Host: syndication.traffichaus.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         66.254.114.233
HTTP/1.1 200 OK
content-type: image/png
                                        
server: nginx
date: Fri, 25 Nov 2022 22:11:55 GMT
transfer-encoding: chunked
set-cookie: re_94511_Q0FU=eyJ0IjoiQ0FUIiwiYSI6Ijk0NTExIiwiZCI6IiIsImRoIjoiOTY5MjA1YjAyNDc3NTQyNTBkOTIxZDhkYTQ1ODc1ZmEiLCJiaCI6IjQ4YzAxMWQyNjQ4YWZlMDQ1NWQyMDM5NjdhYTEzMGE1IiwiaXAiOiI5MS45MC40Mi4xNTQiLCJlIjoxNjk1MzM0MzE1fQ%3D%3D; expires=Thu, 21-Sep-2023 22:11:55 GMT; Max-Age=25920000; path=/ RNLBSERVERID=ded5931; path=/
x-request-id: 63813DAB-42FE72E901BBA137-705EB26D


--- Additional Info ---
Magic:  PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Size:   95
Md5:    71a50dbba44c78128b221b7df7bb51f1
Sha1:   0ec63b140374ba704a58fa0c743cb357683313dd
Sha256: 3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
                                        
                                            GET / HTTP/1.1 
Host: ww62.qqjar.ru
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive

search
                                         76.223.26.96
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Fri, 25 Nov 2022 22:11:55 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_CfdZo1ERI5EUQpI1n+D3/08X02l/CoeN5WNetaQxNtmmR+U1XZC2trT0WF5yfxGq5/YDNo4A1LcbietItyc80Q==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip


--- Additional Info ---
Magic:  HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2463)
Size:   4356
Md5:    ba8673d87b9e1f77affaf69e89707960
Sha1:   8d9f9f2c3b3e5b15ce873f256d80bdf6b5a2493b
Sha256: ee6e6f4de0ef271bfb5d6dea96613bfbd30b74e4f049d7d475129d4921ad67fd

Alerts:
  Blocklists:
    - fortinet: Malware
                                        
                                            GET /tag.php?goal=ecd938f748969c750709ba2e8deeba23 HTTP/1.1 
Host: main.exoclick.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         95.211.229.248
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 25 Nov 2022 22:11:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A83751%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-11-25%22%3B%7D%7D; expires=Sat, 25 Nov 2023 22:11:56 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

                                        
                                            GET /tag.php?goal=47dd92b1071a4ea3bd1564629f4b030c HTTP/1.1 
Host: main.exoclick.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         95.211.229.248
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Server: nginx
Date: Fri, 25 Nov 2022 22:11:56 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A22614%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-11-25%22%3B%7D%7D; expires=Sat, 25 Nov 2023 22:11:56 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip

                                        
                                            GET /go.php?id=oxoour52j6qzuw2 HTTP/1.1 
Host: www.onlyhgames.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1

search
                                         94.242.50.158
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
                                        
x-powered-by: PHP/7.4.33
cache-control: public, max-age=0,public
expires: Fri, 25 Nov 2022 22:11:50 GMT
content-encoding: br
vary: Accept-Encoding,User-Agent
date: Fri, 25 Nov 2022 22:11:50 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /jp.php?c=3454u2z2y254u4p2w2c4x294a4&u=http%3A%2F%2Fwww.juicyads.rocks HTTP/1.1 
Host: js.juicyads.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         143.204.55.76
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
                                        
cache-control: max-age=900
date: Fri, 25 Nov 2022 22:02:48 GMT
expires: Fri, 25 Nov 2022 22:17:48 GMT
pragma: cache
server: nginx
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SoBKXXE5zW-Ljhm_zAuSZhcpNwKMhrM3at4ZnhHzvcr6M91ruqBe-Q==
age: 542
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /ads.js HTTP/1.1 
Host: ads.exosrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.76.9.16
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 25 Nov 2022 22:11:50 GMT
etag: W/"b60fdcc211f42a1f246a8c80b56"
expires: Thu, 24 Nov 2022 17:05:30 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669417565
server: CDN77-Turbo
x-77-nzt: AblMCQ3AShr/eR0AAA
x-77-nzt-ray: c0a4cc284ecedf44a63d8163609f7e1f
x-cache: HIT
x-age: 7545
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /nativeads.js HTTP/1.1 
Host: a.exosrv.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         185.76.9.26
HTTP/2 200 OK
content-type: application/javascript
                                        
date: Fri, 25 Nov 2022 22:11:50 GMT
etag: W/"e361d384cb66857327bef1db5ef"
expires: Thu, 24 Nov 2022 17:05:32 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669417576
server: CDN77-Turbo
x-77-nzt: AblMCRS4UpX/bh0AAA
x-77-nzt-ray: af58563031aab78ea63d81630ca25220
x-cache: HIT
x-age: 7534
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /jmespath.min.js HTTP/1.1 
Host: www.betteradsystem.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.onlyhgames.com
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site

search
                                         185.76.9.15
HTTP/2 200 OK
content-type: application/x-javascript
                                        
date: Fri, 25 Nov 2022 22:11:50 GMT
alt-svc: quic="185.76.9.13:443"; ma=2592000; v="44,43,39"
expires: Wed, 30 Nov 2022 15:23:21 GMT
access-control-allow-origin: *
link: <https://betteradsystem.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-accel-expires: @1669821801
server: CDN77-Turbo
x-77-nzt: AblMCQ2clBf/vQIDAA
x-77-nzt-ray: c0a4cc2868ca4946a63d8163a1512825
x-cache: HIT
x-age: 197309
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2


--- Additional Info ---
                                        
                                            GET /index.min.js?pk=0f6c6b0d2533be0a124411ed43310cc0 HTTP/1.1 
Host: highlevelcount.com
                                        
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site

search
                                         104.21.30.122
HTTP/2 404 Not Found
content-type: text/html
                                        
date: Fri, 25 Nov 2022 22:11:55 GMT
cache-control: max-age=14400
cf-cache-status: HIT
age: 89
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nYCg6HMSCn5m4u8QshPvdaq9DHdTYSxsMzUaFloiHG2Av1H2akqmOgveKV0GamFYUFZpzIpworCpU0%2F5H1ElcSds9DQGnFS5m1bXLLozWIbREOi6FCt%2Bc33TOe7%2FSbzXUI9dLBI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fdb90ea8ef0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2


--- Additional Info ---