www.onlyhgames.com/go.php?id=oxoour52j6qzuw2
94.242.50.158303 See Other 711 B URL HTTP/1.1 www.onlyhgames.com/go.php?id=oxoour52j6qzuw2
IP 94.242.50.158:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 98591fa6405701aef9e54a2755947c5d
58f3bc59cddb278cf46982e7d117948268ef5173
f25f95f73984e742829fee2561e3114af2c08401932e04df9b0c781d8c899df4
GET /go.php?id=oxoour52j6qzuw2 HTTP/1.1
Host: www.onlyhgames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 303 See Other
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-type: text/html
content-length: 711
date: Fri, 25 Nov 2022 22:11:50 GMT
server: LiteSpeed
location: https://www.onlyhgames.com/go.php?id=oxoour52j6qzuw2
vary: User-Agent
cache-control: public
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7c60904d097cde276e4e5632cef1b9f1
4f805026462589345d85e8df2d18eafba6237504
12af026999398f4976749e320667d43da3f99b7a2e8254aca7a410a964a106aa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "12AF026999398F4976749E320667D43DA3F99B7A2E8254ACA7A410A964A106AA"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8799
Expires: Sat, 26 Nov 2022 00:38:29 GMT
Date: Fri, 25 Nov 2022 22:11:50 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 10730f388c028d64e19b8a48d414768f
e43b104e57e5ea7ff8568835776858cf2ede6f00
f3c30c6d139288f1bfe13fce85c6ddc1514e1639fcf4d31a6012a3309ed1d50d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2198
Cache-Control: max-age=132962
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 22:11:50 GMT
Etag: "63809972-1d7"
Expires: Sun, 27 Nov 2022 11:07:52 GMT
Last-Modified: Fri, 25 Nov 2022 10:31:14 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 260e9998c20d831b66f1029c8f47aac9
716d630f647c54dc69a7f9c63a6cac294b3df7f7
c9951a909f354174f0075a01c01c3c3aa6960983040e328bfbbbea81aeb405c2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C9951A909F354174F0075A01C01C3C3AA6960983040E328BFBBBEA81AEB405C2"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3978
Expires: Fri, 25 Nov 2022 23:18:08 GMT
Date: Fri, 25 Nov 2022 22:11:50 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: wqTFknXTsFAZdsyDzQtk6+5JyWAyFKPct0wTyrM3UQ+eYxz0/ANLk/pwqsMh1HXJU9w7IuWdMbk=
x-amz-request-id: 06KMM74W1B5FDEQ0
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 25 Nov 2022 21:43:59 GMT
age: 1671
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 25 Nov 2022 21:19:09 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 3161
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 22:11:50 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ads.exoclick.com/ad_track.js
205.185.216.10200 OK 221 B URL HTTP/1.1 ads.exoclick.com/ad_track.js
IP 205.185.216.10:0
File type HTML document, ASCII text, with very long lines (368), with no line terminators
Hash 1aaf2775a48a6417574972dfbbe2797b
8562ab1dc5691c9026e9cdea6e0a84787a48be34
88479a62209f6f242c8f8b93461fa93aadbbaf07fab1152d806fba1b69f99aa1
GET /ad_track.js HTTP/1.1
Host: ads.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 22:11:50 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 221
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"3ac21caf363100082c3f8c53986"
X-HW: 1669414310.dop201.sk1.t,1669414310.cds232.sk1.shn,1669414310.dop201.sk1.t,1669414310.cds026.sk1.c
Access-Control-Allow-Origin: *, *
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash a0111a2443450172e5d2b48d350a8f57
75e89d4cd001303e66a93880f96d6c47e7d665ab
c9865c82b8f373aeb3a7333b0f65408211d832aba753c35d3544ecb2913f4f64
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 22:11:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ads.exoclick.com/ad99uip8i.php
205.185.216.10200 OK 50 B URL HTTP/1.1 ads.exoclick.com/ad99uip8i.php
IP 205.185.216.10:0
File type ASCII text, with no line terminators
Hash 06d4faa411b83f9b0a030cf2b68ec904
ec633929782d2f0224a127a303023506262226ca
d4d18940a5b8abeaf48fd08e6d97a5990ef5ea98070dbca9577585fada3ef826
GET /ad99uip8i.php HTTP/1.1
Host: ads.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 22:11:50 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 50
Content-Type: text/html; charset=UTF-8
Accept-Ranges: bytes
Server: nginx
Cache-Control: max-age=10800
X-HW: 1669414310.dop201.sk1.t,1669414310.cds232.sk1.shn,1669414310.dop201.sk1.t,1669414310.cds262.sk1.c
Access-Control-Allow-Origin: *, *
www.googletagmanager.com/gtag/js?id=UA-96564504-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-96564504-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 0c986cb30f7d6d362c947f218f038019
a6203d78d62c22c9aae3dc30c47212f244ea9efc
b6ab3aec80394e9aa53beaf5768846c3dc35171475f11c4fa32a01a907417e11
GET /gtag/js?id=UA-96564504-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 25 Nov 2022 22:11:50 GMT
expires: Fri, 25 Nov 2022 22:11:50 GMT
cache-control: private, max-age=900
last-modified: Fri, 25 Nov 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43605
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.35200 OK 472 B IP 142.250.74.35:0
Hash a0111a2443450172e5d2b48d350a8f57
75e89d4cd001303e66a93880f96d6c47e7d665ab
c9865c82b8f373aeb3a7333b0f65408211d832aba753c35d3544ecb2913f4f64
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 22:11:50 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 0a92b8f6c070c94f33e5ef034b529219
8651b4d4d93ae308142eb3a9f7bde8d9c0713430
bb5c972bac7af526cb38cff177cd2f1e5e22d7eeb68c3e99d0c0becdb37341c8
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 22:11:50 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 20:27:05 GMT
Expires: Fri, 02 Dec 2022 20:27:04 GMT
Etag: "8651b4d4d93ae308142eb3a9f7bde8d9c0713430"
Cache-Control: max-age=597913,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76fdb8f0efd21bfa-OSL
poweredby.jads.co/js/jads.js
185.94.236.246301 Moved Permanently 178 B URL HTTP/1.1 poweredby.jads.co/js/jads.js
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash cd2e0e43980a00fb6a2742d3afd803b8
81ffbd1712afe8cdf138b570c0fc9934742c33c1
bd9df047d51943acc4bc6cf55d88edb5b6785a53337ee2a0f74dd521aedde87d
GET /js/jads.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 25 Nov 2022 22:11:50 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: jads2.js
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Alert, Cache-Control, ETag, Pragma, Expires, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 25 Nov 2022 22:11:11 GMT
cache-control: public,max-age=3600
age: 39
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
syndication.exosrv.com/ads-iframe-display.php?idzone=2889662&type=160x600&p=https%3A//www.onlyhgames.com/go.php%3Fid%3Doxoour52j6qzuw2&dt=1669414310056&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
95.211.229.248200 OK 1.2 kB URL HTTP/1.1 syndication.exosrv.com/ads-iframe-display.php?idzone=2889662&type=160x600&p=https%3A//www.onlyhgames.com/go.php%3Fid%3Doxoour52j6qzuw2&dt=1669414310056&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1207)
Hash 6f878039c88e0f668b30001c2ad9fb9f
fc9c70dbe8f0df68f8a74a63fec11030ad941c06
43738f1991cc6a53fa3cc6e5b34cbf69f98edcf7fabac9c9eb0039f85b147aa4
GET /ads-iframe-display.php?idzone=2889662&type=160x600&p=https%3A//www.onlyhgames.com/go.php%3Fid%3Doxoour52j6qzuw2&dt=1669414310056&sub=&tags=&cookieconsent=true&screen_resolution=1280x1024&el=%22 HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 22:11:51 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263813da6cb8c53.762723252167268917%22%3B%7D; expires=Sun, 24 Nov 2024 22:11:50 GMT; path=; domain=.exosrv.com; Secure; SameSite=none
impressions=cmmsxrbonxgxaalsbbboageicmmsxaeenxgxaalsmleergeimacslbecnxgxaaabssxamgeislsaroornxgxaalsbbboageicxbmsbxcnxgxaalsbbboageioslmrxlrnxgxaalscasrogeiccmmlmlcnxgxaalsombbogeialbsereanxgxaablmmosmgeioslmrxbrnxgxaalslalexgeicxbmsbcenxgxaalsbmacmgeioslmrxlsnxgxaaloeexasgeicxbmsbocnxgxaalsoboaxgeicxbmsboenxgxaalceramlgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaablbccmbgeiccmmlleanxgxaalxrsemmgeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaabocrlxogeimacslbeenxgxaaboslelageioslmroemnxgxaalceramlgeioslmrxbmnxgxaalssbrcxgeicaxsscmbnxgxaalsombbogeicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaalsmleergeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaalsbbboageimcclsoeonxgxaamxaacblgeimacslbeonxgxaaloesaslgeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaalscasrogeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaammemsrlgeimcclsxlcnxgxaamrscxmxgeimaecseranxgxaabrlemaegeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaalosseolgeicaormbmbnxgxaalosseolgeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaalolablsgeimcclsxconxgxaalsbbboageimcclsxmenxgxaalsmleergeialbserxonxgxaabascxmogeimccloscenxgxaamabsxrmgeimcclsxxonxgxaalsbbboageimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaaloarmmlgeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaalsxarlegeimacslbeanxgxaablxaelxgeialbserecnxgxaalssbrcxgeiccmmllecnxgxaalolbrrmgeisaeeasslnxgxaabrbeccogeimcclossanxgxaabrlemaegeimcclsxronxgxaaloaroaageimaecseabnxgxaabrlemaegeimrblelrcnxgxaabrlemaegeimrblxemonxgxaabrlemaegeimcclsxcanxgxaablrbexmgeimaecsxoonxgxaabmalbxxgeircsxcxscnxgxaabbxeomsgeicaormbbenxgxaalexxbcxgeiabeocmconxgxaablxrcmmgeimcclsxxcnxgxaalesmxrsgeimrblxeeanxgxaablsaloageimaecsemanxgxaablsaloageimaecselonxgxaaloaroaageimcclsxacnxgxaalxmmoorgeimcclselenxgxaalsbbboageimaecsxronxgxaalxmmoorgeimaecsxsenxgxaalxmmoorgeimaecsercnxgxaalxmmoorgeimaecsembnxgxaalxmmoorgeimaecselenxgxaalxmmoorgeiaaxcabeenxgxaalsoboragxcceimmxsrbmensgxaalsobormgxcceimmxccmeonxgxaalsoboaxgxcceimxcbrxlonxgxaalsoboaxgxcceimeembecensgxaalsselelgxcceimmxsrbaonsgxaalsselelgxcceimrxccosbnsgxaalssocbxgxcceimeembescncgxaalssocbxgxcceimxlbalcenogxaalssolsmgxcceimxlbmxlonogxaalssolsmgxcceimexexabbnxgxaalsssecmgxcceiarmcbbbbnxgxaalsssxbbgxcceicmarxbbonsgxaalsssxbbgxcceimaaaeroanxgxaalsssxbbgxcceimcrxeocanxgxaalsssxlagxcceimxeocbabnxgxaalssslolgxcceimxeoxsbenrgxaalssbxeegxcceimxeoxsacnrgxaalssbrcxgxcceimxlbmxlenogxaalsslbacgxcceimaslbmcanxgxaalsceoorgxcceimrxmbacanxgxaalsceolbgxcceimrxbrloonxgxaalscecmcgxcceimrxbrloanxgxaalscecmcgxcceimrxbrlobnxgxaalscecmcgxcceiaaxcamlanxgxaalscoxrsgxcceimrxccosanogxaalscoxrsgxcceimaslbmccnxgxaalscorregxcceimmxerboonxgxaalscrxsegxcceimaslbmconxgxaalscrsmsgxcceimemlxmcbnxgxaalscramsgxcceialbbbllanxgxaalscmmmagxcceiaaxcamlenxgxaalscbexagxcceimocbmmmcnxgxaalsremobgxcceimocbmmmanxgxaalsremobgxcceimocbmmacnxgxaalsremobgxcceialbmlesenxgxaalsrebmmgxcceimmxsrbabncgxaalsrebmmgxcceimaooleronxgxaalsrxbsegxcceimaoolemonxgxaalsrxbsegxcceimmexemlanrgxaalsrxbsegxcceimraeelabnxgxaalsrxlmmgxcceicloaecocnxgxaalsrxlmmgxcceimmxerbocnxgxaalsrclmxgxcceimmxcxslenxgxaalsrclmxgxcceialbbebsancgxaalsrmlmsgxcceixaoossalnsgxaalsaearxgxcceimaoobbebnxgxaalsaorlrgxcceimrxccosonxgxaalsmeossgxcceixaoosscrnxgxaalsmeossgxcceimeembesonxgxaalsmeossgxcceicloaxxabnxgxaalsmoaxlgxcceimmooobranogxaalsmsxacgxcceimxlbmoconsgxaalsmrxergxcceimaoobrbansgxaalsmrxergxcceimaecobobnxgxaalsmleergeimaoobrbcnsgxaalsmleergxcceimmexebeenogxaalsmleergxcceimrmaobxanogxaalsmleergxcceiaaxcambbnxgxaalsmlolegxcceimrmbbrmbnsgxaalsbolalgxcceircmbbroanxgxaalsbsxomgxcceirreacmsbnxgxaalsbsxomgxcceimsacexoonxgxaalsbsxomgxcceimxeemleanxgxaalsbsxomgxcceimasbmxsbnxgxaalsbreomgxcceimemlxbocncgxaalsbrcllgxcceialbbebsbnxgxaalsbrcllgxcceialrexeoonxgxaalsbabbegxcceimcssmlrensgxaalsbmacmgxcceimaecomoanxgxaalsbbboageimrblxxoenxgxaalsbmacmgeislmbecesnxgxaalsbbboagxoaeimxlbmxbbnogxaalsbbboagxcceimaecobsbnxgxaalsbbboageimrblxosonxgxaalsbbboageialrexexbnxgxaalsbblsmgxcceimmooobrbnxgxaalslablsgxcceimxlbmoscnogxaalslalexgxcceicloaxxmonxgxaalslalexgxcceimxlbmosenogxaalslalexgxcceimxeemblensgxaalslmcbsgxcceimmexebeonxgxaalcerrrxgxcceimmexemlcnxgxaalcerrrxgxcceimxxerrxenxgxaalceramlgxcceimmossscencgxaalcerabogxcceimmosssconsgxaalcerabogxcceimxlbmosanogxaalceaelegxcceimeelaclonxgxaalcxsoorgaeimrmbbrrbnxgxaalcxssxbgxcceimrmbbraonxgxaalcxssxbgxcceimrmbbrcanxgxaalcxssxbgxcceimxxrecsanxgxaalcxsralgxcceiaaxcamlcnxgxaalcxsrmegxcceimcoaxmxcnxgxaalcxsrmegxcceialbmmbbenxgxaalcxsrmegxcceimcoaxmxonxgxaalcxsrmegxcceialbmmbmbnxgxaalcxcsxxgxcce; expires=Sat, 26 Nov 2022 22:11:51 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 25 Nov 2022 20:41:08 GMT
expires: Fri, 25 Nov 2022 22:41:08 GMT
cache-control: public, max-age=7200
age: 5443
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
6.adsco.re/
104.17.167.186200 OK 0 B IP 104.17.167.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.onlyhgames.com
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 22:11:51 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
access-control-allow-origin: https://www.onlyhgames.com
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fdb8f4bcffb506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash df06e70fc8a35facf1d8db463d18e231
fa8a2975566cc792898f870e48ae7518d3657326
4cef7e704f4d575ce6733f6f2d803d241b597be51ff3fb03f72e5c33a893b504
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4740
Cache-Control: max-age=130440
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 22:11:51 GMT
Etag: "638085ab-1d7"
Expires: Sun, 27 Nov 2022 10:25:51 GMT
Last-Modified: Fri, 25 Nov 2022 09:06:51 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
syndication.exosrv.com/splash.php?native-settings=1&idzone=3467257&p=https%3A%2F%2Fwww.onlyhgames.com%2Fgo.php%3Fid%3Doxoour52j6qzuw2
95.211.229.248200 OK 3.9 kB URL HTTP/1.1 syndication.exosrv.com/splash.php?native-settings=1&idzone=3467257&p=https%3A%2F%2Fwww.onlyhgames.com%2Fgo.php%3Fid%3Doxoour52j6qzuw2
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (7184), with no line terminators
Hash 03eed81aaabecbba83a9be7b4a153c1b
db4af50eaa0fff31cf1ebcd13cb61a90710d1a6d
7712edbb8e7c076ab32293cc51017a03a92cfcf49191b17187383336437bed4c
GET /splash.php?native-settings=1&idzone=3467257&p=https%3A%2F%2Fwww.onlyhgames.com%2Fgo.php%3Fid%3Doxoour52j6qzuw2 HTTP/1.1
Host: syndication.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.onlyhgames.com
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 22:11:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://www.onlyhgames.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263813da718c591.945370712905773744%22%3B%7D; expires=Sun, 24 Nov 2024 22:11:51 GMT; path=; domain=.exosrv.com; Secure; SameSite=none
impressions=cmmsxrbonxgxaalsbbboageicmmsxaeenxgxaalsmleergeimacslbecnxgxaaabssxamgeislsaroornxgxaalsbbboageicxbmsbxcnxgxaalcxcsxxgeioslmrxlrnxgxaalscasrogeiccmmlmlcnxgxaalsombbogeialbsereanxgxaablmmosmgeioslmrxbrnxgxaalslalexgeicxbmsbcenxgxaalsbmacmgeioslmrxlsnxgxaaloeexasgeicxbmsbocnxgxaalsoboaxgeicxbmsboenxgxaalceramlgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaablbccmbgeiccmmlleanxgxaalxrsemmgeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaabocrlxogeimacslbeenxgxaaboslelageioslmroemnxgxaalceramlgeioslmrxbmnxgxaalssbrcxgeicaxsscmbnxgxaalsombbogeicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaalsmleergeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaalsbbboageimcclsoeonxgxaamxaacblgeimacslbeonxgxaaloesaslgeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaalscasrogeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaammemsrlgeimcclsxlcnxgxaamrscxmxgeimaecseranxgxaabrlemaegeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaalosseolgeicaormbmbnxgxaalosseolgeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaalolablsgeimcclsxconxgxaalsbbboageimcclsxmenxgxaalsmleergeialbserxonxgxaabascxmogeimccloscenxgxaamabsxrmgeimcclsxxonxgxaalsbbboageimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaaloarmmlgeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaalsxarlegeimacslbeanxgxaablxaelxgeialbserecnxgxaalssbrcxgeiccmmllecnxgxaalolbrrmgeisaeeasslnxgxaabrbeccogeimcclossanxgxaabrlemaegeimcclsxronxgxaaloaroaageimaecseabnxgxaabrlemaegeimrblelrcnxgxaabrlemaegeimrblxemonxgxaabrlemaegeimcclsxcanxgxaablrbexmgeimaecsxoonxgxaabmalbxxgeircsxcxscnxgxaabbxeomsgeicaormbbenxgxaalexxbcxgeiabeocmconxgxaablxrcmmgeimcclsxxcnxgxaalesmxrsgeimrblxeeanxgxaablsaloageimaecsemanxgxaablsaloageimaecselonxgxaaloaroaageimcclsxacnxgxaalxmmoorgeimcclselenxgxaalsbbboageimaecsxronxgxaalxmmoorgeimaecsxsenxgxaalxmmoorgeimaecsercnxgxaalxmmoorgeimaecsembnxgxaalxmmoorgeimaecselenxgxaalxmmoorgeiaaxcabeenxgxaalsoboragxcceimmxsrbmensgxaalsobormgxcceimmxccmeonxgxaalsoboaxgxcceimxcbrxlonxgxaalsoboaxgxcceimeembecensgxaalsselelgxcceimmxsrbaonsgxaalsselelgxcceimrxccosbnsgxaalssocbxgxcceimeembescncgxaalssocbxgxcceimxlbalcenogxaalssolsmgxcceimxlbmxlonogxaalssolsmgxcceimexexabbnxgxaalsssecmgxcceiarmcbbbbnxgxaalsssxbbgxcceicmarxbbonsgxaalsssxbbgxcceimaaaeroanxgxaalsssxbbgxcceimcrxeocanxgxaalsssxlagxcceimxeocbabnxgxaalssslolgxcceimxeoxsbenrgxaalssbxeegxcceimxeoxsacnrgxaalssbrcxgxcceimxlbmxlenogxaalsslbacgxcceimaslbmcanxgxaalsceoorgxcceimrxmbacanxgxaalsceolbgxcceimrxbrloonxgxaalscecmcgxcceimrxbrloanxgxaalscecmcgxcceimrxbrlobnxgxaalscecmcgxcceiaaxcamlanxgxaalscoxrsgxcceimrxccosanogxaalscoxrsgxcceimaslbmccnxgxaalscorregxcceimmxerboonxgxaalscrxsegxcceimaslbmconxgxaalscrsmsgxcceimemlxmcbnxgxaalscramsgxcceialbbbllanxgxaalscmmmagxcceiaaxcamlenxgxaalscbexagxcceimocbmmmcnxgxaalsremobgxcceimocbmmmanxgxaalsremobgxcceimocbmmacnxgxaalsremobgxcceialbmlesenxgxaalsrebmmgxcceimmxsrbabncgxaalsrebmmgxcceimaooleronxgxaalsrxbsegxcceimaoolemonxgxaalsrxbsegxcceimmexemlanrgxaalsrxbsegxcceimraeelabnxgxaalsrxlmmgxcceicloaecocnxgxaalsrxlmmgxcceimmxerbocnxgxaalsrclmxgxcceimmxcxslenxgxaalsrclmxgxcceialbbebsancgxaalsrmlmsgxcceixaoossalnsgxaalsaearxgxcceimaoobbebnxgxaalsaorlrgxcceimrxccosonxgxaalsmeossgxcceixaoosscrnxgxaalsmeossgxcceimeembesonxgxaalsmeossgxcceicloaxxabnxgxaalsmoaxlgxcceimmooobranogxaalsmsxacgxcceimxlbmoconsgxaalsmrxergxcceimaoobrbansgxaalsmrxergxcceimaecobobnxgxaalsmleergeimaoobrbcnsgxaalsmleergxcceimmexebeenogxaalsmleergxcceimrmaobxanogxaalsmleergxcceiaaxcambbnxgxaalsmlolegxcceimrmbbrmbnsgxaalsbolalgxcceircmbbroanxgxaalsbsxomgxcceirreacmsbnxgxaalsbsxomgxcceimsacexoonxgxaalsbsxomgxcceimxeemleanxgxaalsbsxomgxcceimasbmxsbnxgxaalsbreomgxcceimemlxbocncgxaalsbrcllgxcceialbbebsbnxgxaalsbrcllgxcceialrexeoonxgxaalsbabbegxcceimcssmlrensgxaalsbmacmgxcceimaecomoanxgxaalsbbboageimrblxxoenxgxaalsbmacmgeislmbecesnxgxaalsbbboagxoaeimxlbmxbbnogxaalsbbboagxcceimaecobsbnxgxaalsbbboageimrblxosonxgxaalsbbboageialrexexbnxgxaalsbblsmgxcceimmooobrbnxgxaalslablsgxcceimxlbmoscnogxaalslalexgxcceicloaxxmonxgxaalslalexgxcceimxlbmosenogxaalslalexgxcceimxeemblensgxaalslmcbsgxcceimmexebeonxgxaalcerrrxgxcceimmexemlcnxgxaalcerrrxgxcceimxxerrxenxgxaalceramlgxcceimmossscencgxaalcerabogxcceimmosssconsgxaalcerabogxcceimxlbmosanogxaalceaelegxcceimeelaclonxgxaalcxsoorgaeimrmbbrrbnxgxaalcxssxbgxcceimrmbbraonxgxaalcxssxbgxcceimrmbbrcanxgxaalcxssxbgxcceimxxrecsanxgxaalcxsralgxcceiaaxcamlcnxgxaalcxsrmegxcceimcoaxmxcnxgxaalcxsrmegxcceialbmmbbenxgxaalcxsrmegxcceimcoaxmxonxgxaalcxsrmegxcceialbmmbmbnxgxaalcxcsxxgxcceimxlbmoobnxgxaalcxcsxxgxcceialbbebrenxgxaalcxcsxxgxcceimcssmlrcnxgxaalcxcsxxgxcce; expires=Sat, 26 Nov 2022 22:11:51 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C3467257%7C71987228%7C100644%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C72f33e74bbfcbaa60c3f6362a0c9d603%7C0%7Conlyhgames.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 26 Nov 2022 22:11:51 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C3467257%7C69880850%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C72f33e74bbfcbaa60c3f6362a0c9d603%7C0%7Conlyhgames.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 26 Nov 2022 22:11:51 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C3467257%7C41873814%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C72f33e74bbfcbaa60c3f6362a0c9d603%7C0%7Conlyhgames.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 26 Nov 2022 22:11:51 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C3467257%7C74337954%7C0%7C%7C110%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C72f33e74bbfcbaa60c3f6362a0c9d603%7C0%7Conlyhgames.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Sat, 26 Nov 2022 22:11:51 GMT; path=/; domain=.exosrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
4.adsco.re/
162.252.214.5200 OK 62 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash adde5febc7b5b6c2c759ec735cce83a0
77ec17be8a9970ff04663294d41c590d0d24fde4
ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.onlyhgames.com
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 22:11:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://www.onlyhgames.com
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash de213c2c26cf607adef68991823380b6
1ece612b83b1337da66a147fd213319d0da24ac2
5cbea6c7563210c36ee5d4e603971f207bc3e992644299d5e63b2fb14e942c30
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5CBEA6C7563210C36EE5D4E603971F207BC3E992644299D5E63B2FB14E942C30"
Last-Modified: Thu, 24 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11990
Expires: Sat, 26 Nov 2022 01:31:41 GMT
Date: Fri, 25 Nov 2022 22:11:51 GMT
Connection: keep-alive
poweredby.jads.co/js/jads2.js
185.94.236.246200 OK 1.7 kB URL HTTP/1.1 poweredby.jads.co/js/jads2.js
IP 185.94.236.246:0
File type ASCII text, with very long lines (3758), with no line terminators
Hash 558e1b61fc513016183a3812938e79fb
5f72ea61a2aad8f7a0956321d3fd8524db70eddf
a79f8c0aabfc2d1d45e4df2a86ca9172d292b08987f7a9d5c10bd10abf3aef54
GET /js/jads2.js HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.onlyhgames.com/
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 22:11:51 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 11 Jul 2022 00:36:11 GMT
Transfer-Encoding: chunked
Connection: close
ETag: W/"62cb707b-eae"
Content-Encoding: gzip
push.services.mozilla.com/
35.162.125.72101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.162.125.72:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: LkFsPJTtdYBRnmqOhc4gRQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: OWPjkYC8eRLSxfXCg//D/xj219w=
lruxfmkonbyi.n4.adsco.re/
38.132.109.186200 OK 0 B URL HTTP/1.1 lruxfmkonbyi.n4.adsco.re/
IP 38.132.109.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: lruxfmkonbyi.n4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.onlyhgames.com
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 22:11:51 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
Connection: close
ETag: "5b5f2f9a-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
s3t3d2y8.afcdn.net/widget-branding-logo.png
185.76.9.16200 OK 1.5 kB URL HTTP/2 s3t3d2y8.afcdn.net/widget-branding-logo.png
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
File type PNG image data, 94 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash 7a95be207bf27c9a91720b8ac81976ca
6412e94ce13924fede8b1bec73cb8e049b76688c
5325d5beb64d82d48d3f7d78b606ee93b8e975a55868bba038905329ed1044b9
GET /widget-branding-logo.png HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 22:11:51 GMT
content-type: image/png
content-length: 1547
last-modified: Mon, 15 Apr 2019 09:03:59 GMT
etag: "5cb448ff-60b"
expires: Fri, 30 Jun 2023 16:01:02 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195204
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ1Sa+b/o6DCAA
x-77-nzt-ray: c0a4cc28e6d34850a73d8163f7c53028
x-cache: HIT
x-age: 12755107
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/676799/c8dcd8132d19fbaf195eccaab075f2180db8dd70.webp
185.76.9.16200 OK 10 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/676799/c8dcd8132d19fbaf195eccaab075f2180db8dd70.webp
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 21a6ba0d15d51f90b0bb08adaf869ea0
c8dcd8132d19fbaf195eccaab075f2180db8dd70
31487f3242ccf67da001889b69026904d3f5c116d64f5ae642b633fbb941cf45
GET /library/676799/c8dcd8132d19fbaf195eccaab075f2180db8dd70.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 22:11:51 GMT
content-type: image/webp
content-length: 9956
last-modified: Thu, 04 Nov 2021 10:09:14 GMT
etag: "6183b14a-26e4"
expires: Fri, 30 Jun 2023 15:10:16 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195325
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ3UMKf/KqDCAA
x-77-nzt-ray: c0a4cc28e6d34850a73d8163ef12a528
x-cache: HIT
x-age: 12754986
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/41682/78a03b0c6ac66e6d15c4a77f8c89efc293afe0d3.webp
185.76.9.16200 OK 7.0 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/41682/78a03b0c6ac66e6d15c4a77f8c89efc293afe0d3.webp
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 1a91d573cf9079f9b92cd2f404b215cd
78a03b0c6ac66e6d15c4a77f8c89efc293afe0d3
f4d7dcae74909da8ae39f3b4542a16fa0f07b5a5bf8f4202e50ca80737e1beea
GET /library/41682/78a03b0c6ac66e6d15c4a77f8c89efc293afe0d3.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 22:11:51 GMT
content-type: image/webp
content-length: 7042
last-modified: Sun, 28 Nov 2021 14:52:02 GMT
etag: "61a39792-1b82"
expires: Fri, 30 Jun 2023 13:04:14 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688196811
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ3C15D/XJrCAA
x-77-nzt-ray: c0a4cc28e6d34850a73d81632c14d828
x-cache: HIT
x-age: 12753500
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/623611/26c94b1b9322fb1f2558083727af47e58151007e.webp
185.76.9.16200 OK 6.8 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/623611/26c94b1b9322fb1f2558083727af47e58151007e.webp
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ac7f0a83b67d9661811c62d68cdd2074
26c94b1b9322fb1f2558083727af47e58151007e
24c3c958813cf663205712c9a41003d3c5f304d3a90301d63847ab46047fc66f
GET /library/623611/26c94b1b9322fb1f2558083727af47e58151007e.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 22:11:51 GMT
content-type: image/webp
content-length: 6782
last-modified: Wed, 03 Nov 2021 19:29:43 GMT
etag: "6182e327-1a7e"
expires: Fri, 30 Jun 2023 11:12:51 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195209
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ3NvJn/nqDCAA
x-77-nzt-ray: c0a4cc28e6d34850a73d8163b7eceb28
x-cache: HIT
x-age: 12755102
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg
185.76.9.16200 OK 25 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg
IP 185.76.9.16:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash dbe31828ea0277ab9845bf67aa749927
cc7211683ae26562c2df637755f311868f37c8ea
6499cca4ce115e6dcb44a71342a5c705f938fbffbe5c410b55e60051a417b917
GET /library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 22:11:51 GMT
content-type: image/jpeg
content-length: 25056
last-modified: Thu, 30 Mar 2017 09:55:25 GMT
etag: "58dcd60d-61e0"
expires: Fri, 30 Jun 2023 14:29:46 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195223
server: CDN77-Turbo
x-robots-tag: noindex, follow
x-77-nzt: AblMCQ3EvjP/kKDCAA
x-77-nzt-ray: c0a4cc28e6d34850a73d8163181a0b29
x-cache: HIT
x-age: 12755088
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
adsco.re/p
162.252.214.5200 OK 170 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash f7f6c6a81d41397b2a37893e3e1cf33f
62788c942aaa05c75525169e6f50acdd52c779bb
1be405bb07c248b5925af71e1c0767f037d056229c6f16cc90c05b020c67287e
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 1804
Origin: https://www.onlyhgames.com
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 22:11:51 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Access-Control-Allow-Origin: https://www.onlyhgames.com
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0a57a980ad62c1a1b7a78c437360f4c0
fad403ea4d9e1a880320dd93b50319ebb203cee1
28e3ca79d5926a23df04584dea6c930eb385a9af0c6fe54001d3fb8d34742513
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "28E3CA79D5926A23DF04584DEA6C930EB385A9AF0C6FE54001D3FB8D34742513"
Last-Modified: Thu, 24 Nov 2022 10:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7948
Expires: Sat, 26 Nov 2022 00:24:19 GMT
Date: Fri, 25 Nov 2022 22:11:51 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 804f33d89ecca0bcbfa6d2c32eba5c81
8130c083c102b18a7d08004b50da90fd80f479d9
c95c58f9ab2ba771577ccb475fb79d5181e9446c239e045bded066f458f2142d
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 22:11:52 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Thu, 24 Nov 2022 09:39:42 GMT
Expires: Thu, 01 Dec 2022 09:39:41 GMT
Etag: "8130c083c102b18a7d08004b50da90fd80f479d9"
Cache-Control: max-age=472668,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 76fdb8fa78121bfa-OSL
betteradsystem.com/gbWHsV.asp?_=BAYAY4E9pwFjgT2ngAGBAsAAII0y4JldSpL9B1vXu6a0r2DCH9xZByiIei0PwHRqfh66wQBHMEUCIHtk9tbg8aSWM7JzRU12HXzkY0tpshUCRhkEFsp3zTyVAiEAwSX4bGDgArToMi__SDYVa5diYVMS8cLVWMh22IU0UY0&v=4&cszemJXg=770823&minBid=&WiKUuykj=0,0&HKIZolTh=&WOflvrdP=&s=1280,1024,1,1280,1024,0
162.252.213.208200 OK 44 B URL HTTP/2 betteradsystem.com/gbWHsV.asp?_=BAYAY4E9pwFjgT2ngAGBAsAAII0y4JldSpL9B1vXu6a0r2DCH9xZByiIei0PwHRqfh66wQBHMEUCIHtk9tbg8aSWM7JzRU12HXzkY0tpshUCRhkEFsp3zTyVAiEAwSX4bGDgArToMi__SDYVa5diYVMS8cLVWMh22IU0UY0&v=4&cszemJXg=770823&minBid=&WiKUuykj=0,0&HKIZolTh=&WOflvrdP=&s=1280,1024,1,1280,1024,0
IP 162.252.213.208:0
File type ASCII text, with no line terminators
Hash d5f0a25e4d3522d56d48ce7bc3e518fb
86794caff58f7fee6e684c2ba7195f970a8d6f4c
9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
GET /gbWHsV.asp?_=BAYAY4E9pwFjgT2ngAGBAsAAII0y4JldSpL9B1vXu6a0r2DCH9xZByiIei0PwHRqfh66wQBHMEUCIHtk9tbg8aSWM7JzRU12HXzkY0tpshUCRhkEFsp3zTyVAiEAwSX4bGDgArToMi__SDYVa5diYVMS8cLVWMh22IU0UY0&v=4&cszemJXg=770823&minBid=&WiKUuykj=0,0&HKIZolTh=&WOflvrdP=&s=1280,1024,1,1280,1024,0 HTTP/1.1
Host: betteradsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
asf: 9
popads-ec: ASB
content-type: text/javascript;charset=UTF-8
content-length: 44
date: Fri, 25 Nov 2022 22:11:52 GMT
X-Firefox-Spdy: h2
lruxfmkonbyi.s4.adsco.re/
185.200.116.90200 OK 0 B URL HTTP/1.1 lruxfmkonbyi.s4.adsco.re/
IP 185.200.116.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: lruxfmkonbyi.s4.adsco.re
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://www.onlyhgames.com
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 22:11:52 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16055
Expires: Sat, 26 Nov 2022 02:39:28 GMT
Date: Fri, 25 Nov 2022 22:11:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16055
Expires: Sat, 26 Nov 2022 02:39:28 GMT
Date: Fri, 25 Nov 2022 22:11:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16055
Expires: Sat, 26 Nov 2022 02:39:28 GMT
Date: Fri, 25 Nov 2022 22:11:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16055
Expires: Sat, 26 Nov 2022 02:39:28 GMT
Date: Fri, 25 Nov 2022 22:11:53 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6827d82f488045e02e40d6a2fdbae4b3
4944139a4b08769511ffc6aa913857d88a0db7bc
0e4ef6ddef97ec03d43df4c0bada61d792b9f030e4d9fab5bd3cf904aeaa3bc9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0E4EF6DDEF97EC03D43DF4C0BADA61D792B9F030E4D9FAB5BD3CF904AEAA3BC9"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16055
Expires: Sat, 26 Nov 2022 02:39:28 GMT
Date: Fri, 25 Nov 2022 22:11:53 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 92c78302bcce1568eb6a5563100b932c
43d1dec7fc06879988c9c3cadd800cc8145df988
0dda9914306c8e3a7ea75eade8e762652d93907dd6c5a8cc81707d6d8098b60a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fca5cb469-21a0-420a-875c-a81635b33f53.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7993
x-amzn-requestid: 9f0ff853-4819-47cd-959d-658401ea5748
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvCsG5mIAMFqAQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9211-1c48b9223684f2942f8dd42d;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:35:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 7YSXUV-LZpsI7vciFhuqt1EVr6YRkhxcOgMg8z8bxLcOE01_baf6Gg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:47:56 GMT
age: 1437
etag: "43d1dec7fc06879988c9c3cadd800cc8145df988"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 64d79191f005c9876b952c5f948aa0f7
1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a
00fb36c3d322e8302c5ce202d6d4119d637510cd6f3b63e1347781ec3bb9d7fc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F81517ad5-7c1b-49aa-9ba9-dbfa36fbb071.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13882
x-amzn-requestid: 9022b0b3-31d5-4149-a969-02514f11b95a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cEvzNHjMoAMFWMg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637e9347-0e8354a02bef623644714e31;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 21:40:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: DYBcunpyI0FBJsJGh1kKpFI3X8kzCkO3mCxzUtWnaMKBT-Bv-zkq3Q==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:59:20 GMT
age: 753
etag: "1102dbdcbcabf5c25d17840f8f00d5b55b9b8f0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
34.120.237.76200 OK 4.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 841a4b110022a99ddea6f7bf66df0fa1
126771b86638108050cf57c0d12faa27f80f0edb
240fbffc1f9104433297d3ff7afba2d0b58d7f1b13d9a9260a1bad25216665db
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1dd98515-d0af-440a-8f3d-4c9986928081.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4309
x-amzn-requestid: 47c2739d-73c5-4d91-914c-fe635cb09772
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: b1U8xGxgIAMF-qQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63786851-6fbe19dc5c4c20dd657604e3;Sampled=0
x-amzn-remapped-date: Sat, 19 Nov 2022 05:23:29 GMT
x-amz-cf-pop: SEA19-C3
x-cache: Hit from cloudfront
x-amz-cf-id: j_8oVo464QMWMnmkxQJIDRhaIVmwhzCTHe4A57OdmaUr9HcyTtBUjg==
via: 1.1 470e3fe246a660ba6ace67a79f78d246.cloudfront.net (CloudFront), 1.1 2750b94b402c92287d764b5fa115a042.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 05:04:28 GMT
age: 61645
etag: "126771b86638108050cf57c0d12faa27f80f0edb"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
34.120.237.76200 OK 4.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4006a9037ab5f28dca62b0aa7a704c41
74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b
556ae6516a1f272a96569a3637858292731a34e82672b682f6e7442ca68f4b1d
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F44e0daff-bc52-4621-aa2f-d9c59da29c1c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3955
x-amzn-requestid: 42c8d309-a8d2-47cc-8d97-c7fa3a63f8cd
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cCM9NGJHoAMF4sQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637d8eba-2a06cda9346bd02c46955444;Sampled=0
x-amzn-remapped-date: Wed, 23 Nov 2022 03:08:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 5MlzpHpq7auKLSAYikINuPAylXI11VJL3xxIJ9Dyub-7rjQaPfg0WQ==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 04:23:00 GMT
age: 64133
etag: "74cb2ccd6ae38b171bfbe5a74f0eccb09aa3836b"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8784bb7a8b88736a6016f712e3183bf3
b0ddc1555d2506177adcdcea77864d75f1245d07
8e331713b0ad0b5670dd33dfdadde665e076a40ddb80905d4df89876d49803d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F80e95b58-6cf9-4974-a4ce-f8515ca995ee.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11743
x-amzn-requestid: 9ab0aba7-5cd1-4f6c-8984-dc221e1cbf8e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cICD-F7joAMFqmA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe3b2-152ba5f1495a44447356cdab;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:46 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: drCPrU5rprybHXLSQXEDaLkXde7oANRnFLmSiduDCZsg3Df-rAnBSg==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:54:45 GMT
age: 1028
etag: "b0ddc1555d2506177adcdcea77864d75f1245d07"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8b6ee13d43732f7c764a49500d092865
5d15fd672e968d59b541e4d5d0d01cd5e69f4075
fc3623d527147e1c6aab399251ed8d527e6eefdee6ad7183f00df2613498bfe4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00e89fb5-5cb3-4f68-936b-5ee31d6061bc.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8006
x-amzn-requestid: 78aab013-df11-464b-a1c7-ee41b7e77b40
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cIB-AHSrIAMFvKw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-637fe38c-4d795f410a57fc2c21d7075d;Sampled=0
x-amzn-remapped-date: Thu, 24 Nov 2022 21:35:08 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: jhLdTvsf0fQqbEAf_2O3Vqn-RfZwyFYDpjm6_kSp9eg8w3z2AbEu6g==
via: 1.1 da5952aa802df39905ceb16592e9698a.cloudfront.net (CloudFront), 1.1 2bedbeaa49b4a77447d30097858cb81a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 25 Nov 2022 21:54:45 GMT
age: 1028
etag: "5d15fd672e968d59b541e4d5d0d01cd5e69f4075"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
poweredby.jads.co/adshow.php?adzone=648146
185.94.236.246200 OK 1.6 kB URL HTTP/1.1 poweredby.jads.co/adshow.php?adzone=648146
IP 185.94.236.246:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with CRLF, LF line terminators
Hash 4bb124ec965168c35d4c0c48ca1e88e5
33f28e9ab2b9a6fb1d7079478450532c0420e27e
2ef7ecfa339aa25bd444af950bc49d20ad7a42a8cc84efa5eecf2acd5f3ab8b3
GET /adshow.php?adzone=648146 HTTP/1.1
Host: poweredby.jads.co
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 22:11:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
X-Powered-By: PHP/5.6.40
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR OUR IND STA"
Set-Cookie: surferid=e302b3513ac2a8e24d4f9429e2e0dd0a; expires=Sat, 25-Nov-2023 22:11:51 GMT; Max-Age=31536000; path=/; SameSite=None; Secure; domain=.jads.co
juicy_data_1=YTowOnt9; expires=Mon, 28-Nov-2022 22:11:51 GMT; Max-Age=259197; path=/; SameSite=None; Secure; domain=jads.co
juicy_data=YToxOntzOjEyOiJqdWljeV9kYXRhXzEiO3M6MToiMSI7fQ%3D%3D; expires=Mon, 28-Nov-2022 22:11:51 GMT; Max-Age=259197; path=/; SameSite=None; Secure; domain=jads.co
Content-Encoding: gzip
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 865c6dc8fea00823b1d75d684efdb138
75c90c5e661386419396b02e004f09edf3539c12
b3a22b516fe49be46d47ad1a7a136f1d00fde8c500416a4978f840710c8c71a9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 337
Cache-Control: max-age=148385
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 22:11:55 GMT
Etag: "6380dcfb-117"
Expires: Sun, 27 Nov 2022 15:25:00 GMT
Last-Modified: Fri, 25 Nov 2022 15:19:23 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 865c6dc8fea00823b1d75d684efdb138
75c90c5e661386419396b02e004f09edf3539c12
b3a22b516fe49be46d47ad1a7a136f1d00fde8c500416a4978f840710c8c71a9
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 337
Cache-Control: max-age=148385
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 22:11:55 GMT
Etag: "6380dcfb-117"
Expires: Sun, 27 Nov 2022 15:25:00 GMT
Last-Modified: Fri, 25 Nov 2022 15:19:23 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 364aa208813b2db912a4ceccc49f2d45
83f4373f6e6a6ebc752d017575310700ef06767c
fb839e58f8dd3644edcc6c43b2087246257d95a4c4bf42b790099eb1f06187ec
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6287
Cache-Control: max-age=100303
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 22:11:55 GMT
Etag: "638009eb-118"
Expires: Sun, 27 Nov 2022 02:03:38 GMT
Last-Modified: Fri, 25 Nov 2022 00:18:51 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 280
a.realsrv.com/popunder1000.js
185.76.9.25200 OK 59 kB URL HTTP/2 a.realsrv.com/popunder1000.js
IP 185.76.9.25:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (65536), with no line terminators
Hash dfa071d5122fd10728face475e3e61b8
fd10bd25a7c7b66b0cddbcf877ead9eaa419464c
62b512503f2b57fd96a3e82c9b67fe70a611a278aa1b983e4e68b7f37f602c05
GET /popunder1000.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 25 Nov 2022 22:11:50 GMT
content-type: application/javascript
etag: W/"1063790cabf57ffff66ecc0cab2"
expires: Thu, 24 Nov 2022 17:05:30 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669417569
server: CDN77-Turbo
x-77-nzt: AblMCRRjtyz/dR0AAA
x-77-nzt-ray: af585630369e798ea63d816323cb012e
x-cache: HIT
x-age: 7541
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0a5c1b54daca67c400e76b7224ae5521
2583cebe55e8d1bfe6c921d595d8d36cf480ff2f
941e5441730c4558040e0decdec018ff15dad6abc6be4858c6417f2e941dbcbd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "941E5441730C4558040E0DECDEC018FF15DAD6ABC6BE4858C6417F2E941DBCBD"
Last-Modified: Thu, 24 Nov 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11682
Expires: Sat, 26 Nov 2022 01:26:37 GMT
Date: Fri, 25 Nov 2022 22:11:55 GMT
Connection: keep-alive
goplayhere.com/iframe/62334d9893a2a?iframe&ag_custom_domain=onlyhgames.com
172.67.187.242200 OK 1.0 kB URL HTTP/2 goplayhere.com/iframe/62334d9893a2a?iframe&ag_custom_domain=onlyhgames.com
IP 172.67.187.242:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2414)
Hash 805aeb0d68b9454e995c5f45358c80ec
a3f452fdf2c9ee99cada546cba8e779abacf45b3
1e7e9f6c9af597d2bf38c1ceab11133b4ec78140a822b5f40695a42e6cd0e6f6
GET /iframe/62334d9893a2a?iframe&ag_custom_domain=onlyhgames.com HTTP/1.1
Host: goplayhere.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://poweredby.jads.co/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 22:11:55 GMT
content-type: text/html
set-cookie: c_aed3abb6d12cbb09d94fdac2bed4bd03=1; Expires=Sat, 26-Nov-22 22:11:55 GMT; Domain=goplayhere.com; Path=/; Secure; SameSite=None
z_b5fb765df2374c173c96a35204fbe7ca=1; Expires=Sat, 26-Nov-22 22:11:55 GMT; Domain=goplayhere.com; Path=/; Secure; SameSite=None
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BWkppbEh0WR3KChnkJqtFFeBKww322vHW4F8VktysH1MnqroZgN6ptVc5cEEM4xLpMGTJWgthHFYYX9QNI9hjm0r0Gbhe1%2FT2upE2F0%2B96E%2FgZ7syypfRGpaF2m8tvrJ3A%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 76fdb90d1cdf1c0e-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
main.realsrv.com/tag.php?goal=ecd938f748969c750709ba2e8deeba23
95.211.229.248200 OK 20 B URL HTTP/1.1 main.realsrv.com/tag.php?goal=ecd938f748969c750709ba2e8deeba23
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=ecd938f748969c750709ba2e8deeba23 HTTP/1.1
Host: main.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 22:11:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A83751%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-11-25%22%3B%7D%7D; expires=Sat, 25 Nov 2023 22:11:55 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 066d7945ed01317236fc4d31c364d8bc
367de78773745d7c5470902bb81cfc39d375d11c
0ad184e87a0f2307e8e9abf837353795e3014165db70113d480e5a1a14f3daf7
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "0AD184E87A0F2307E8E9ABF837353795E3014165DB70113D480E5A1A14F3DAF7"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2888
Expires: Fri, 25 Nov 2022 23:00:03 GMT
Date: Fri, 25 Nov 2022 22:11:55 GMT
Connection: keep-alive
runative-syndicate.com/api/v1/retargeting/set/a56bbc85-b77d-4219-bfc4-e832384180bb
148.251.19.25200 OK 35 B URL HTTP/2 runative-syndicate.com/api/v1/retargeting/set/a56bbc85-b77d-4219-bfc4-e832384180bb
IP 148.251.19.25:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/retargeting/set/a56bbc85-b77d-4219-bfc4-e832384180bb HTTP/1.1
Host: runative-syndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 22:11:55 GMT
content-type: text/plain; charset=utf-8
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: 2254dfb6a308e0e6
set-cookie: ts_rt_a56bbc85-b77d-4219-bfc4-e832384180bb=AAMC; expires=Sat, 25 Nov 2023 22:11:55 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.runative-syndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2
main.exdynsrv.com/tag.php?goal=47dd92b1071a4ea3bd1564629f4b030c
95.211.229.246200 OK 20 B URL HTTP/1.1 main.exdynsrv.com/tag.php?goal=47dd92b1071a4ea3bd1564629f4b030c
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=47dd92b1071a4ea3bd1564629f4b030c HTTP/1.1
Host: main.exdynsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 22:11:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A22614%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-11-25%22%3B%7D%7D; expires=Sat, 25 Nov 2023 22:11:55 GMT; path=/; domain=.exdynsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
main.exdynsrv.com/tag.php?goal=ecd938f748969c750709ba2e8deeba23
95.211.229.246200 OK 20 B URL HTTP/1.1 main.exdynsrv.com/tag.php?goal=ecd938f748969c750709ba2e8deeba23
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=ecd938f748969c750709ba2e8deeba23 HTTP/1.1
Host: main.exdynsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 22:11:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A83751%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-11-25%22%3B%7D%7D; expires=Sat, 25 Nov 2023 22:11:55 GMT; path=/; domain=.exdynsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
my.rtmark.net/img.gif?f=sync&lr=1&partner=231cd49a7855e5ab09961d63fb71270a509dc35327a759c7694c3f89594943d0
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=sync&lr=1&partner=231cd49a7855e5ab09961d63fb71270a509dc35327a759c7694c3f89594943d0
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
GET /img.gif?f=sync&lr=1&partner=231cd49a7855e5ab09961d63fb71270a509dc35327a759c7694c3f89594943d0 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 22:11:55 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=be0ca6603a3e4cb5afc2d79dd0c3dd51; expires=Sat, 25 Nov 2023 22:11:55 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
tsyndicate.com/api/v1/retargeting/set/0a1ebf4e-f1a4-4146-916d-6962c02eca57
94.130.164.161200 OK 35 B URL HTTP/2 tsyndicate.com/api/v1/retargeting/set/0a1ebf4e-f1a4-4146-916d-6962c02eca57
IP 94.130.164.161:0
ASN #24940 Hetzner Online GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash c2196de8ba412c60c22ab491af7b1409
5fbd472222feb8a22cf5b8aa5dc5b8e13af88e2b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
GET /api/v1/retargeting/set/0a1ebf4e-f1a4-4146-916d-6962c02eca57 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 25 Nov 2022 22:11:55 GMT
content-type: text/plain; charset=utf-8
content-length: 35
pragma: no-cache
expires: 0
vary: *
x-api-version: 1
x-request-id: f7d0f2057028dc3d
set-cookie: ts_rt_0a1ebf4e-f1a4-4146-916d-6962c02eca57=AAMC; expires=Sat, 25 Nov 2023 22:11:55 GMT; path=/; HttpOnly; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7720b28ea761e7e6f41cd110fdedb6fb
a0fd29b22d0cebece3bf989f01ff58df8aa4d3b1
21f1573dd46f32944f3ce68a6ddef1c9ea850b891c34bec64aeefedab5cf13bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "21F1573DD46F32944F3CE68A6DDEF1C9EA850B891C34BEC64AEEFEDAB5CF13BC"
Last-Modified: Thu, 24 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6475
Expires: Fri, 25 Nov 2022 23:59:50 GMT
Date: Fri, 25 Nov 2022 22:11:55 GMT
Connection: keep-alive
iadoremakingpics.com/bnr/4/be3/7117de/be37117de58a98e01af5ac3a8285a80a.png
172.67.164.27200 OK 158 kB URL HTTP/2 iadoremakingpics.com/bnr/4/be3/7117de/be37117de58a98e01af5ac3a8285a80a.png
IP 172.67.164.27:0
File type PNG image data, 160 x 600, 8-bit/color RGBA, non-interlaced\012- data
Size 158 kB (157545 bytes)
Hash 56575f5cd825c6e31fc1b49b67d66f9a
36d1cbb2218caf411f72803f757f8fd01ee915ad
3a0a4d6586c6a99c47f0f18c38464445d3df3e38da194fcaa68cc563e05ab540
GET /bnr/4/be3/7117de/be37117de58a98e01af5ac3a8285a80a.png HTTP/1.1
Host: iadoremakingpics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 22:11:55 GMT
content-type: image/png
content-length: 157545
last-modified: Fri, 25 Jun 2021 15:56:02 GMT
etag: "60d5fc92-26769"
expires: Sat, 26 Nov 2022 22:11:55 GMT
cache-control: max-age=1382400
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CJmAKEv3Ea%2FvvUfuj01wzF%2FNQm57vlrOHCgXHC9XyX1Wmih8%2BJZKHrSuI9nIzs37aO%2B2k5HjKAlsQuDwG33NWvjoJZgpHOLp0Xdr8vFVMKDN8OHNJaxluDNkxfNpCidNenZoIaY5wA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fdb90e7ab81c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 364aa208813b2db912a4ceccc49f2d45
83f4373f6e6a6ebc752d017575310700ef06767c
fb839e58f8dd3644edcc6c43b2087246257d95a4c4bf42b790099eb1f06187ec
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2837
Cache-Control: max-age=96853
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 22:11:55 GMT
Etag: "638009eb-118"
Expires: Sun, 27 Nov 2022 01:06:08 GMT
Last-Modified: Fri, 25 Nov 2022 00:18:51 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 280
qqjar.ru/retarget/add?retargeting_code=1&add=1&retargeting_id=3959
185.38.110.121301 Moved Permanently 56 B URL HTTP/2 qqjar.ru/retarget/add?retargeting_code=1&add=1&retargeting_id=3959
IP 185.38.110.121:0
File type HTML document, ASCII text
Hash e7f3bc1c05df4fc5a40e4074387e53c1
54e08140c634483ac1f01d5e8be33d27681d8a42
883816d4551ae5769a1285e153c31ee553afb87391dd7c343253a9f066f75d34
GET /retarget/add?retargeting_code=1&add=1&retargeting_id=3959 HTTP/1.1
Host: qqjar.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
content-type: text/html; charset=utf-8
location: http://ww62.qqjar.ru/
content-length: 56
date: Fri, 25 Nov 2022 22:11:55 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 966255e8eae5f73b5fe45aab88646f99
57eadbf09ae6a8170cdfe3b0691b908f49e2c08d
a99ecadf4c294cebf0c392ea036f508443cb471c44773cc5ea0212ab86074cbe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3254
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 22:11:55 GMT
Last-Modified: Fri, 25 Nov 2022 21:17:41 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d7eac1f1775e2693c45d3eedb84fae1
ce31a095730c25dd32d45511ec94bafa7d00c67c
214b76c5891af9aa8b95612eb947ae7575384570532b825022755f220fb27f62
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "214B76C5891AF9AA8B95612EB947AE7575384570532B825022755F220FB27F62"
Last-Modified: Thu, 24 Nov 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3845
Expires: Fri, 25 Nov 2022 23:16:00 GMT
Date: Fri, 25 Nov 2022 22:11:55 GMT
Connection: keep-alive
www.facebook.com/tr?id=794325588036871&ev=PageView&noscript=1
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr?id=794325588036871&ev=PageView&noscript=1
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr?id=794325588036871&ev=PageView&noscript=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 25 Nov 2022 22:11:55 GMT
X-Firefox-Spdy: h2
www.facebook.com/tr?id=1414481212224503&ev=PageView&noscript=1
157.240.200.35200 OK 0 B URL HTTP/2 www.facebook.com/tr?id=1414481212224503&ev=PageView&noscript=1
IP 157.240.200.35:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /tr?id=1414481212224503&ev=PageView&noscript=1 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/plain
access-control-allow-origin:
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
content-length: 0
server: proxygen-bolt
alt-svc: h3=":443"; ma=86400
date: Fri, 25 Nov 2022 22:11:55 GMT
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 966255e8eae5f73b5fe45aab88646f99
57eadbf09ae6a8170cdfe3b0691b908f49e2c08d
a99ecadf4c294cebf0c392ea036f508443cb471c44773cc5ea0212ab86074cbe
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3254
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 25 Nov 2022 22:11:55 GMT
Last-Modified: Fri, 25 Nov 2022 21:17:41 GMT
Server: ECS (ska/F705)
X-Cache: HIT
Content-Length: 471
syndication.traffichaus.com/adserve/r.php?k=CAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322780791
66.254.114.233200 OK 95 B URL HTTP/1.1 syndication.traffichaus.com/adserve/r.php?k=CAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322780791
IP 66.254.114.233:0
File type PNG image data, 1 x 1, 1-bit colormap, non-interlaced\012- data
Hash 71a50dbba44c78128b221b7df7bb51f1
0ec63b140374ba704a58fa0c743cb357683313dd
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
GET /adserve/r.php?k=CAT&adv_id=94511&exp=25920000&dh=969205b0247754250d921d8da45875fa&bh=48c011d2648afe0455d203967aa130a5&dom=&cb=1606322780791 HTTP/1.1
Host: syndication.traffichaus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx
date: Fri, 25 Nov 2022 22:11:55 GMT
content-type: image/png
transfer-encoding: chunked
set-cookie: re_94511_Q0FU=eyJ0IjoiQ0FUIiwiYSI6Ijk0NTExIiwiZCI6IiIsImRoIjoiOTY5MjA1YjAyNDc3NTQyNTBkOTIxZDhkYTQ1ODc1ZmEiLCJiaCI6IjQ4YzAxMWQyNjQ4YWZlMDQ1NWQyMDM5NjdhYTEzMGE1IiwiaXAiOiI5MS45MC40Mi4xNTQiLCJlIjoxNjk1MzM0MzE1fQ%3D%3D; expires=Thu, 21-Sep-2023 22:11:55 GMT; Max-Age=25920000; path=/
RNLBSERVERID=ded5931; path=/
x-request-id: 63813DAB-42FE72E901BBA137-705EB26D
ww62.qqjar.ru/
76.223.26.96200 OK 4.4 kB IP 76.223.26.96:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2463)
Hash ba8673d87b9e1f77affaf69e89707960
8d9f9f2c3b3e5b15ce873f256d80bdf6b5a2493b
ee6e6f4de0ef271bfb5d6dea96613bfbd30b74e4f049d7d475129d4921ad67fd
Analyzer Verdict Alert fortinet Malware
GET / HTTP/1.1
Host: ww62.qqjar.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
HTTP/1.1 200 OK
Date: Fri, 25 Nov 2022 22:11:55 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: nginx
Vary: Accept-Encoding
X-Buckets: bucket103
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_CfdZo1ERI5EUQpI1n+D3/08X02l/CoeN5WNetaQxNtmmR+U1XZC2trT0WF5yfxGq5/YDNo4A1LcbietItyc80Q==
X-Template: tpl_CleanPeppermintBlack_twoclick
X-Language: norwegian
Accept-CH: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile
Accept-CH-Lifetime: 30
Content-Encoding: gzip
main.exoclick.com/tag.php?goal=ecd938f748969c750709ba2e8deeba23
95.211.229.248200 OK 20 B URL HTTP/1.1 main.exoclick.com/tag.php?goal=ecd938f748969c750709ba2e8deeba23
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=ecd938f748969c750709ba2e8deeba23 HTTP/1.1
Host: main.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 22:11:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A83751%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-11-25%22%3B%7D%7D; expires=Sat, 25 Nov 2023 22:11:56 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
main.exoclick.com/tag.php?goal=47dd92b1071a4ea3bd1564629f4b030c
95.211.229.248200 OK 20 B URL HTTP/1.1 main.exoclick.com/tag.php?goal=47dd92b1071a4ea3bd1564629f4b030c
IP 95.211.229.248:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /tag.php?goal=47dd92b1071a4ea3bd1564629f4b030c HTTP/1.1
Host: main.exoclick.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 25 Nov 2022 22:11:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: goals=a%3A1%3A%7Bi%3A22614%3Ba%3A1%3A%7Bs%3A4%3A%22date%22%3Bs%3A10%3A%222022-11-25%22%3B%7D%7D; expires=Sat, 25 Nov 2023 22:11:56 GMT; path=/; domain=.exoclick.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
www.onlyhgames.com/go.php?id=oxoour52j6qzuw2
94.242.50.158200 OK 0 B URL HTTP/2 www.onlyhgames.com/go.php?id=oxoour52j6qzuw2
IP 94.242.50.158:0
GET /go.php?id=oxoour52j6qzuw2 HTTP/1.1
Host: www.onlyhgames.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
x-powered-by: PHP/7.4.33
content-type: text/html; charset=UTF-8
cache-control: public, max-age=0,public
expires: Fri, 25 Nov 2022 22:11:50 GMT
content-encoding: br
vary: Accept-Encoding,User-Agent
date: Fri, 25 Nov 2022 22:11:50 GMT
server: LiteSpeed
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
js.juicyads.com/jp.php?c=3454u2z2y254u4p2w2c4x294a4&u=http%3A%2F%2Fwww.juicyads.rocks
143.204.55.76200 OK 0 B URL HTTP/2 js.juicyads.com/jp.php?c=3454u2z2y254u4p2w2c4x294a4&u=http%3A%2F%2Fwww.juicyads.rocks
IP 143.204.55.76:0
GET /jp.php?c=3454u2z2y254u4p2w2c4x294a4&u=http%3A%2F%2Fwww.juicyads.rocks HTTP/1.1
Host: js.juicyads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=utf-8
cache-control: max-age=900
date: Fri, 25 Nov 2022 22:02:48 GMT
expires: Fri, 25 Nov 2022 22:17:48 GMT
pragma: cache
server: nginx
x-cache: Hit from cloudfront
via: 1.1 814e8c24454087e83cd261a6cf477166.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: SoBKXXE5zW-Ljhm_zAuSZhcpNwKMhrM3at4ZnhHzvcr6M91ruqBe-Q==
age: 542
X-Firefox-Spdy: h2
ads.exosrv.com/ads.js
185.76.9.16200 OK 0 B IP 185.76.9.16:0
ASN #60068 Datacamp Limited
GET /ads.js HTTP/1.1
Host: ads.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 22:11:50 GMT
content-type: application/javascript
etag: W/"b60fdcc211f42a1f246a8c80b56"
expires: Thu, 24 Nov 2022 17:05:30 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669417565
server: CDN77-Turbo
x-77-nzt: AblMCQ3AShr/eR0AAA
x-77-nzt-ray: c0a4cc284ecedf44a63d8163609f7e1f
x-cache: HIT
x-age: 7545
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
a.exosrv.com/nativeads.js
185.76.9.26200 OK 0 B URL HTTP/2 a.exosrv.com/nativeads.js
IP 185.76.9.26:0
ASN #60068 Datacamp Limited
GET /nativeads.js HTTP/1.1
Host: a.exosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 22:11:50 GMT
content-type: application/javascript
etag: W/"e361d384cb66857327bef1db5ef"
expires: Thu, 24 Nov 2022 17:05:32 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1669417576
server: CDN77-Turbo
x-77-nzt: AblMCRS4UpX/bh0AAA
x-77-nzt-ray: af58563031aab78ea63d81630ca25220
x-cache: HIT
x-age: 7534
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
www.betteradsystem.com/jmespath.min.js
185.76.9.15200 OK 0 B URL HTTP/2 www.betteradsystem.com/jmespath.min.js
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
GET /jmespath.min.js HTTP/1.1
Host: www.betteradsystem.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.onlyhgames.com
Connection: keep-alive
Referer: https://www.onlyhgames.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 25 Nov 2022 22:11:50 GMT
content-type: application/x-javascript
alt-svc: quic="185.76.9.13:443"; ma=2592000; v="44,43,39"
expires: Wed, 30 Nov 2022 15:23:21 GMT
access-control-allow-origin: *
link: <https://betteradsystem.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-accel-expires: @1669821801
server: CDN77-Turbo
x-77-nzt: AblMCQ2clBf/vQIDAA
x-77-nzt-ray: c0a4cc2868ca4946a63d8163a1512825
x-cache: HIT
x-age: 197309
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
highlevelcount.com/index.min.js?pk=0f6c6b0d2533be0a124411ed43310cc0
104.21.30.122404 Not Found 0 B URL HTTP/2 highlevelcount.com/index.min.js?pk=0f6c6b0d2533be0a124411ed43310cc0
IP 104.21.30.122:0
GET /index.min.js?pk=0f6c6b0d2533be0a124411ed43310cc0 HTTP/1.1
Host: highlevelcount.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://goplayhere.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
date: Fri, 25 Nov 2022 22:11:55 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: HIT
age: 89
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nYCg6HMSCn5m4u8QshPvdaq9DHdTYSxsMzUaFloiHG2Av1H2akqmOgveKV0GamFYUFZpzIpworCpU0%2F5H1ElcSds9DQGnFS5m1bXLLozWIbREOi6FCt%2Bc33TOe7%2FSbzXUI9dLBI%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 76fdb90ea8ef0b55-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2