Report - easymc.io/client/EasyMC.exe?1608595200031/

Report Overview

Submitted URL
easymc.io/client/EasyMC.exe?1608595200031/
IP
104.21.86.250
ASN
#13335 CLOUDFLARENET
Submitted
2023-08-19 20:36:01
Access
public
Website Title
EasyMC.io - Free Minecraft Accounts
Final URL
easymc.io/client/EasyMC.exe?1608595200031/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
1
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
s.nitropay.com	30100	2003-11-04	2018-05-21	2023-08-18	3.9 kB	577 kB	104.18.2.78
ad-delivery.net	1341	2017-05-03	2017-06-22	2023-08-19	857 B	2.6 kB	172.67.69.19
consent.nitrocnct.com	unknown	2021-07-21	2022-10-31	2023-08-18	884 B	202 kB	104.21.33.230
region1.analytics.google.com	unknown	1997-09-15	2022-03-17	2023-08-19	1.4 kB	860 B	216.239.34.36
easymc.io	75352	2020-04-03	2020-04-25	2023-08-19	5.1 kB	1.0 MB	172.67.138.103
fonts.googleapis.com	8877	2005-01-25	2013-06-10	2023-08-19	462 B	4.7 kB	142.250.74.74
btloader.com	169057	2020-10-06	2020-10-22	2023-08-19	418 B	43 kB	172.67.70.134
ocsp.pki.goog	175	2016-06-13	2018-07-01	2023-08-19	3.4 kB	7.0 kB	142.250.74.131
fonts.gstatic.com	unknown	2008-02-11	2014-09-09	2023-08-19	2.1 kB	103 kB	142.250.74.35
api.btloader.com	1320	2020-10-06	2020-10-14	2023-08-19	1.5 kB	797 B	130.211.23.194
www.bing.com	91	1996-01-29	2012-05-21	2018-11-01	3.2 kB	21 kB	23.36.79.25
adsdk.microsoft.com	unknown	1991-05-02	2023-04-20	2023-08-19	440 B	83 kB	13.107.246.53
tracker.nitropay.com	29033	2003-11-04	2017-05-23	2023-08-18	2.4 kB	1.2 kB	104.18.2.78
www.google.no	25607	2001-02-26	2016-04-05	2023-08-19	518 B	578 B	142.250.74.163
www.googletagmanager.com	75	2011-11-11	2013-05-22	2023-08-19	420 B	222 kB	142.250.74.40
ib.adnxs.com	241	2008-05-27	2012-05-20	2023-08-19	469 B	14 kB	185.89.210.153

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-08-19 20:35:46	medium	Client IP	192.169.69.26	ET INFO DYNAMIC_DNS HTTP Request to a *.duckdns .org Domain

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Fortinet's Web Filter

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (18)

	URL	Size	First Seen	Last Seen
	easymc.io/client/EasyMC.exe?1608595200031/	204 B	2023-08-19	2023-08-19
Pretty URL easymc.io/client/EasyMC.exe?1608595200031/ IP 172.67.138.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-19 22:36:02 Last Seen2023-08-19 22:36:02 Times Seen1 Hash 2a955d318a81525cdc8d0e4b43b03b4d 3b4f8ad87c49d70253686d95587baeb3e7aeb62f f8a4e4259ac17745778cb0d987f26d0b2da88c50cf8cdd563185461e278fd956 Loading...

	btloader.com/tag?o=6278260873756672&upapi=true	42 kB	2023-08-19	2023-08-19
Pretty URL btloader.com/tag?o=6278260873756672&upapi=true IP 172.67.70.134 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-19 22:36:02 Last Seen2023-08-19 22:36:03 Times Seen2 Hash 26bba6d9d8c1c9ae30d079a09e00c6c2 dd2b47a4e7893fe393fb8658f1890cb8f9e79d1f f3e583e04773d5c2b72c84fe23ade0c524c6f65daa414c46268fa5a1da090780 Loading...

	adsdk.microsoft.com/native-to-display/sdk.js	82 kB	2023-08-19	2023-08-22
Pretty URL adsdk.microsoft.com/native-to-display/sdk.js IP 13.107.246.53 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-19 22:36:02 Last Seen2023-08-22 04:28:04 Times Seen3 Hash 9697970e93449da9665021dc622565f8 711395503c085bb1c64e52d2554990b064357671 6d217af9105d69f82cd5e29239c0caea643aa9af6854a7ed32da9452a9634ec0 Loading...

	unknown	4.3 kB	2023-08-19	2023-08-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-19 22:36:02 Last Seen2023-08-19 22:36:02 Times Seen1 Hash d4bd8ab5478f7fbcc4294a4de15c4ecb 8ccebfca124152471feb78b6aecdbf843fe8053f bed4107a7d46919c9f31d2dd16383615b496bd344903d863901125b802d52642 Loading...

	easymc.io/client/EasyMC.exe?1608595200031/	9.2 kB	2023-08-19	2023-08-19
Pretty URL easymc.io/client/EasyMC.exe?1608595200031/ IP 172.67.138.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-19 22:36:02 Last Seen2023-08-19 22:36:02 Times Seen1 Hash 2d132462c619dca1e6173a9883bdb45f 8685e454e6086b9bda86114acf86b1b5941cfd24 f9d6451f54b2d75591317f6b413bc18fbe2b20fb85218ef6e702f4bcdb1bf3b0 Loading...

	easymc.io/client/EasyMC.exe?1608595200031/	1.5 kB	2023-08-19	2023-08-19
Pretty URL easymc.io/client/EasyMC.exe?1608595200031/ IP 172.67.138.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML true Observations First Seen2023-08-19 22:36:02 Last Seen2023-08-19 22:36:02 Times Seen1 Hash 1387d028e44ec409a1d93e9ca10859a2 ca55c40284636e765e25d7c6e6b114743d89cd0c fcf24f8dc6b6875fb8c9e40edf3ea97b2bb7c1a89be17de53306c9a4a0f54605 Loading...

	easymc.io/static/js/2.84d33f18.chunk.js	1.5 MB	2023-08-19	2023-08-19
Pretty URL easymc.io/static/js/2.84d33f18.chunk.js IP 172.67.138.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-19 22:36:02 Last Seen2023-08-19 22:36:02 Times Seen1 Hash 5693373d14a0b67f316880eb0946bee7 83852d15392d2ebf69f47b33702e5ddd9dc792bb c4c8a6e1d0dc4fc5d3541c107bf6095a006f3a5b95f4b128b4218f69e6065800 Loading...

	www.googletagmanager.com/gtag/js?id=G-8D4FHV4N0X	222 kB	2023-08-19	2023-08-19
Pretty URL www.googletagmanager.com/gtag/js?id=G-8D4FHV4N0X IP 142.250.74.40 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-19 22:36:03 Last Seen2023-08-19 22:36:03 Times Seen2 Hash 9a652edb7f3e46089aed0c3a7cce6e48 275274226c6aed8c1a0796e6a4306ce8c3785398 a0685d0bb19c22ff386d7e28f92d5adb8472baba3980c2470c5ae9b927f062a0 Loading...

	unknown	2.5 kB	2023-08-19	2023-08-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-19 22:36:03 Last Seen2023-08-19 22:36:03 Times Seen1 Hash 3b5f9e448993b264ad49a5e269391168 45558e2b7a5b43d4f6b43415b9db06ae188fc4a2 20b026ae75210d042dff3c333d39a6fa8b713d29370c0d786f2c07ab2c011b2e Loading...

	easymc.io/static/js/main.b961184c.chunk.js	214 kB	2023-08-19	2023-08-19
Pretty URL easymc.io/static/js/main.b961184c.chunk.js IP 172.67.138.103 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-19 22:36:03 Last Seen2023-08-19 22:36:03 Times Seen2 Hash 2707cf900832a1108bb63298db1c5637 b45f649481d768125521f25a21df863f79eccadc 8639572f27cf341f06a897da459d8bbdf90c4aba9d1239a70bb53e60e12cd62c Loading...

	s.nitropay.com/gpp-8a63835.min.js	260 kB	2023-08-19	2023-08-21
Pretty URL s.nitropay.com/gpp-8a63835.min.js IP 104.18.2.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-19 05:57:12 Last Seen2023-08-21 17:38:52 Times Seen6 Hash d26180cddbd93db7a4e540d61477ac4e 978777653f5c2448745204e3341d861eeb9cc953 9716ebc4d128356a480b938ba56a87cd001092794ef51edefd64083b772850f0 Loading...

	s.nitropay.com/ads-461.js	436 kB	2023-08-19	2023-08-19
Pretty URL s.nitropay.com/ads-461.js IP 104.18.2.78 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-19 22:36:03 Last Seen2023-08-19 22:36:03 Times Seen1 Hash df702de4ba94cf3fe3ff0b0e8325a568 d726e44851f4c331a03190407ca986d34f723fa3 a37f3b3ee79d466036f73e0def1ea5d865888382f393ec0ed927b4dc1ecc2d11 Loading...

	easymc.io/client/sandbox%20eval%20code	136 B	2023-04-11	2024-09-02
Pretty URL easymc.io/client/sandbox%20eval%20code IP 0.0.0.0 ASN #0 Introduced by Embedded in HTML false Observations First Seen2023-04-11 21:23:25 Last Seen2024-09-02 04:58:21 Times Seen39412 Hash fb4eb094524daea58bf7f82331598541 f5ca39eb98fa1685f8647514a627d3d7f216f7ef 7cbf1e77bb9277bac7030ded2087246adf5c59564a5a1f28ce8c09be6ef48683 Loading...

	securepubads.g.doubleclick.net/tag/js/gpt.js	13 kB	2023-04-05	2024-09-02
Pretty URL securepubads.g.doubleclick.net/tag/js/gpt.js IP 0.0.0.0 ASN #0 Introduced by scriptElement Embedded in HTML false Observations First Seen2023-04-05 04:46:03 Last Seen2024-09-02 04:58:20 Times Seen38164 Hash 0c9ed134ae3d5ffe972da2a3e59dc428 620df222551395592e46e4c5f425cf23dcdad891 5f9efa604bfe2aee8c1a90376125a098306ba390530a6f9b2ecb0a67cdac178d Loading...

	unknown	10 B	2023-04-12	2024-09-02
Pretty Introduced by domTimer Embedded in HTML false Observations First Seen2023-04-12 19:36:05 Last Seen2024-09-02 04:46:18 Times Seen906 Hash 3909b073ead7dbc3d10023cf6336903e f9c1172685620881b482cb5582ab2f78ec51782c cab4aeaee24247015e08bf50b1fa6c55be2a1a15498261733119bef265b09f6a Loading...

	unknown	72 B	2023-08-19	2023-08-19
Pretty Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-19 22:36:03 Last Seen2023-08-19 22:36:03 Times Seen1 Hash f4fa9c83583478a377839fe71b66b7c4 d7d2b9460fd772263930d7604c1bc939ac421b25 98d608cc0d351c5e0ea0806bb4d6e4457ea8ce9ad98c05fd0b0048ceab1292f5 Loading...

		Size	First Seen	Last Seen
	#1 Write - ee2dba1dfea38fb6268c8062561c202c	11 kB	2023-08-19	2023-08-19
Pretty Observations First Seen2023-08-19 22:36:03 Last Seen2023-08-19 22:36:03 Times Seen1 Hash ee2dba1dfea38fb6268c8062561c202c 05d522e977e71497d3a351f7ddfea7d150ea374c 1204e4906db5481b2debfcb8233708e7b0ba3e7c8023659c5b56e447e4edde39 Loading...

	#2 Write - 83b6cb5f6615dea8243855439f3b447d	1.4 kB	2023-08-19	2023-08-19
Pretty Observations First Seen2023-08-19 22:36:03 Last Seen2023-08-19 22:36:03 Times Seen1 Hash 83b6cb5f6615dea8243855439f3b447d 08b4d3eb4b7623f28a2dbb60e20e00298164a055 ee26e9360d43636b8b582aaf14a406af09fad58c21dd70d3f39d556d651a484f Loading...

HTTP Transactions (54)

	URL	IP	Response	Size
	ocsp.pki.goog/gts1c3	142.250.74.131		472 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 84da2775fd574a7e475affe9d024e951 cc2da97f96b631af451a74e980a53937932a141e 6acecf3111ae491738373ad638c81f69031dc28805aa0b5b8c00746a9e989d08 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 19 Aug 2023 20:35:42 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	s.nitropay.com/1.gif?x=1&adslot=	104.18.2.78	200 OK	42 B
URL GET HTTP/3 s.nitropay.com/1.gif?x=1&adslot= IP 104.18.2.78:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintFF:E0:CE:2D:DB:8C:14:91:BC:B8:DE:9F:24:62:06:3E:6F:69:EC:55 ValiditySun, 16 Apr 2023 00:00:00 GMT - Mon, 15 Apr 2024 23:59:59 GMT File type GIF image data, version 89a, 1 x 1\012- data Size 42 B (42 bytes) Hash d89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 HTTP Headers GET /1.gif?x=1&adslot= HTTP/1.1 Host: s.nitropay.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=.wulnWzaL_dEksZxByrJFVMrSXIoXW_W2dRY6CxuJ_E-1692477342-0-AUFoX27AVirx3KJVXggPgWna0Q7zxqhZXfQcjDQ2z2s/cqNqjZ+IRQlAjRNDjV9g8yAkbO0tspCKsgi8BstIWjg= Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:42 GMT content-type: image/gif content-length: 42 x-guploader-uploadid: ADPycduJ5x5Xn00lA4iwT_KCAu2dIQwgKERrrv3EFb0fkCXPKUuyyeXZaBfYT4CCfUKCA1CTZSReLYzRPDF5Gplc_KvmuA cache-control: public, max-age=604800 expires: Fri, 25 Aug 2023 19:55:38 GMT last-modified: Fri, 22 Jan 2021 08:58:45 GMT etag: "d89746888da2d9510b64a9f031eaecd5" x-goog-generation: 1611305925409947 x-goog-metageneration: 3 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 42 x-goog-meta-: x-goog-custom-time: 1970-01-01T00:00:00Z x-goog-hash: crc32c=ljrbyA==, md5=2JdGiI2i2VELZKnwMers1Q== x-goog-storage-class: MULTI_REGIONAL access-control-allow-origin: * access-control-expose-headers: Content-Type alt-svc: h3=":443"; ma=86400 cf-cache-status: HIT age: 88801 accept-ranges: bytes vary: Accept-Encoding strict-transport-security: max-age=2592000; includeSubDomains server: cloudflare cf-ray: 7f952f3efcaab4ed-OSL

	easymc.io/static/js/2.84d33f18.chunk.js	172.67.138.103	200 OK	435 kB
URL GET HTTP/3 easymc.io/static/js/2.84d33f18.chunk.js IP 172.67.138.103:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerLet's Encrypt Subjecteasymc.io FingerprintBF:26:16:CF:7C:FC:F2:81:2D:E1:E7:F7:6F:14:70:9E:F9:81:B5:1F ValiditySat, 19 Aug 2023 09:23:34 GMT - Fri, 17 Nov 2023 09:23:33 GMT File type gzip compressed data, from Unix\012- data Size 435 kB (435075 bytes) Hash 0f1ca1ce3288ff0d2302d0669dce1a31 07ae2fe116cbf21421b4a3220349e2151f6d2054 75edbda061c3bc588241a008887bc2c0254f3d0b7643f97b83e029a870091853 HTTP Headers `GET /static/js/2.84d33f18.chunk.js HTTP/1.1 Host: easymc.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/client/EasyMC.exe?1608595200031/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:42 GMT content-type: application/javascript access-control-allow-origin: * cache-control: public, max-age=14400, must-revalidate etag: W/"376c18b2e07ae14bef73811be6e4a3d5" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lvZFR36qUkR5lKnTkIhZCf3rjtv84Fc7EZWn4XanazdWw2BRnJ3zWaF7XjAk3CDYgwxie1Dfr7mp1fWaSxR2cZtoCkWgMfT4Y8oLK3SNEHSm%2FeSf4QPNbv60yeA%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding content-encoding: gzip cf-cache-status: HIT age: 762 server: cloudflare cf-ray: 7f952f3cfcc7b4f7-OSL alt-svc: h3=":443"; ma=86400

	easymc.io/ads/px.gif?ch=1&0.40166219486392496&adslot=	172.67.138.103	200 OK	56 B
URL GET HTTP/3 easymc.io/ads/px.gif?ch=1&0.40166219486392496&adslot= IP 172.67.138.103:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerLet's Encrypt Subjecteasymc.io FingerprintBF:26:16:CF:7C:FC:F2:81:2D:E1:E7:F7:6F:14:70:9E:F9:81:B5:1F ValiditySat, 19 Aug 2023 09:23:34 GMT - Fri, 17 Nov 2023 09:23:33 GMT File type GIF image data, version 89a, 2 x 2\012- data Size 56 B (56 bytes) Hash a0bee492131e81dde452fd4d3322f1ea bd6d9bc2324a0d1d834620dc1593060e75daca30 83bad44087c870f55916391b2096573b21d085a58ea975adc3848aae9468aa87 HTTP Headers GET /ads/px.gif?ch=1&0.40166219486392496&adslot= HTTP/1.1 Host: easymc.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/client/EasyMC.exe?1608595200031/ DNT: 1 Connection: keep-alive Cookie: _pbjs_userid_consent_data=3524755945110770 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:42 GMT content-type: image/gif content-length: 56 access-control-allow-origin: * cache-control: public, max-age=14400, must-revalidate etag: "b7edd133e7769aaf7bd052a7728ed8d7" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=E8N%2FVTHuMlJllZOyRUEazL0rH1yi%2Bu9NDgWZzyTpwcxSf789gggFQznAOk0ZSK%2Ba8VEo1M9IKHSlGSYKKfhqZI7Roz%2FVOD%2FVvtfscGG7ooBltSdBTNsHWrCegas%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding cf-cache-status: MISS accept-ranges: bytes server: cloudflare cf-ray: 7f952f407acab4f7-OSL alt-svc: h3=":443"; ma=86400

	tracker.nitropay.com/sites/461/analytics?ab=eyJocmVmIjoiaHR0cHM6Ly9lYXN5bWMuaW8vY2xpZW50L0Vhc3lNQy5leGU%2FMTYwODU5NTIwMDAzMS8iLCJ2Ijo2MywiYSI6ZmFsc2UsInMiOnRydWV9	104.18.2.78	200 OK	0 B
URL GET HTTP/2 tracker.nitropay.com/sites/461/analytics?ab=eyJocmVmIjoiaHR0cHM6Ly9lYXN5bWMuaW8vY2xpZW50L0Vhc3lNQy5leGU%2FMTYwODU5NTIwMDAzMS8iLCJ2Ijo2MywiYSI6ZmFsc2UsInMiOnRydWV9 IP 104.18.2.78:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintFF:E0:CE:2D:DB:8C:14:91:BC:B8:DE:9F:24:62:06:3E:6F:69:EC:55 ValiditySun, 16 Apr 2023 00:00:00 GMT - Mon, 15 Apr 2024 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /sites/461/analytics?ab=eyJocmVmIjoiaHR0cHM6Ly9lYXN5bWMuaW8vY2xpZW50L0Vhc3lNQy5leGU%2FMTYwODU5NTIwMDAzMS8iLCJ2Ijo2MywiYSI6ZmFsc2UsInMiOnRydWV9 HTTP/1.1 Host: tracker.nitropay.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Sat, 19 Aug 2023 20:35:42 GMT content-length: 0 via: 1.1 google alt-svc: h3=":443"; ma=86400 cf-cache-status: DYNAMIC set-cookie: __cf_bm=MwXIBHB8uptW7J56VdjFyv_FtyEMWZCEbrwGLSX6zn8-1692477342-0-AVmj3JYXJ3rL3z0al5gd70i9uIxDZ13V9UJGnMq6TWv65HuEWdso6jg2vnxdE6VUHXDZFy+LLmpaOAauiq2XrFc=; path=/; expires=Sat, 19-Aug-23 21:05:42 GMT; domain=.nitropay.com; HttpOnly; Secure; SameSite=None strict-transport-security: max-age=2592000; includeSubDomains server: cloudflare cf-ray: 7f952f408fdab4f4-OSL X-Firefox-Spdy: h2

	easymc.io/static/media/skins.e9ce5901.jpg	172.67.138.103	200 OK	36 kB
URL GET HTTP/3 easymc.io/static/media/skins.e9ce5901.jpg IP 172.67.138.103:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerLet's Encrypt Subjecteasymc.io FingerprintBF:26:16:CF:7C:FC:F2:81:2D:E1:E7:F7:6F:14:70:9E:F9:81:B5:1F ValiditySat, 19 Aug 2023 09:23:34 GMT - Fri, 17 Nov 2023 09:23:33 GMT File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 533x310, components 3\012- data Size 36 kB (35840 bytes) Hash e9ce590131a9c3b70f89d05e54383175 7de5c2d338e7485c856a8d7d10e014da9f722819 6171caccf38dc3f9e16c7f5442debb86013e852d5b1501fcd3ab8021bb444ce2 HTTP Headers GET /static/media/skins.e9ce5901.jpg HTTP/1.1 Host: easymc.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/client/EasyMC.exe?1608595200031/ DNT: 1 Connection: keep-alive Cookie: _pbjs_userid_consent_data=3524755945110770 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:42 GMT content-type: image/jpeg content-length: 35840 access-control-allow-origin: * cache-control: public, max-age=14400, must-revalidate etag: "cd3be61a4a3ac39300bf8d484a00a8f7" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1RKO79SqPjIrnHXjNR7TnU2uYTDslAhreqhlrdD%2B2rqRbvlAQxXPXVG6807R5NOhX9Q4uMjSrTJtTzKQ6EIJDHJ7PXcp733b0yQxWqmqC8RjsZ4b%2BrCAPNujppiXzR0HhOKq%2BqkDNSM%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding cf-cache-status: HIT age: 4547 accept-ranges: bytes server: cloudflare cf-ray: 7f952f418cb5b4f7-OSL alt-svc: h3=":443"; ma=86400

	easymc.io/static/media/modpacks.8edf645a.jpg	172.67.138.103	200 OK	52 kB
URL GET HTTP/3 easymc.io/static/media/modpacks.8edf645a.jpg IP 172.67.138.103:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerLet's Encrypt Subjecteasymc.io FingerprintBF:26:16:CF:7C:FC:F2:81:2D:E1:E7:F7:6F:14:70:9E:F9:81:B5:1F ValiditySat, 19 Aug 2023 09:23:34 GMT - Fri, 17 Nov 2023 09:23:33 GMT File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 396x376, components 3\012- data Size 52 kB (51787 bytes) Hash 8edf645a14db0c87f5c8725ee3fad12e 94729c11da71e8f3cc9bccbf57084aabb25c5d48 141fccbd55b8434eec1f7d49aa4f626e4cf98491315552d7302d789804e3da30 HTTP Headers GET /static/media/modpacks.8edf645a.jpg HTTP/1.1 Host: easymc.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/client/EasyMC.exe?1608595200031/ DNT: 1 Connection: keep-alive Cookie: _pbjs_userid_consent_data=3524755945110770 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:42 GMT content-type: image/jpeg content-length: 51787 access-control-allow-origin: * cache-control: public, max-age=14400, must-revalidate etag: "07fa3da7087d984145f5cc6a6ec6e769" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8zUGTAQJdKTxGnH84k22HcRZCWanaZ%2Fd8b4N7dNx0aT6iwWXT4i9cbFuDF6%2B5fJv3tBOOWMIe4bTC177ml8KkemKb7YPV%2BKO7A9%2BIlUHAFQNHKDbpBW54D0b%2Bwdpj9NPhjr6SojsfAA%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding cf-cache-status: HIT age: 4547 accept-ranges: bytes server: cloudflare cf-ray: 7f952f418cb3b4f7-OSL alt-svc: h3=":443"; ma=86400

	easymc.io/static/media/clients.f2b9dae3.jpg	172.67.138.103	200 OK	40 kB
URL GET HTTP/3 easymc.io/static/media/clients.f2b9dae3.jpg IP 172.67.138.103:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerLet's Encrypt Subjecteasymc.io FingerprintBF:26:16:CF:7C:FC:F2:81:2D:E1:E7:F7:6F:14:70:9E:F9:81:B5:1F ValiditySat, 19 Aug 2023 09:23:34 GMT - Fri, 17 Nov 2023 09:23:33 GMT File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 489x366, components 3\012- data Size 40 kB (39579 bytes) Hash f2b9dae3b88ef10afe17ee84cbe342c1 21b54ca3a31fd5acde38439ba7fd36164382d284 30472eafbbb5cdd68c6cec6d2ebcb8c435d254d93dbd1eb1e94c84ba7e2f2800 HTTP Headers GET /static/media/clients.f2b9dae3.jpg HTTP/1.1 Host: easymc.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/client/EasyMC.exe?1608595200031/ DNT: 1 Connection: keep-alive Cookie: _pbjs_userid_consent_data=3524755945110770 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:42 GMT content-type: image/jpeg content-length: 39579 access-control-allow-origin: * cache-control: public, max-age=14400, must-revalidate etag: "6b49744f2e0d8363ef16c96d955d3291" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=z3VjmuDE%2BePgD1HUUYC%2FevBCw8KF0tOEVggpLjdcLi%2BNioQjmtFXvJPypQIlFyj1RdssrvQGU3xoSX6Xnf69udIX29VV5rdbL%2BsUp8P1as2q4mfRjxV%2FSv4UZjHpMeVK8q4vPwSyJI8%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding cf-cache-status: HIT age: 4547 accept-ranges: bytes server: cloudflare cf-ray: 7f952f418cbfb4f7-OSL alt-svc: h3=":443"; ma=86400

	ocsp.pki.goog/gts1c3	142.250.74.131		471 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash 6ae7c42061efe3d8e03447df20c45991 ae96c94a5397c555bcc1954e9e680059a4ce2cda 6e28249b71bafc7049ad4162cb328d8bc805f2c5819d671b13029c17d2c7372e HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 19 Aug 2023 20:35:42 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	s.nitropay.com/gpp-8a63835.min.js	104.18.2.78	200 OK	127 kB
URL GET HTTP/3 s.nitropay.com/gpp-8a63835.min.js IP 104.18.2.78:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintFF:E0:CE:2D:DB:8C:14:91:BC:B8:DE:9F:24:62:06:3E:6F:69:EC:55 ValiditySun, 16 Apr 2023 00:00:00 GMT - Mon, 15 Apr 2024 23:59:59 GMT File type gzip compressed data, from Unix\012- data Size 127 kB (127268 bytes) Hash 908462df7ddb4787f54f8bef92e0b6d0 256f1af0df61b5e45a2bff19c068c6846164dc2f 918db7cc7b6a946614b7c0d28ae3d698b32f11def404e6a65e09c6fc04bb7c5e HTTP Headers GET /gpp-8a63835.min.js HTTP/1.1 Host: s.nitropay.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=.wulnWzaL_dEksZxByrJFVMrSXIoXW_W2dRY6CxuJ_E-1692477342-0-AUFoX27AVirx3KJVXggPgWna0Q7zxqhZXfQcjDQ2z2s/cqNqjZ+IRQlAjRNDjV9g8yAkbO0tspCKsgi8BstIWjg= Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:42 GMT content-type: application/javascript x-guploader-uploadid: ADPycdsK3sHtNaqnvIxFPkO1fW6tKi2uFeou3FWeFlLuOasSI-vwQ2MC8Fhwz_nAdtj9J4vUC8NtYrYP7NC5UzR-BWb1PA cache-control: public, max-age=604800 expires: Fri, 25 Aug 2023 19:55:38 GMT last-modified: Thu, 17 Aug 2023 18:19:49 GMT etag: W/"d26180cddbd93db7a4e540d61477ac4e" x-goog-generation: 1692296389646291 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 259616 x-goog-hash: crc32c=7PVRRA==, md5=0mGAzdvZPbek5UDWFHesTg== x-goog-storage-class: MULTI_REGIONAL access-control-allow-origin: * access-control-expose-headers: Content-Type alt-svc: h3=":443"; ma=86400 cf-cache-status: HIT age: 88803 vary: Accept-Encoding strict-transport-security: max-age=2592000; includeSubDomains server: cloudflare cf-ray: 7f952f3fee2ab4ed-OSL content-encoding: gzip

	ocsp.pki.goog/gts1c3	142.250.74.131		471 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash 6ae7c42061efe3d8e03447df20c45991 ae96c94a5397c555bcc1954e9e680059a4ce2cda 6e28249b71bafc7049ad4162cb328d8bc805f2c5819d671b13029c17d2c7372e HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 19 Aug 2023 20:35:43 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131		472 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 5b83279f087bc1d3b70b7dcda32443ef c028ba0146561271ccdd6eab7d5802deb0a5d473 d5656413f43f353f78b3f4a79568f56c37105b7e2b070f7da5d6bd1782dc6e54 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 19 Aug 2023 20:35:43 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131		472 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 5b83279f087bc1d3b70b7dcda32443ef c028ba0146561271ccdd6eab7d5802deb0a5d473 d5656413f43f353f78b3f4a79568f56c37105b7e2b070f7da5d6bd1782dc6e54 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 19 Aug 2023 20:35:43 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	fonts.gstatic.com/s/quicksand/v30/6xKtdSZaM9iE8KbpRA_hK1QN.woff2	142.250.74.35	200 OK	26 kB
URL GET HTTP/2 fonts.gstatic.com/s/quicksand/v30/6xKtdSZaM9iE8KbpRA_hK1QN.woff2 IP 142.250.74.35:443 ASN #15169 GOOGLE Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com FingerprintB4:FE:48:07:8D:40:C5:C8:CB:74:41:13:3F:8E:10:8B:6F:1C:F4:CB ValidityMon, 31 Jul 2023 08:22:18 GMT - Mon, 23 Oct 2023 08:22:17 GMT File type Web Open Font Format (Version 2), TrueType, length 25672, version 1.0\012- data Size 26 kB (25672 bytes) Hash fe3e5be2baa0126122ba9367ebab73c8 40bec99106dfab5f3721ed725483eb618a9016cd 8b166007d6f54c33b3ea10ea23572bc3166f55f365840d3cbd6ef7b5dcf6674e HTTP Headers GET /s/quicksand/v30/6xKtdSZaM9iE8KbpRA_hK1QN.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://easymc.io DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 25672 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 17 Aug 2023 14:52:38 GMT expires: Fri, 16 Aug 2024 14:52:38 GMT cache-control: public, max-age=31536000 age: 193385 last-modified: Mon, 18 Jul 2022 19:12:08 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	ad-delivery.net/px.gif?ch=1&e=0.3403706363691663	172.67.69.19	200 OK	43 B
URL GET HTTP/2 ad-delivery.net/px.gif?ch=1&e=0.3403706363691663 IP 172.67.69.19:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintD9:7E:C3:56:0A:04:84:BD:24:32:3D:C3:8E:66:52:26:37:E8:90:D3 ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT File type GIF image data, version 89a, 1 x 1\012- data Size 43 B (43 bytes) Hash ad4b0f606e0f8465bc4c4c170b37e1a3 50b30fd5f87c85fe5cba2635cb83316ca71250d7 cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda HTTP Headers `GET /px.gif?ch=1&e=0.3403706363691663 HTTP/1.1 Host: ad-delivery.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sat, 19 Aug 2023 20:35:43 GMT content-type: image/gif content-length: 43 x-guploader-uploadid: ADPycdtY6bHNT-C3oV3Hsxs3dXqjj9jRsXa2NHnShbxO-2mXjC-oq1fI7t0L1PpyltODw8DDzutke8pkQKsGzdFMQciO0Q x-goog-generation: 1620242732037093 x-goog-metageneration: 5 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 43 x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== x-goog-storage-class: MULTI_REGIONAL access-control-allow-origin: * access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace expires: Sun, 13 Aug 2023 21:07:12 GMT cache-control: public, max-age=86400 age: 519316 last-modified: Wed, 05 May 2021 19:25:32 GMT etag: "ad4b0f606e0f8465bc4c4c170b37e1a3" cf-cache-status: HIT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cDXzYUrhl2rPNh8bD4iLMAuEJxUR0ZqJ1CH%2BBTU2XDHrfRByurYA9QjLMi0Euzq4wG25rHNCQ0LzN%2BBDqd%2BEQ1VrCcfEoB9seBGgSNckw5MbxIWmlH77n1VuGv4krJl1hA%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 7f952f430fcab529-OSL X-Firefox-Spdy: h2

	ad-delivery.net/px.gif?ch=2	172.67.69.19	200 OK	43 B
URL GET HTTP/2 ad-delivery.net/px.gif?ch=2 IP 172.67.69.19:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintD9:7E:C3:56:0A:04:84:BD:24:32:3D:C3:8E:66:52:26:37:E8:90:D3 ValiditySun, 19 Feb 2023 00:00:00 GMT - Mon, 19 Feb 2024 23:59:59 GMT File type GIF image data, version 89a, 1 x 1\012- data Size 43 B (43 bytes) Hash ad4b0f606e0f8465bc4c4c170b37e1a3 50b30fd5f87c85fe5cba2635cb83316ca71250d7 cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda HTTP Headers `GET /px.gif?ch=2 HTTP/1.1 Host: ad-delivery.net User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sat, 19 Aug 2023 20:35:43 GMT content-type: image/gif content-length: 43 x-guploader-uploadid: ADPycdtY6bHNT-C3oV3Hsxs3dXqjj9jRsXa2NHnShbxO-2mXjC-oq1fI7t0L1PpyltODw8DDzutke8pkQKsGzdFMQciO0Q x-goog-generation: 1620242732037093 x-goog-metageneration: 5 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 43 x-goog-hash: crc32c=cpEfJQ==, md5=rUsPYG4PhGW8TEwXCzfhow== x-goog-storage-class: MULTI_REGIONAL access-control-allow-origin: * access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace expires: Sun, 13 Aug 2023 21:07:12 GMT cache-control: public, max-age=86400 age: 519316 last-modified: Wed, 05 May 2021 19:25:32 GMT etag: "ad4b0f606e0f8465bc4c4c170b37e1a3" cf-cache-status: HIT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Hl55yoQ8oCMHwDwk%2BXfznL8mDbuJA6vTVmzcymlQhnCJ0B26bxfex3HrkG5nV8SzVOUl1DeKJEROxhKl1w8kLiRdSA%2FY6hHKzL4R5WundFSvYXgGCMFAOdmbc4IYvyd1uw%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 7f952f430fd3b529-OSL X-Firefox-Spdy: h2

	fonts.gstatic.com/s/karla/v30/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2	142.250.74.35	200 OK	24 kB
URL GET HTTP/2 fonts.gstatic.com/s/karla/v30/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2 IP 142.250.74.35:443 ASN #15169 GOOGLE Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com FingerprintB4:FE:48:07:8D:40:C5:C8:CB:74:41:13:3F:8E:10:8B:6F:1C:F4:CB ValidityMon, 31 Jul 2023 08:22:18 GMT - Mon, 23 Oct 2023 08:22:17 GMT File type Web Open Font Format (Version 2), TrueType, length 24276, version 1.0\012- data Size 24 kB (24276 bytes) Hash 4d6edb3c3dcf2f0f42e455c901d73a33 ff05ba6c18d004244de00cc706f5823366574cad ea534e6a2346477e2d7d449df346a86465908c4469c4447a1db41b64627348c2 HTTP Headers GET /s/karla/v30/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://easymc.io DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 24276 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 17 Aug 2023 05:08:55 GMT expires: Fri, 16 Aug 2024 05:08:55 GMT cache-control: public, max-age=31536000 age: 228408 last-modified: Mon, 08 May 2023 22:55:00 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.gstatic.com/s/quicksand/v30/6xKtdSZaM9iE8KbpRA_hK1QN.woff2	142.250.74.35	200 OK	26 kB
URL GET HTTP/2 fonts.gstatic.com/s/quicksand/v30/6xKtdSZaM9iE8KbpRA_hK1QN.woff2 IP 142.250.74.35:443 ASN #15169 GOOGLE Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com FingerprintB4:FE:48:07:8D:40:C5:C8:CB:74:41:13:3F:8E:10:8B:6F:1C:F4:CB ValidityMon, 31 Jul 2023 08:22:18 GMT - Mon, 23 Oct 2023 08:22:17 GMT File type Web Open Font Format (Version 2), TrueType, length 25672, version 1.0\012- data Size 26 kB (25672 bytes) Hash fe3e5be2baa0126122ba9367ebab73c8 40bec99106dfab5f3721ed725483eb618a9016cd 8b166007d6f54c33b3ea10ea23572bc3166f55f365840d3cbd6ef7b5dcf6674e HTTP Headers GET /s/quicksand/v30/6xKtdSZaM9iE8KbpRA_hK1QN.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://easymc.io DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 25672 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 17 Aug 2023 14:52:38 GMT expires: Fri, 16 Aug 2024 14:52:38 GMT cache-control: public, max-age=31536000 age: 193385 last-modified: Mon, 18 Jul 2022 19:12:08 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	fonts.gstatic.com/s/karla/v30/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2	142.250.74.35	200 OK	24 kB
URL GET HTTP/2 fonts.gstatic.com/s/karla/v30/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2 IP 142.250.74.35:443 ASN #15169 GOOGLE Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerGoogle Trust Services LLC Subject.gstatic.com FingerprintB4:FE:48:07:8D:40:C5:C8:CB:74:41:13:3F:8E:10:8B:6F:1C:F4:CB ValidityMon, 31 Jul 2023 08:22:18 GMT - Mon, 23 Oct 2023 08:22:17 GMT File type Web Open Font Format (Version 2), TrueType, length 24276, version 1.0\012- data Size 24 kB (24276 bytes) Hash 4d6edb3c3dcf2f0f42e455c901d73a33 ff05ba6c18d004244de00cc706f5823366574cad ea534e6a2346477e2d7d449df346a86465908c4469c4447a1db41b64627348c2 HTTP Headers GET /s/karla/v30/qkB9XvYC6trAT55ZBi1ueQVIjQTD-JrIH2G7nytkHRyQ8p4wUje6bg.woff2 HTTP/1.1 Host: fonts.gstatic.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: identity Origin: https://easymc.io DNT: 1 Connection: keep-alive Referer: https://fonts.googleapis.com/ Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK accept-ranges: bytes access-control-allow-origin: content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin; report-to="apps-themes" report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} timing-allow-origin: * content-length: 24276 x-content-type-options: nosniff server: sffe x-xss-protection: 0 date: Thu, 17 Aug 2023 05:08:55 GMT expires: Fri, 16 Aug 2024 05:08:55 GMT cache-control: public, max-age=31536000 age: 228408 last-modified: Mon, 08 May 2023 22:55:00 GMT content-type: font/woff2 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	consent.nitrocnct.com/additional-consent-providers.csv	104.21.33.230	200 OK	119 kB
URL GET HTTP/2 consent.nitrocnct.com/additional-consent-providers.csv IP 104.21.33.230:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerLet's Encrypt Subjectnitrocnct.com Fingerprint59:E0:BD:6D:66:DD:C3:A3:9C:E3:91:AC:B2:1D:86:D2:FC:E3:AC:6B ValidityThu, 29 Jun 2023 20:46:40 GMT - Wed, 27 Sep 2023 20:46:39 GMT File type CSV text\012- , Unicode text, UTF-8 text, with very long lines (3438) Size 119 kB (119221 bytes) Hash 81f96867523b7ea4a2f05a62b9fdf1c7 56de3daf870fcd9e64797a97a859a34c30ce1e06 f2f17bc9f046ebdef7a9a75a449e88da020439f4871d5dd54eed4ff9cc2536c1 HTTP Headers `GET /additional-consent-providers.csv HTTP/1.1 Host: consent.nitrocnct.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ Origin: https://easymc.io DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sat, 19 Aug 2023 20:35:43 GMT content-type: text/csv content-length: 119221 x-guploader-uploadid: ADPycdsLz9_W0LFAK3MXwzQge5NLdpzi2Aqzms2GI0g-_4WMwijnGvWh9zOwbBENS0CIEvi3Ds1KUAcw-qEGqocI4bgrvwtfC5Wd x-goog-generation: 1689147090287559 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 119221 x-goog-hash: crc32c=x8iKUw==, md5=gfloZ1I7fqSi8Fpiuf3xxw== x-goog-storage-class: STANDARD access-control-allow-origin: * access-control-expose-headers: Content-Length, Content-Type, Date, Origin, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace expires: Sat, 19 Aug 2023 20:26:09 GMT cache-control: public, max-age=3600 age: 2508 last-modified: Wed, 12 Jul 2023 07:31:30 GMT etag: "81f96867523b7ea4a2f05a62b9fdf1c7" alt-svc: h3=":443"; ma=86400 cf-cache-status: HIT accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fYLkwYhjnec7mQjzQc%2Bb0T58DOaoIvhLsu1BK8Y97IsfFor%2BWgjLf25aw3s9S0KwcM7j4cGY2rQiUVrzbTBgX6Gh2FClKY5DzQQG4bPyikSy1GF7JEghveohRQbG6%2FBz4SbOqWMN4ZM%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 7f952f4339600b31-OSL X-Firefox-Spdy: h2

	ocsp.pki.goog/s/gts1d4/_L_waTtXLZ4	142.250.74.131		472 B
URL ocsp.pki.goog/s/gts1d4/_L_waTtXLZ4 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 19d934732fb51865b5c6c311ed2f68d7 925a86af9a0d5c316cf43ae7d2f20c81b90fa48f 6e7cfb97ddf4334b29647f07cf17986a0b5ea3dec4fc80917675e5b93e7eccd8 HTTP Headers `POST /s/gts1d4/_L_waTtXLZ4 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 19 Aug 2023 20:35:43 GMT Cache-Control: public, max-age=14400 Server: scaffolding on HTTPServer2 Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131		472 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 5b83279f087bc1d3b70b7dcda32443ef c028ba0146561271ccdd6eab7d5802deb0a5d473 d5656413f43f353f78b3f4a79568f56c37105b7e2b070f7da5d6bd1782dc6e54 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 19 Aug 2023 20:35:43 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	consent.nitrocnct.com/vendor-list-combo.json	104.21.33.230	200 OK	80 kB
URL GET HTTP/2 consent.nitrocnct.com/vendor-list-combo.json IP 104.21.33.230:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerLet's Encrypt Subjectnitrocnct.com Fingerprint59:E0:BD:6D:66:DD:C3:A3:9C:E3:91:AC:B2:1D:86:D2:FC:E3:AC:6B ValidityThu, 29 Jun 2023 20:46:40 GMT - Wed, 27 Sep 2023 20:46:39 GMT File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (65513), with no line terminators Size 80 kB (79948 bytes) Hash 9ff8517ff55b052f4683e0ea451010a0 3ac25dca2d876182149fbed5f15e2284cc493594 3d7fcb3ef67b68238c533cffc601586f14197915781ea3fa7f94715fbea9b8e5 HTTP Headers `GET /vendor-list-combo.json HTTP/1.1 Host: consent.nitrocnct.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ Origin: https://easymc.io DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sat, 19 Aug 2023 20:35:43 GMT content-type: application/json x-guploader-uploadid: ADPycdtnKJtCO_tCFAEKmBMHBfX-Ezjr1bUIPFJAzZSjWkuIXpe3asK4UU-dLkFmQAxSa9LPY7OSwlef0aaBOeipCGIWxw x-goog-generation: 1692288904302891 x-goog-metageneration: 2 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 611961 x-goog-hash: crc32c=KZc4yg==, md5=n/hRf/VbBS9Gg+DqRRAQoA== x-goog-storage-class: STANDARD access-control-allow-origin: * access-control-expose-headers: Content-Length, Content-Type, Date, Origin, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace expires: Sat, 26 Aug 2023 11:50:21 GMT cache-control: public, max-age=604800 age: 30987 last-modified: Thu, 17 Aug 2023 16:15:04 GMT etag: W/"9ff8517ff55b052f4683e0ea451010a0" alt-svc: h3=":443"; ma=86400 cf-cache-status: HIT report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=58kq0JKJsOUWx9hkFerCb4bz3u44ZDHhBkwn13n%2FQN9AXJ7wp%2BA%2Fwvv%2BKMMZ%2FbALahXzgzpuUBnrr4V%2BtoNgON7JZAgsrtL4uGCtxztK1hKm1lRPxc2XfPHQpBVV4IVMzloHCjRCrI8%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 7f952f4339670b31-OSL content-encoding: br X-Firefox-Spdy: h2

	s.nitropay.com/cmp/lang.png	104.18.2.78	200 OK	1.9 kB
URL GET HTTP/3 s.nitropay.com/cmp/lang.png IP 104.18.2.78:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintFF:E0:CE:2D:DB:8C:14:91:BC:B8:DE:9F:24:62:06:3E:6F:69:EC:55 ValiditySun, 16 Apr 2023 00:00:00 GMT - Mon, 15 Apr 2024 23:59:59 GMT File type PNG image data, 20 x 23, 8-bit/color RGBA, non-interlaced\012- data Size 1.9 kB (1887 bytes) Hash ca072a3965f49a2c242c45d535163a53 365e8c94931edd4bb5548861d856390662fc39bb eda5ec1c59939f001bdc15f557f3a905110aac0a60afc5a1eb92d8cdc2d2cbb5 HTTP Headers GET /cmp/lang.png HTTP/1.1 Host: s.nitropay.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=.wulnWzaL_dEksZxByrJFVMrSXIoXW_W2dRY6CxuJ_E-1692477342-0-AUFoX27AVirx3KJVXggPgWna0Q7zxqhZXfQcjDQ2z2s/cqNqjZ+IRQlAjRNDjV9g8yAkbO0tspCKsgi8BstIWjg= Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:43 GMT content-type: image/png content-length: 1887 x-guploader-uploadid: ADPycdtgawWG6R0W0SXCEhke9Xy5WoFjO8ZQgjHS0d7BWAwOtlCSkAMI6xspqIvqiZ63LPWHlQ51rpI7If8k7yBSb5om expires: Sat, 19 Aug 2023 20:56:38 GMT cache-control: public, max-age=3600 last-modified: Fri, 21 Oct 2022 09:20:58 GMT etag: "ca072a3965f49a2c242c45d535163a53" x-goog-generation: 1666344058779792 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 1887 x-goog-hash: crc32c=7x+tRA==, md5=ygcqOWX0miwkLEXVNRY6Uw== x-goog-storage-class: MULTI_REGIONAL access-control-allow-origin: * access-control-expose-headers: Content-Type alt-svc: h3=":443"; ma=86400 cf-cache-status: HIT age: 2273 accept-ranges: bytes vary: Accept-Encoding strict-transport-security: max-age=2592000; includeSubDomains server: cloudflare cf-ray: 7f952f457805b4ed-OSL

	s.nitropay.com/cmp/logo.png	104.18.2.78	200 OK	2.6 kB
URL GET HTTP/3 s.nitropay.com/cmp/logo.png IP 104.18.2.78:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintFF:E0:CE:2D:DB:8C:14:91:BC:B8:DE:9F:24:62:06:3E:6F:69:EC:55 ValiditySun, 16 Apr 2023 00:00:00 GMT - Mon, 15 Apr 2024 23:59:59 GMT File type PNG image data, 80 x 62, 8-bit/color RGBA, non-interlaced\012- data Size 2.6 kB (2592 bytes) Hash 940aa5b81e99bbb7414acc474a89bad9 e19998a580400a11fe57b72acb87e6eb27fbf1ee 6d8fea63a817b75ec9bfbc153b60b576dd31392e4d2afbec0d83cc813f8aca4d HTTP Headers GET /cmp/logo.png HTTP/1.1 Host: s.nitropay.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=.wulnWzaL_dEksZxByrJFVMrSXIoXW_W2dRY6CxuJ_E-1692477342-0-AUFoX27AVirx3KJVXggPgWna0Q7zxqhZXfQcjDQ2z2s/cqNqjZ+IRQlAjRNDjV9g8yAkbO0tspCKsgi8BstIWjg= Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:43 GMT content-type: image/png content-length: 2592 x-guploader-uploadid: ADPycdtYkBEXsa2CLxRKKfMyCRv95tLc3c0a2X2aDZ3K_jRI7XTN2j_ZeDZ7qaayAJf_qMUQYRg2jxqgv6ELlnJrBkd5UQ x-goog-generation: 1666344058842900 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 2592 x-goog-hash: crc32c=naGVVg==, md5=lAqluB6Zu7dBSsxHSom62Q== x-goog-storage-class: MULTI_REGIONAL access-control-allow-origin: * access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace expires: Sat, 19 Aug 2023 20:56:38 GMT cache-control: public, max-age=3600 last-modified: Fri, 21 Oct 2022 09:20:58 GMT etag: "940aa5b81e99bbb7414acc474a89bad9" alt-svc: h3=":443"; ma=86400 cf-cache-status: HIT age: 2273 accept-ranges: bytes vary: Accept-Encoding strict-transport-security: max-age=2592000; includeSubDomains server: cloudflare cf-ray: 7f952f45780db4ed-OSL

	api.btloader.com/mw/state?bt_env=prod	130.211.23.194	204 No Content	0 B
URL GET HTTP/2 api.btloader.com/mw/state?bt_env=prod IP 130.211.23.194:443 ASN #15169 GOOGLE Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerGoogle Trust Services LLC Subjectapi.btloader.com Fingerprint5B:D8:2A:4B:41:13:52:77:BA:2E:03:62:E1:28:7D:54:87:04:7E:6E ValidityFri, 11 Aug 2023 17:31:00 GMT - Thu, 09 Nov 2023 18:23:53 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /mw/state?bt_env=prod HTTP/1.1 Host: api.btloader.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ Origin: https://easymc.io DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 204 No Content access-control-allow-origin: * vary: Origin date: Sat, 19 Aug 2023 20:35:43 GMT via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2`

	ocsp.pki.goog/s/gts1d4/_L_waTtXLZ4	142.250.74.131		472 B
URL ocsp.pki.goog/s/gts1d4/_L_waTtXLZ4 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 472 B (472 bytes) Hash 19d934732fb51865b5c6c311ed2f68d7 925a86af9a0d5c316cf43ae7d2f20c81b90fa48f 6e7cfb97ddf4334b29647f07cf17986a0b5ea3dec4fc80917675e5b93e7eccd8 HTTP Headers `POST /s/gts1d4/_L_waTtXLZ4 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 84 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 19 Aug 2023 20:35:43 GMT Cache-Control: public, max-age=14400 Server: scaffolding on HTTPServer2 Content-Length: 472 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	ocsp.pki.goog/gts1c3	142.250.74.131		471 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash c9381a4c7808389b738843cf86ba10ee 962f70d1024aef8ec4b87a02abf4a3fcafede368 256d71715a24d3a3d8bc0d69da27236aa7aa76b0e84c5800805e14292797bd88 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 19 Aug 2023 20:35:43 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8D4FHV4N0X&cid=1020617597.1692477337&gtm=45je38g0&aip=1&z=872379167	142.250.74.163	200 OK	42 B
URL GET HTTP/2 www.google.no/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8D4FHV4N0X&cid=1020617597.1692477337&gtm=45je38g0&aip=1&z=872379167 IP 142.250.74.163:443 ASN #15169 GOOGLE Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerGoogle Trust Services LLC Subject.google.no Fingerprint24:E7:8A:DA:AC:01:E8:B2:D7:78:3E:1A:9A:39:BE:70:0E:4A:47:EF ValidityMon, 31 Jul 2023 08:24:38 GMT - Mon, 23 Oct 2023 08:24:37 GMT File type GIF image data, version 89a, 1 x 1\012- data Size 42 B (42 bytes) Hash d89746888da2d9510b64a9f031eaecd5 d5fceb6532643d0d84ffe09c40c481ecdf59e15a ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 HTTP Headers GET /ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-8D4FHV4N0X&cid=1020617597.1692477337&gtm=45je38g0&aip=1&z=872379167 HTTP/1.1 Host: www.google.no User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" timing-allow-origin: * cross-origin-resource-policy: cross-origin date: Sat, 19 Aug 2023 20:35:43 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate content-type: image/gif x-content-type-options: nosniff server: cafe content-length: 42 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	ocsp.pki.goog/gts1c3	142.250.74.131		471 B
URL ocsp.pki.goog/gts1c3 IP 142.250.74.131:0 ASN #15169 GOOGLE File type data Size 471 B (471 bytes) Hash c9381a4c7808389b738843cf86ba10ee 962f70d1024aef8ec4b87a02abf4a3fcafede368 256d71715a24d3a3d8bc0d69da27236aa7aa76b0e84c5800805e14292797bd88 HTTP Headers `POST /gts1c3 HTTP/1.1 Host: ocsp.pki.goog User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/ocsp-request Content-Length: 83 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache` `HTTP/1.1 200 OK Content-Type: application/ocsp-response Date: Sat, 19 Aug 2023 20:35:43 GMT Cache-Control: public, max-age=14400 Server: ocsp_responder Content-Length: 471 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN`

	api.btloader.com/country	130.211.23.194	200 OK	16 B
URL GET HTTP/2 api.btloader.com/country IP 130.211.23.194:443 ASN #15169 GOOGLE Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerGoogle Trust Services LLC Subjectapi.btloader.com Fingerprint5B:D8:2A:4B:41:13:52:77:BA:2E:03:62:E1:28:7D:54:87:04:7E:6E ValidityFri, 11 Aug 2023 17:31:00 GMT - Thu, 09 Nov 2023 18:23:53 GMT File type JSON data\012- , ASCII text, with no line terminators Size 16 B (16 bytes) Hash 452880c1a375b8fba8c9499f0930d05f ffe5484a23512c2a574d837fe2d3267b134e48c8 8b3383aa4c71f1d816bfaf33e3ef2e8ded067698a7798b9f306204d5777b140d HTTP Headers `GET /country HTTP/1.1 Host: api.btloader.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ Origin: https://easymc.io DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` `HTTP/2 200 OK access-control-allow-origin: * cache-control: private, max-age=300, stale-while-revalidate=600, stale-if-error=600 content-type: application/json vary: Origin date: Sat, 19 Aug 2023 20:35:43 GMT content-length: 16 via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2`

	api.btloader.com/pv?tid=G95ql4n6&w=6192809940877312&o=6278260873756672&cv=2.1.17-2-g0b33bd3&r=false&vr=1280x1024&pageURL=https%3A%2F%2Feasymc.io%2Fclient%2FEasyMC.exe%3F1608595200031%2F&sid=PVc6FvsDwa&upapi=true	130.211.23.194	204 No Content	0 B
URL GET HTTP/2 api.btloader.com/pv?tid=G95ql4n6&w=6192809940877312&o=6278260873756672&cv=2.1.17-2-g0b33bd3&r=false&vr=1280x1024&pageURL=https%3A%2F%2Feasymc.io%2Fclient%2FEasyMC.exe%3F1608595200031%2F&sid=PVc6FvsDwa&upapi=true IP 130.211.23.194:443 ASN #15169 GOOGLE Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerGoogle Trust Services LLC Subjectapi.btloader.com Fingerprint5B:D8:2A:4B:41:13:52:77:BA:2E:03:62:E1:28:7D:54:87:04:7E:6E ValidityFri, 11 Aug 2023 17:31:00 GMT - Thu, 09 Nov 2023 18:23:53 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /pv?tid=G95ql4n6&w=6192809940877312&o=6278260873756672&cv=2.1.17-2-g0b33bd3&r=false&vr=1280x1024&pageURL=https%3A%2F%2Feasymc.io%2Fclient%2FEasyMC.exe%3F1608595200031%2F&sid=PVc6FvsDwa&upapi=true HTTP/1.1 Host: api.btloader.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ Origin: https://easymc.io DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/2 204 No Content access-control-allow-origin: * cache-control: no-cache, no-store, must-revalidate vary: Origin date: Sat, 19 Aug 2023 20:35:43 GMT via: 1.1 google alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2`

	region1.analytics.google.com/g/collect?v=2&tid=G-8D4FHV4N0X&gtm=45je38g0&_p=831014611&_gaz=1&cid=1020617597.1692477337&ul=en-us&sr=1280x1024&ir=1&_eu=EA&_s=1&sid=1692477336&sct=1&seg=0&dl=https%3A%2F%2Feasymc.io%2Fclient%2FEasyMC.exe%3F1608595200031%2F&dt=EasyMC.io%20-%20Free%20Minecraft%20Accounts&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1	216.239.34.36	204 No Content	0 B
URL POST HTTP/2 region1.analytics.google.com/g/collect?v=2&tid=G-8D4FHV4N0X&gtm=45je38g0&_p=831014611&_gaz=1&cid=1020617597.1692477337&ul=en-us&sr=1280x1024&ir=1&_eu=EA&_s=1&sid=1692477336&sct=1&seg=0&dl=https%3A%2F%2Feasymc.io%2Fclient%2FEasyMC.exe%3F1608595200031%2F&dt=EasyMC.io%20-%20Free%20Minecraft%20Accounts&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 IP 216.239.34.36:443 ASN #15169 GOOGLE Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com FingerprintCD:19:11:50:03:C9:31:CD:B2:32:E1:82:F6:AD:5A:C5:F5:E8:7F:CE ValidityMon, 31 Jul 2023 08:16:43 GMT - Mon, 23 Oct 2023 08:16:42 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers POST /g/collect?v=2&tid=G-8D4FHV4N0X&gtm=45je38g0&_p=831014611&_gaz=1&cid=1020617597.1692477337&ul=en-us&sr=1280x1024&ir=1&_eu=EA&_s=1&sid=1692477336&sct=1&seg=0&dl=https%3A%2F%2Feasymc.io%2Fclient%2FEasyMC.exe%3F1608595200031%2F&dt=EasyMC.io%20-%20Free%20Minecraft%20Accounts&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1 HTTP/1.1 Host: region1.analytics.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ Origin: https://easymc.io DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Content-Length: 0 `HTTP/2 204 No Content access-control-allow-origin: https://easymc.io date: Sat, 19 Aug 2023 20:35:44 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate access-control-allow-credentials: true content-type: text/plain cross-origin-resource-policy: cross-origin server: Golfe2 content-length: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2`

	region1.analytics.google.com/g/collect?v=2&tid=G-8D4FHV4N0X&gtm=45je38g0&_p=831014611&cid=1020617597.1692477337&ul=en-us&sr=1280x1024&ir=1&_eu=EA&_s=2&dp=%2Fclient%2FEasyMC.exe&sid=1692477336&sct=1&seg=1&dl=https%3A%2F%2Feasymc.io%2Fclient%2FEasyMC.exe%3F1608595200031%2F&dt=EasyMC.io%20-%20Free%20Minecraft%20Accounts&en=page_view&_ee=1	216.239.34.36	204 No Content	0 B
URL POST HTTP/3 region1.analytics.google.com/g/collect?v=2&tid=G-8D4FHV4N0X&gtm=45je38g0&_p=831014611&cid=1020617597.1692477337&ul=en-us&sr=1280x1024&ir=1&_eu=EA&_s=2&dp=%2Fclient%2FEasyMC.exe&sid=1692477336&sct=1&seg=1&dl=https%3A%2F%2Feasymc.io%2Fclient%2FEasyMC.exe%3F1608595200031%2F&dt=EasyMC.io%20-%20Free%20Minecraft%20Accounts&en=page_view&_ee=1 IP 216.239.34.36:443 ASN #15169 GOOGLE Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com FingerprintCD:19:11:50:03:C9:31:CD:B2:32:E1:82:F6:AD:5A:C5:F5:E8:7F:CE ValidityMon, 31 Jul 2023 08:16:43 GMT - Mon, 23 Oct 2023 08:16:42 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers POST /g/collect?v=2&tid=G-8D4FHV4N0X&gtm=45je38g0&_p=831014611&cid=1020617597.1692477337&ul=en-us&sr=1280x1024&ir=1&_eu=EA&_s=2&dp=%2Fclient%2FEasyMC.exe&sid=1692477336&sct=1&seg=1&dl=https%3A%2F%2Feasymc.io%2Fclient%2FEasyMC.exe%3F1608595200031%2F&dt=EasyMC.io%20-%20Free%20Minecraft%20Accounts&en=page_view&_ee=1 HTTP/1.1 Host: region1.analytics.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ Origin: https://easymc.io DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Content-Length: 0 TE: trailers `HTTP/3 204 No Content access-control-allow-origin: https://easymc.io date: Sat, 19 Aug 2023 20:35:48 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, no-store, must-revalidate access-control-allow-credentials: true content-type: text/plain cross-origin-resource-policy: cross-origin server: Golfe2 content-length: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000`

	www.bing.com/th?id=OADD2.8177693266271_1TVIUHZB7HQ8UGUSZ3&pid=21.2&c=16&roil=0&roit=0.1086&roir=1&roib=0.8924&w=379&h=198&qlt=90	23.36.79.25	200 OK	16 kB
URL GET HTTP/2 www.bing.com/th?id=OADD2.8177693266271_1TVIUHZB7HQ8UGUSZ3&pid=21.2&c=16&roil=0&roit=0.1086&roir=1&roib=0.8924&w=379&h=198&qlt=90 IP 23.36.79.25:443 ASN #20940 Akamai International B.V. Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerMicrosoft Corporation Subjectr.bing.com Fingerprint16:DF:96:BE:A5:09:9C:D6:10:D8:3C:74:D6:16:86:35:97:47:40:FE ValidityTue, 15 Nov 2022 20:16:38 GMT - Wed, 15 Nov 2023 20:16:38 GMT File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 379x198, components 3\012- data Size 16 kB (16191 bytes) Hash 1e1ff8f509f5116e31f8cdedbdb91956 b2ac0e951e57c948dde6082b690e7bb92b992e7f 13002e6349aaa2a731331bc1f9b98c365fc6adc91bce868f76a4254be5c68583 HTTP Headers GET /th?id=OADD2.8177693266271_1TVIUHZB7HQ8UGUSZ3&pid=21.2&c=16&roil=0&roit=0.1086&roir=1&roib=0.8924&w=379&h=198&qlt=90 HTTP/1.1 Host: www.bing.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://easymc.io/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK cache-control: public, max-age=2592000 content-type: image/jpeg access-control-allow-origin: * access-control-allow-headers: * timing-allow-origin: * report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]} nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0} content-length: 16191 date: Sat, 19 Aug 2023 20:35:53 GMT alt-svc: h3=":443"; ma=93600 x-cdn-traceid: 0.154f2417.1692477353.d88f690f X-Firefox-Spdy: h2

	www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=92cd28e2-7f91-4114-a31e-ec67549b34b7&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=25b35c12-79f8-42cc-962c-8c68f93bf060&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1-0%3F%26RG%3Da7dfc1b5b9b54d18b7660cb4a9d00cd7%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=19695922&trafficGroup=knaqe_3c&trafficSubGroup=knaqe_3c_fp&aid=6775624439826430892&wp=	23.36.79.25	303 See Other	154 B
URL GET HTTP/2 www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=92cd28e2-7f91-4114-a31e-ec67549b34b7&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=25b35c12-79f8-42cc-962c-8c68f93bf060&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1-0%3F%26RG%3Da7dfc1b5b9b54d18b7660cb4a9d00cd7%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=19695922&trafficGroup=knaqe_3c&trafficSubGroup=knaqe_3c_fp&aid=6775624439826430892&wp= IP 23.36.79.25:443 ASN #20940 Akamai International B.V. Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerMicrosoft Corporation Subjectr.bing.com Fingerprint16:DF:96:BE:A5:09:9C:D6:10:D8:3C:74:D6:16:86:35:97:47:40:FE ValidityTue, 15 Nov 2022 20:16:38 GMT - Wed, 15 Nov 2023 20:16:38 GMT File type HTML document, ASCII text Size 154 B (154 bytes) Hash 02751d4213954525983d85a28bf4f83d 6ffc292aa473ed8404afc0d4c5c7fbde2f522fc2 879c544045d7b6baeb2c2bca7ef1954f7c0f94bd697ae7655ade55d297196ad1 HTTP Headers GET /api/v1/mediation/tracking?adUnit=391466&auId=92cd28e2-7f91-4114-a31e-ec67549b34b7&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=25b35c12-79f8-42cc-962c-8c68f93bf060&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3FDI%3D0%26DIS%3DSB_15000-1-0%3F%26RG%3Da7dfc1b5b9b54d18b7660cb4a9d00cd7%26SNR%3D1%26GV%3D2%26med%3D10&rtype=miFeedbackURL&tagId=19695922&trafficGroup=knaqe_3c&trafficSubGroup=knaqe_3c_fp&aid=6775624439826430892&wp= HTTP/1.1 Host: www.bing.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://easymc.io/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 303 See Other cache-control: no-cache, no-store, must-revalidate pragma: no-cache content-length: 154 content-type: text/html; charset=utf-8 expires: 0 location: https://www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=a7dfc1b5b9b54d18b7660cb4a9d00cd7&SNR=1&GV=2&med=10 vary: Origin strict-transport-security: max-age=15724800; includeSubDomains accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref: Ref A: C78BEF5DA2D34EFAB981966D48953D1D Ref B: MIL30EDGE1205 Ref C: 2023-08-19T20:35:54Z date: Sat, 19 Aug 2023 20:35:54 GMT set-cookie: _EDGE_S=F=1&SID=07B3769EE70B672F28C265ECE6D66675; path=/; httponly; domain=bing.com _EDGE_V=1; path=/; httponly; expires=Thu, 12-Sep-2024 20:35:54 GMT; domain=bing.com MUID=1C55EC7D00546CFC2EA2FF0F01896DDF; samesite=none; path=/; secure; expires=Thu, 12-Sep-2024 20:35:54 GMT; domain=bing.com MUIDB=1C55EC7D00546CFC2EA2FF0F01896DDF; path=/; httponly; expires=Thu, 12-Sep-2024 20:35:54 GMT alt-svc: h3=":443"; ma=93600 x-cdn-traceid: 0.154f2417.1692477353.d88f6911 X-Firefox-Spdy: h2

	www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=a7dfc1b5b9b54d18b7660cb4a9d00cd7&SNR=1&GV=2&med=10	23.36.79.25	200 OK	0 B
URL GET HTTP/3 www.bing.com/aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=a7dfc1b5b9b54d18b7660cb4a9d00cd7&SNR=1&GV=2&med=10 IP 23.36.79.25:443 ASN #20940 Akamai International B.V. Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerMicrosoft Corporation Subjectr.bing.com Fingerprint16:DF:96:BE:A5:09:9C:D6:10:D8:3C:74:D6:16:86:35:97:47:40:FE ValidityTue, 15 Nov 2022 20:16:38 GMT - Wed, 15 Nov 2023 20:16:38 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /aes/c.gif?DI=0&DIS=SB_15000-1-0?&RG=a7dfc1b5b9b54d18b7660cb4a9d00cd7&SNR=1&GV=2&med=10 HTTP/1.1 Host: www.bing.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK cache-control: private,no-store pragma: no-cache vary: Origin p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref: Ref A: E6DE007AB47B452DA20B6DF590BE5769 Ref B: BRU30EDGE0619 Ref C: 2023-08-19T20:35:54Z content-length: 0 date: Sat, 19 Aug 2023 20:35:54 GMT set-cookie: _EDGE_S=F=1&SID=3A4C6D3E2A0967452A087E4C2B656612; path=/; httponly; domain=bing.com _EDGE_V=1; path=/; httponly; expires=Thu, 12-Sep-2024 20:35:54 GMT; domain=bing.com MUID=3058623D90536EA72FA4714F913F6F8A; samesite=none; path=/; secure; expires=Thu, 12-Sep-2024 20:35:54 GMT; domain=bing.com MUIDB=3058623D90536EA72FA4714F913F6F8A; path=/; httponly; expires=Thu, 12-Sep-2024 20:35:54 GMT quic-version: 0x00000001 alt-svc: h3=":443"; ma=93600 x-cdn-traceid: 0.154f2417.1692477354.d88f6b3d

	tracker.nitropay.com/pixel.png?s=461&wb=eyJhZFVuaXRDb2RlIjoiaG9tZV9iaWxsYm9hcmQiLCJjcmVhdGl2ZUlkIjoiMzgxODQ2NzE0IiwiYmlkZGVyIjoiYXBwbmV4dXNBc3QiLCJ0aW1lVG9SZXNwb25kIjozNDYsImhlaWdodCI6MjUwLCJ3aWR0aCI6OTcwLCJjcG0iOjAuMDM1MzAwNTgsImhyZWYiOiJodHRwczovL2Vhc3ltYy5pby9jbGllbnQvRWFzeU1DLmV4ZT8xNjA4NTk1MjAwMDMxLyIsImFjY2VwdGFibGUiOmZhbHNlLCJtZXRhIjoie1wiZGNoYWluXCI6e1widmVyXCI6XCIxLjBcIixcImNvbXBsZXRlXCI6MCxcIm5vZGVzXCI6W3tcImJzaWRcIjpcIjEyMDg1XCJ9XX0sXCJicmFuZElkXCI6MTExNTQ0fSIsInJlcXVlc3RJZCI6IjEzODQzMDdmLWNlYTYtNGMyOC04Yzk1LWVkYTdhYmIxOGNmMiIsImMiOiJOTyIsInIiOiIwMyIsInR5cGUiOjAsImR1cmF0aW9uIjowLCJ0aW1lc3RhbXAiOjE2OTI0NzczNDc1NzN9&t=0	104.18.2.78	200 OK	73 B
URL GET HTTP/3 tracker.nitropay.com/pixel.png?s=461&wb=eyJhZFVuaXRDb2RlIjoiaG9tZV9iaWxsYm9hcmQiLCJjcmVhdGl2ZUlkIjoiMzgxODQ2NzE0IiwiYmlkZGVyIjoiYXBwbmV4dXNBc3QiLCJ0aW1lVG9SZXNwb25kIjozNDYsImhlaWdodCI6MjUwLCJ3aWR0aCI6OTcwLCJjcG0iOjAuMDM1MzAwNTgsImhyZWYiOiJodHRwczovL2Vhc3ltYy5pby9jbGllbnQvRWFzeU1DLmV4ZT8xNjA4NTk1MjAwMDMxLyIsImFjY2VwdGFibGUiOmZhbHNlLCJtZXRhIjoie1wiZGNoYWluXCI6e1widmVyXCI6XCIxLjBcIixcImNvbXBsZXRlXCI6MCxcIm5vZGVzXCI6W3tcImJzaWRcIjpcIjEyMDg1XCJ9XX0sXCJicmFuZElkXCI6MTExNTQ0fSIsInJlcXVlc3RJZCI6IjEzODQzMDdmLWNlYTYtNGMyOC04Yzk1LWVkYTdhYmIxOGNmMiIsImMiOiJOTyIsInIiOiIwMyIsInR5cGUiOjAsImR1cmF0aW9uIjowLCJ0aW1lc3RhbXAiOjE2OTI0NzczNDc1NzN9&t=0 IP 104.18.2.78:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintFF:E0:CE:2D:DB:8C:14:91:BC:B8:DE:9F:24:62:06:3E:6F:69:EC:55 ValiditySun, 16 Apr 2023 00:00:00 GMT - Mon, 15 Apr 2024 23:59:59 GMT File type PNG image data, 1 x 1, 8-bit/color RGB, non-interlaced\012- data Size 73 B (73 bytes) Hash 0c605efa89709962b88bf867e5cb2826 7c71d08f88603ba0ae35a656b5ac180f3a1b1039 3336865c07143159ab73893863070b6d7f0516b0de61a236a0c5c52246cb3b2e HTTP Headers GET /pixel.png?s=461&wb=eyJhZFVuaXRDb2RlIjoiaG9tZV9iaWxsYm9hcmQiLCJjcmVhdGl2ZUlkIjoiMzgxODQ2NzE0IiwiYmlkZGVyIjoiYXBwbmV4dXNBc3QiLCJ0aW1lVG9SZXNwb25kIjozNDYsImhlaWdodCI6MjUwLCJ3aWR0aCI6OTcwLCJjcG0iOjAuMDM1MzAwNTgsImhyZWYiOiJodHRwczovL2Vhc3ltYy5pby9jbGllbnQvRWFzeU1DLmV4ZT8xNjA4NTk1MjAwMDMxLyIsImFjY2VwdGFibGUiOmZhbHNlLCJtZXRhIjoie1wiZGNoYWluXCI6e1widmVyXCI6XCIxLjBcIixcImNvbXBsZXRlXCI6MCxcIm5vZGVzXCI6W3tcImJzaWRcIjpcIjEyMDg1XCJ9XX0sXCJicmFuZElkXCI6MTExNTQ0fSIsInJlcXVlc3RJZCI6IjEzODQzMDdmLWNlYTYtNGMyOC04Yzk1LWVkYTdhYmIxOGNmMiIsImMiOiJOTyIsInIiOiIwMyIsInR5cGUiOjAsImR1cmF0aW9uIjowLCJ0aW1lc3RhbXAiOjE2OTI0NzczNDc1NzN9&t=0 HTTP/1.1 Host: tracker.nitropay.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=.wulnWzaL_dEksZxByrJFVMrSXIoXW_W2dRY6CxuJ_E-1692477342-0-AUFoX27AVirx3KJVXggPgWna0Q7zxqhZXfQcjDQ2z2s/cqNqjZ+IRQlAjRNDjV9g8yAkbO0tspCKsgi8BstIWjg= Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:54 GMT content-type: image/png content-length: 73 cache-control: no-cache via: 1.1 google alt-svc: h3=":443"; ma=86400 cf-cache-status: DYNAMIC strict-transport-security: max-age=2592000; includeSubDomains server: cloudflare cf-ray: 7f952f877f05b4ed-OSL`

	www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=92cd28e2-7f91-4114-a31e-ec67549b34b7&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=25b35c12-79f8-42cc-962c-8c68f93bf060&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3Ftype%3Dmv%26reqver%3D1.0%26rg%3Da7dfc1b5b9b54d18b7660cb4a9d00cd7%26tids%3D15000%26med%3D10&rtype=mvFeedbackURL&tagId=19695922&trafficGroup=knaqe_3c&trafficSubGroup=knaqe_3c_fp&aid=6775624439826430892&wp=	23.36.79.25	303 See Other	146 B
URL GET HTTP/3 www.bing.com/api/v1/mediation/tracking?adUnit=391466&auId=92cd28e2-7f91-4114-a31e-ec67549b34b7&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=25b35c12-79f8-42cc-962c-8c68f93bf060&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3Ftype%3Dmv%26reqver%3D1.0%26rg%3Da7dfc1b5b9b54d18b7660cb4a9d00cd7%26tids%3D15000%26med%3D10&rtype=mvFeedbackURL&tagId=19695922&trafficGroup=knaqe_3c&trafficSubGroup=knaqe_3c_fp&aid=6775624439826430892&wp= IP 23.36.79.25:443 ASN #20940 Akamai International B.V. Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerMicrosoft Corporation Subjectr.bing.com Fingerprint16:DF:96:BE:A5:09:9C:D6:10:D8:3C:74:D6:16:86:35:97:47:40:FE ValidityTue, 15 Nov 2022 20:16:38 GMT - Wed, 15 Nov 2023 20:16:38 GMT File type HTML document, ASCII text Size 146 B (146 bytes) Hash a6a1daa3ab4e7d7c1f5cde63dc578181 a61af09c13fa5467dbe6e663c5518d2ee948c0ba 557d41a06aebd42e1f0ddee72a5d22c01f389f6841e699504d2049e8ab9c63ac HTTP Headers GET /api/v1/mediation/tracking?adUnit=391466&auId=92cd28e2-7f91-4114-a31e-ec67549b34b7&bidId=15000&bidderId=4&cmExpId=LV3&oAdUnit=391466&publisherId=162645330&rId=25b35c12-79f8-42cc-962c-8c68f93bf060&rlink=https%3A%2F%2Fwww.bing.com%2Faes%2Fc.gif%3Ftype%3Dmv%26reqver%3D1.0%26rg%3Da7dfc1b5b9b54d18b7660cb4a9d00cd7%26tids%3D15000%26med%3D10&rtype=mvFeedbackURL&tagId=19695922&trafficGroup=knaqe_3c&trafficSubGroup=knaqe_3c_fp&aid=6775624439826430892&wp= HTTP/1.1 Host: www.bing.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Referer: https://easymc.io/ Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 303 See Other cache-control: no-cache, no-store, must-revalidate pragma: no-cache content-length: 146 content-type: text/html; charset=utf-8 expires: 0 location: https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=a7dfc1b5b9b54d18b7660cb4a9d00cd7&tids=15000&med=10 vary: Origin strict-transport-security: max-age=15724800; includeSubDomains accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref: Ref A: 165F0693B6524343A73734E4CB7FB74E Ref B: MIL30EDGE1220 Ref C: 2023-08-19T20:35:54Z date: Sat, 19 Aug 2023 20:35:54 GMT set-cookie: _EDGE_S=F=1&SID=3A1D435DEBE263C8251E502FEA3F62BD; path=/; httponly; domain=bing.com _EDGE_V=1; path=/; httponly; expires=Thu, 12-Sep-2024 20:35:54 GMT; domain=bing.com MUID=3B4B829B887A69D51B4791E989A768A6; samesite=none; path=/; secure; expires=Thu, 12-Sep-2024 20:35:54 GMT; domain=bing.com MUIDB=3B4B829B887A69D51B4791E989A768A6; path=/; httponly; expires=Thu, 12-Sep-2024 20:35:54 GMT quic-version: 0x00000001 alt-svc: h3=":443"; ma=93600 x-cdn-traceid: 0.154f2417.1692477354.d88f7df6

	www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=a7dfc1b5b9b54d18b7660cb4a9d00cd7&tids=15000&med=10	23.36.79.25	200 OK	0 B
URL GET HTTP/3 www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=a7dfc1b5b9b54d18b7660cb4a9d00cd7&tids=15000&med=10 IP 23.36.79.25:443 ASN #20940 Akamai International B.V. Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerMicrosoft Corporation Subjectr.bing.com Fingerprint16:DF:96:BE:A5:09:9C:D6:10:D8:3C:74:D6:16:86:35:97:47:40:FE ValidityTue, 15 Nov 2022 20:16:38 GMT - Wed, 15 Nov 2023 20:16:38 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /aes/c.gif?type=mv&reqver=1.0&rg=a7dfc1b5b9b54d18b7660cb4a9d00cd7&tids=15000&med=10 HTTP/1.1 Host: www.bing.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers` HTTP/3 200 OK cache-control: private,no-store pragma: no-cache vary: Origin p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref: Ref A: 195CB46757A3408A9102C67FE707D2E1 Ref B: AMS04EDGE2218 Ref C: 2023-08-19T20:35:55Z content-length: 0 date: Sat, 19 Aug 2023 20:35:55 GMT set-cookie: _EDGE_S=F=1&SID=02451D9792126C0316770EE593D56DA1; path=/; httponly; domain=bing.com _EDGE_V=1; path=/; httponly; expires=Thu, 12-Sep-2024 20:35:55 GMT; domain=bing.com MUID=111CEBE5BBBC620B37AEF897BA7B630C; samesite=none; path=/; secure; expires=Thu, 12-Sep-2024 20:35:55 GMT; domain=bing.com MUIDB=111CEBE5BBBC620B37AEF897BA7B630C; path=/; httponly; expires=Thu, 12-Sep-2024 20:35:55 GMT quic-version: 0x00000001 alt-svc: h3=":443"; ma=93600 x-cdn-traceid: 0.154f2417.1692477354.d88f7fd1

	tracker.nitropay.com/viewability/1384307f-cea6-4c28-8c95-eda7abb18cf2?viewable=true&timeInView=1000	104.18.2.78	204 No Content	0 B
URL POST HTTP/3 tracker.nitropay.com/viewability/1384307f-cea6-4c28-8c95-eda7abb18cf2?viewable=true&timeInView=1000 IP 104.18.2.78:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintFF:E0:CE:2D:DB:8C:14:91:BC:B8:DE:9F:24:62:06:3E:6F:69:EC:55 ValiditySun, 16 Apr 2023 00:00:00 GMT - Mon, 15 Apr 2024 23:59:59 GMT File type Size 0 B (0 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers POST /viewability/1384307f-cea6-4c28-8c95-eda7abb18cf2?viewable=true&timeInView=1000 HTTP/1.1 Host: tracker.nitropay.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ Origin: https://easymc.io DNT: 1 Connection: keep-alive Cookie: __cf_bm=.wulnWzaL_dEksZxByrJFVMrSXIoXW_W2dRY6CxuJ_E-1692477342-0-AUFoX27AVirx3KJVXggPgWna0Q7zxqhZXfQcjDQ2z2s/cqNqjZ+IRQlAjRNDjV9g8yAkbO0tspCKsgi8BstIWjg= Sec-Fetch-Dest: empty Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Content-Length: 0 TE: trailers `HTTP/3 204 No Content date: Sat, 19 Aug 2023 20:35:55 GMT via: 1.1 google alt-svc: h3=":443"; ma=86400 cf-cache-status: DYNAMIC strict-transport-security: max-age=2592000; includeSubDomains server: cloudflare cf-ray: 7f952f8db944b4ed-OSL`

	www.googletagmanager.com/gtag/js?id=G-8D4FHV4N0X	142.250.74.40	200 OK	222 kB
URL GET HTTP/2 www.googletagmanager.com/gtag/js?id=G-8D4FHV4N0X IP 142.250.74.40:443 ASN #15169 GOOGLE Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerGoogle Trust Services LLC Subject.google-analytics.com FingerprintCD:19:11:50:03:C9:31:CD:B2:32:E1:82:F6:AD:5A:C5:F5:E8:7F:CE ValidityMon, 31 Jul 2023 08:16:43 GMT - Mon, 23 Oct 2023 08:16:42 GMT File type ASCII text, with very long lines (5857) Size 222 kB (221489 bytes) Hash 9a652edb7f3e46089aed0c3a7cce6e48 275274226c6aed8c1a0796e6a4306ce8c3785398 a0685d0bb19c22ff386d7e28f92d5adb8472baba3980c2470c5ae9b927f062a0 HTTP Headers `GET /gtag/js?id=G-8D4FHV4N0X HTTP/1.1 Host: www.googletagmanager.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: application/javascript; charset=UTF-8 access-control-allow-origin: * access-control-allow-credentials: true access-control-allow-headers: Cache-Control content-encoding: br vary: Accept-Encoding date: Sat, 19 Aug 2023 20:35:42 GMT expires: Sat, 19 Aug 2023 20:35:42 GMT cache-control: private, max-age=900 strict-transport-security: max-age=31536000; includeSubDomains cross-origin-resource-policy: cross-origin server: Google Tag Manager content-length: 78503 x-xss-protection: 0 alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	s.nitropay.com/n.svg	104.18.2.78	200 OK	1.4 kB
URL GET HTTP/3 s.nitropay.com/n.svg IP 104.18.2.78:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintFF:E0:CE:2D:DB:8C:14:91:BC:B8:DE:9F:24:62:06:3E:6F:69:EC:55 ValiditySun, 16 Apr 2023 00:00:00 GMT - Mon, 15 Apr 2024 23:59:59 GMT File type SVG Scalable Vector Graphics image\012- SVG XML document\012- SVG XML document\012- XML document text\012- exported SGML document, ASCII text, with very long lines (1496), with no line terminators Size 1.4 kB (1437 bytes) Hash 661a41d072f13f43176a18e44bd2b0d4 33af5c5eb7ac90995736be7f6a22f8a14c1df1af b0f7bb15b0274da37be347886aeaf2399d6714cb86efdbe38a79ba7c6821d007 HTTP Headers GET /n.svg HTTP/1.1 Host: s.nitropay.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=.wulnWzaL_dEksZxByrJFVMrSXIoXW_W2dRY6CxuJ_E-1692477342-0-AUFoX27AVirx3KJVXggPgWna0Q7zxqhZXfQcjDQ2z2s/cqNqjZ+IRQlAjRNDjV9g8yAkbO0tspCKsgi8BstIWjg= Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:54 GMT content-type: image/svg+xml x-guploader-uploadid: ADPycdsGr9sPTc9MTzSWM-oZDqflyog_KusbSJgk3CnylI5fB9Rz5ZVY2uGV_vtsFeKs_BSmSaul23g44qIttI0Gyvp3-A x-goog-generation: 1664950747723912 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 1437 x-goog-hash: crc32c=Tm86FQ==, md5=R85XyhysX5VF8eL7nGvZDQ== x-goog-storage-class: MULTI_REGIONAL access-control-allow-origin: * access-control-expose-headers: Content-Type expires: Sat, 19 Aug 2023 20:56:34 GMT cache-control: public, max-age=3600 last-modified: Wed, 05 Oct 2022 06:19:07 GMT etag: W/"47ce57ca1cac5f9545f1e2fb9c6bd90d" alt-svc: h3=":443"; ma=86400 cf-cache-status: HIT age: 2327 vary: Accept-Encoding strict-transport-security: max-age=2592000; includeSubDomains server: cloudflare cf-ray: 7f952f877f09b4ed-OSL content-encoding: gzip

	ib.adnxs.com/ut/v3/prebid	185.89.210.153	200 OK	13 kB
URL POST HTTP/2 ib.adnxs.com/ut/v3/prebid IP 185.89.210.153:443 ASN #29990 ASN-APPNEX Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerDigiCert Inc Subject.adnxs.com Fingerprint30:E1:57:C8:5A:77:64:AE:54:99:08:F7:2B:B8:C7:F4:28:85:56:08 ValidityMon, 13 Feb 2023 00:00:00 GMT - Fri, 15 Mar 2024 23:59:59 GMT File type JSON data\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (12704), with no line terminators Size 13 kB (12704 bytes) Hash f0bd43eccd949caabe81998ad8fb6a89 7d9b654c9a571bff91742afdce3aab447027dd7b fb48b62ab08a22e930b85d615950db8cae428d480e7da5b95cca8d01fc582d10 HTTP Headers `POST /ut/v3/prebid HTTP/1.1 Host: ib.adnxs.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: /* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ Content-Type: text/plain Content-Length: 1256 Origin: https://easymc.io DNT: 1 Connection: keep-alive Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK server: nginx/1.21.3 date: Sat, 19 Aug 2023 20:35:53 GMT content-type: application/json; charset=utf-8 vary: Accept-Encoding cache-control: no-store, no-cache, private pragma: no-cache expires: Sat, 15 Nov 2008 16:00:00 GMT p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" x-xss-protection: 0 access-control-allow-credentials: true access-control-allow-origin: https://easymc.io accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness an-x-request-uuid: 8960456b-0638-4f26-8999-9955285d4ceb set-cookie: icu=ChgI5YA9EAoYASABKAEwqc-EpwY4AUABSAEQqc-EpwYYAA..; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 17-Nov-2023 20:35:53 GMT; Domain=.adnxs.com; Secure; HttpOnly uuid2=1779337513419039599; SameSite=None; Path=/; Max-Age=7776000; Expires=Fri, 17-Nov-2023 20:35:53 GMT; Domain=.adnxs.com; Secure; HttpOnly x-proxy-origin: 91.90.42.154; 91.90.42.154; 943.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com content-encoding: gzip X-Firefox-Spdy: h2

	adsdk.microsoft.com/native-to-display/sdk.js	13.107.246.53	200 OK	82 kB
URL GET HTTP/2 adsdk.microsoft.com/native-to-display/sdk.js IP 13.107.246.53:443 ASN #8068 MICROSOFT-CORP-MSN-AS-BLOCK Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerMicrosoft Corporation Subjectadsdk.microsoft.com Fingerprint4D:4E:E8:2F:E3:1C:51:20:43:F1:11:11:AC:26:8B:36:D0:89:4D:44 ValidityFri, 07 Apr 2023 11:08:56 GMT - Mon, 01 Apr 2024 11:08:56 GMT File type ASCII text, with very long lines (56351) Size 82 kB (82181 bytes) Hash 9697970e93449da9665021dc622565f8 711395503c085bb1c64e52d2554990b064357671 6d217af9105d69f82cd5e29239c0caea643aa9af6854a7ed32da9452a9634ec0 HTTP Headers `GET /native-to-display/sdk.js HTTP/1.1 Host: adsdk.microsoft.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Origin: https://easymc.io DNT: 1 Connection: keep-alive Referer: https://easymc.io/ Sec-Fetch-Dest: script Sec-Fetch-Mode: cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK cache-control: private, max-age=3600 content-type: application/javascript content-encoding: br content-md5: lpeXDpNEnalmUCHcYiVl+A== last-modified: Wed, 16 Aug 2023 17:14:29 GMT etag: 0x8DB9E7C405C4A92 x-cache: TCP_HIT x-ms-request-id: 9bf66340-301e-0100-215e-d23562000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob x-azure-ref-originshield: 0d8TgZAAAAADH7wJifurcSaLQpdFBnKVdQU1TMDRFREdFMTgxOQA5N2M5YThjNi1mYzc5LTRjNDQtYjU1OS01OGMxNmJjZWEzMjI= access-control-allow-origin: * x-azure-ref: 0qSfhZAAAAABnaRTBidBWRqSTrVL9fCR2U1ZHMjBFREdFMDYyMAA5N2M5YThjNi1mYzc5LTRjNDQtYjU1OS01OGMxNmJjZWEzMjI= date: Sat, 19 Aug 2023 20:35:53 GMT X-Firefox-Spdy: h2

	easymc.io/client/EasyMC.exe?1608595200031/	172.67.138.103	200 OK	12 kB
URL User Request GET HTTP/2 easymc.io/client/EasyMC.exe?1608595200031/ IP 172.67.138.103:443 ASN #13335 CLOUDFLARENET Certificate IssuerLet's Encrypt Subjecteasymc.io FingerprintBF:26:16:CF:7C:FC:F2:81:2D:E1:E7:F7:6F:14:70:9E:F9:81:B5:1F ValiditySat, 19 Aug 2023 09:23:34 GMT - Fri, 17 Nov 2023 09:23:33 GMT File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (12242), with no line terminators Size 12 kB (12242 bytes) Hash b819065b4fc99327f0728215bbc2c42d 59132b063f9de30a5e68661d039377acb90f6f98 c6fa7d205124e139cf8c17b72e6baad7a22e26462a74ee3e0542c769ecca1202 HTTP Headers `GET /client/EasyMC.exe?1608595200031/ HTTP/1.1 Host: easymc.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sat, 19 Aug 2023 20:35:41 GMT content-type: text/html; charset=utf-8 access-control-allow-origin: * cache-control: public, max-age=14400, must-revalidate referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GMpJ8U68x%2BJEr8gCGtDgN9r7u%2B%2BXzgyZ3%2FzrK77rtQJPbTqoRWe5oMYhpuzEXQOvSyv%2FwIPClp66I4WPu0XBUyPhQVD2g2Wg7XFrTkvq5vl%2Fbl1p550kh4KI%2FHA%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding cf-cache-status: MISS server: cloudflare cf-ray: 7f952f38d85db503-OSL content-encoding: gzip alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	easymc.io/favicon.ico	172.67.138.103	200 OK	68 kB
URL GET HTTP/3 easymc.io/favicon.ico IP 172.67.138.103:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerLet's Encrypt Subjecteasymc.io FingerprintBF:26:16:CF:7C:FC:F2:81:2D:E1:E7:F7:6F:14:70:9E:F9:81:B5:1F ValiditySat, 19 Aug 2023 09:23:34 GMT - Fri, 17 Nov 2023 09:23:33 GMT File type MS Windows icon resource - 1 icon, -128x-128, 32 bits/pixel\012- data Size 68 kB (67646 bytes) Hash 6ecbef1e31ac4d7c2234bcb22d72880d e306667493ad93588997284b7e89522b80b23ee0 ab950c26dd9e4d00ffaaed745734ddb4f9ebafbfb8771887c07d8f7628930625 HTTP Headers GET /favicon.ico HTTP/1.1 Host: easymc.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/client/EasyMC.exe?1608595200031/ DNT: 1 Connection: keep-alive Cookie: _pbjs_userid_consent_data=3524755945110770; ncmp.domain=easymc.io; _ga_8D4FHV4N0X=GS1.1.1692477336.1.1.1692477336.60.0.0; _ga=GA1.1.1020617597.1692477337 Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:43 GMT content-type: image/vnd.microsoft.icon access-control-allow-origin: * cache-control: public, max-age=14400, must-revalidate etag: W/"71f3c0c6993ea882cfe5655aaf552347" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1v91dB99wHLjaOV1GOBymqzRG3aghSnasB%2BxkqfdTTSf9zGpBmJql5aMoXzhI2tinA7pW4i3CYnfZQGESSIBDNN6%2F8fsGVAaAmylMyjFlqYTkhjXlH6%2FvBoGmZU%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding content-encoding: gzip cf-cache-status: HIT age: 6777 server: cloudflare cf-ray: 7f952f45fd55b4f7-OSL alt-svc: h3=":443"; ma=86400

	s.nitropay.com/cmp/cancel.png	104.18.2.78	200 OK	1.3 kB
URL GET HTTP/3 s.nitropay.com/cmp/cancel.png IP 104.18.2.78:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintFF:E0:CE:2D:DB:8C:14:91:BC:B8:DE:9F:24:62:06:3E:6F:69:EC:55 ValiditySun, 16 Apr 2023 00:00:00 GMT - Mon, 15 Apr 2024 23:59:59 GMT File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data Size 1.3 kB (1302 bytes) Hash c707b2d501a53bc2c66e98e4e5cabefb 428a51cba1d520eae0c90de0cf367fd0ea0b9622 89863d0411e5273c7c2befe50bceeab57034e26b5df8751cc13c3bd78c73511d HTTP Headers GET /cmp/cancel.png HTTP/1.1 Host: s.nitropay.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=.wulnWzaL_dEksZxByrJFVMrSXIoXW_W2dRY6CxuJ_E-1692477342-0-AUFoX27AVirx3KJVXggPgWna0Q7zxqhZXfQcjDQ2z2s/cqNqjZ+IRQlAjRNDjV9g8yAkbO0tspCKsgi8BstIWjg= Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:43 GMT content-type: image/png content-length: 1302 x-guploader-uploadid: ADPycdsMhwRHnhaOOdc6cOzvBBrHb5zsbFsxiv5FW3lOGxT8wHo-hnJhlbScIW_H_njFjKqMuVV_KoLOw1oAt1lZqrunTA x-goog-generation: 1666344058825998 x-goog-metageneration: 1 x-goog-stored-content-encoding: identity x-goog-stored-content-length: 1302 x-goog-hash: crc32c=QrhBNA==, md5=xwey1QGlO8LGbpjk5cq++w== x-goog-storage-class: MULTI_REGIONAL access-control-allow-origin: * access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace expires: Sat, 19 Aug 2023 20:56:38 GMT cache-control: public, max-age=3600 last-modified: Fri, 21 Oct 2022 09:20:58 GMT etag: "c707b2d501a53bc2c66e98e4e5cabefb" alt-svc: h3=":443"; ma=86400 cf-cache-status: HIT age: 2273 accept-ranges: bytes vary: Accept-Encoding strict-transport-security: max-age=2592000; includeSubDomains server: cloudflare cf-ray: 7f952f45780cb4ed-OSL

	s.nitropay.com/ads-461.js	104.18.2.78	200 OK	436 kB
URL GET HTTP/2 s.nitropay.com/ads-461.js IP 104.18.2.78:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintFF:E0:CE:2D:DB:8C:14:91:BC:B8:DE:9F:24:62:06:3E:6F:69:EC:55 ValiditySun, 16 Apr 2023 00:00:00 GMT - Mon, 15 Apr 2024 23:59:59 GMT File type Size 436 kB (435525 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers `GET /ads-461.js HTTP/1.1 Host: s.nitropay.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sat, 19 Aug 2023 20:35:42 GMT content-type: application/javascript cf-ray: 7f952f3d0ceeb4f7-OSL cf-cache-status: HIT access-control-allow-origin: * age: 6712 cache-control: private, max-age=600 etag: W/"137e621ac6f5801fa601b0da70ae81ef:1692426784000" expires: Sun, 20 Aug 2023 06:34:22 GMT last-modified: Sat, 19 Aug 2023 06:33:04 GMT strict-transport-security: max-age=2592000; includeSubDomains access-control-expose-headers: Content-Type alt-svc: h3=":443"; ma=86400 x-goog-generation: 1692388435654193 x-goog-hash: crc32c=l9G6nw==, md5=E35iGsb1gB+mAbDacK6B7w== x-goog-meta-goog-reserved-file-mtime: 1692387633 x-goog-metageneration: 1 x-goog-storage-class: MULTI_REGIONAL x-goog-stored-content-encoding: identity x-goog-stored-content-length: 433368 x-guploader-uploadid: ADPycdutsjchdyDkUKEAtdUFvY5mxhAqiJRGf2oyeFd3doTCQQioUhlcwju8KAEEteQk_aCXY-mXvMP6B5aWkE1Xz1lB set-cookie: __cf_bm=.wulnWzaL_dEksZxByrJFVMrSXIoXW_W2dRY6CxuJ_E-1692477342-0-AUFoX27AVirx3KJVXggPgWna0Q7zxqhZXfQcjDQ2z2s/cqNqjZ+IRQlAjRNDjV9g8yAkbO0tspCKsgi8BstIWjg=; path=/; expires=Sat, 19-Aug-23 21:05:42 GMT; domain=.nitropay.com; HttpOnly; Secure; SameSite=None vary: Accept-Encoding server: cloudflare content-encoding: gzip X-Firefox-Spdy: h2

	fonts.googleapis.com/css?family=Karla:400,700\|Quicksand:400,700&display=swap	142.250.74.74	200 OK	4.1 kB
URL GET HTTP/2 fonts.googleapis.com/css?family=Karla:400,700\|Quicksand:400,700&display=swap IP 142.250.74.74:443 ASN #15169 GOOGLE Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerGoogle Trust Services LLC Subjectupload.video.google.com Fingerprint2A:06:F9:5A:FD:FC:89:5C:D7:C5:CC:38:F0:25:78:FB:15:9F:5A:67 ValidityMon, 31 Jul 2023 08:22:19 GMT - Mon, 23 Oct 2023 08:22:18 GMT File type ASCII text, with very long lines (4152), with no line terminators Size 4.1 kB (4062 bytes) Hash 957bf06e4c63b49204f22dbd4d48d92f 1e31f66a68a7105c926634476e5d7dd1d9b67d87 72d0d1f4f4f2a6d5714b1c42ac133b86d693a6642b63d8459f94f19b76eefedb HTTP Headers `GET /css?family=Karla:400,700\|Quicksand:400,700&display=swap HTTP/1.1 Host: fonts.googleapis.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK content-type: text/css; charset=utf-8 access-control-allow-origin: * timing-allow-origin: * link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin strict-transport-security: max-age=31536000 expires: Sat, 19 Aug 2023 20:35:42 GMT date: Sat, 19 Aug 2023 20:35:42 GMT cache-control: private, max-age=86400 cross-origin-resource-policy: cross-origin cross-origin-opener-policy: same-origin-allow-popups content-encoding: gzip server: ESF x-xss-protection: 0 x-frame-options: SAMEORIGIN x-content-type-options: nosniff alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	easymc.io/static/css/main.1238f433.chunk.css	172.67.138.103	200 OK	11 kB
URL GET HTTP/3 easymc.io/static/css/main.1238f433.chunk.css IP 172.67.138.103:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerLet's Encrypt Subjecteasymc.io FingerprintBF:26:16:CF:7C:FC:F2:81:2D:E1:E7:F7:6F:14:70:9E:F9:81:B5:1F ValiditySat, 19 Aug 2023 09:23:34 GMT - Fri, 17 Nov 2023 09:23:33 GMT File type ASCII text, with very long lines (10572) Size 11 kB (10624 bytes) Hash d8c358d4f9ae351355ea09022282e17f 224a9ddb2913402aa2a61b7ccd031bbe210f8647 662fa21a79b6a4c07658247026df3324519c68467c2ee53a6eae7251ae3127fe HTTP Headers `GET /static/css/main.1238f433.chunk.css HTTP/1.1 Host: easymc.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/client/EasyMC.exe?1608595200031/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:42 GMT content-type: text/css; charset=utf-8 access-control-allow-origin: * cache-control: public, max-age=14400, must-revalidate etag: W/"e64ec2028f5d22f37d8c7a332d350387" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5xq6flRXmAXYt7ewAc26C0Hq7D4mz%2BepK8z2SDm%2BMrajNNh34TzfBINxiDi52YC3TwG4BxhCAr%2FVF%2BNU1AkbKn03QtGGfdL6A1cOE1HUFUf0pmS27kPvHXecURQ%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding content-encoding: gzip cf-cache-status: HIT age: 4547 server: cloudflare cf-ray: 7f952f3cecb1b4f7-OSL alt-svc: h3=":443"; ma=86400

	easymc.io/static/js/main.b961184c.chunk.js	172.67.138.103	200 OK	214 kB
URL GET HTTP/3 easymc.io/static/js/main.b961184c.chunk.js IP 172.67.138.103:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerLet's Encrypt Subjecteasymc.io FingerprintBF:26:16:CF:7C:FC:F2:81:2D:E1:E7:F7:6F:14:70:9E:F9:81:B5:1F ValiditySat, 19 Aug 2023 09:23:34 GMT - Fri, 17 Nov 2023 09:23:33 GMT File type ASCII text, with very long lines (65459) Size 214 kB (214279 bytes) Hash 2707cf900832a1108bb63298db1c5637 b45f649481d768125521f25a21df863f79eccadc 8639572f27cf341f06a897da459d8bbdf90c4aba9d1239a70bb53e60e12cd62c HTTP Headers `GET /static/js/main.b961184c.chunk.js HTTP/1.1 Host: easymc.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/client/EasyMC.exe?1608595200031/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:42 GMT content-type: application/javascript access-control-allow-origin: * cache-control: public, max-age=14400, must-revalidate etag: W/"4e799a7a1d8d93b14bffbb67e46f00e9" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Rfcn4w8ij1DNe9JZdGgVnD89LaqQodVhgd%2FpnifOZ5P8nKyPqd36Cf5y3BRFZ%2BCb%2FZPAoDJMLJJglqsXVgPu5DovQq76aJYxKI0PPFsU40boV20EsgDTl2q9PHY%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding content-encoding: gzip cf-cache-status: HIT age: 762 server: cloudflare cf-ray: 7f952f3cfcc8b4f7-OSL alt-svc: h3=":443"; ma=86400

	btloader.com/tag?o=6278260873756672&upapi=true	172.67.70.134	200 OK	42 kB
URL GET HTTP/2 btloader.com/tag?o=6278260873756672&upapi=true IP 172.67.70.134:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerCloudflare, Inc. Subjectsni.cloudflaressl.com FingerprintCD:1F:8E:8F:6E:EE:A0:08:86:01:36:43:60:04:A2:33:3C:47:9F:3B ValidityThu, 06 Jul 2023 00:00:00 GMT - Fri, 05 Jul 2024 23:59:59 GMT File type ASCII text, with very long lines (42017) Size 42 kB (42018 bytes) Hash 26bba6d9d8c1c9ae30d079a09e00c6c2 dd2b47a4e7893fe393fb8658f1890cb8f9e79d1f f3e583e04773d5c2b72c84fe23ade0c524c6f65daa414c46268fa5a1da090780 HTTP Headers `GET /tag?o=6278260873756672&upapi=true HTTP/1.1 Host: btloader.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` HTTP/2 200 OK date: Sat, 19 Aug 2023 20:35:42 GMT content-type: application/javascript cache-control: public, max-age=300, must-revalidate, stale-if-error=3600, stale-while-revalidate=300 etag: W/"cb2a86927cb6a35f2d3317cf957201f2" last-modified: Sat, 19 Aug 2023 19:47:21 GMT vary: Origin, Accept-Encoding via: 1.1 google cf-cache-status: HIT age: 2889 report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nUSeDC7WZ2BABBpHbg%2F12mNx2eRUMBGqDujNPhp82lbkWgswOVKBUwL6bmZ9wwSzkc0Cbok6DoU1iesVavO5OBZX9Ab%2F9jIlQ58W8%2B%2BWDOE%2F5RCax2b2L9brMeAmYA%3D%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 7f952f3fc811fac0-OSL content-encoding: br X-Firefox-Spdy: h2

	easymc.io/static/css/2.c2809310.chunk.css	172.67.138.103	200 OK	149 kB
URL GET HTTP/3 easymc.io/static/css/2.c2809310.chunk.css IP 172.67.138.103:443 ASN #13335 CLOUDFLARENET Requested by https://easymc.io/client/EasyMC.exe?1608595200031/ Certificate IssuerLet's Encrypt Subjecteasymc.io FingerprintBF:26:16:CF:7C:FC:F2:81:2D:E1:E7:F7:6F:14:70:9E:F9:81:B5:1F ValiditySat, 19 Aug 2023 09:23:34 GMT - Fri, 17 Nov 2023 09:23:33 GMT File type ASCII text, with very long lines (65326) Size 149 kB (148869 bytes) Hash 616fec9ff251b9f9b3c369d600d8299d 66ecc22b4d6ebec052a5a47c9a583c54631b7547 3d6f7dffca859da345c5ccdad723fa9a449db97256634c06cbbe1bd8a0b81109 HTTP Headers `GET /static/css/2.c2809310.chunk.css HTTP/1.1 Host: easymc.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://easymc.io/client/EasyMC.exe?1608595200031/ DNT: 1 Connection: keep-alive Sec-Fetch-Dest: style Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache` HTTP/3 200 OK date: Sat, 19 Aug 2023 20:35:42 GMT content-type: text/css; charset=utf-8 access-control-allow-origin: * cache-control: public, max-age=14400, must-revalidate etag: W/"4e8cd96bac5a769acb323cf99545105b" referrer-policy: strict-origin-when-cross-origin x-content-type-options: nosniff report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DgQECQgqzKP1LYLW2SQdoRzF3BcOk%2Fqt%2B1FzdJrmKCcKKjqVgkCISgKk4HVpxsw%2FlsQRW9n2lF%2Fc60SWHfgYCIFoX42s1vpoXqzJ5LEJvlN63tgcNmjh5M5n9yI%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding content-encoding: gzip cf-cache-status: HIT age: 762 server: cloudflare cf-ray: 7f952f3cdca7b4f7-OSL alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Fortinet's Web Filter

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (18)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash