xsportshd.com/NBA-NFL-Streaming.html
104.21.34.201301 Moved Permanently 0 B URL HTTP/1.1 xsportshd.com/NBA-NFL-Streaming.html
IP 104.21.34.201:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert fortinet Malware
GET /NBA-NFL-Streaming.html HTTP/1.1
Host: xsportshd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 28 Nov 2022 08:37:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Mon, 28 Nov 2022 09:37:06 GMT
Location: https://xsportshd.com/NBA-NFL-Streaming.html
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zg10ccAy5nw3Nd%2Bch%2BvinS9zyHjUJkDe9CX9tyPmKzV7XLL0rv0qQk6vcsXG01EmF02161pW0QEqzSPSXW%2BaZVMj9k9IajCznym5wuc4bPr6F1%2BYH%2F8Cch7%2BX6lR0IVm"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7711c79e589eb4f1-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash cdbad2434b7d127a4fc769807a9dc3e7
fa98cd9fc2309ab4423f33f683d17bdb17d76713
560cbbb751ab2884024da3b93fba6bc45c6434797dba72a98c05e7fc2bb94bc1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "560CBBB751AB2884024DA3B93FBA6BC45C6434797DBA72A98C05E7FC2BB94BC1"
Last-Modified: Sat, 26 Nov 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13533
Expires: Mon, 28 Nov 2022 12:22:40 GMT
Date: Mon, 28 Nov 2022 08:37:07 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 64b2a23eab6e5ae8c010ec7242be930c
0673e4385ba01a5a245711bab96cafc34f765793
64751d193f7af72431e9689581faffcae1a30ff50ea425697b2b80ff61c87909
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 820
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:07 GMT
Etag: "63833c71-1d7"
Last-Modified: Mon, 28 Nov 2022 08:23:27 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 71f9c681a82440fd55e76c780a20e55d
3147768cfbcdd06e0c6e69684292e68e99917a80
5ea71ce6dd9e927f9bb3f97f59cc1ac7dc25a949024815965b29bc5835614786
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5EA71CE6DD9E927F9BB3F97F59CC1AC7DC25A949024815965B29BC5835614786"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12237
Expires: Mon, 28 Nov 2022 12:01:04 GMT
Date: Mon, 28 Nov 2022 08:37:07 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
34.102.187.140200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 34.102.187.140:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 4d7e4eed097b9c4e5d509419f1cfc85a
290bb3d428a7c6330e2e3d73a952b16f820896c8
0dc9ca0f57af15adcd416035e92794711434e3d53a1feff21d8481d6d500986c
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Content-Length, Alert, Backoff, Retry-After
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 28 Nov 2022 08:17:46 GMT
cache-control: public,max-age=3600
content-type: application/json
age: 1161
alt-svc: clear
X-Firefox-Spdy: h2
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 9ebddc2b260d081ebbefee47c037cb28
492bad62a7ca6a74738921ef5ae6f0be5edebf39
74bbb7cba16f7d084a08a0907d47d7496e5c148f904707ec6950f8f6a61027e5
GET /chains/remote-settings.content-signature.mozilla.org-2022-12-30-09-21-26.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: SNDV/U0wHBaw1FsSL1VbVSBhX+ZIVRE7XI/tchBd7amXGb3PlCCKYa2GWEQ96sSVokBoLVPNFA0=
x-amz-request-id: PGA2HRR63VNZQRRT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 28 Nov 2022 07:44:57 GMT
age: 3130
last-modified: Thu, 10 Nov 2022 09:21:27 GMT
etag: "9ebddc2b260d081ebbefee47c037cb28"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 08:37:07 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash f07e68dbd4eddd534a4426e9be08c445
7369c0a1ba7b438b838e23836b461879a3751939
eec9f6d9390a144493d870a2cdd496e5e8a89960ab3f6118eff5925dd5e99de5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2243
Cache-Control: max-age=124271
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:07 GMT
Etag: "6383acdf-116"
Expires: Tue, 29 Nov 2022 19:08:18 GMT
Last-Modified: Sun, 27 Nov 2022 18:30:55 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash f07e68dbd4eddd534a4426e9be08c445
7369c0a1ba7b438b838e23836b461879a3751939
eec9f6d9390a144493d870a2cdd496e5e8a89960ab3f6118eff5925dd5e99de5
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2243
Cache-Control: max-age=124271
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:07 GMT
Etag: "6383acdf-116"
Expires: Tue, 29 Nov 2022 19:08:18 GMT
Last-Modified: Sun, 27 Nov 2022 18:30:55 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278
ocsp.pki.goog/s/gts1p5/7LD-Il1pIE0
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/7LD-Il1pIE0
IP 142.250.74.3:0
Hash c6f9861b6f431a586c1e625870da396b
99fe4f3983385ad6aa7746db9f5e42c4ccd92e1f
f78627bafaa89b4a47a5a6b91b711a5cc36c96c1263a0acd276998ed8d6932cc
POST /s/gts1p5/7LD-Il1pIE0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:07 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
free.timeanddate.com/clock/i7n6znqi/n19/fs18/fcfff/tc48a648/pc2b3e50/ftb/bas2/bat1/bacfff/pa8/tt0/tw1/tm2/th1/tb1
151.101.85.176200 OK 1.8 kB URL HTTP/2 free.timeanddate.com/clock/i7n6znqi/n19/fs18/fcfff/tc48a648/pc2b3e50/ftb/bas2/bat1/bacfff/pa8/tt0/tw1/tm2/th1/tb1
IP 151.101.85.176:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (421)
Hash 7489219a1ace41855bf814201833a4a6
c3c8e8284a0f921314ffadb908f82fa6d7794934
243fef5b419216c5416dffbe025a94be6083e9c06d284264e6aa8ad56260cf5e
GET /clock/i7n6znqi/n19/fs18/fcfff/tc48a648/pc2b3e50/ftb/bas2/bat1/bacfff/pa8/tt0/tw1/tm2/th1/tb1 HTTP/1.1
Host: free.timeanddate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: gzip
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
content-type: text/html; charset=UTF-8
accept-ranges: bytes
date: Mon, 28 Nov 2022 08:37:07 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1674-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669624628.555893,VS0,VE92
vary: Accept-Encoding
content-length: 1800
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c81653e99cfdfb43236c8d50248b2e51
a33bc0cb7d3bb714b7ef23b059bb304cf23d464f
e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-106535798-1
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-106535798-1
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 7339ace7de51c921e65c48adbf24d394
0d4cb8384e17b9e900a7f5bcf82b09835582347d
c7d6242ea66a7a271354677b11c4f15c1838e78529200ed3d16da3909de47035
GET /gtag/js?id=UA-106535798-1 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 28 Nov 2022 08:37:07 GMT
expires: Mon, 28 Nov 2022 08:37:07 GMT
cache-control: private, max-age=900
last-modified: Mon, 28 Nov 2022 06:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43680
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1p5/7LD-Il1pIE0
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/7LD-Il1pIE0
IP 142.250.74.3:0
Hash c6f9861b6f431a586c1e625870da396b
99fe4f3983385ad6aa7746db9f5e42c4ccd92e1f
f78627bafaa89b4a47a5a6b91b711a5cc36c96c1263a0acd276998ed8d6932cc
POST /s/gts1p5/7LD-Il1pIE0 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:07 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash c81653e99cfdfb43236c8d50248b2e51
a33bc0cb7d3bb714b7ef23b059bb304cf23d464f
e75fa0ce568755990d6949ef93e3e5c29213a5a11887f697af901f41b14e0274
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:07 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 4.2 kB IP 93.184.220.29:0
File type gzip compressed data, from Unix\012- data
Hash 9fb5e357d7550281795d77fe11cdd091
26cd885fedd727d513efc4f2661fe8c44461c57d
adeef633de157a438d0ae631033bed62c323dc9c03fb652abab9c72f889a1145
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6029
Cache-Control: max-age=134907
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:07 GMT
Etag: "6383c7a1-118"
Expires: Tue, 29 Nov 2022 22:05:34 GMT
Last-Modified: Sun, 27 Nov 2022 20:25:05 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 280
free.timeanddate.com/ts.php?t=1669624627160
151.101.85.176200 OK 15 kB URL HTTP/2 free.timeanddate.com/ts.php?t=1669624627160
IP 151.101.85.176:0
Hash a82dce1fb077ad29c3cbb5a4fe013640
7aaed03d09549c971466f317ba317d3897fbb018
596b60ca0cb87f225a74064004ce29de57cfe0bcb2bc526dfd06963099ac552c
GET /ts.php?t=1669624627160 HTTP/1.1
Host: free.timeanddate.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://free.timeanddate.com/clock/i7n6znqi/n19/fs18/fcfff/tc48a648/pc2b3e50/ftb/bas2/bat1/bacfff/pa8/tt0/tw1/tm2/th1/tb1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
content-encoding: gzip
pragma: no-cache
cache-control: max-age=0, no-cache, no-store
content-type: text/plain;charset=UTF-8
accept-ranges: bytes
date: Mon, 28 Nov 2022 08:37:07 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-bma1674-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1669624628.701315,VS0,VE92
vary: Accept-Encoding
content-length: 40
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
104.17.25.14200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (65447)
Hash d900ca08873ee57d40616d39a44cc0aa
7ab3ac8b1504b7b914a6e94c979b8390bb492f6a
1eea479cc0abe04a0846f41031207f9511f12ffef017a6109d4efb6f5523465b
GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publicatadlit.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:07 GMT
content-type: application/javascript; charset=utf-8
content-length: 27938
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "603e8adc-15d9d"
last-modified: Tue, 02 Mar 2021 18:58:36 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 1438352
expires: Sat, 18 Nov 2023 08:37:07 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yKqW76HiVuALKf6Fl%2FXD5VtKOz%2FxA9fhRoQpF3UDt7mGmzWim4DMOmiW%2FBDOPfT1y06nMetMxDdcAZiPdYnl4Y5LjPD9R8qmh3ubCLD5xZs1xxv0PauW1Dxrqfh8j3pqNYIrKqZl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7711c7a3c902fab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c621d4c62f1b73d7db42f083617dc8db
1a78ba537afba7aea6308288c5c41c90de74b3ba
d7b3c5b2e9ea4ad8e5c33649a912d471545651f643b62238beb7d33188146322
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6029
Cache-Control: max-age=134907
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:07 GMT
Etag: "6383c7a1-118"
Expires: Tue, 29 Nov 2022 22:05:34 GMT
Last-Modified: Sun, 27 Nov 2022 20:25:05 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 280
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash ebedc2ec4252a54928ffc21c1ab1bb51
da7ffc7850a3c5f0e61287497ae7db665e796753
8b0ad4330c60cfa6c6bb4a24827fdb80075eb89e67e06cd89d0c868b98fd002e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:07 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 05:29:12 GMT
Expires: Sat, 03 Dec 2022 05:29:11 GMT
Etag: "da7ffc7850a3c5f0e61287497ae7db665e796753"
Cache-Control: max-age=420123,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7711c7a45fc4b51e-OSL
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5de77fc270d2d3c1503b8a7befdec483
8192f24398f67792471f04ca2bf86b46925925f2
0f4d9c217ab2a82fe9ac30b61d31010c7d12786232a7ee988301bb956f776a77
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "0F4D9C217AB2A82FE9AC30B61D31010C7D12786232A7EE988301BB956F776A77"
Last-Modified: Sun, 27 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4377
Expires: Mon, 28 Nov 2022 09:50:04 GMT
Date: Mon, 28 Nov 2022 08:37:07 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash ebedc2ec4252a54928ffc21c1ab1bb51
da7ffc7850a3c5f0e61287497ae7db665e796753
8b0ad4330c60cfa6c6bb4a24827fdb80075eb89e67e06cd89d0c868b98fd002e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:07 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 05:29:12 GMT
Expires: Sat, 03 Dec 2022 05:29:11 GMT
Etag: "da7ffc7850a3c5f0e61287497ae7db665e796753"
Cache-Control: max-age=420123,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7711c7a4a84db51e-OSL
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash eba241024c7bbc48e5440ae365170c43
856f870c858fa6fc79e502486ad5118ad8b11ff8
4039cfaee9a9a722098d2f114d2d44c33b59947e10779514766e577961a2b7c2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 259
Cache-Control: max-age=127305
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:08 GMT
Etag: "6383c07a-116"
Expires: Tue, 29 Nov 2022 19:58:53 GMT
Last-Modified: Sun, 27 Nov 2022 19:54:34 GMT
Server: ECS (amb/6B7A)
X-Cache: HIT
Content-Length: 278
publicatadlit.com/redirect?tid=936840
172.67.132.30301 Moved Permanently 371 B URL HTTP/2 publicatadlit.com/redirect?tid=936840
IP 172.67.132.30:0
Hash d27cd3e5ae2d60c98106ac54f50c310e
c383b5418edf987a30e9e023d0cbcf71c50ffadf
f629693c70e834fddaf6f8c542f745cfa3242dd9bb86208a8f3136b7ade004b2
GET /redirect?tid=936840 HTTP/1.1
Host: publicatadlit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Mon, 28 Nov 2022 08:37:07 GMT
location: https://publicatadlit.com/tid=215664.html
cache-control: max-age=3600
expires: Mon, 28 Nov 2022 09:37:07 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=basHWjxoEkH%2FCsyu0700QK5YozPE0aLt5iUAMnIsqQnZstSAI6lEqFg%2Bu%2B2QTisnskPmM5ATqsyCqXiMe9LQDBacIFhzJJnMwlYE1EKYgjxj%2BpYiXmhAt7syosRVIFwXpzve6g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7711c7a2db250afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
34.102.187.140200 OK 1.6 kB URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 34.102.187.140:0
Hash 5d50cb9e0a6304f6356d0be969fa69ec
7709ad359c02f7cdbd48a032b3be5133fcc79699
45deb7e87ef0e1375f5b87dc2bcd4276d5110766e217953d795cb598fbf71e9b
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Pragma, Alert, Content-Type, ETag, Retry-After, Last-Modified, Content-Length, Cache-Control, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 28 Nov 2022 08:11:12 GMT
cache-control: public,max-age=3600
age: 1556
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ba8bd24fa6c98f4085f4a163dc805bde
f868b659a4eeec1b0a3227c89a3e3d42f66f36aa
6630cd2de794010df48c9f60dd7a215ddb63aae10858f09926980a7165684f6e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6630CD2DE794010DF48C9F60DD7A215DDB63AAE10858F09926980A7165684F6E"
Last-Modified: Sat, 26 Nov 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9868
Expires: Mon, 28 Nov 2022 11:21:36 GMT
Date: Mon, 28 Nov 2022 08:37:08 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/ORN9eI1KnF4
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/ORN9eI1KnF4
IP 142.250.74.3:0
Hash fb01911ac2ad98d6c12334550935439a
bcf656837cf215dc94fceb62e86294e99192489d
958299312eb2a75b83d4c556cc0b4dc949f270da77fb9621c5277e0f7c4a2a1e
POST /s/gts1p5/ORN9eI1KnF4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:08 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash a7ba5baa146771ca9ad119699b188a09
fd0505f464addd344f57d9f7b8ace0de78868958
426a6e5a60877f4fb4129b7fb567903efe3b5ddd00fbc6fc976d5bada2768e5d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=86104
Date: Mon, 28 Nov 2022 08:37:08 GMT
Etag: "63830b2a-1d7"
Expires: Tue, 29 Nov 2022 08:32:12 GMT
Last-Modified: Sun, 27 Nov 2022 07:00:58 GMT
Server: ECS (dcb/7F82)
X-Cache: Miss from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NeXFodWmq8DIdzt-lUBgJs9xiOKLEAQ-Jt-Ff-jWobCJt-ttdnu9_g==
Age: 5474
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash a6ddb44a8ecb575a4dc754210f6e9ad6
209150b3dd0858b38bb08ab685f941afaff322d2
24bb69dbf7d6188c11fb32bf2154b7debddc36c209a8d251dcd0ae89563842fa
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=169364
Date: Mon, 28 Nov 2022 08:37:08 GMT
Etag: "63845cae-1d7"
Expires: Wed, 30 Nov 2022 07:39:52 GMT
Last-Modified: Mon, 28 Nov 2022 07:01:02 GMT
Server: ECS (dcb/7EA3)
X-Cache: Miss from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: QwL2_NqRvCj9ibsg2fZFnhwn-yQVPN_Tw7z5Ur_G7R4f68i25Nfw5w==
Age: 2330
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash a7ba5baa146771ca9ad119699b188a09
fd0505f464addd344f57d9f7b8ace0de78868958
426a6e5a60877f4fb4129b7fb567903efe3b5ddd00fbc6fc976d5bada2768e5d
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=86104
Date: Mon, 28 Nov 2022 08:37:08 GMT
Etag: "63830b2a-1d7"
Expires: Tue, 29 Nov 2022 08:32:12 GMT
Last-Modified: Sun, 27 Nov 2022 07:00:58 GMT
Server: ECS (dcb/7F84)
X-Cache: Miss from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: bNm-h3f8W4HOlaPxAGIcdcvQiduynxzZ0OA0U414DwkoRavwQMdiiw==
Age: 5474
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash a6ddb44a8ecb575a4dc754210f6e9ad6
209150b3dd0858b38bb08ab685f941afaff322d2
24bb69dbf7d6188c11fb32bf2154b7debddc36c209a8d251dcd0ae89563842fa
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=168824
Date: Mon, 28 Nov 2022 08:37:08 GMT
Etag: "63845cae-1d7"
Expires: Wed, 30 Nov 2022 07:30:52 GMT
Last-Modified: Mon, 28 Nov 2022 07:01:02 GMT
Server: ECS (dcb/7EA6)
X-Cache: Miss from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: SfDgUptTjBSg5v6E292llldewTVuP8Z_i2zbwdEu4gU3LYS4rLNZow==
Age: 1790
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash a6ddb44a8ecb575a4dc754210f6e9ad6
209150b3dd0858b38bb08ab685f941afaff322d2
24bb69dbf7d6188c11fb32bf2154b7debddc36c209a8d251dcd0ae89563842fa
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=170854
Date: Mon, 28 Nov 2022 08:37:08 GMT
Etag: "63845cae-1d7"
Expires: Wed, 30 Nov 2022 08:04:42 GMT
Last-Modified: Mon, 28 Nov 2022 07:01:02 GMT
Server: ECS (dcb/7F16)
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: VbDCoCi0Cj-gnBVM49NKIPNskE4XPJtAogL24ULmgP-xqtGGC6MlLQ==
Age: 3821
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5de77fc270d2d3c1503b8a7befdec483
8192f24398f67792471f04ca2bf86b46925925f2
0f4d9c217ab2a82fe9ac30b61d31010c7d12786232a7ee988301bb956f776a77
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "0F4D9C217AB2A82FE9AC30B61D31010C7D12786232A7EE988301BB956F776A77"
Last-Modified: Sun, 27 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4376
Expires: Mon, 28 Nov 2022 09:50:04 GMT
Date: Mon, 28 Nov 2022 08:37:08 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash a6fee11dfe1b88cd768a0ca3e2bd0c89
59cec9a44a4a92467678afe65f347f68641a2174
50870c499aae4d5dfd6df25a36cd04b6d185b66ef0590e46933984bf52e2483f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5320
Cache-Control: max-age=93503
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:08 GMT
Etag: "638328ac-1d7"
Expires: Tue, 29 Nov 2022 10:35:31 GMT
Last-Modified: Sun, 27 Nov 2022 09:06:52 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 471
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash cbcbfb1de679e901872129831e1d0fcc
360f0d37f1c91106e06eab05920026a0f6793e3c
85eccb14b4dfbe5468cec62eaa13485f005eccf8e413e8663029e619aca58089
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=163697
Date: Mon, 28 Nov 2022 08:37:08 GMT
Etag: "63844ea3-1d7"
Expires: Wed, 30 Nov 2022 06:05:25 GMT
Last-Modified: Mon, 28 Nov 2022 06:01:07 GMT
Server: ECS (dcb/7F80)
X-Cache: Miss from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: UXJGQ6DDyYS6o1BM1G-Rj1GE27zc-57SgU2Kbnp6inpVQuN9Zex4Ww==
Age: 258
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash eba241024c7bbc48e5440ae365170c43
856f870c858fa6fc79e502486ad5118ad8b11ff8
4039cfaee9a9a722098d2f114d2d44c33b59947e10779514766e577961a2b7c2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 260
Cache-Control: max-age=127305
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:08 GMT
Etag: "6383c07a-116"
Expires: Tue, 29 Nov 2022 19:58:53 GMT
Last-Modified: Sun, 27 Nov 2022 19:54:34 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 1daa1f04955fc886dbad74f27554ecfd
c42cbc6c0876104c632587731cd9c8f693d917b5
f3f15bdc2f8af456fc721a9a7ca4198112f9d050623de43fbb9f4abe86550b2a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=146544
Date: Mon, 28 Nov 2022 08:37:08 GMT
Etag: "6384012e-1d7"
Expires: Wed, 30 Nov 2022 01:19:32 GMT
Last-Modified: Mon, 28 Nov 2022 00:30:38 GMT
Server: ECS (dcb/7EEE)
X-Cache: Miss from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 941PgCk9OPIj5vp7gJsGpNM69IJ-R_lwOHcX3E597zP0I6z7JDg2Uw==
Age: 2934
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash cbcbfb1de679e901872129831e1d0fcc
360f0d37f1c91106e06eab05920026a0f6793e3c
85eccb14b4dfbe5468cec62eaa13485f005eccf8e413e8663029e619aca58089
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Mon, 28 Nov 2022 08:37:08 GMT
Last-Modified: Mon, 28 Nov 2022 07:08:59 GMT
Server: ECS (dcb/7EEE)
X-Cache: Miss from cloudfront
Via: 1.1 1d8cf7c8865ed1078c19a98771ad34ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: GPjeRgJfHmmsp0_8Yg5RfXdclmHWITGGR3-u5qeByO5HXYTqGG_HRA==
Age: 5289
syndication.realsrv.com/splash.php?type=8&idzone=4846402&p=https://xsportshd.com&tested=2/
95.211.229.245302 Found 1.3 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?type=8&idzone=4846402&p=https://xsportshd.com&tested=2/
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash 8c37073d022dabb7f8a7590ab4edf5b1
8286d5a86d7b47b68d1dae986a5a69af81093a07
a9d6cfefbf77ab02b10defc3c1ad024741de1ab72f532a7602b2c65607faf6bf
GET /splash.php?type=8&idzone=4846402&p=https://xsportshd.com&tested=2/ HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 08:37:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%2263847334641631.62852229156372204%22%3B%7D; expires=Wed, 27 Nov 2024 08:37:08 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=cmmsxrbonxgxaalsbbboageicmmsxaeenxgxaalsmleergeimacslbecnxgxaaabssxamgeislsaroornxgxaalrmxecrgeicxbmsbxcnxgxaalaxmrsegeioslmrxlrnxgxaalrollmegeiccmmlmlcnxgxaalcscrlmgeialbsereanxgxaalrollmegeioslmrxbrnxgxaalrlccrxgeicxbmsbcenxgxaalrlccrxgeioslmrxlsnxgxaalreolamgeicxbmsbocnxgxaalrcerlbgeicxbmsboenxgxaalrbsbllgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaablbccmbgeiccmmlleanxgxaalrollmegeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaalccxmexgeimacslbeenxgxaaboslelageioslmroemnxgxaalraseexgeioslmrxbmnxgxaalaxmrsegeicaxsscmbnxgxaalsombbogeicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaalrlccrxgeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaalrcerllgeimcclsoeonxgxaamxaacblgeimacslbeonxgxaaloesaslgeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaalrrccrxgeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaammemsrlgeimcclsxlcnxgxaamrscxmxgeimaecseranxgxaabrlemaegeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaalosseolgeicaormbmbnxgxaalrexasogeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaalolablsgeimcclsxconxgxaalrbbbaageimcclsxmenxgxaalrlccrxgeialbserxonxgxaalcscrlmgeimccloscenxgxaamabsxrmgeimcclsxxonxgxaalrcerllgeimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaaloarmmlgeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaalsxarlegeimacslbeanxgxaablxaelxgeialbserecnxgxaalssbrcxgeiccmmllecnxgxaalcsrbbbgeisaeeasslnxgxaabrbeccogeimcclossanxgxaabrlemaegeimcclsxronxgxaalraseexgeimaecseabnxgxaabrlemaegeimrblelrcnxgxaabrlemaegeimrblxemonxgxaabrlemaegeimcclsxcanxgxaalrlccrxgeimaecsxoonxgxaabmalbxxgeircsxcxscnxgxaabbxeomsgeicaormbbenxgxaalexxbcxgeiabeocmconxgxaablxrcmmgeimcclsxxcnxgxaalesmxrsgeimrblxeeanxgxaablsaloageimaecsemanxgxaablsaloageimaecselonxgxaaloaroaageimcclsxacnxgxaalrcerllgeimcclselenxgxaalreolamgeimaecsxronxgxaalxmmoorgeimaecsxsenxgxaalxmmoorgeimaecsercnxgxaalxmmoorgeimaecsembnxgxaalxmmoorgeimaecselenxgxaalxmmoorgeimaecobobnxgxaalsmleergeimaecomoanxgxaalsbbboageimrblxxoenxgxaalsbmacmgeimaecobsbnxgxaalsbbboageimrblxosonxgxaalsbbboageimcclsxmanxgxaalrollmegeimasbmxconxgxaalrsbmlegxcceimxxerrecnxgxaalrcerlbgxcceimxcbrxscnxgxaalrcerllgxcceimxxerreanxgxaalrcerllgxcceimxxerrebnxgxaalrcerllgxcceimxcbrxabnxgxaalrcerllgxcceimrxccosencgxaalrcerllgxcceialbbebsanxgxaalrcerllgxcceimaoobbebnxgxaalrcxbrsgxcceimraeelaanxgxaalrcxbrsgxcceixaoosscrnxgxaalrcrlbmgxcceimrxccosancgxaalrcrlbmgxcceimxcbrxronxgxaalrcrlbmgxcceimraeelabnxgxaalrcmelsgxcceicxsxcobxnxgxaalrclsllgxcceimxlbalsbnogxaalrrccrxgxcceialcaercenxgxaalrrccrxgxcceimaoobrbansgxaalrrccrxgxcceimaoobrbcnsgxaalrrccrxgxcceimmoeosaenxgxaalrrrsccgxcceimeembesonxgxaalrrrsccgxcceimmxsrbabnsgxaalrrrsccgxcceimasbmxsanxgxaalrraxsagxcceimxlbmoconsgxaalrrasoegxcceimxeoxsacnrgxaalrrasoegxcceimxcbrxcbnxgxaalrrasoxgxcceimclxlloanogxaalrrasaagxcceialxosmbanxgxaalrrasaagxcceimxlbmxlonogxaalrrmxcbgxcceimasbmxsonxgxaalrrbbcsgxcceicloaxxoanxgxaalrrleoagxcceicloaecoenxgxaalrrleomgxcceimraeelsonxgxaalrrleomgxcceiallxlmscnxgxaalraexcmgxcceimrmaobxanogxaalraexbmgxcceimcssmlrenrgxaalraoslcgxcceimaoolslanxgxaalrasoccgxcceimmoeosaonxgxaalracloegxcceimmoeosscnxgxaalracloegxcceimmoeosconxgxaalracloegxcceiccblrxrbnxgxaalracloegxcceimsacexoonxgxaalrarlxsgxcceimxlbalcenogxaalrmerbxgxcceimxlbmxbbnogxaalrmerbxgxcceimrxccosoncgxaalrmeabxgxcceicloaxxabnxgxaalrmeabxgxcceimxlbmxlenogxaalrmeabxgxcceirrbbcsacnxgxaalrmxecrgxcceicbbmelocnogxaalrmxecagxcceiaaxcambbnogxaalrmxxllgxcceialrexexbnxgxaalrmxxllgxcceiccblrxaanxgxaalrmocmagxcceimoobcomanxgxaalrmocmagxcceimoobcobenxgxaalrmocmagxcceimoobcoabnxgxaalrmocmagxcceimoobcoaonxgxaalrmocmlgxcceimoobcomonxgxaalrmocmlgxcceimoobcomenxgxaalrmocmlgxcceimoobcoaanxgxaalrmocmlgxcceimeelareanxgxaalrmsbregxcceimemlxbocnogxaalrmsbregxcceimemlxmcbnxgxaalrmccomgxcceimmxcxslenxgxaalrmccolgxcceimasbmxsbnogxaalrmbrrbgxcceimaaaerobnxgxaalrmbrlrgxcceimmossscensgxaalrmlxbegxcceimrbxmxmanxgxaalrmlxbegxcceialbmlexcnxgxaalrbxsrsgxcceimasbmxsenxgxaalrbooecgxcceimxxerrxenxgxaalrbsblcgxcceimmosssconagxaalrbsbllgxcceimxlbmosenogxaalrbsbllgxcceialbbebsbnxgxaalrbsbllgxcceimxcbrxocnxgxaalrbsbllgxcceimxxerreonxgxaalrbsbllgxcceialrexeoonxgxaalrbsbllgxcceimxlbmoscnogxaalrbsbllgxcceimrmbbrcanxgxaalrbcesrgxcceimrmbbrconxgxaalrbcesrgxcceicloaxxmonxgxaalrbcxabgxcceimecmmelonxgxaalrbcomrgmoeimecmmelenxgxaalrbcseegmoeimexexabbnxgxaalrbcmlcgxcceimmooobrbnxgxaalrbcbregxcceialbmmbbenxgxaalrbcbregxcceimmooobranxgxaalrbcbregxcceimxcbrxmbnxgxaalrbcbregxcceimxlbmosanogxaalrbclbbgxcceicxmecmcanxgxaalrbabxbgxcceialbmbrmcnxgxaalrbmormgxcceicloaxxobnxgxaalrbmormgxcceialbmbrmanxgxaalrbmormgxcceimxeemblonxgxaalrbmormgxcceialbmbrabnxgxaalrbmormgxcceialbmlesenxgxaalrbmsrxgxcceicloaecoanxgxaalrbmblxgxcceimmxccmeonxgxaalrbboeagxcceimxlbmoobnogxaalrbboeagxcceimxlbmosonogxaalrbbbaagxcceirreacmsbnxgxaalrbbbaagxcceimcssmlrcnsgxaalrbbbaagxcceimxxrecsanxgxaalrbblorgxcceimeelaclanmgxaalrbblorgxcceimrbleaxonxgxaalrbblorgxcceimellboscnxgxaalrbblorgxcceimellbooenxgxaalrbblorgxcceiaaxcamlcnxgxaalrbblorgxcceimeelaclonagxaalrbblorgxcceimeelaclcnagxaalrbblorgxcceimellbosonxgxaalrbblorgxcceialbmlecanxgxaalrblxcbgxcceimaoolxxbnxgxaalrlebrmgxcceimclsaoxbncgxaalrlebrmgxcceimcoaxmxoncgxaalrlebrmgxcceimcssmlronsgxaalrlebrmgxcceimmxerboonxgxaalrlxccogxcceialbmmbbonxgxaalrlxbsrgxcceimcoaxmxcncgxaalrlxlbcgxcceimmxsrbmensgxaalrlxlbcgxcceimaoolcoenxgxaalrlolaogxcceimecmmelcnxgxaalrlolaogmoeimxlbmxlcnogxaalrlolaogxcceimxrrmllbnxgxaalrlssxbgxcceialblcxmbnxgxaalrlssxbgxcceislmbeslrnxgxaalrlssxbgxcceialblcxbonxgxaalrlssxbgxcceimxrrbeecnxgxaalrlssxbgxcceislmbecesnxgxaalrlssxbgxcceiaaxcabeenxgxaalrlsaaxgxcceimxeemblenogxaalrlsaaogxcceimxeemleanxgxaalrlcelegxcceimxcbrxcenxgxaalrlccrxgxcceialbbebrenxgxaalrlccrxgxcceimxcbrxaonxgxaalrlccrxgxcceimmooobronxgxaalaeelregxcceimxeoxsbenrgxaalaecrlrgxcceimxcbrxbenxgxaalaecrlrgxcceimxcbrxsenxgxaalaererlgxcceimrxmbarenxgxaalaeaxbegxcceiocmlcbssnxgxaalaeaoargxcceimcrxeoconxgxaalaeabesgxcceimcrxeoaonxgxaalaeabesgxcceimcrxeosenxgxaalaeabecgxcceimcrxeorcnxgxaalaeabemgxcceimrxmbacanxgxaalaeallxgxcceimexlaeoonxgxaalaemmbrgxcceimrmbbrmenxgxaalaxsreegxcceimeelarecnxgxaalaxcsbbgxcceialbmlecenxgxaalaxcsbbgxcceicloaecocnxgxaalaxcsbbgxcceimxcbrxrbnxgxaalaxmrsegxcceimaooloranxgxaalaxmbacgxcceicmarxbbonsgxaalaxmbargxcceimxlbalscnxgxaalaxmbargxcceimeembescnxgxaalaxmlbxgxcceimeembecenxgxaalaxmlbxgxcceimrxccoscnxgxaalaossmrgxcceiaaxcamlanxgxaalaossmrgxcceiaaxcamlenxgxaalaossmrgxcceimmxsrbaonxgxaalaocclogxcceimaoolcoonxgxaalaocrxsgxcceixaoossalnxgxaalaocaeegxcceicloaxxmenxgxaalaocaexgxcceicloaxxaanxgxaalaocaexgxcceimrmlcaebnxgxaalaocaobgxcce; expires=Tue, 29 Nov 2022 08:37:08 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Location: https://click.techgus.com/b2/c/c/redir?cid=4&eid=12039&nid=10003&sid=3330375072FaTMhGLq&ts=1669624628&ttl=300&v=v5.5.6&exo_cid=5340764&exffir=eyJ0IjoiMlwvIn0-
X-Robots-Tag: noindex, follow
ocsp.pki.goog/s/gts1p5/ORN9eI1KnF4
142.250.74.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/ORN9eI1KnF4
IP 142.250.74.3:0
Hash fb01911ac2ad98d6c12334550935439a
bcf656837cf215dc94fceb62e86294e99192489d
958299312eb2a75b83d4c556cc0b4dc949f270da77fb9621c5277e0f7c4a2a1e
POST /s/gts1p5/ORN9eI1KnF4 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:08 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 018c336bb21e5926285b964ddda65671
e87485d0c1d835b2e1ba0c8d938a958f7e9113ee
19f036219a168f2aa5c79ff0fc02a3d92ece2a05507c7e227caca0aaf4f6a81f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=107622
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:08 GMT
Etag: "6383749a-117"
Expires: Tue, 29 Nov 2022 14:30:50 GMT
Last-Modified: Sun, 27 Nov 2022 14:30:50 GMT
Server: nginx
Content-Length: 279
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 1daa1f04955fc886dbad74f27554ecfd
c42cbc6c0876104c632587731cd9c8f693d917b5
f3f15bdc2f8af456fc721a9a7ca4198112f9d050623de43fbb9f4abe86550b2a
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=143610
Date: Mon, 28 Nov 2022 08:37:08 GMT
Etag: "6384012e-1d7"
Expires: Wed, 30 Nov 2022 00:30:38 GMT
Last-Modified: Mon, 28 Nov 2022 00:30:38 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 9ede9483eb891e14681c7c693b47c862.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: hh0tXMyQ6V3ldE7sdqgbPneA6pFtFYb5NMaYuoK2jkuyoJZJTlBk5Q==
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 546bf54815b24036f0c3ada6c0fc9608
a1ebff3ed947e3e7aeb211246f331ac5ba5b470d
5b5193e1b76b89501f364a487393592e0bee8d9c22900cec037783afa93d9e6f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5B5193E1B76B89501F364A487393592E0BEE8D9C22900CEC037783AFA93D9E6F"
Last-Modified: Sat, 26 Nov 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2273
Expires: Mon, 28 Nov 2022 09:15:01 GMT
Date: Mon, 28 Nov 2022 08:37:08 GMT
Connection: keep-alive
push.services.mozilla.com/
54.187.71.185101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.187.71.185:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: et6f1weOxdxXpwDRJiXH4Q==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: RGApaNx9iw8Et7yud1zb2JE41wo=
click.techgus.com/b2/c/c/redir?cid=4&eid=12039&nid=10003&sid=3330375072FaTMhGLq&ts=1669624628&ttl=300&v=v5.5.6&exo_cid=5340764&exffir=eyJ0IjoiMlwvIn0-
109.206.175.73200 OK 1.2 kB URL HTTP/1.1 click.techgus.com/b2/c/c/redir?cid=4&eid=12039&nid=10003&sid=3330375072FaTMhGLq&ts=1669624628&ttl=300&v=v5.5.6&exo_cid=5340764&exffir=eyJ0IjoiMlwvIn0-
IP 109.206.175.73:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash b8bd24e5cfc6b9984f91b161c6653e2c
679db3db5d1256e044557571b71936c2e8b199d7
558d2dd930ebc9045f9222570d02441d549e8df50b5282f2829f575b615f3a81
GET /b2/c/c/redir?cid=4&eid=12039&nid=10003&sid=3330375072FaTMhGLq&ts=1669624628&ttl=300&v=v5.5.6&exo_cid=5340764&exffir=eyJ0IjoiMlwvIn0- HTTP/1.1
Host: click.techgus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: dspclick-v3.7.21.1
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: text/html
content-length: 1178
syndication.realsrv.com/splash.php?type=8&idzone=4785730&p=https://xsportshd.com&tested=2/
95.211.229.245302 Found 0 B URL HTTP/1.1 syndication.realsrv.com/splash.php?type=8&idzone=4785730&p=https://xsportshd.com&tested=2/
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /splash.php?type=8&idzone=4785730&p=https://xsportshd.com&tested=2/ HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 08:37:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226384733491d135.19033573615586358%22%3B%7D; expires=Wed, 27 Nov 2024 08:37:08 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=cmmsxrbonxgxaalsbbboageicmmsxaeenxgxaalsmleergeimacslbecnxgxaaabssxamgeislsaroornxgxaalrmxecrgeicxbmsbxcnxgxaalaxmrsegeioslmrxlrnxgxaalrollmegeiccmmlmlcnxgxaalcscrlmgeialbsereanxgxaalrollmegeioslmrxbrnxgxaalrlccrxgeicxbmsbcenxgxaalrlccrxgeioslmrxlsnxgxaalreolamgeicxbmsbocnxgxaalrcerlbgeicxbmsboenxgxaalrbsbllgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaablbccmbgeiccmmlleanxgxaalrollmegeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaalccxmexgeimacslbeenxgxaaboslelageioslmroemnxgxaalraseexgeioslmrxbmnxgxaalaxmrsegeicaxsscmbnxgxaalsombbogeicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaalrlccrxgeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaalrcerllgeimcclsoeonxgxaamxaacblgeimacslbeonxgxaaloesaslgeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaalrrccrxgeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaammemsrlgeimcclsxlcnxgxaamrscxmxgeimaecseranxgxaabrlemaegeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaalosseolgeicaormbmbnxgxaalrexasogeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaalolablsgeimcclsxconxgxaalrbbbaageimcclsxmenxgxaalrlccrxgeialbserxonxgxaalcscrlmgeimccloscenxgxaamabsxrmgeimcclsxxonxgxaalrcerllgeimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaaloarmmlgeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaalsxarlegeimacslbeanxgxaablxaelxgeialbserecnxgxaalssbrcxgeiccmmllecnxgxaalcsrbbbgeisaeeasslnxgxaabrbeccogeimcclossanxgxaabrlemaegeimcclsxronxgxaalraseexgeimaecseabnxgxaabrlemaegeimrblelrcnxgxaabrlemaegeimrblxemonxgxaabrlemaegeimcclsxcanxgxaalrlccrxgeimaecsxoonxgxaabmalbxxgeircsxcxscnxgxaabbxeomsgeicaormbbenxgxaalexxbcxgeiabeocmconxgxaablxrcmmgeimcclsxxcnxgxaalesmxrsgeimrblxeeanxgxaablsaloageimaecsemanxgxaablsaloageimaecselonxgxaaloaroaageimcclsxacnxgxaalrcerllgeimcclselenxgxaalreolamgeimaecsxronxgxaalxmmoorgeimaecsxsenxgxaalxmmoorgeimaecsercnxgxaalxmmoorgeimaecsembnxgxaalxmmoorgeimaecselenxgxaalxmmoorgeimaecobobnxgxaalsmleergeimaecomoanxgxaalsbbboageimrblxxoenxgxaalsbmacmgeimaecobsbnxgxaalsbbboageimrblxosonxgxaalsbbboageimcclsxmanxgxaalrollmegeimasbmxconxgxaalrsbmlegxcceimxxerrecnxgxaalrcerlbgxcceimxcbrxscnxgxaalrcerllgxcceimxxerreanxgxaalrcerllgxcceimxxerrebnxgxaalrcerllgxcceimxcbrxabnxgxaalrcerllgxcceimrxccosencgxaalrcerllgxcceialbbebsanxgxaalrcerllgxcceimaoobbebnxgxaalrcxbrsgxcceimraeelaanxgxaalrcxbrsgxcceixaoosscrnxgxaalrcrlbmgxcceimrxccosancgxaalrcrlbmgxcceimxcbrxronxgxaalrcrlbmgxcceimraeelabnxgxaalrcmelsgxcceicxsxcobxnxgxaalrclsllgxcceimxlbalsbnogxaalrrccrxgxcceialcaercenxgxaalrrccrxgxcceimaoobrbansgxaalrrccrxgxcceimaoobrbcnsgxaalrrccrxgxcceimmoeosaenxgxaalrrrsccgxcceimeembesonxgxaalrrrsccgxcceimmxsrbabnsgxaalrrrsccgxcceimasbmxsanxgxaalrraxsagxcceimxlbmoconsgxaalrrasoegxcceimxeoxsacnrgxaalrrasoegxcceimxcbrxcbnxgxaalrrasoxgxcceimclxlloanogxaalrrasaagxcceialxosmbanxgxaalrrasaagxcceimxlbmxlonogxaalrrmxcbgxcceimasbmxsonxgxaalrrbbcsgxcceicloaxxoanxgxaalrrleoagxcceicloaecoenxgxaalrrleomgxcceimraeelsonxgxaalrrleomgxcceiallxlmscnxgxaalraexcmgxcceimrmaobxanogxaalraexbmgxcceimcssmlrenrgxaalraoslcgxcceimaoolslanxgxaalrasoccgxcceimmoeosaonxgxaalracloegxcceimmoeosscnxgxaalracloegxcceimmoeosconxgxaalracloegxcceiccblrxrbnxgxaalracloegxcceimsacexoonxgxaalrarlxsgxcceimxlbalcenogxaalrmerbxgxcceimxlbmxbbnogxaalrmerbxgxcceimrxccosoncgxaalrmeabxgxcceicloaxxabnxgxaalrmeabxgxcceimxlbmxlenogxaalrmeabxgxcceirrbbcsacnxgxaalrmxecrgxcceicbbmelocnogxaalrmxecagxcceiaaxcambbnogxaalrmxxllgxcceialrexexbnxgxaalrmxxllgxcceiccblrxaanxgxaalrmocmagxcceimoobcomanxgxaalrmocmagxcceimoobcobenxgxaalrmocmagxcceimoobcoabnxgxaalrmocmagxcceimoobcoaonxgxaalrmocmlgxcceimoobcomonxgxaalrmocmlgxcceimoobcomenxgxaalrmocmlgxcceimoobcoaanxgxaalrmocmlgxcceimeelareanxgxaalrmsbregxcceimemlxbocnogxaalrmsbregxcceimemlxmcbnxgxaalrmccomgxcceimmxcxslenxgxaalrmccolgxcceimasbmxsbnogxaalrmbrrbgxcceimaaaerobnxgxaalrmbrlrgxcceimmossscensgxaalrmlxbegxcceimrbxmxmanxgxaalrmlxbegxcceialbmlexcnxgxaalrbxsrsgxcceimasbmxsenxgxaalrbooecgxcceimxxerrxenxgxaalrbsblcgxcceimmosssconagxaalrbsbllgxcceimxlbmosenogxaalrbsbllgxcceialbbebsbnxgxaalrbsbllgxcceimxcbrxocnxgxaalrbsbllgxcceimxxerreonxgxaalrbsbllgxcceialrexeoonxgxaalrbsbllgxcceimxlbmoscnogxaalrbsbllgxcceimrmbbrcanxgxaalrbcesrgxcceimrmbbrconxgxaalrbcesrgxcceicloaxxmonxgxaalrbcxabgxcceimecmmelonxgxaalrbcomrgmoeimecmmelenxgxaalrbcseegmoeimexexabbnxgxaalrbcmlcgxcceimmooobrbnxgxaalrbcbregxcceialbmmbbenxgxaalrbcbregxcceimmooobranxgxaalrbcbregxcceimxcbrxmbnxgxaalrbcbregxcceimxlbmosanogxaalrbclbbgxcceicxmecmcanxgxaalrbabxbgxcceialbmbrmcnxgxaalrbmormgxcceicloaxxobnxgxaalrbmormgxcceialbmbrmanxgxaalrbmormgxcceimxeemblonxgxaalrbmormgxcceialbmbrabnxgxaalrbmormgxcceialbmlesenxgxaalrbmsrxgxcceicloaecoanxgxaalrbmblxgxcceimmxccmeonxgxaalrbboeagxcceimxlbmoobnogxaalrbboeagxcceimxlbmosonogxaalrbbbaagxcceirreacmsbnxgxaalrbbbaagxcceimcssmlrcnsgxaalrbbbaagxcceimxxrecsanxgxaalrbblorgxcceimeelaclanmgxaalrbblorgxcceimrbleaxonxgxaalrbblorgxcceimellboscnxgxaalrbblorgxcceimellbooenxgxaalrbblorgxcceiaaxcamlcnxgxaalrbblorgxcceimeelaclonagxaalrbblorgxcceimeelaclcnagxaalrbblorgxcceimellbosonxgxaalrbblorgxcceialbmlecanxgxaalrblxcbgxcceimaoolxxbnxgxaalrlebrmgxcceimclsaoxbncgxaalrlebrmgxcceimcoaxmxoncgxaalrlebrmgxcceimcssmlronsgxaalrlebrmgxcceimmxerboonxgxaalrlxccogxcceialbmmbbonxgxaalrlxbsrgxcceimcoaxmxcncgxaalrlxlbcgxcceimmxsrbmensgxaalrlxlbcgxcceimaoolcoenxgxaalrlolaogxcceimecmmelcnxgxaalrlolaogmoeimxlbmxlcnogxaalrlolaogxcceimxrrmllbnxgxaalrlssxbgxcceialblcxmbnxgxaalrlssxbgxcceislmbeslrnxgxaalrlssxbgxcceialblcxbonxgxaalrlssxbgxcceimxrrbeecnxgxaalrlssxbgxcceislmbecesnxgxaalrlssxbgxcceiaaxcabeenxgxaalrlsaaxgxcceimxeemblenogxaalrlsaaogxcceimxeemleanxgxaalrlcelegxcceimxcbrxcenxgxaalrlccrxgxcceialbbebrenxgxaalrlccrxgxcceimxcbrxaonxgxaalrlccrxgxcceimmooobronxgxaalaeelregxcceimxeoxsbenrgxaalaecrlrgxcceimxcbrxbenxgxaalaecrlrgxcceimxcbrxsenxgxaalaererlgxcceimrxmbarenxgxaalaeaxbegxcceiocmlcbssnxgxaalaeaoargxcceimcrxeoconxgxaalaeabesgxcceimcrxeoaonxgxaalaeabesgxcceimcrxeosenxgxaalaeabecgxcceimcrxeorcnxgxaalaeabemgxcceimrxmbacanxgxaalaeallxgxcceimexlaeoonxgxaalaemmbrgxcceimrmbbrmenxgxaalaxsreegxcceimeelarecnxgxaalaxcsbbgxcceialbmlecenxgxaalaxcsbbgxcceicloaecocnxgxaalaxcsbbgxcceimxcbrxrbnxgxaalaxmrsegxcceimaooloranxgxaalaxmbacgxcceicmarxbbonsgxaalaxmbargxcceimxlbalscnxgxaalaxmbargxcceimeembescnxgxaalaxmlbxgxcceimeembecenxgxaalaxmlbxgxcceimrxccoscnxgxaalaossmrgxcceiaaxcamlanxgxaalaossmrgxcceiaaxcamlenxgxaalaossmrgxcceimmxsrbaonxgxaalaocclogxcceimaoolcoonxgxaalaocrxsgxcceixaoossalnxgxaalaocaeegxcceicloaxxmenxgxaalaocaexgxcceicloaxxaanxgxaalaocaexgxcceimrmlcaebnxgxaalaocaobgxcceicammlcrcnxgxaalaocaobgxcce; expires=Tue, 29 Nov 2022 08:37:08 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-link%22%3A%22v3%7C%7CNOR%7C4785730%7C46779454%7C0%7C%7C496%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C63aaa021a361a4769823bce8ef78977a%7C0%7Cxsportshd.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 29 Nov 2022 08:37:08 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Location: https://bit-maximalist.com/views/pages/templates/13/17/6
X-Robots-Tag: noindex, follow
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2c807f53e22d9cd9496f6fdcd2ac132d
83331b71f37660369f66b431a954b9452df6f372
b6b363fa040d5b64d6840d6b49d74cd947314dab76ed70a9c2a5d491a736ecad
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "B6B363FA040D5B64D6840D6B49D74CD947314DAB76ED70A9C2A5D491A736ECAD"
Last-Modified: Sat, 26 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20835
Expires: Mon, 28 Nov 2022 14:24:23 GMT
Date: Mon, 28 Nov 2022 08:37:08 GMT
Connection: keep-alive
syndication.realsrv.com/splash.php?type=8&idzone=4785728&p=https://xsportshd.com&tested=2/
95.211.229.245302 Found 0 B URL HTTP/1.1 syndication.realsrv.com/splash.php?type=8&idzone=4785728&p=https://xsportshd.com&tested=2/
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /splash.php?type=8&idzone=4785728&p=https://xsportshd.com&tested=2/ HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 08:37:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22638473348fd148.837989451102730459%22%3B%7D; expires=Wed, 27 Nov 2024 08:37:08 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-link%22%3A%22v3%7C%7CNOR%7C4785728%7C76650656%7C0%7C%7C502%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C63aaa021a361a4769823bce8ef78977a%7C0%7Cxsportshd.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 29 Nov 2022 08:37:08 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Location: https://t.ev-dating.com/2ff967ff-a00e-47a7-9f06-ac0ff8909e98?campid=5416286&varid=76650656&source=xsportshd.com&email={email_encoded}&ctags=generic&siteid=871512&zoneid=4785728&catid=502&country=NOR&format=&cost=0.0000001&tag=ooc4ASOpstqsntdZXXVLXVW6VzqpZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOdXRnnnLPNnRXNnTZXdbPRprvbvxZbdZZm6VyiiCQxeto9Q_uc6V0rpXSuldK6V0rpXB9g
X-Robots-Tag: noindex, follow
publicatadlit.com/tid=215664.html
172.67.132.30200 OK 2.2 kB URL HTTP/2 publicatadlit.com/tid=215664.html
IP 172.67.132.30:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (329)
Hash 8aa55fd31cd6b5625e6c8a1c21fce072
56bf017ecc2bd353f937d49a64f75b04293f57b2
31bcc2903f4bedd9a433d1a9cc838de385ba89042aabe4d547f630443ce04378
GET /tid=215664.html HTTP/1.1
Host: publicatadlit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:07 GMT
content-type: text/html
last-modified: Sat, 19 Nov 2022 19:13:58 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u85eyEMC0JguPTCaMfYrKsos5yRTO1ef264hMVuWRvczY4UBimKDG1RVE6c2z6cRUPzZX4FyFlUZXfOxY8SuKW6FQI0NGGpoD9pUwKtKo%2BmCSfpqxZQUmR7RJyYQDWUAyCqGtQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711c7a30b6c0afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
publicatedlit.com/redirect?tid=957887&tested=2&if=0
54.230.111.97302 Found 0 B URL HTTP/2 publicatedlit.com/redirect?tid=957887&tested=2&if=0
IP 54.230.111.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=957887&tested=2&if=0 HTTP/1.1
Host: publicatedlit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://click-v4.expmdiadi.com/click?i=ul7pFF82i2w_0
date: Mon, 28 Nov 2022 08:37:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=7f09a85b-8fff-47ee-b5cf-db3ac93b3fb5
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: t9tWYipn0UJ-a851epTYe8lu5C7cdsTVjVZpLIk5fONyWvFea-Zp-A==
X-Firefox-Spdy: h2
publicatedlit.com/redirect?tid=963757&tested=2
54.230.111.97302 Found 0 B URL HTTP/2 publicatedlit.com/redirect?tid=963757&tested=2
IP 54.230.111.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=963757&tested=2 HTTP/1.1
Host: publicatedlit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://granorizes.com/ie?v=4&c=XlpUFeOelULOPMaOY4Zb38cPJNnqFpwi6nqWtI1vvyiY-njx2L5WxiFmZFxFXqsMKYEtT_Sg2gY7s3OhU_g1tkW26d4hFJjeC-RuRsnjLh_rmrfO7p7e-g4FdAeueps9odBnUB85T22_CGZgCXHsmwKw8XVzBPj3q7iZSHUf2LwPWtZYRAppK4jNCrUWnBxrn1q7NTcYjr08SClMaiuC7re2cjoAefwcvK6dZwnr8tYqMdin_UeOYNULH9CU7diDabR_pQkhpr1qd3xUt5419qhyFC091s1fywbHBZo6STNfq6thyzClGI0AehYF9ZVeX1x6AHJ6gSQTvm37QgBJC4jWu-yA3mJjGM9udAcDwtKmFOiRaIzMNdtaku5_wmlBj_b58QaUw6GYvmGNLn-IF8mJTHaIzSiYJO-zUufbGWZIFfHMIiJFsSgcjleYATiq7oLeYj_8AOXXdOwClnChZ0869vx1nY4=
date: Mon, 28 Nov 2022 08:37:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=bd8b50a8-133b-424e-a842-bf9626f51d74
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: SVAUox0DiUEDeNdFiB-ahvYW5Ap6plx8RXwCjR-4cGNak5LWY7I4cg==
X-Firefox-Spdy: h2
publicatedlit.com/redirect?tid=963757&tested=2&if=0
54.230.111.97302 Found 0 B URL HTTP/2 publicatedlit.com/redirect?tid=963757&tested=2&if=0
IP 54.230.111.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=963757&tested=2&if=0 HTTP/1.1
Host: publicatedlit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://granorizes.com/ie?v=4&c=sk4mffhk4sEkDMlQ6vgAmEEmvMJt-0BliVtd_yp_618H3znj21DTRmc7pnSYrwuhMj2lzmuhR83SmnQJygoTmoRwCLEhbpQtOpsCii4XI67NSHyGUATXNq0WZb5pKwsm_VXVP9xPJ6QfrOEsYYqhpuFhI9juA_1cV0XgJ-CtpTCtP_l6t7DpVoxHVkfqI1Gx0_YBKrnS-QTkJI7FFjGUE_5YdVhKyPRqxx_4U9ctqx2TbB4yTL8pFUf7l0uOmgyltO4YZPoiYGjiFQ-by8Fzp3sKTmIYNpegz-0eXyCDx6zXAoKotHpdqf86zZwpa6T8iEP5YjmZde2DoFWtVXZ555wVfYYO57AAvvoSWvROdtt4nbbUrGVSUzWt5j5yeoKJ6woB5VfIqheRh1bwRD5f-JgLPXtFPgV2uo51bxsqDp9Mer2R8DjV3ytF_9u2CG-E9nhw82Q24-WzPIYzavo0M3RjsfUoWX0=
date: Mon, 28 Nov 2022 08:37:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=93613987-377d-4fa4-b6a6-0cb1fecd6ba4
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: qShV_jDmwTOb2kXj-bxepa5N-UNcJU2M1B35nckXda5-Jz9CeB7fNQ==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2c807f53e22d9cd9496f6fdcd2ac132d
83331b71f37660369f66b431a954b9452df6f372
b6b363fa040d5b64d6840d6b49d74cd947314dab76ed70a9c2a5d491a736ecad
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "B6B363FA040D5B64D6840D6B49D74CD947314DAB76ED70A9C2A5D491A736ECAD"
Last-Modified: Sat, 26 Nov 2022 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20835
Expires: Mon, 28 Nov 2022 14:24:23 GMT
Date: Mon, 28 Nov 2022 08:37:08 GMT
Connection: keep-alive
ocsp.pki.goog/s/gts1p5/a_NOaiV189g
142.250.74.3200 OK 470 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/a_NOaiV189g
IP 142.250.74.3:0
Hash c2fffc1e8b0beec848c171d03da00597
6361618d3596261786dca42e0c59cd28d7fa5e4a
34d40eec79779fa08876e340c9238722b42659cf7f04ecbdf4db733e7523167d
POST /s/gts1p5/a_NOaiV189g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 82
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:08 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 470
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 2cc276bc6e37ae4424fc592695a4a620
5985cf38b5c2c7d60b92e38d44292c1cdb92a31d
76e5391da9b3c4be13d32e649478c3c82da81a8a60644e29ad617f25154fc3cf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "76E5391DA9B3C4BE13D32E649478C3C82DA81A8A60644E29AD617F25154FC3CF"
Last-Modified: Sun, 27 Nov 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15735
Expires: Mon, 28 Nov 2022 12:59:23 GMT
Date: Mon, 28 Nov 2022 08:37:08 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 6b4620c230107c4a41a550936ae73d30
41c55d76d7fec5f9e9b6b41c63be76039ab51d7b
84323dcb2bf41d37624d351e7102832e267b2af6772e06575f52012d510ebacb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3606
Cache-Control: max-age=170655
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:08 GMT
Etag: "63845cbd-116"
Expires: Wed, 30 Nov 2022 08:01:23 GMT
Last-Modified: Mon, 28 Nov 2022 07:01:17 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278
syndication.realsrv.com/splash.php?type=8&idzone=4846402&p=https://xsportshd.com&tested=2/
95.211.229.245302 Found 0 B URL HTTP/1.1 syndication.realsrv.com/splash.php?type=8&idzone=4846402&p=https://xsportshd.com&tested=2/
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /splash.php?type=8&idzone=4846402&p=https://xsportshd.com&tested=2/ HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://publicatadlit.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 08:37:08 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226384733491cad6.57221471528465370%22%3B%7D; expires=Wed, 27 Nov 2024 08:37:08 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=cmmsxrbonxgxaalsbbboageicmmsxaeenxgxaalsmleergeimacslbecnxgxaaabssxamgeislsaroornxgxaalrmxecrgeicxbmsbxcnxgxaalaxmrsegeioslmrxlrnxgxaalrollmegeiccmmlmlcnxgxaalcscrlmgeialbsereanxgxaalrollmegeioslmrxbrnxgxaalrlccrxgeicxbmsbcenxgxaalrlccrxgeioslmrxlsnxgxaalreolamgeicxbmsbocnxgxaalrcerlbgeicxbmsboenxgxaalrbsbllgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaablbccmbgeiccmmlleanxgxaalrollmegeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaalccxmexgeimacslbeenxgxaaboslelageioslmroemnxgxaalraseexgeioslmrxbmnxgxaalaxmrsegeicaxsscmbnxgxaalsombbogeicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaalrlccrxgeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaalrcerllgeimcclsoeonxgxaamxaacblgeimacslbeonxgxaaloesaslgeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaalrrccrxgeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaammemsrlgeimcclsxlcnxgxaamrscxmxgeimaecseranxgxaabrlemaegeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaalosseolgeicaormbmbnxgxaalrexasogeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaalolablsgeimcclsxconxgxaalrbbbaageimcclsxmenxgxaalrlccrxgeialbserxonxgxaalcscrlmgeimccloscenxgxaamabsxrmgeimcclsxxonxgxaalrcerllgeimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaaloarmmlgeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaalsxarlegeimacslbeanxgxaablxaelxgeialbserecnxgxaalssbrcxgeiccmmllecnxgxaalcsrbbbgeisaeeasslnxgxaabrbeccogeimcclossanxgxaabrlemaegeimcclsxronxgxaalraseexgeimaecseabnxgxaabrlemaegeimrblelrcnxgxaabrlemaegeimrblxemonxgxaabrlemaegeimcclsxcanxgxaalrlccrxgeimaecsxoonxgxaabmalbxxgeircsxcxscnxgxaabbxeomsgeicaormbbenxgxaalexxbcxgeiabeocmconxgxaablxrcmmgeimcclsxxcnxgxaalesmxrsgeimrblxeeanxgxaablsaloageimaecsemanxgxaablsaloageimaecselonxgxaaloaroaageimcclsxacnxgxaalrcerllgeimcclselenxgxaalreolamgeimaecsxronxgxaalxmmoorgeimaecsxsenxgxaalxmmoorgeimaecsercnxgxaalxmmoorgeimaecsembnxgxaalxmmoorgeimaecselenxgxaalxmmoorgeimaecobobnxgxaalsmleergeimaecomoanxgxaalsbbboageimrblxxoenxgxaalsbmacmgeimaecobsbnxgxaalsbbboageimrblxosonxgxaalsbbboageimcclsxmanxgxaalrollmegeimasbmxconxgxaalrsbmlegxcceimxxerrecnxgxaalrcerlbgxcceimxcbrxscnxgxaalrcerllgxcceimxxerreanxgxaalrcerllgxcceimxxerrebnxgxaalrcerllgxcceimxcbrxabnxgxaalrcerllgxcceimrxccosencgxaalrcerllgxcceialbbebsanxgxaalrcerllgxcceimaoobbebnxgxaalrcxbrsgxcceimraeelaanxgxaalrcxbrsgxcceixaoosscrnxgxaalrcrlbmgxcceimrxccosancgxaalrcrlbmgxcceimxcbrxronxgxaalrcrlbmgxcceimraeelabnxgxaalrcmelsgxcceicxsxcobxnxgxaalrclsllgxcceimxlbalsbnogxaalrrccrxgxcceialcaercenxgxaalrrccrxgxcceimaoobrbansgxaalrrccrxgxcceimaoobrbcnsgxaalrrccrxgxcceimmoeosaenxgxaalrrrsccgxcceimeembesonxgxaalrrrsccgxcceimmxsrbabnsgxaalrrrsccgxcceimasbmxsanxgxaalrraxsagxcceimxlbmoconsgxaalrrasoegxcceimxeoxsacnrgxaalrrasoegxcceimxcbrxcbnxgxaalrrasoxgxcceimclxlloanogxaalrrasaagxcceialxosmbanxgxaalrrasaagxcceimxlbmxlonogxaalrrmxcbgxcceimasbmxsonxgxaalrrbbcsgxcceicloaxxoanxgxaalrrleoagxcceicloaecoenxgxaalrrleomgxcceimraeelsonxgxaalrrleomgxcceiallxlmscnxgxaalraexcmgxcceimrmaobxanogxaalraexbmgxcceimcssmlrenrgxaalraoslcgxcceimaoolslanxgxaalrasoccgxcceimmoeosaonxgxaalracloegxcceimmoeosscnxgxaalracloegxcceimmoeosconxgxaalracloegxcceiccblrxrbnxgxaalracloegxcceimsacexoonxgxaalrarlxsgxcceimxlbalcenogxaalrmerbxgxcceimxlbmxbbnogxaalrmerbxgxcceimrxccosoncgxaalrmeabxgxcceicloaxxabnxgxaalrmeabxgxcceimxlbmxlenogxaalrmeabxgxcceirrbbcsacnxgxaalrmxecrgxcceicbbmelocnogxaalrmxecagxcceiaaxcambbnogxaalrmxxllgxcceialrexexbnxgxaalrmxxllgxcceiccblrxaanxgxaalrmocmagxcceimoobcomanxgxaalrmocmagxcceimoobcobenxgxaalrmocmagxcceimoobcoabnxgxaalrmocmagxcceimoobcoaonxgxaalrmocmlgxcceimoobcomonxgxaalrmocmlgxcceimoobcomenxgxaalrmocmlgxcceimoobcoaanxgxaalrmocmlgxcceimeelareanxgxaalrmsbregxcceimemlxbocnogxaalrmsbregxcceimemlxmcbnxgxaalrmccomgxcceimmxcxslenxgxaalrmccolgxcceimasbmxsbnogxaalrmbrrbgxcceimaaaerobnxgxaalrmbrlrgxcceimmossscensgxaalrmlxbegxcceimrbxmxmanxgxaalrmlxbegxcceialbmlexcnxgxaalrbxsrsgxcceimasbmxsenxgxaalrbooecgxcceimxxerrxenxgxaalrbsblcgxcceimmosssconagxaalrbsbllgxcceimxlbmosenogxaalrbsbllgxcceialbbebsbnxgxaalrbsbllgxcceimxcbrxocnxgxaalrbsbllgxcceimxxerreonxgxaalrbsbllgxcceialrexeoonxgxaalrbsbllgxcceimxlbmoscnogxaalrbsbllgxcceimrmbbrcanxgxaalrbcesrgxcceimrmbbrconxgxaalrbcesrgxcceicloaxxmonxgxaalrbcxabgxcceimecmmelonxgxaalrbcomrgmoeimecmmelenxgxaalrbcseegmoeimexexabbnxgxaalrbcmlcgxcceimmooobrbnxgxaalrbcbregxcceialbmmbbenxgxaalrbcbregxcceimmooobranxgxaalrbcbregxcceimxcbrxmbnxgxaalrbcbregxcceimxlbmosanogxaalrbclbbgxcceicxmecmcanxgxaalrbabxbgxcceialbmbrmcnxgxaalrbmormgxcceicloaxxobnxgxaalrbmormgxcceialbmbrmanxgxaalrbmormgxcceimxeemblonxgxaalrbmormgxcceialbmbrabnxgxaalrbmormgxcceialbmlesenxgxaalrbmsrxgxcceicloaecoanxgxaalrbmblxgxcceimmxccmeonxgxaalrbboeagxcceimxlbmoobnogxaalrbboeagxcceimxlbmosonogxaalrbbbaagxcceirreacmsbnxgxaalrbbbaagxcceimcssmlrcnsgxaalrbbbaagxcceimxxrecsanxgxaalrbblorgxcceimeelaclanmgxaalrbblorgxcceimrbleaxonxgxaalrbblorgxcceimellboscnxgxaalrbblorgxcceimellbooenxgxaalrbblorgxcceiaaxcamlcnxgxaalrbblorgxcceimeelaclonagxaalrbblorgxcceimeelaclcnagxaalrbblorgxcceimellbosonxgxaalrbblorgxcceialbmlecanxgxaalrblxcbgxcceimaoolxxbnxgxaalrlebrmgxcceimclsaoxbncgxaalrlebrmgxcceimcoaxmxoncgxaalrlebrmgxcceimcssmlronsgxaalrlebrmgxcceimmxerboonxgxaalrlxccogxcceialbmmbbonxgxaalrlxbsrgxcceimcoaxmxcncgxaalrlxlbcgxcceimmxsrbmensgxaalrlxlbcgxcceimaoolcoenxgxaalrlolaogxcceimecmmelcnxgxaalrlolaogmoeimxlbmxlcnogxaalrlolaogxcceimxrrmllbnxgxaalrlssxbgxcceialblcxmbnxgxaalrlssxbgxcceislmbeslrnxgxaalrlssxbgxcceialblcxbonxgxaalrlssxbgxcceimxrrbeecnxgxaalrlssxbgxcceislmbecesnxgxaalrlssxbgxcceiaaxcabeenxgxaalrlsaaxgxcceimxeemblenogxaalrlsaaogxcceimxeemleanxgxaalrlcelegxcceimxcbrxcenxgxaalrlccrxgxcceialbbebrenxgxaalrlccrxgxcceimxcbrxaonxgxaalrlccrxgxcceimmooobronxgxaalaeelregxcceimxeoxsbenrgxaalaecrlrgxcceimxcbrxbenxgxaalaecrlrgxcceimxcbrxsenxgxaalaererlgxcceimrxmbarenxgxaalaeaxbegxcceiocmlcbssnxgxaalaeaoargxcceimcrxeoconxgxaalaeabesgxcceimcrxeoaonxgxaalaeabesgxcceimcrxeosenxgxaalaeabecgxcceimcrxeorcnxgxaalaeabemgxcceimrxmbacanxgxaalaeallxgxcceimexlaeoonxgxaalaemmbrgxcceimrmbbrmenxgxaalaxsreegxcceimeelarecnxgxaalaxcsbbgxcceialbmlecenxgxaalaxcsbbgxcceicloaecocnxgxaalaxcsbbgxcceimxcbrxrbnxgxaalaxmrsegxcceimaooloranxgxaalaxmbacgxcceicmarxbbonsgxaalaxmbargxcceimxlbalscnxgxaalaxmbargxcceimeembescnxgxaalaxmlbxgxcceimeembecenxgxaalaxmlbxgxcceimrxccoscnxgxaalaossmrgxcceiaaxcamlanxgxaalaossmrgxcceiaaxcamlenxgxaalaossmrgxcceimmxsrbaonxgxaalaocclogxcceimaoolcoonxgxaalaocrxsgxcceixaoossalnxgxaalaocaeegxcceicloaxxmenxgxaalaocaexgxcceicloaxxaanxgxaalaocaexgxcceimrmlcaebnogxaalaocaobgxcce; expires=Tue, 29 Nov 2022 08:37:08 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Location: https://click.techgus.com/b2/c/c/redir?cid=4&eid=12039&nid=10003&sid=3330375072VjMScCFU&ts=1669624628&ttl=300&v=v5.5.6&exo_cid=5340764&exffir=eyJ0IjoiMlwvIn0-
X-Robots-Tag: noindex, follow
live.batstream.cc/?d=1&s=1&sp=2&fs=12px&tt=none&fc=FFFFFF&tc=FFFFFF&bc=4E5D6C&bhc=3E4A56&thc=FFFFFF&pd=5px&brc=030303&brr=2px&mr=3px&tm=122A33&tmb=FFFFFF&wb=2B3E50&bcc=2B3E50&bsh=0px&rdb=EBEBEB&rdc=333333
172.67.138.117200 OK 20 kB URL HTTP/2 live.batstream.cc/?d=1&s=1&sp=2&fs=12px&tt=none&fc=FFFFFF&tc=FFFFFF&bc=4E5D6C&bhc=3E4A56&thc=FFFFFF&pd=5px&brc=030303&brr=2px&mr=3px&tm=122A33&tmb=FFFFFF&wb=2B3E50&bcc=2B3E50&bsh=0px&rdb=EBEBEB&rdc=333333
IP 172.67.138.117:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- troff or preprocessor input, ASCII text, with very long lines (415)
Hash b7622699a4f4f989ffa36cb19ea35d86
c2dd017300c664a854f09565caa85c1196c73294
6ea606b56f02e6d3fa291be6462c8597f6cdb0b1909fb4480c376ab323efffad
GET /?d=1&s=1&sp=2&fs=12px&tt=none&fc=FFFFFF&tc=FFFFFF&bc=4E5D6C&bhc=3E4A56&thc=FFFFFF&pd=5px&brc=030303&brr=2px&mr=3px&tm=122A33&tmb=FFFFFF&wb=2B3E50&bcc=2B3E50&bsh=0px&rdb=EBEBEB&rdc=333333 HTTP/1.1
Host: live.batstream.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: text/html; charset=UTF-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=D%2FBkUkiM67CLGfsVoLLSQr9qRHvrVhXOfB9bv%2F419h85NyEH78DrgMEcueyZ%2FkrL391r1AEhWlJ7HvLQLp9sUNVQYBgWOnEZz5WY8BGyrSBEvF5raucTFkfAyJUt7dA3pTV5OA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711c7a9cb410af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
witalfieldt.com/redirect?tid=962276
54.230.111.7302 Found 0 B URL HTTP/2 witalfieldt.com/redirect?tid=962276
IP 54.230.111.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=962276 HTTP/1.1
Host: witalfieldt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://livestotal.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: http://recode.pw/ad?id=22850&impid=166962462844338&rkey=0&u=390
date: Mon, 28 Nov 2022 08:37:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=f0c3f5e9-5dd3-4db6-9457-8a30ed1f66ba
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: MSirj6E8x3rd31cjRJphNCeD6sEmn_jeZfP0Ycjk7Wf6xwcdEa1Sxg==
X-Firefox-Spdy: h2
publicatedlit.com/redirect?tid=957887
54.230.111.97302 Found 0 B URL HTTP/2 publicatedlit.com/redirect?tid=957887
IP 54.230.111.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=957887 HTTP/1.1
Host: publicatedlit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://granorizes.com/ie?v=4&c=OmtWlwrHTzlxQ0Y66NdmfupZW2nJufzMRVEVz-ovGOpNoo7pZv0QT2rQRcGIUggzKTA9ClZhujLSSiUdNsFhCRmgeW8JhrvfYk_0I-DEuF4xWdls8O4oJEpadeaJK5tM-BfAzBHmVdZztME_pwgh24SAy6bhSN4xDsyCJpCvTkmVA88AIEFjj3Ge9NfO1YnYs57xJwam8q-s8E6xWfW7e0QtJouOzkmRvLljFFH8RcSWTL9-d1CbqEGPkfQw_3xurJHCNO1FDvvDJttXGsgyniXYD3z7eEj1aCtAIWAzeUvt_Rl0DBAOEFmAzTHEOH28h-HIKS9tkaN_L_hWwb8s1_FLZPeC_dJ5fc8h50OcdzcNQ9drUr1E8zjb5RPZT5pKknbSjdftJFTFiEJBVZCvSD1p-nIqMppMgddk0nVX8PfoqfpKRlJ5GU6okE-eZw3ILFQ4Yvk9Ws7mrZ7MiX4k4X-E1Jr8xcc=
date: Mon, 28 Nov 2022 08:37:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=9fa44f0c-dab8-4199-aca5-85a08884d7c6
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: sdFF4TfNer7hV4waYbkOV9Jm_o4Eagppxy97yKYcuP9jtcAXeXwEQQ==
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:08 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
witalfieldt.com/redirect?tid=962276&tested=2&if=0
54.230.111.7302 Found 0 B URL HTTP/2 witalfieldt.com/redirect?tid=962276&tested=2&if=0
IP 54.230.111.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=962276&tested=2&if=0 HTTP/1.1
Host: witalfieldt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://livestotal.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://click-v4.expmdiadi.com/click?i=O0isJ3U4U7U_0
date: Mon, 28 Nov 2022 08:37:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=47ba05d6-cb29-4523-b0eb-e88f534d0ee5
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ajOnE5j9hM4wk9zVV98VlGFmUv_SnBnMCQDGQJj3Liwf0bhtbkd1Cw==
X-Firefox-Spdy: h2
click.techgus.com/b2/c/c/redir?cid=4&eid=12039&nid=10003&sid=3330375072VjMScCFU&ts=1669624628&ttl=300&v=v5.5.6&exo_cid=5340764&exffir=eyJ0IjoiMlwvIn0-
109.206.175.73200 OK 1.2 kB URL HTTP/1.1 click.techgus.com/b2/c/c/redir?cid=4&eid=12039&nid=10003&sid=3330375072VjMScCFU&ts=1669624628&ttl=300&v=v5.5.6&exo_cid=5340764&exffir=eyJ0IjoiMlwvIn0-
IP 109.206.175.73:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash a297ddbb41e88ec5b1addd5286c6f84f
f1a52e75628471d60c8848dd02320532cb1f4950
d2be7521d71dec44c54180f229fa68304978cfa59c3c6ea69351309dbfa4faca
GET /b2/c/c/redir?cid=4&eid=12039&nid=10003&sid=3330375072VjMScCFU&ts=1669624628&ttl=300&v=v5.5.6&exo_cid=5340764&exffir=eyJ0IjoiMlwvIn0- HTTP/1.1
Host: click.techgus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://publicatadlit.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: dspclick-v3.7.21.1
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: text/html
content-length: 1178
attentioniau.com/redirect?tid=841123&tested=2&if=0
143.204.55.118302 Found 0 B URL HTTP/2 attentioniau.com/redirect?tid=841123&tested=2&if=0
IP 143.204.55.118:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=841123&tested=2&if=0 HTTP/1.1
Host: attentioniau.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://xml.serving-passthrough.com/click?i=olzfwN4idUY_0
date: Mon, 28 Nov 2022 08:37:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=2dd27122-e094-48a5-bdc9-7e9b40bf153e
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 5PTUHMdx_FTlTrKx8bmDL13pE2lGeT5TACnoCqv6JsYEl85GJvf29A==
X-Firefox-Spdy: h2
witalfieldt.com/redirect?tid=937674&tested=2&if=0
54.230.111.7302 Found 0 B URL HTTP/2 witalfieldt.com/redirect?tid=937674&tested=2&if=0
IP 54.230.111.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=937674&tested=2&if=0 HTTP/1.1
Host: witalfieldt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sportsmix.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://xml.serving-passthrough.com/click?i=H15elQt3apw_0
date: Mon, 28 Nov 2022 08:37:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=2a7a53fb-2fff-4570-a506-50aa19e08d4f
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: _M1X2vts6WL4atcr3pFEF9tlqKS50BuWQbCMCWLrlpXvYB33tDFoag==
X-Firefox-Spdy: h2
granorizes.com/ie?v=4&c=XlpUFeOelULOPMaOY4Zb38cPJNnqFpwi6nqWtI1vvyiY-njx2L5WxiFmZFxFXqsMKYEtT_Sg2gY7s3OhU_g1tkW26d4hFJjeC-RuRsnjLh_rmrfO7p7e-g4FdAeueps9odBnUB85T22_CGZgCXHsmwKw8XVzBPj3q7iZSHUf2LwPWtZYRAppK4jNCrUWnBxrn1q7NTcYjr08SClMaiuC7re2cjoAefwcvK6dZwnr8tYqMdin_UeOYNULH9CU7diDabR_pQkhpr1qd3xUt5419qhyFC091s1fywbHBZo6STNfq6thyzClGI0AehYF9ZVeX1x6AHJ6gSQTvm37QgBJC4jWu-yA3mJjGM9udAcDwtKmFOiRaIzMNdtaku5_wmlBj_b58QaUw6GYvmGNLn-IF8mJTHaIzSiYJO-zUufbGWZIFfHMIiJFsSgcjleYATiq7oLeYj_8AOXXdOwClnChZ0869vx1nY4=
138.201.194.90200 OK 4.9 kB URL HTTP/1.1 granorizes.com/ie?v=4&c=XlpUFeOelULOPMaOY4Zb38cPJNnqFpwi6nqWtI1vvyiY-njx2L5WxiFmZFxFXqsMKYEtT_Sg2gY7s3OhU_g1tkW26d4hFJjeC-RuRsnjLh_rmrfO7p7e-g4FdAeueps9odBnUB85T22_CGZgCXHsmwKw8XVzBPj3q7iZSHUf2LwPWtZYRAppK4jNCrUWnBxrn1q7NTcYjr08SClMaiuC7re2cjoAefwcvK6dZwnr8tYqMdin_UeOYNULH9CU7diDabR_pQkhpr1qd3xUt5419qhyFC091s1fywbHBZo6STNfq6thyzClGI0AehYF9ZVeX1x6AHJ6gSQTvm37QgBJC4jWu-yA3mJjGM9udAcDwtKmFOiRaIzMNdtaku5_wmlBj_b58QaUw6GYvmGNLn-IF8mJTHaIzSiYJO-zUufbGWZIFfHMIiJFsSgcjleYATiq7oLeYj_8AOXXdOwClnChZ0869vx1nY4=
IP 138.201.194.90:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3197)
Hash b03e0c44d59d6e42c05e08308a15ee88
33758580804360043b1ee88e201d8ff13953e776
31b3308a0ba8790ad3cca18381e056d5ad1e6bcfb06eb152fbd964c1e9ecb078
GET /ie?v=4&c=XlpUFeOelULOPMaOY4Zb38cPJNnqFpwi6nqWtI1vvyiY-njx2L5WxiFmZFxFXqsMKYEtT_Sg2gY7s3OhU_g1tkW26d4hFJjeC-RuRsnjLh_rmrfO7p7e-g4FdAeueps9odBnUB85T22_CGZgCXHsmwKw8XVzBPj3q7iZSHUf2LwPWtZYRAppK4jNCrUWnBxrn1q7NTcYjr08SClMaiuC7re2cjoAefwcvK6dZwnr8tYqMdin_UeOYNULH9CU7diDabR_pQkhpr1qd3xUt5419qhyFC091s1fywbHBZo6STNfq6thyzClGI0AehYF9ZVeX1x6AHJ6gSQTvm37QgBJC4jWu-yA3mJjGM9udAcDwtKmFOiRaIzMNdtaku5_wmlBj_b58QaUw6GYvmGNLn-IF8mJTHaIzSiYJO-zUufbGWZIFfHMIiJFsSgcjleYATiq7oLeYj_8AOXXdOwClnChZ0869vx1nY4= HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: fasthttp
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: text/html
content-length: 4875
x-app-id: 14
witalfieldt.com/redirect?tid=937674
54.230.111.7302 Found 0 B URL HTTP/2 witalfieldt.com/redirect?tid=937674
IP 54.230.111.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=937674 HTTP/1.1
Host: witalfieldt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sportsmix.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://xml.serving-passthrough.com/click?i=POS4S*Fg1pw_0
date: Mon, 28 Nov 2022 08:37:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=a0700ceb-e2c1-4577-a53f-a9a96cf23cce
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0KBB5n1bzZl0KMuenTnwwc1iMnFq-5nFdIXp5xx7l8M8_Sxy6iVj-Q==
X-Firefox-Spdy: h2
granorizes.com/ie?v=4&c=sk4mffhk4sEkDMlQ6vgAmEEmvMJt-0BliVtd_yp_618H3znj21DTRmc7pnSYrwuhMj2lzmuhR83SmnQJygoTmoRwCLEhbpQtOpsCii4XI67NSHyGUATXNq0WZb5pKwsm_VXVP9xPJ6QfrOEsYYqhpuFhI9juA_1cV0XgJ-CtpTCtP_l6t7DpVoxHVkfqI1Gx0_YBKrnS-QTkJI7FFjGUE_5YdVhKyPRqxx_4U9ctqx2TbB4yTL8pFUf7l0uOmgyltO4YZPoiYGjiFQ-by8Fzp3sKTmIYNpegz-0eXyCDx6zXAoKotHpdqf86zZwpa6T8iEP5YjmZde2DoFWtVXZ555wVfYYO57AAvvoSWvROdtt4nbbUrGVSUzWt5j5yeoKJ6woB5VfIqheRh1bwRD5f-JgLPXtFPgV2uo51bxsqDp9Mer2R8DjV3ytF_9u2CG-E9nhw82Q24-WzPIYzavo0M3RjsfUoWX0=
138.201.194.90200 OK 4.9 kB URL HTTP/1.1 granorizes.com/ie?v=4&c=sk4mffhk4sEkDMlQ6vgAmEEmvMJt-0BliVtd_yp_618H3znj21DTRmc7pnSYrwuhMj2lzmuhR83SmnQJygoTmoRwCLEhbpQtOpsCii4XI67NSHyGUATXNq0WZb5pKwsm_VXVP9xPJ6QfrOEsYYqhpuFhI9juA_1cV0XgJ-CtpTCtP_l6t7DpVoxHVkfqI1Gx0_YBKrnS-QTkJI7FFjGUE_5YdVhKyPRqxx_4U9ctqx2TbB4yTL8pFUf7l0uOmgyltO4YZPoiYGjiFQ-by8Fzp3sKTmIYNpegz-0eXyCDx6zXAoKotHpdqf86zZwpa6T8iEP5YjmZde2DoFWtVXZ555wVfYYO57AAvvoSWvROdtt4nbbUrGVSUzWt5j5yeoKJ6woB5VfIqheRh1bwRD5f-JgLPXtFPgV2uo51bxsqDp9Mer2R8DjV3ytF_9u2CG-E9nhw82Q24-WzPIYzavo0M3RjsfUoWX0=
IP 138.201.194.90:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3197)
Hash 93bc70d9905e877912da817b0f689e0b
ff54d917ad0a78fb67ecc87052ba61d32614e2ec
3cae02e8cc076cdf832d41ed83490c279465351921e55e5f306307b36f578e17
GET /ie?v=4&c=sk4mffhk4sEkDMlQ6vgAmEEmvMJt-0BliVtd_yp_618H3znj21DTRmc7pnSYrwuhMj2lzmuhR83SmnQJygoTmoRwCLEhbpQtOpsCii4XI67NSHyGUATXNq0WZb5pKwsm_VXVP9xPJ6QfrOEsYYqhpuFhI9juA_1cV0XgJ-CtpTCtP_l6t7DpVoxHVkfqI1Gx0_YBKrnS-QTkJI7FFjGUE_5YdVhKyPRqxx_4U9ctqx2TbB4yTL8pFUf7l0uOmgyltO4YZPoiYGjiFQ-by8Fzp3sKTmIYNpegz-0eXyCDx6zXAoKotHpdqf86zZwpa6T8iEP5YjmZde2DoFWtVXZ555wVfYYO57AAvvoSWvROdtt4nbbUrGVSUzWt5j5yeoKJ6woB5VfIqheRh1bwRD5f-JgLPXtFPgV2uo51bxsqDp9Mer2R8DjV3ytF_9u2CG-E9nhw82Q24-WzPIYzavo0M3RjsfUoWX0= HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: fasthttp
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: text/html
content-length: 4875
x-app-id: 14
witalfieldt.com/redirect?tid=919870&tested=2&if=0
54.230.111.7302 Found 0 B URL HTTP/2 witalfieldt.com/redirect?tid=919870&tested=2&if=0
IP 54.230.111.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=919870&tested=2&if=0 HTTP/1.1
Host: witalfieldt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://socceronline.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://xml.skinkexchange.com/click?i=-zsGPFyEcRI_0
date: Mon, 28 Nov 2022 08:37:08 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=0d42313d-1b5b-478a-9c1c-1889d9cf7902
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: JcG2cYetLC7JH3PhodrxiUN3VRYDWnHeKCG7_ssjNZL6cFOowOFdZg==
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 6b4620c230107c4a41a550936ae73d30
41c55d76d7fec5f9e9b6b41c63be76039ab51d7b
84323dcb2bf41d37624d351e7102832e267b2af6772e06575f52012d510ebacb
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3607
Cache-Control: max-age=170655
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:09 GMT
Etag: "63845cbd-116"
Expires: Wed, 30 Nov 2022 08:01:24 GMT
Last-Modified: Mon, 28 Nov 2022 07:01:17 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278
granorizes.com/ie?v=4&c=OmtWlwrHTzlxQ0Y66NdmfupZW2nJufzMRVEVz-ovGOpNoo7pZv0QT2rQRcGIUggzKTA9ClZhujLSSiUdNsFhCRmgeW8JhrvfYk_0I-DEuF4xWdls8O4oJEpadeaJK5tM-BfAzBHmVdZztME_pwgh24SAy6bhSN4xDsyCJpCvTkmVA88AIEFjj3Ge9NfO1YnYs57xJwam8q-s8E6xWfW7e0QtJouOzkmRvLljFFH8RcSWTL9-d1CbqEGPkfQw_3xurJHCNO1FDvvDJttXGsgyniXYD3z7eEj1aCtAIWAzeUvt_Rl0DBAOEFmAzTHEOH28h-HIKS9tkaN_L_hWwb8s1_FLZPeC_dJ5fc8h50OcdzcNQ9drUr1E8zjb5RPZT5pKknbSjdftJFTFiEJBVZCvSD1p-nIqMppMgddk0nVX8PfoqfpKRlJ5GU6okE-eZw3ILFQ4Yvk9Ws7mrZ7MiX4k4X-E1Jr8xcc=
138.201.194.90200 OK 4.9 kB URL HTTP/1.1 granorizes.com/ie?v=4&c=OmtWlwrHTzlxQ0Y66NdmfupZW2nJufzMRVEVz-ovGOpNoo7pZv0QT2rQRcGIUggzKTA9ClZhujLSSiUdNsFhCRmgeW8JhrvfYk_0I-DEuF4xWdls8O4oJEpadeaJK5tM-BfAzBHmVdZztME_pwgh24SAy6bhSN4xDsyCJpCvTkmVA88AIEFjj3Ge9NfO1YnYs57xJwam8q-s8E6xWfW7e0QtJouOzkmRvLljFFH8RcSWTL9-d1CbqEGPkfQw_3xurJHCNO1FDvvDJttXGsgyniXYD3z7eEj1aCtAIWAzeUvt_Rl0DBAOEFmAzTHEOH28h-HIKS9tkaN_L_hWwb8s1_FLZPeC_dJ5fc8h50OcdzcNQ9drUr1E8zjb5RPZT5pKknbSjdftJFTFiEJBVZCvSD1p-nIqMppMgddk0nVX8PfoqfpKRlJ5GU6okE-eZw3ILFQ4Yvk9Ws7mrZ7MiX4k4X-E1Jr8xcc=
IP 138.201.194.90:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3197)
Hash 3a2b7fd4001b2ba7cd1591ab87282e3f
e3935a7879c2795bd5f0b76baee520bbc12c6821
612bd382fddfe1f19c93523797ddaeccf5730cf7d18a906487c1db82eec47d2c
GET /ie?v=4&c=OmtWlwrHTzlxQ0Y66NdmfupZW2nJufzMRVEVz-ovGOpNoo7pZv0QT2rQRcGIUggzKTA9ClZhujLSSiUdNsFhCRmgeW8JhrvfYk_0I-DEuF4xWdls8O4oJEpadeaJK5tM-BfAzBHmVdZztME_pwgh24SAy6bhSN4xDsyCJpCvTkmVA88AIEFjj3Ge9NfO1YnYs57xJwam8q-s8E6xWfW7e0QtJouOzkmRvLljFFH8RcSWTL9-d1CbqEGPkfQw_3xurJHCNO1FDvvDJttXGsgyniXYD3z7eEj1aCtAIWAzeUvt_Rl0DBAOEFmAzTHEOH28h-HIKS9tkaN_L_hWwb8s1_FLZPeC_dJ5fc8h50OcdzcNQ9drUr1E8zjb5RPZT5pKknbSjdftJFTFiEJBVZCvSD1p-nIqMppMgddk0nVX8PfoqfpKRlJ5GU6okE-eZw3ILFQ4Yvk9Ws7mrZ7MiX4k4X-E1Jr8xcc= HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: fasthttp
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: text/html
content-length: 4875
x-app-id: 14
t.ev-dating.com/2ff967ff-a00e-47a7-9f06-ac0ff8909e98?campid=5416286&varid=76650656&source=xsportshd.com&email={email_encoded}&ctags=generic&siteid=871512&zoneid=4785728&catid=502&country=NOR&format=&cost=0.0000001&tag=ooc4ASOpstqsntdZXXVLXVW6VzqpZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOdXRnnnLPNnRXNnTZXdbPRprvbvxZbdZZm6VyiiCQxeto9Q_uc6V0rpXSuldK6V0rpXB9g
18.197.208.17302 Found 0 B URL HTTP/2 t.ev-dating.com/2ff967ff-a00e-47a7-9f06-ac0ff8909e98?campid=5416286&varid=76650656&source=xsportshd.com&email={email_encoded}&ctags=generic&siteid=871512&zoneid=4785728&catid=502&country=NOR&format=&cost=0.0000001&tag=ooc4ASOpstqsntdZXXVLXVW6VzqpZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOdXRnnnLPNnRXNnTZXdbPRprvbvxZbdZZm6VyiiCQxeto9Q_uc6V0rpXSuldK6V0rpXB9g
IP 18.197.208.17:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /2ff967ff-a00e-47a7-9f06-ac0ff8909e98?campid=5416286&varid=76650656&source=xsportshd.com&email={email_encoded}&ctags=generic&siteid=871512&zoneid=4785728&catid=502&country=NOR&format=&cost=0.0000001&tag=ooc4ASOpstqsntdZXXVLXVW6VzqpZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOdXRnnnLPNnRXNnTZXdbPRprvbvxZbdZZm6VyiiCQxeto9Q_uc6V0rpXSuldK6V0rpXB9g HTTP/1.1
Host: t.ev-dating.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Mon, 28 Nov 2022 08:37:09 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://capta48-link.com/click?a=1117&o=580&link_id=20928&sub_id1=wkb20sl15boeoopk2udl9h56&sub_id3=5416286_4785728
pragma: no-cache
set-cookie: 2ff967ff-a00e-47a7-9f06-ac0ff8909e98-v4=Vh7gGIVOPvd_aqKu2JaDWV1ogNInez8ccTuysUXWF-A; Max-Age=86400; Expires=Tue, 29-Nov-2022 08:37:09 GMT; Domain=t.ev-dating.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=IRtxXJRK%2F6X7IrVGH5DGKtoIbHbNBPeboEzj8npbSdjXP8eyhe8EHrzey5aee%2Fn8ADki7X3DB1m5oCjQTpF7mz%2Fi3tbCZRrHNXHiSKXjCxYwo0hlUB%2FwxJOCqYFGx2ATqBFbk0%2F08zINJTx2rubgnQ%3D%3D; Max-Age=31536000; Expires=Tue, 28-Nov-2023 08:37:09 GMT; Domain=t.ev-dating.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
attentioniau.com/redirect?tid=962708&if=0
143.204.55.118302 Found 0 B URL HTTP/2 attentioniau.com/redirect?tid=962708&if=0
IP 143.204.55.118:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=962708&if=0 HTTP/1.1
Host: attentioniau.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lshunter.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: http://recode.pw/ad?id=22850&impid=166962462840633&rkey=0&u=390
date: Mon, 28 Nov 2022 08:37:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=e03260fd-1561-48a8-8106-e51997fba576
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: c25kTu8hYSSZJ4OVkm2ULLbbYyZNuCvb0bKqRiMVgTjHsBcc6ZILfg==
X-Firefox-Spdy: h2
attentioniau.com/redirect?tid=962708&tested=2&if=0
143.204.55.118302 Found 0 B URL HTTP/2 attentioniau.com/redirect?tid=962708&tested=2&if=0
IP 143.204.55.118:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=962708&tested=2&if=0 HTTP/1.1
Host: attentioniau.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lshunter.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: http://recode.pw/ad?id=22850&impid=166962462828402&rkey=0&u=390
date: Mon, 28 Nov 2022 08:37:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=cde3d659-a03e-416a-a35d-ae96a9280945
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: l6mnA_a-Se4uXNj2jHNuS-aHfcB8k35tAbfwoWj-67cYS_7ufsQAsQ==
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 88975d9a0baa1d7fbada3271f6944333
242d85017df09d2334a703bd5f7eaf9d3499aed1
69369b02dcccd9ddf657cd3dbaa112673f471166c6625f0f7fdbfdd75c5d4fda
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "69369B02DCCCD9DDF657CD3DBAA112673F471166C6625F0F7FDBFDD75C5D4FDA"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21328
Expires: Mon, 28 Nov 2022 14:32:37 GMT
Date: Mon, 28 Nov 2022 08:37:09 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 88975d9a0baa1d7fbada3271f6944333
242d85017df09d2334a703bd5f7eaf9d3499aed1
69369b02dcccd9ddf657cd3dbaa112673f471166c6625f0f7fdbfdd75c5d4fda
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "69369B02DCCCD9DDF657CD3DBAA112673F471166C6625F0F7FDBFDD75C5D4FDA"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21328
Expires: Mon, 28 Nov 2022 14:32:37 GMT
Date: Mon, 28 Nov 2022 08:37:09 GMT
Connection: keep-alive
granorizes.com/ie?v=4
138.201.194.90301 Moved Permanently 0 B IP 138.201.194.90:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ie?v=4 HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 803
Origin: https://granorizes.com
Connection: keep-alive
Referer: https://granorizes.com/ie?v=4&c=XlpUFeOelULOPMaOY4Zb38cPJNnqFpwi6nqWtI1vvyiY-njx2L5WxiFmZFxFXqsMKYEtT_Sg2gY7s3OhU_g1tkW26d4hFJjeC-RuRsnjLh_rmrfO7p7e-g4FdAeueps9odBnUB85T22_CGZgCXHsmwKw8XVzBPj3q7iZSHUf2LwPWtZYRAppK4jNCrUWnBxrn1q7NTcYjr08SClMaiuC7re2cjoAefwcvK6dZwnr8tYqMdin_UeOYNULH9CU7diDabR_pQkhpr1qd3xUt5419qhyFC091s1fywbHBZo6STNfq6thyzClGI0AehYF9ZVeX1x6AHJ6gSQTvm37QgBJC4jWu-yA3mJjGM9udAcDwtKmFOiRaIzMNdtaku5_wmlBj_b58QaUw6GYvmGNLn-IF8mJTHaIzSiYJO-zUufbGWZIFfHMIiJFsSgcjleYATiq7oLeYj_8AOXXdOwClnChZ0869vx1nY4=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Mon, 28 Nov 2022 08:37:08 GMT
content-length: 0
location: https://adspredictiv.com/jump/next.php?r=2475779&sub1=9111920
x-app-id: 14
attentioniau.com/redirect?tid=841123&if=0
143.204.55.118302 Found 92 B URL HTTP/2 attentioniau.com/redirect?tid=841123&if=0
IP 143.204.55.118:0
Hash 5dc54cb525a0df4e311d92c856b997e8
dc8085c04c4ca8ec7f62a33216a00fb702420f67
c814612b0c3efa933a72cf142e67785bc09ac63e0954875ae47aec75051a03cf
GET /redirect?tid=841123&if=0 HTTP/1.1
Host: attentioniau.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://xml.serving-passthrough.com/click?i=WJaFyS7swKM_0
date: Mon, 28 Nov 2022 08:37:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=bdbe41bb-c8de-4131-b29c-027919427aa5
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: qb0esFaE_lB9N5_hbj1RHV8spE47D3Q8-BkYCfGNBiruz9-dvrKcNw==
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Titillium+Web:400,600,700
142.250.74.10200 OK 409 B URL HTTP/2 fonts.googleapis.com/css?family=Titillium+Web:400,600,700
IP 142.250.74.10:0
Hash dae5b6ef755d22371dc8cdde752c2f78
0985dbd61db1bf179b5f2a760dbeda043b9a8224
b8753d64b0ce5724d862110b8cb1d76fede8a6ebe15ce9e9aada341545ad8206
GET /css?family=Titillium+Web:400,600,700 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://live.batstream.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 28 Nov 2022 08:37:09 GMT
date: Mon, 28 Nov 2022 08:37:09 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash dfc6d93c89faf83ac654cd676c02764d
ce10d3ff46b50f22f7f79a7df65b0b7a6ddb741d
83947c7c69062338e3712fe76a493a2798aa2d1f63709eac14ba908d71080dd0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/s/gts1p5/a_NOaiV189g
142.250.74.3200 OK 470 B URL HTTP/1.1 ocsp.pki.goog/s/gts1p5/a_NOaiV189g
IP 142.250.74.3:0
Hash c2fffc1e8b0beec848c171d03da00597
6361618d3596261786dca42e0c59cd28d7fa5e4a
34d40eec79779fa08876e340c9238722b42659cf7f04ecbdf4db733e7523167d
POST /s/gts1p5/a_NOaiV189g HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 82
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:09 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 470
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash af6f193a32cf8945ff2cd3f9ce4ea5da
2844adef2fdd50ef727ce702f96a961471a43c60
aa6c3568c426973d4d096f5ba3950f7d76d7d998f3aaf7bd9559b006446fb2a4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5393
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:09 GMT
Last-Modified: Mon, 28 Nov 2022 07:07:16 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278
granorizes.com/ie?v=4
138.201.194.90301 Moved Permanently 0 B IP 138.201.194.90:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ie?v=4 HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 803
Origin: https://granorizes.com
Connection: keep-alive
Referer: https://granorizes.com/ie?v=4&c=OmtWlwrHTzlxQ0Y66NdmfupZW2nJufzMRVEVz-ovGOpNoo7pZv0QT2rQRcGIUggzKTA9ClZhujLSSiUdNsFhCRmgeW8JhrvfYk_0I-DEuF4xWdls8O4oJEpadeaJK5tM-BfAzBHmVdZztME_pwgh24SAy6bhSN4xDsyCJpCvTkmVA88AIEFjj3Ge9NfO1YnYs57xJwam8q-s8E6xWfW7e0QtJouOzkmRvLljFFH8RcSWTL9-d1CbqEGPkfQw_3xurJHCNO1FDvvDJttXGsgyniXYD3z7eEj1aCtAIWAzeUvt_Rl0DBAOEFmAzTHEOH28h-HIKS9tkaN_L_hWwb8s1_FLZPeC_dJ5fc8h50OcdzcNQ9drUr1E8zjb5RPZT5pKknbSjdftJFTFiEJBVZCvSD1p-nIqMppMgddk0nVX8PfoqfpKRlJ5GU6okE-eZw3ILFQ4Yvk9Ws7mrZ7MiX4k4X-E1Jr8xcc=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Mon, 28 Nov 2022 08:37:08 GMT
content-length: 0
location: https://adspredictiv.com/jump/next.php?r=2475779&sub1=7418291
x-app-id: 14
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 8ed143427dcf318ec2f7bfb56325956b
817f79baed6f540120bf6d7bd1e63f63ccf10e49
ee5c122ddc4861aaa2c7f16b3244a9eb0d1f2ba47998a84203216c224938cf91
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:09 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Fri, 02 Dec 2022 06:54:21 GMT
ETag: "817f79baed6f540120bf6d7bd1e63f63ccf10e49"
Last-Modified: Mon, 28 Nov 2022 06:54:22 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 3143
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7711c7ac4f330b55-OSL
publicatedlit.com/redirect?tid=962277&tested=2&if=0
54.230.111.97302 Found 0 B URL HTTP/2 publicatedlit.com/redirect?tid=962277&tested=2&if=0
IP 54.230.111.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=962277&tested=2&if=0 HTTP/1.1
Host: publicatedlit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://granorizes.com/ie?v=4&c=jl--Bh2Ezg1dk3tjsR3IY8XnSL8hsxwPtt5JIg62SZNF5xpbJdC-G5YT4PLG1i0fh-Xz-ImL7kRTK9AOQ39O9LLDEHLni8kolmYo2UuR76moI3Dks-UFHbBiAog03yOgRcjKbMmlaiDj-P4AQogoRnAn9BFLFKQ1bFPc-oVC_1HwQi2YT1pfLZebUtcDJX6fDZmjhcwZl4cv8jnQekR7EwtjiT5HSekiQ0zs7PoBDePhs_Zvv_-v_VjdubUdQiV_zZY9IuhQshyTcBsLGNPeQ51ChM-7YN_p8XzpkRHlqOm_u2mFgDkClDPLhJMTD8XzT_chaMKoK4yy9xdKeIPlJKl0julfgQEvi0lY3TP7YaW56E3W8N523ETtbXMu9F3IVtn9gVMGViSXwo1gmP86aDirpZFdYPlNNm-oqq6NB4ZOqQImsT9RvJAL9tMpTWckP8UCXhYPJO1jBvgQE1z_MoWZdGaCA4s=
date: Mon, 28 Nov 2022 08:37:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=41388e42-23df-44a9-a4ba-85b83d8dbf3d
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: ccXblNI3-ET1uffjq0NjGRDdnJIf_60WYgy8gVhXS7k0N8oE1elw_g==
X-Firefox-Spdy: h2
publicatedlit.com/redirect?tid=962277&tested=2&if=0
54.230.111.97302 Found 0 B URL HTTP/2 publicatedlit.com/redirect?tid=962277&tested=2&if=0
IP 54.230.111.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=962277&tested=2&if=0 HTTP/1.1
Host: publicatedlit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://granorizes.com/ie?v=4&c=hFMDokYQtW37R0ZBL2_PR2UtAEnS0WCyAorrnKsy12A3HhN0DmdRW4vzBgSWarMel4FiJJTNY6Jmbytilq3kAjkl4JfYR992V6hObjZRRbmkItpH7zwstceyF19H_YhJBGiLzjxMdURN65KgiOYZ-Ym1z8XkdrQH3-OMVvMixYfMRznFDviegYCmFIwfbpy2uZop0rDhgi1quyKqWimakCmr7cBjYMDwmVpIqHjP-qjQu0_UyzRmU3Ccef12owB1WYm3aLnsX-Z1j8hUupwYZFHu4zJYwwJ2H6PFyqIKziLWmUXWpnpHtCrfrIsOQbZo40w8OXUFcWUjrQEQbYP0C-YQKPNzYishFMIxgTvCt7dFOJ9fDB4rLUhF303MT-1-EVoiFlzZyXC4FDrxYuCTpx1U1cTs-CxfZOzmQTpQLC_buPONBPeJ065nU-MJKxZI6-bAoVk9Nf_wyk73l0QirSZ6e_uojFI=
date: Mon, 28 Nov 2022 08:37:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=3144368e-d0d7-47d4-9b24-4b0766f614e4
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: tDXb0tgDtG85dpRuEPxa15V193JtuoGzINn9xtuOVvoqzsWaqWlS7w==
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2
104.18.10.207200 OK 18 kB URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2
IP 104.18.10.207:0
File type Web Open Font Format (Version 2), TrueType, length 18028, version 1.589\012- data
Hash 448c34a56d699c29117adc64c43affeb
ca35b697d99cae4d1b60f2d60fcd37771987eb07
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
GET /bootstrap/3.3.7/fonts/glyphicons-halflings-regular.woff2 HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://live.batstream.cc
Connection: keep-alive
Referer: https://maxcdn.bootstrapcdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: font/woff2
content-length: 18028
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
etag: "448c34a56d699c29117adc64c43affeb"
last-modified: Mon, 25 Jan 2021 22:04:00 GMT
cdn-cachedat: 03/08/2022 20:44:28
cdn-proxyver: 1.02
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 755
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 7531d9cd2ad73451c444c13d4eab55d7
cdn-cache: HIT
cf-cache-status: HIT
age: 349877
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7711c7ac7c85b511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash b728167315f6ee7042a6ebc0ca197bee
ce4888972385ddd933419bf3851f84d8a2520881
3724b1142cf951e1eb66e708e129b5f25037e8f6336bf2885b2247b280307746
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 22:25:04 GMT
Expires: Sat, 03 Dec 2022 22:25:03 GMT
Etag: "ce4888972385ddd933419bf3851f84d8a2520881"
Cache-Control: max-age=481073,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7711c7ac5a4fb51e-OSL
ocsp.sectigo.com/
172.64.155.188200 OK 900 B IP 172.64.155.188:0
Hash be57d659c26df8628b2e7d9e5399228b
65e85b02acaeeda5572751e8aa39bccc2e141df6
ba66e71860a3022573eb90444ff510dfee4c17f59cdd4b030bdd51042c84e6cd
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 22:25:04 GMT
Expires: Sat, 03 Dec 2022 22:25:03 GMT
Etag: "ce4888972385ddd933419bf3851f84d8a2520881"
Cache-Control: max-age=481073,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7711c7ac6ac8b4ff-OSL
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
granorizes.com/ie?v=4&c=jl--Bh2Ezg1dk3tjsR3IY8XnSL8hsxwPtt5JIg62SZNF5xpbJdC-G5YT4PLG1i0fh-Xz-ImL7kRTK9AOQ39O9LLDEHLni8kolmYo2UuR76moI3Dks-UFHbBiAog03yOgRcjKbMmlaiDj-P4AQogoRnAn9BFLFKQ1bFPc-oVC_1HwQi2YT1pfLZebUtcDJX6fDZmjhcwZl4cv8jnQekR7EwtjiT5HSekiQ0zs7PoBDePhs_Zvv_-v_VjdubUdQiV_zZY9IuhQshyTcBsLGNPeQ51ChM-7YN_p8XzpkRHlqOm_u2mFgDkClDPLhJMTD8XzT_chaMKoK4yy9xdKeIPlJKl0julfgQEvi0lY3TP7YaW56E3W8N523ETtbXMu9F3IVtn9gVMGViSXwo1gmP86aDirpZFdYPlNNm-oqq6NB4ZOqQImsT9RvJAL9tMpTWckP8UCXhYPJO1jBvgQE1z_MoWZdGaCA4s=
138.201.194.90200 OK 4.9 kB URL HTTP/1.1 granorizes.com/ie?v=4&c=jl--Bh2Ezg1dk3tjsR3IY8XnSL8hsxwPtt5JIg62SZNF5xpbJdC-G5YT4PLG1i0fh-Xz-ImL7kRTK9AOQ39O9LLDEHLni8kolmYo2UuR76moI3Dks-UFHbBiAog03yOgRcjKbMmlaiDj-P4AQogoRnAn9BFLFKQ1bFPc-oVC_1HwQi2YT1pfLZebUtcDJX6fDZmjhcwZl4cv8jnQekR7EwtjiT5HSekiQ0zs7PoBDePhs_Zvv_-v_VjdubUdQiV_zZY9IuhQshyTcBsLGNPeQ51ChM-7YN_p8XzpkRHlqOm_u2mFgDkClDPLhJMTD8XzT_chaMKoK4yy9xdKeIPlJKl0julfgQEvi0lY3TP7YaW56E3W8N523ETtbXMu9F3IVtn9gVMGViSXwo1gmP86aDirpZFdYPlNNm-oqq6NB4ZOqQImsT9RvJAL9tMpTWckP8UCXhYPJO1jBvgQE1z_MoWZdGaCA4s=
IP 138.201.194.90:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3197)
Hash 7421730c1ddcc89b8f7c3ec57878e0c6
1d381099f03d410b58ab51505ea1cf1d78fa9b4f
c674ff945b996bdad0536037aa7c77b9e76c27df7346e01e9b500d727f6bb174
GET /ie?v=4&c=jl--Bh2Ezg1dk3tjsR3IY8XnSL8hsxwPtt5JIg62SZNF5xpbJdC-G5YT4PLG1i0fh-Xz-ImL7kRTK9AOQ39O9LLDEHLni8kolmYo2UuR76moI3Dks-UFHbBiAog03yOgRcjKbMmlaiDj-P4AQogoRnAn9BFLFKQ1bFPc-oVC_1HwQi2YT1pfLZebUtcDJX6fDZmjhcwZl4cv8jnQekR7EwtjiT5HSekiQ0zs7PoBDePhs_Zvv_-v_VjdubUdQiV_zZY9IuhQshyTcBsLGNPeQ51ChM-7YN_p8XzpkRHlqOm_u2mFgDkClDPLhJMTD8XzT_chaMKoK4yy9xdKeIPlJKl0julfgQEvi0lY3TP7YaW56E3W8N523ETtbXMu9F3IVtn9gVMGViSXwo1gmP86aDirpZFdYPlNNm-oqq6NB4ZOqQImsT9RvJAL9tMpTWckP8UCXhYPJO1jBvgQE1z_MoWZdGaCA4s= HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: fasthttp
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/html
content-length: 4875
x-app-id: 14
xml.serving-passthrough.com/click?i=H15elQt3apw_0
172.64.101.13302 Found 0 B URL HTTP/2 xml.serving-passthrough.com/click?i=H15elQt3apw_0
IP 172.64.101.13:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=H15elQt3apw_0 HTTP/1.1
Host: xml.serving-passthrough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sportsmix.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 28 Nov 2022 08:37:09 GMT
content-length: 0
location: https://syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=&sub=
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bmPb%2BaxahPu26L0ZzMTFdPPrx8Mf2q4KF%2F2Sd%2FJWorXXdE2QnZyHdAM7YYaTonO2XjqHX5%2BlzQOlBz99fn1VOB1c8r3ooy%2B7YyKiUeNeJ27CG%2FKwplyib5ykqb%2B7oqkngq6nczkYzQalC8ufXao%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711c7ac0e108868-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.serving-passthrough.com/click?i=POS4S*Fg1pw_0
172.64.101.13302 Found 0 B URL HTTP/2 xml.serving-passthrough.com/click?i=POS4S*Fg1pw_0
IP 172.64.101.13:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=POS4S*Fg1pw_0 HTTP/1.1
Host: xml.serving-passthrough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sportsmix.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 28 Nov 2022 08:37:09 GMT
content-length: 0
location: https://syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=&sub=
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CVxOWGYLktMNjVK9PbspfE9Ta88l%2FGYyS1wXh7rghxX469pQ5PjadBul3kMb3KLO46Mpas41u7YXqrjs8VDqt%2BBOVW5z0jV0unpp%2BwSYJUI3rBS9mVzjst%2FyY%2B2t6hGe6EX1P3QfAnPwavwTZus%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711c7ac0e1e8868-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
xml.serving-passthrough.com/click?i=olzfwN4idUY_0
172.64.101.13302 Found 0 B URL HTTP/2 xml.serving-passthrough.com/click?i=olzfwN4idUY_0
IP 172.64.101.13:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=olzfwN4idUY_0 HTTP/1.1
Host: xml.serving-passthrough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 28 Nov 2022 08:37:09 GMT
content-length: 0
location: https://syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=&sub=
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fStku%2BDWiAjtP7xLDPcA2jlscJNtRSM9U0vKAIgqpzLW3IRZlz9l0t27ijf%2BoUj1xp2xORJdROyfYNzbYbQGx4aiT2s24eJBVdT%2BETSceKiWHdb7EWVKfjEDUIQcKJ281MDQ6N9FLgIUSkbZ6Ss%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711c7ac1e258868-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
granorizes.com/ie?v=4&c=hFMDokYQtW37R0ZBL2_PR2UtAEnS0WCyAorrnKsy12A3HhN0DmdRW4vzBgSWarMel4FiJJTNY6Jmbytilq3kAjkl4JfYR992V6hObjZRRbmkItpH7zwstceyF19H_YhJBGiLzjxMdURN65KgiOYZ-Ym1z8XkdrQH3-OMVvMixYfMRznFDviegYCmFIwfbpy2uZop0rDhgi1quyKqWimakCmr7cBjYMDwmVpIqHjP-qjQu0_UyzRmU3Ccef12owB1WYm3aLnsX-Z1j8hUupwYZFHu4zJYwwJ2H6PFyqIKziLWmUXWpnpHtCrfrIsOQbZo40w8OXUFcWUjrQEQbYP0C-YQKPNzYishFMIxgTvCt7dFOJ9fDB4rLUhF303MT-1-EVoiFlzZyXC4FDrxYuCTpx1U1cTs-CxfZOzmQTpQLC_buPONBPeJ065nU-MJKxZI6-bAoVk9Nf_wyk73l0QirSZ6e_uojFI=
138.201.194.90200 OK 4.9 kB URL HTTP/1.1 granorizes.com/ie?v=4&c=hFMDokYQtW37R0ZBL2_PR2UtAEnS0WCyAorrnKsy12A3HhN0DmdRW4vzBgSWarMel4FiJJTNY6Jmbytilq3kAjkl4JfYR992V6hObjZRRbmkItpH7zwstceyF19H_YhJBGiLzjxMdURN65KgiOYZ-Ym1z8XkdrQH3-OMVvMixYfMRznFDviegYCmFIwfbpy2uZop0rDhgi1quyKqWimakCmr7cBjYMDwmVpIqHjP-qjQu0_UyzRmU3Ccef12owB1WYm3aLnsX-Z1j8hUupwYZFHu4zJYwwJ2H6PFyqIKziLWmUXWpnpHtCrfrIsOQbZo40w8OXUFcWUjrQEQbYP0C-YQKPNzYishFMIxgTvCt7dFOJ9fDB4rLUhF303MT-1-EVoiFlzZyXC4FDrxYuCTpx1U1cTs-CxfZOzmQTpQLC_buPONBPeJ065nU-MJKxZI6-bAoVk9Nf_wyk73l0QirSZ6e_uojFI=
IP 138.201.194.90:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3197)
Hash 5eca5fe008a16a6b5b3a1c8618a2610b
995f63653d8c9d8e400deaf412fe97e95b25f4b6
abda9dfc49926b5d654a0d2c1edc74d607e25673ddae46bee68dc5f4887af48f
GET /ie?v=4&c=hFMDokYQtW37R0ZBL2_PR2UtAEnS0WCyAorrnKsy12A3HhN0DmdRW4vzBgSWarMel4FiJJTNY6Jmbytilq3kAjkl4JfYR992V6hObjZRRbmkItpH7zwstceyF19H_YhJBGiLzjxMdURN65KgiOYZ-Ym1z8XkdrQH3-OMVvMixYfMRznFDviegYCmFIwfbpy2uZop0rDhgi1quyKqWimakCmr7cBjYMDwmVpIqHjP-qjQu0_UyzRmU3Ccef12owB1WYm3aLnsX-Z1j8hUupwYZFHu4zJYwwJ2H6PFyqIKziLWmUXWpnpHtCrfrIsOQbZo40w8OXUFcWUjrQEQbYP0C-YQKPNzYishFMIxgTvCt7dFOJ9fDB4rLUhF303MT-1-EVoiFlzZyXC4FDrxYuCTpx1U1cTs-CxfZOzmQTpQLC_buPONBPeJ065nU-MJKxZI6-bAoVk9Nf_wyk73l0QirSZ6e_uojFI= HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: fasthttp
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/html
content-length: 4875
x-app-id: 14
fonts.gstatic.com/s/titilliumweb/v15/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
216.58.207.195200 OK 12 kB URL HTTP/2 fonts.gstatic.com/s/titilliumweb/v15/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 11796, version 1.0\012- data
Hash 8d4079c3aa4f01e6d9bbd4f1bbcdf114
52ab47c062d0bfdbd34dbd31784008bd0e4c4227
d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367
GET /s/titilliumweb/v15/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://live.batstream.cc
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 11796
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 19:28:38 GMT
expires: Thu, 23 Nov 2023 19:28:38 GMT
cache-control: public, max-age=31536000
age: 392911
last-modified: Wed, 27 Apr 2022 15:47:01 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
xml.serving-passthrough.com/click?i=WJaFyS7swKM_0
172.64.101.13302 Found 0 B URL HTTP/2 xml.serving-passthrough.com/click?i=WJaFyS7swKM_0
IP 172.64.101.13:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=WJaFyS7swKM_0 HTTP/1.1
Host: xml.serving-passthrough.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Mon, 28 Nov 2022 08:37:09 GMT
content-length: 0
location: https://eastfeukufu.xyz/redirect?tid=751261&subid=65291.841123
cache-control: no-store
age: 0
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G1s8ldztSj45jODbqy%2BKEa%2BBJ0QbuoGGPefJ9Z4Tt%2BLp1A%2FPLVVOGEKJoR%2FdZGaNBIOE8AaGO4amVetjixEfl80BsH7Q7iDZYO8YR478pvmiaQweTjE0R5Asb1LUT50AwnsHHX9%2FFNXaQhH0FkY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711c7ac2e5e8868-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
iclickcdn.com/tag.min.js
104.26.13.118200 OK 37 kB IP 104.26.13.118:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 64fc2b8e20b5afcb9b28d66600bf8d0d
242ab1a77d5d9ba37ede65058ba525a8984cdc52
6e282d16079ae5bcff3c9bba80736bc58de05bf5123126a66219da473a3c75fb
GET /tag.min.js HTTP/1.1
Host: iclickcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://live.batstream.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/javascript; charset=utf-8
x-trace-id: 8e791a96da06d7719fcd8274c937576e
cache-control: max-age=86400
last-modified: Wed, 23 Nov 2022 10:05:31 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 29 Nov 2022 06:01:59 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 9310
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zrAvxnsqshl8sTlw76yo9s65ZSCulmo9fWl8h3B6IqAeLnH4L98bWSvVFNK18ct4FTyY9iIioSv9p1VG%2Fx%2B1KQkIOtRiU6OZBT6lCUagkgr41urKPQC8I9cJglQ%2BN6s%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7711c7ac4c0b0b69-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash 34ff7c08312ab357f47f915f7f1441da
78bceb7c302f678f58f4f316268a23af8bb893d3
26ecba9732fd5c5cd94792bd42554bd9bd9aa31e728ad4ec6307327ef48891d8
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=96309
Date: Mon, 28 Nov 2022 08:37:09 GMT
Etag: "6383355a-1d7"
Expires: Tue, 29 Nov 2022 11:22:18 GMT
Last-Modified: Sun, 27 Nov 2022 10:00:58 GMT
Server: ECS (dcb/7EA7)
X-Cache: Miss from cloudfront
Via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: F_NxnQ0rUlz-85zec25oyOQaKs8qkxZZyoBH8Lqejh-n2bIY5CuLZg==
Age: 4880
syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=&sub=
95.211.229.245200 OK 486 B URL HTTP/1.1 syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=&sub=
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (730)
Hash 582c899f73e2379e880198e72bc822fa
61bc5d7ea97e3f90e03bc80473f70bcd4ad8ecff
332a1adbbd60adeae201da31eeef5cc7868bc9c5b288df86ce61958f13fbb7cc
GET /splash.php?cat=&idzone=3947848&type=8&p=&sub= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sportsmix.net/
Connection: keep-alive
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226384733491cad6.57221471528465370%22%3B%7D; c-tag=%7B%22tag-link%22%3A%22v3%7C%7CNOR%7C4785728%7C76650656%7C0%7C%7C502%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C63aaa021a361a4769823bce8ef78977a%7C0%7Cxsportshd.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 08:37:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226384733491cad6.57221471528465370%22%3B%7D; expires=Wed, 27 Nov 2024 08:37:09 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
publicatedlit.com/redirect?tid=963757&tested=2&if=0
54.230.111.97302 Found 0 B URL HTTP/2 publicatedlit.com/redirect?tid=963757&tested=2&if=0
IP 54.230.111.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=963757&tested=2&if=0 HTTP/1.1
Host: publicatedlit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://granorizes.com/ie?v=4&c=lY_Kw2eWCuqA_RLyH7Wh0p4kesLshz-xeuPW2c3vx6gMvS0lbialu0LuK3zVaQgVlT20ffaPvQ_nsZuSg6s94ms_U-LrR24ljJtUriKuuztUwtw-kp7pOHVJwF1nLW0M-2I_PWGm3Jmr1M0JfYwDJIUCbmJIKkxm_aDifBrOhzYP0Kcr7BRxsIF92dqNBAaK8xyK_8kgZPekOCiK4p0O2KjOU90cVC9Orr2unT1VL9WszIa497g7jqTx0gyFrdxXREURDNTRItv8bNEmGHM4Xcy7D2IE0oavU-s5UwPIkjH7f3RKVdnKVFrMoaOLGAESb7pdgFyo0_-h6z4eIWnDqSJdN9QXJqXBN8gItJYBdc_7saDEWCwnUfpKDXzmyhWf5kH5VnOJJOFiBbFcyCr5-iPV5nED4we2yPOdeOOQJh3zsQXiObadyk_V6maiNzJveQNFlu5yrOQTzA_Hm7WlYE3dtIfsiK4=
date: Mon, 28 Nov 2022 08:37:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=f4fd1485-e3d8-4db9-bbc9-0d986a9e0292
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: -sHvyUGE1XjkpN2K-dSPIt6rmzDMMZKlGcCbpuYE65CNmbb0ilfGXw==
X-Firefox-Spdy: h2
publicatedlit.com/redirect?tid=957887&tested=2&if=0
54.230.111.97302 Found 0 B URL HTTP/2 publicatedlit.com/redirect?tid=957887&tested=2&if=0
IP 54.230.111.97:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=957887&tested=2&if=0 HTTP/1.1
Host: publicatedlit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://granorizes.com/ie?v=4&c=-kiodBRB4v1LJ2_VJ30gxkVzRPiKGJDTzQMxX5Np8_YLVx8TGaPd3aw1VR7T5XaTgZxjr6l8yj7cFs2hDaAfIO2GSyb0Codv8OZvlmJW85KhG2hJfKkIArLbLGyHQdiYl14osB3PPwnCwBC4W5bd0RgAQ4B_w8W7nYgRbBnUjsRccxEj4pwqAKyIagwtYVJQfX7HRnCQGTNBplH_biW9mF4yGFMEBTLh3yqYYdXJ18KfhLg3dgVXLYrShfI2uOBO7V43mCUnl24KRola5EkhZv-9O0avf0EzEfzU-1GP8cjTcTC9xm97V6dC-hQpezqY_PC-uqLdQzLmf1DDTuuP2TVdhM-hXoLV47VP894IE5dHHPjqowUTxLKQLg7gcxt62xStWTfZ8Kr94HfUqN36M7BhctStbvR_sEyHaZlv8VssE1BLxa1J3ZYWYXH_6K0_5an059pNktMl2uxZeD4j-0V9oPiermc=
date: Mon, 28 Nov 2022 08:37:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=d4bd88a7-0dfa-47af-811e-bc8453d4a06c
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 e2f427863e6bdb72ad8bed72b596d81e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: 0U6w01_sGXNW3s8WnivJB6_FTWzDbuNoonm-yiHXObRht9_pgL7NAA==
X-Firefox-Spdy: h2
granorizes.com/ie?v=4
138.201.194.90301 Moved Permanently 0 B IP 138.201.194.90:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ie?v=4 HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 803
Origin: https://granorizes.com
Connection: keep-alive
Referer: https://granorizes.com/ie?v=4&c=jl--Bh2Ezg1dk3tjsR3IY8XnSL8hsxwPtt5JIg62SZNF5xpbJdC-G5YT4PLG1i0fh-Xz-ImL7kRTK9AOQ39O9LLDEHLni8kolmYo2UuR76moI3Dks-UFHbBiAog03yOgRcjKbMmlaiDj-P4AQogoRnAn9BFLFKQ1bFPc-oVC_1HwQi2YT1pfLZebUtcDJX6fDZmjhcwZl4cv8jnQekR7EwtjiT5HSekiQ0zs7PoBDePhs_Zvv_-v_VjdubUdQiV_zZY9IuhQshyTcBsLGNPeQ51ChM-7YN_p8XzpkRHlqOm_u2mFgDkClDPLhJMTD8XzT_chaMKoK4yy9xdKeIPlJKl0julfgQEvi0lY3TP7YaW56E3W8N523ETtbXMu9F3IVtn9gVMGViSXwo1gmP86aDirpZFdYPlNNm-oqq6NB4ZOqQImsT9RvJAL9tMpTWckP8UCXhYPJO1jBvgQE1z_MoWZdGaCA4s=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Mon, 28 Nov 2022 08:37:09 GMT
content-length: 0
location: https://adspredictiv.com/jump/next.php?r=2475779&sub1=8089520
x-app-id: 14
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash cd0a5be4865b85e858cfcaafa90f8dca
122569d314b0900b1f5e5f58cdad0d9fc16b7e1b
624aa7cc70d5c36d732f15cdeb8de3854f30240cb770108dd88103f13393428d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:09 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 88975d9a0baa1d7fbada3271f6944333
242d85017df09d2334a703bd5f7eaf9d3499aed1
69369b02dcccd9ddf657cd3dbaa112673f471166c6625f0f7fdbfdd75c5d4fda
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "69369B02DCCCD9DDF657CD3DBAA112673F471166C6625F0F7FDBFDD75C5D4FDA"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=21328
Expires: Mon, 28 Nov 2022 14:32:37 GMT
Date: Mon, 28 Nov 2022 08:37:09 GMT
Connection: keep-alive
syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=&sub=
95.211.229.245200 OK 486 B URL HTTP/1.1 syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=&sub=
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (730)
Hash 582c899f73e2379e880198e72bc822fa
61bc5d7ea97e3f90e03bc80473f70bcd4ad8ecff
332a1adbbd60adeae201da31eeef5cc7868bc9c5b288df86ce61958f13fbb7cc
GET /splash.php?cat=&idzone=3947848&type=8&p=&sub= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sportsmix.net/
Connection: keep-alive
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226384733491cad6.57221471528465370%22%3B%7D; c-tag=%7B%22tag-link%22%3A%22v3%7C%7CNOR%7C4785728%7C76650656%7C0%7C%7C502%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C63aaa021a361a4769823bce8ef78977a%7C0%7Cxsportshd.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 08:37:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226384733491cad6.57221471528465370%22%3B%7D; expires=Wed, 27 Nov 2024 08:37:09 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c6bd82985c4427ff7e474c5c7c71e73c
f9cc525520b0d571cd3f143806c8a5f1ee0166fc
cb027063ba1c1ffa08eef4faee1640fcd8ae3890c10d4295fb06c2c8b408de94
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CB027063BA1C1FFA08EEF4FAEE1640FCD8AE3890C10D4295FB06C2C8B408DE94"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11752
Expires: Mon, 28 Nov 2022 11:53:01 GMT
Date: Mon, 28 Nov 2022 08:37:09 GMT
Connection: keep-alive
syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=&sub=
95.211.229.245200 OK 486 B URL HTTP/1.1 syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=&sub=
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (730)
Hash eac595f26667c4bf89bed5b8d1bdfefd
42bc009e2a06273cab482b9758954489bdef8e75
aae2e47255ab5fcd72ea93086df073d7398d85fc728e2826b767f6fbe601f3e0
GET /splash.php?cat=&idzone=3947848&type=8&p=&sub= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226384733491cad6.57221471528465370%22%3B%7D; c-tag=%7B%22tag-link%22%3A%22v3%7C%7CNOR%7C4785728%7C76650656%7C0%7C%7C502%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C63aaa021a361a4769823bce8ef78977a%7C0%7Cxsportshd.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 28 Nov 2022 08:37:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226384733491cad6.57221471528465370%22%3B%7D; expires=Wed, 27 Nov 2024 08:37:09 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
witalfieldt.com/redirect?tid=937674&tested=2&if=0
54.230.111.7302 Found 0 B URL HTTP/2 witalfieldt.com/redirect?tid=937674&tested=2&if=0
IP 54.230.111.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=937674&tested=2&if=0 HTTP/1.1
Host: witalfieldt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://sportsmix.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: http://recode.pw/ad?id=22850&impid=166962462987972&rkey=0&u=390
date: Mon, 28 Nov 2022 08:37:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=e6022b1d-5d4b-4579-b8ce-ee760448e42a
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: dABm-nu931svdxCvEHr_H5WPHYUeQPdlWQu16X_7HaSFFUmNfYp0mg==
X-Firefox-Spdy: h2
granorizes.com/ie?v=4
138.201.194.90301 Moved Permanently 8.4 kB IP 138.201.194.90:0
ASN #24940 Hetzner Online GmbH
Hash f91d691a32e363941676bc29f83e197d
41e75ac311c4e4a74ed1c0d45788147f9f7d1650
b7b73c6e08967e6906445daf81272db729a7ee7dbb455a333007b9b0797a27de
POST /ie?v=4 HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 803
Origin: https://granorizes.com
Connection: keep-alive
Referer: https://granorizes.com/ie?v=4&c=hFMDokYQtW37R0ZBL2_PR2UtAEnS0WCyAorrnKsy12A3HhN0DmdRW4vzBgSWarMel4FiJJTNY6Jmbytilq3kAjkl4JfYR992V6hObjZRRbmkItpH7zwstceyF19H_YhJBGiLzjxMdURN65KgiOYZ-Ym1z8XkdrQH3-OMVvMixYfMRznFDviegYCmFIwfbpy2uZop0rDhgi1quyKqWimakCmr7cBjYMDwmVpIqHjP-qjQu0_UyzRmU3Ccef12owB1WYm3aLnsX-Z1j8hUupwYZFHu4zJYwwJ2H6PFyqIKziLWmUXWpnpHtCrfrIsOQbZo40w8OXUFcWUjrQEQbYP0C-YQKPNzYishFMIxgTvCt7dFOJ9fDB4rLUhF303MT-1-EVoiFlzZyXC4FDrxYuCTpx1U1cTs-CxfZOzmQTpQLC_buPONBPeJ065nU-MJKxZI6-bAoVk9Nf_wyk73l0QirSZ6e_uojFI=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Mon, 28 Nov 2022 08:37:09 GMT
content-length: 0
location: https://adspredictiv.com/jump/next.php?r=2475779&sub1=8089520
x-app-id: 14
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash b728167315f6ee7042a6ebc0ca197bee
ce4888972385ddd933419bf3851f84d8a2520881
3724b1142cf951e1eb66e708e129b5f25037e8f6336bf2885b2247b280307746
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 22:25:04 GMT
Expires: Sat, 03 Dec 2022 22:25:03 GMT
Etag: "ce4888972385ddd933419bf3851f84d8a2520881"
Cache-Control: max-age=481073,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb5
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7711c7acbbba0afa-OSL
witalfieldt.com/redirect?tid=962276
54.230.111.7302 Found 0 B URL HTTP/2 witalfieldt.com/redirect?tid=962276
IP 54.230.111.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=962276 HTTP/1.1
Host: witalfieldt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://livestotal.net/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: http://recode.pw/ad?id=22850&impid=166962462914547&rkey=0&u=390
date: Mon, 28 Nov 2022 08:37:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=643f2087-3eb7-4ffa-9fe3-5baf7c80c95f
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: aIMtSCDuntnOn7HAD0ZD_qqlSLQQuxaGy8XzH4NRdb8rlqUnAZ7nCA==
X-Firefox-Spdy: h2
granorizes.com/ie?v=4&c=lY_Kw2eWCuqA_RLyH7Wh0p4kesLshz-xeuPW2c3vx6gMvS0lbialu0LuK3zVaQgVlT20ffaPvQ_nsZuSg6s94ms_U-LrR24ljJtUriKuuztUwtw-kp7pOHVJwF1nLW0M-2I_PWGm3Jmr1M0JfYwDJIUCbmJIKkxm_aDifBrOhzYP0Kcr7BRxsIF92dqNBAaK8xyK_8kgZPekOCiK4p0O2KjOU90cVC9Orr2unT1VL9WszIa497g7jqTx0gyFrdxXREURDNTRItv8bNEmGHM4Xcy7D2IE0oavU-s5UwPIkjH7f3RKVdnKVFrMoaOLGAESb7pdgFyo0_-h6z4eIWnDqSJdN9QXJqXBN8gItJYBdc_7saDEWCwnUfpKDXzmyhWf5kH5VnOJJOFiBbFcyCr5-iPV5nED4we2yPOdeOOQJh3zsQXiObadyk_V6maiNzJveQNFlu5yrOQTzA_Hm7WlYE3dtIfsiK4=
138.201.194.90200 OK 4.9 kB URL HTTP/1.1 granorizes.com/ie?v=4&c=lY_Kw2eWCuqA_RLyH7Wh0p4kesLshz-xeuPW2c3vx6gMvS0lbialu0LuK3zVaQgVlT20ffaPvQ_nsZuSg6s94ms_U-LrR24ljJtUriKuuztUwtw-kp7pOHVJwF1nLW0M-2I_PWGm3Jmr1M0JfYwDJIUCbmJIKkxm_aDifBrOhzYP0Kcr7BRxsIF92dqNBAaK8xyK_8kgZPekOCiK4p0O2KjOU90cVC9Orr2unT1VL9WszIa497g7jqTx0gyFrdxXREURDNTRItv8bNEmGHM4Xcy7D2IE0oavU-s5UwPIkjH7f3RKVdnKVFrMoaOLGAESb7pdgFyo0_-h6z4eIWnDqSJdN9QXJqXBN8gItJYBdc_7saDEWCwnUfpKDXzmyhWf5kH5VnOJJOFiBbFcyCr5-iPV5nED4we2yPOdeOOQJh3zsQXiObadyk_V6maiNzJveQNFlu5yrOQTzA_Hm7WlYE3dtIfsiK4=
IP 138.201.194.90:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3197)
Hash e969f150badcc5fd3e0352ec7cf48a13
55e322168f6abb803444e15ba0a849b1a18a11c2
5ee2295393748b0bafe815fc02483748148f9b39509a71a3bfca45b0ec4dbde1
GET /ie?v=4&c=lY_Kw2eWCuqA_RLyH7Wh0p4kesLshz-xeuPW2c3vx6gMvS0lbialu0LuK3zVaQgVlT20ffaPvQ_nsZuSg6s94ms_U-LrR24ljJtUriKuuztUwtw-kp7pOHVJwF1nLW0M-2I_PWGm3Jmr1M0JfYwDJIUCbmJIKkxm_aDifBrOhzYP0Kcr7BRxsIF92dqNBAaK8xyK_8kgZPekOCiK4p0O2KjOU90cVC9Orr2unT1VL9WszIa497g7jqTx0gyFrdxXREURDNTRItv8bNEmGHM4Xcy7D2IE0oavU-s5UwPIkjH7f3RKVdnKVFrMoaOLGAESb7pdgFyo0_-h6z4eIWnDqSJdN9QXJqXBN8gItJYBdc_7saDEWCwnUfpKDXzmyhWf5kH5VnOJJOFiBbFcyCr5-iPV5nED4we2yPOdeOOQJh3zsQXiObadyk_V6maiNzJveQNFlu5yrOQTzA_Hm7WlYE3dtIfsiK4= HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: fasthttp
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/html
content-length: 4875
x-app-id: 14
click-v4.expmdiadi.com/click?i=O0isJ3U4U7U_0
198.134.116.17302 Found 0 B URL HTTP/1.1 click-v4.expmdiadi.com/click?i=O0isJ3U4U7U_0
IP 198.134.116.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=O0isJ3U4U7U_0 HTTP/1.1
Host: click-v4.expmdiadi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://livestotal.net/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 08:37:09 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: http://eu.dspsuper.com/api/submit_form_request?p=de3b3133-7b78-40ec-adf5-2d9b0bbaf0fc&ts=1669624628&z=5561516
Pragma: no-cache
granorizes.com/ie?v=4&c=-kiodBRB4v1LJ2_VJ30gxkVzRPiKGJDTzQMxX5Np8_YLVx8TGaPd3aw1VR7T5XaTgZxjr6l8yj7cFs2hDaAfIO2GSyb0Codv8OZvlmJW85KhG2hJfKkIArLbLGyHQdiYl14osB3PPwnCwBC4W5bd0RgAQ4B_w8W7nYgRbBnUjsRccxEj4pwqAKyIagwtYVJQfX7HRnCQGTNBplH_biW9mF4yGFMEBTLh3yqYYdXJ18KfhLg3dgVXLYrShfI2uOBO7V43mCUnl24KRola5EkhZv-9O0avf0EzEfzU-1GP8cjTcTC9xm97V6dC-hQpezqY_PC-uqLdQzLmf1DDTuuP2TVdhM-hXoLV47VP894IE5dHHPjqowUTxLKQLg7gcxt62xStWTfZ8Kr94HfUqN36M7BhctStbvR_sEyHaZlv8VssE1BLxa1J3ZYWYXH_6K0_5an059pNktMl2uxZeD4j-0V9oPiermc=
138.201.194.90200 OK 4.9 kB URL HTTP/1.1 granorizes.com/ie?v=4&c=-kiodBRB4v1LJ2_VJ30gxkVzRPiKGJDTzQMxX5Np8_YLVx8TGaPd3aw1VR7T5XaTgZxjr6l8yj7cFs2hDaAfIO2GSyb0Codv8OZvlmJW85KhG2hJfKkIArLbLGyHQdiYl14osB3PPwnCwBC4W5bd0RgAQ4B_w8W7nYgRbBnUjsRccxEj4pwqAKyIagwtYVJQfX7HRnCQGTNBplH_biW9mF4yGFMEBTLh3yqYYdXJ18KfhLg3dgVXLYrShfI2uOBO7V43mCUnl24KRola5EkhZv-9O0avf0EzEfzU-1GP8cjTcTC9xm97V6dC-hQpezqY_PC-uqLdQzLmf1DDTuuP2TVdhM-hXoLV47VP894IE5dHHPjqowUTxLKQLg7gcxt62xStWTfZ8Kr94HfUqN36M7BhctStbvR_sEyHaZlv8VssE1BLxa1J3ZYWYXH_6K0_5an059pNktMl2uxZeD4j-0V9oPiermc=
IP 138.201.194.90:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (3197)
Hash 17a0efa4e81a780e1243494b14079c8b
3cb67cccbf94770bd9f5026cf34d654dde13c7c3
63eaea822f80364419f63b65ca24f32dd0fe050f90f5cc88f8112a099f12cc51
GET /ie?v=4&c=-kiodBRB4v1LJ2_VJ30gxkVzRPiKGJDTzQMxX5Np8_YLVx8TGaPd3aw1VR7T5XaTgZxjr6l8yj7cFs2hDaAfIO2GSyb0Codv8OZvlmJW85KhG2hJfKkIArLbLGyHQdiYl14osB3PPwnCwBC4W5bd0RgAQ4B_w8W7nYgRbBnUjsRccxEj4pwqAKyIagwtYVJQfX7HRnCQGTNBplH_biW9mF4yGFMEBTLh3yqYYdXJ18KfhLg3dgVXLYrShfI2uOBO7V43mCUnl24KRola5EkhZv-9O0avf0EzEfzU-1GP8cjTcTC9xm97V6dC-hQpezqY_PC-uqLdQzLmf1DDTuuP2TVdhM-hXoLV47VP894IE5dHHPjqowUTxLKQLg7gcxt62xStWTfZ8Kr94HfUqN36M7BhctStbvR_sEyHaZlv8VssE1BLxa1J3ZYWYXH_6K0_5an059pNktMl2uxZeD4j-0V9oPiermc= HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: fasthttp
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/html
content-length: 4875
x-app-id: 14
attentioniau.com/redirect?tid=841123&tested=2&if=0
143.204.55.118302 Found 0 B URL HTTP/2 attentioniau.com/redirect?tid=841123&tested=2&if=0
IP 143.204.55.118:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=841123&tested=2&if=0 HTTP/1.1
Host: attentioniau.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://xml.serving-passthrough.com/click?i=H0OHDSk-zCI_0
date: Mon, 28 Nov 2022 08:37:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=8bd83429-1e05-439a-b468-25be7e38efc7
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: 9Ru1E6QG3KxmHRN0U07dy9zicw647LJQqKUbf77-0ooaKW6tKm7XCA==
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash b728167315f6ee7042a6ebc0ca197bee
ce4888972385ddd933419bf3851f84d8a2520881
3724b1142cf951e1eb66e708e129b5f25037e8f6336bf2885b2247b280307746
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Sat, 26 Nov 2022 22:25:04 GMT
Expires: Sat, 03 Dec 2022 22:25:03 GMT
Etag: "ce4888972385ddd933419bf3851f84d8a2520881"
Cache-Control: max-age=481073,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7711c7ae0c90b51e-OSL
witalfieldt.com/redirect?tid=919870&tested=2&if=0
54.230.111.7302 Found 0 B URL HTTP/2 witalfieldt.com/redirect?tid=919870&tested=2&if=0
IP 54.230.111.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=919870&tested=2&if=0 HTTP/1.1
Host: witalfieldt.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://socceronline.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://click-v4.expmdiadi.com/click?i=a7Qa0oBXBJo_0
date: Mon, 28 Nov 2022 08:37:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=3165bac0-4181-42bd-b4fa-2767fe94c98e
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: QhwfUquFscIOI19MEO9E4uIQGSQNwPK2TeNliNLIqtvXLL6aaS8iFA==
X-Firefox-Spdy: h2
granorizes.com/ie?v=4
138.201.194.90301 Moved Permanently 0 B IP 138.201.194.90:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ie?v=4 HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 803
Origin: https://granorizes.com
Connection: keep-alive
Referer: https://granorizes.com/ie?v=4&c=-kiodBRB4v1LJ2_VJ30gxkVzRPiKGJDTzQMxX5Np8_YLVx8TGaPd3aw1VR7T5XaTgZxjr6l8yj7cFs2hDaAfIO2GSyb0Codv8OZvlmJW85KhG2hJfKkIArLbLGyHQdiYl14osB3PPwnCwBC4W5bd0RgAQ4B_w8W7nYgRbBnUjsRccxEj4pwqAKyIagwtYVJQfX7HRnCQGTNBplH_biW9mF4yGFMEBTLh3yqYYdXJ18KfhLg3dgVXLYrShfI2uOBO7V43mCUnl24KRola5EkhZv-9O0avf0EzEfzU-1GP8cjTcTC9xm97V6dC-hQpezqY_PC-uqLdQzLmf1DDTuuP2TVdhM-hXoLV47VP894IE5dHHPjqowUTxLKQLg7gcxt62xStWTfZ8Kr94HfUqN36M7BhctStbvR_sEyHaZlv8VssE1BLxa1J3ZYWYXH_6K0_5an059pNktMl2uxZeD4j-0V9oPiermc=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Mon, 28 Nov 2022 08:37:09 GMT
content-length: 0
location: https://adspredictiv.com/jump/next.php?r=2475779&sub1=7418291
x-app-id: 14
granorizes.com/ie?v=4
138.201.194.90301 Moved Permanently 0 B IP 138.201.194.90:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /ie?v=4 HTTP/1.1
Host: granorizes.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 803
Origin: https://granorizes.com
Connection: keep-alive
Referer: https://granorizes.com/ie?v=4&c=lY_Kw2eWCuqA_RLyH7Wh0p4kesLshz-xeuPW2c3vx6gMvS0lbialu0LuK3zVaQgVlT20ffaPvQ_nsZuSg6s94ms_U-LrR24ljJtUriKuuztUwtw-kp7pOHVJwF1nLW0M-2I_PWGm3Jmr1M0JfYwDJIUCbmJIKkxm_aDifBrOhzYP0Kcr7BRxsIF92dqNBAaK8xyK_8kgZPekOCiK4p0O2KjOU90cVC9Orr2unT1VL9WszIa497g7jqTx0gyFrdxXREURDNTRItv8bNEmGHM4Xcy7D2IE0oavU-s5UwPIkjH7f3RKVdnKVFrMoaOLGAESb7pdgFyo0_-h6z4eIWnDqSJdN9QXJqXBN8gItJYBdc_7saDEWCwnUfpKDXzmyhWf5kH5VnOJJOFiBbFcyCr5-iPV5nED4we2yPOdeOOQJh3zsQXiObadyk_V6maiNzJveQNFlu5yrOQTzA_Hm7WlYE3dtIfsiK4=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Mon, 28 Nov 2022 08:37:09 GMT
content-length: 0
location: https://adspredictiv.com/jump/next.php?r=2475779&sub1=9111920
x-app-id: 14
attentioniau.com/redirect?tid=962708&tested=2&if=0
143.204.55.118302 Found 0 B URL HTTP/2 attentioniau.com/redirect?tid=962708&tested=2&if=0
IP 143.204.55.118:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=962708&tested=2&if=0 HTTP/1.1
Host: attentioniau.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lshunter.me/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://xml.serving-passthrough.com/click?i=xvqjCLshL3Q_0
date: Mon, 28 Nov 2022 08:37:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=a9aee680-b974-4275-b480-52e1d9e15b5d
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 bcd5dadccb0831729969c938747ff79a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: CQpiFpYGbDLb7jNTr5KQkCHG-PO9rw87Uv27wJhPvxaze_fM73cBnw==
X-Firefox-Spdy: h2
adspredictiv.com/jump/next.php?r=2475779&sub1=8089520
35.190.38.40200 OK 3.2 kB URL HTTP/2 adspredictiv.com/jump/next.php?r=2475779&sub1=8089520
IP 35.190.38.40:0
Hash 9c83f0ef739b044a0a276295d1035116
80f3859f532af9d202d3a95e4dbba143bb10a420
159a693ee6baab34bbb9347ae0f324557d4ab720fdac69262e14c5185088eabe
GET /jump/next.php?r=2475779&sub1=8089520 HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://granorizes.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
widgets.amung.us/draw/?w=colored&n=33&c=000000ffffff&p=left
104.22.75.171200 OK 1.2 kB URL HTTP/2 widgets.amung.us/draw/?w=colored&n=33&c=000000ffffff&p=left
IP 104.22.75.171:0
File type PNG image data, 81 x 29, 8-bit colormap, non-interlaced\012- data
Hash 40f07154628f31d1fa280e2d55aeeff3
7699e1a2ce602889a06e2de8818309d43603949c
cd36c05245662f184457fbe58684e13247794b770db3a249f7963530b21067c0
GET /draw/?w=colored&n=33&c=000000ffffff&p=left HTTP/1.1
Host: widgets.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: image/png
content-disposition: filename=wau-widget.png
expires: Wed, 09 Nov 2022 22:05:00 GMT
cache-control: max-age=2678400
access-control-allow-origin: *
cf-cache-status: HIT
age: 1679528
last-modified: Tue, 08 Nov 2022 22:05:00 GMT
vary: Accept-Encoding
server: cloudflare
cf-ray: 7711c7a659569908-ARN
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.158200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.158:0
Hash 0a29dda3c7314f5244b9874cbf5342e0
27c186a757e84064f391f158124bbbd424454523
d62679dcaa47052476e6f0f360967bc7826ed5677003b06f7a575898fbfbb492
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=130292
Date: Mon, 28 Nov 2022 08:37:09 GMT
Etag: "6383cd29-1d7"
Expires: Tue, 29 Nov 2022 20:48:41 GMT
Last-Modified: Sun, 27 Nov 2022 20:48:41 GMT
Server: nginx
X-Cache: Miss from cloudfront
Via: 1.1 142be88a35733307a5e7de05da0a20b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: r2Skm_eWuG9AwXOmHFise7rkhqDckG3lOp-U9ZMfTHXqc5665TXMig==
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://live.batstream.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Mon, 28 Nov 2022 06:41:08 GMT
expires: Mon, 28 Nov 2022 08:41:08 GMT
cache-control: public, max-age=7200
age: 6961
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=https%3A%2F%2Fxsportshd.com%2F&sub=&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=0x0&iframe=1
95.211.229.245302 Found 0 B URL HTTP/1.1 syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=https%3A%2F%2Fxsportshd.com%2F&sub=&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=0x0&iframe=1
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /splash.php?cat=&idzone=3947848&type=8&p=https%3A%2F%2Fxsportshd.com%2F&sub=&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=0x0&iframe=1 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=&sub=
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226384733491cad6.57221471528465370%22%3B%7D; c-tag=%7B%22tag-link%22%3A%22v3%7C%7CNOR%7C4785728%7C76650656%7C0%7C%7C502%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C63aaa021a361a4769823bce8ef78977a%7C0%7Cxsportshd.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 08:37:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226384733491cad6.57221471528465370%22%3B%7D; expires=Wed, 27 Nov 2024 08:37:09 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=cmmsxrbonxgxaalsbbboageicmmsxaeenxgxaalsmleergeimacslbecnxgxaaabssxamgeislsaroornxgxaalrmxecrgeicxbmsbxcnxgxaalaxmrsegeioslmrxlrnxgxaalrollmegeiccmmlmlcnxgxaalcscrlmgeialbsereanxgxaalrollmegeioslmrxbrnxgxaalrlccrxgeicxbmsbcenxgxaalrlccrxgeioslmrxlsnxgxaalreolamgeicxbmsbocnxgxaalrcerlbgeicxbmsboenxgxaalrbsbllgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaablbccmbgeiccmmlleanxgxaalrollmegeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaalccxmexgeimacslbeenxgxaaboslelageioslmroemnxgxaalraseexgeioslmrxbmnxgxaalaxmrsegeicaxsscmbnxgxaalsombbogeicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaalrlccrxgeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaalrcerllgeimcclsoeonxgxaamxaacblgeimacslbeonxgxaaloesaslgeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaalrrccrxgeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaammemsrlgeimcclsxlcnxgxaamrscxmxgeimaecseranxgxaabrlemaegeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaalosseolgeicaormbmbnxgxaalrexasogeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaalolablsgeimcclsxconxgxaalrbbbaageimcclsxmenxgxaalrlccrxgeialbserxonxgxaalcscrlmgeimccloscenxgxaamabsxrmgeimcclsxxonxgxaalrcerllgeimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaaloarmmlgeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaalsxarlegeimacslbeanxgxaablxaelxgeialbserecnxgxaalssbrcxgeiccmmllecnxgxaalcsrbbbgeisaeeasslnxgxaabrbeccogeimcclossanxgxaabrlemaegeimcclsxronxgxaalraseexgeimaecseabnxgxaabrlemaegeimrblelrcnxgxaabrlemaegeimrblxemonxgxaabrlemaegeimcclsxcanxgxaalrlccrxgeimaecsxoonxgxaabmalbxxgeircsxcxscnxgxaabbxeomsgeicaormbbenxgxaalexxbcxgeiabeocmconxgxaablxrcmmgeimcclsxxcnxgxaalesmxrsgeimrblxeeanxgxaablsaloageimaecsemanxgxaablsaloageimaecselonxgxaaloaroaageimcclsxacnxgxaalrcerllgeimcclselenxgxaalreolamgeimaecsxronxgxaalxmmoorgeimaecsxsenxgxaalxmmoorgeimaecsercnxgxaalxmmoorgeimaecsembnxgxaalxmmoorgeimaecselenxgxaalxmmoorgeimaecobobnxgxaalsmleergeimaecomoanxgxaalsbbboageimrblxxoenxgxaalsbmacmgeimaecobsbnxgxaalsbbboageimrblxosonxgxaalsbbboageimcclsxmanxgxaalrollmegeimasbmxconxgxaalrsbmlegxcceimxxerrecnxgxaalrcerlbgxcceimxcbrxscnxgxaalrcerllgxcceimxxerreanxgxaalrcerllgxcceimxxerrebnxgxaalrcerllgxcceimxcbrxabnxgxaalrcerllgxcceimrxccosencgxaalrcerllgxcceialbbebsanxgxaalrcerllgxcceimaoobbebnxgxaalrcxbrsgxcceimraeelaanxgxaalrcxbrsgxcceixaoosscrnxgxaalrcrlbmgxcceimrxccosancgxaalrcrlbmgxcceimxcbrxronxgxaalrcrlbmgxcceimraeelabnxgxaalrcmelsgxcceicxsxcobxnxgxaalrclsllgxcceimxlbalsbnogxaalrrccrxgxcceialcaercenxgxaalrrccrxgxcceimaoobrbansgxaalrrccrxgxcceimaoobrbcnsgxaalrrccrxgxcceimmoeosaenxgxaalrrrsccgxcceimeembesonxgxaalrrrsccgxcceimmxsrbabnsgxaalrrrsccgxcceimasbmxsanxgxaalrraxsagxcceimxlbmoconsgxaalrrasoegxcceimxeoxsacnrgxaalrrasoegxcceimxcbrxcbnxgxaalrrasoxgxcceimclxlloanogxaalrrasaagxcceialxosmbanxgxaalrrasaagxcceimxlbmxlonogxaalrrmxcbgxcceimasbmxsonxgxaalrrbbcsgxcceicloaxxoanxgxaalrrleoagxcceicloaecoenxgxaalrrleomgxcceimraeelsonxgxaalrrleomgxcceiallxlmscnxgxaalraexcmgxcceimrmaobxanogxaalraexbmgxcceimcssmlrenrgxaalraoslcgxcceimaoolslanxgxaalrasoccgxcceimmoeosaonxgxaalracloegxcceimmoeosscnxgxaalracloegxcceimmoeosconxgxaalracloegxcceiccblrxrbnxgxaalracloegxcceimsacexoonxgxaalrarlxsgxcceimxlbalcenogxaalrmerbxgxcceimxlbmxbbnogxaalrmerbxgxcceimrxccosoncgxaalrmeabxgxcceicloaxxabnxgxaalrmeabxgxcceimxlbmxlenogxaalrmeabxgxcceirrbbcsacnxgxaalrmxecrgxcceicbbmelocnogxaalrmxecagxcceiaaxcambbnogxaalrmxxllgxcceialrexexbnxgxaalrmxxllgxcceiccblrxaanxgxaalrmocmagxcceimoobcomanxgxaalrmocmagxcceimoobcobenxgxaalrmocmagxcceimoobcoabnxgxaalrmocmagxcceimoobcoaonxgxaalrmocmlgxcceimoobcomonxgxaalrmocmlgxcceimoobcomenxgxaalrmocmlgxcceimoobcoaanxgxaalrmocmlgxcceimeelareanxgxaalrmsbregxcceimemlxbocnogxaalrmsbregxcceimemlxmcbnxgxaalrmccomgxcceimmxcxslenxgxaalrmccolgxcceimasbmxsbnogxaalrmbrrbgxcceimaaaerobnxgxaalrmbrlrgxcceimmossscensgxaalrmlxbegxcceimrbxmxmanxgxaalrmlxbegxcceialbmlexcnxgxaalrbxsrsgxcceimasbmxsenxgxaalrbooecgxcceimxxerrxenxgxaalrbsblcgxcceimmosssconagxaalrbsbllgxcceimxlbmosenogxaalrbsbllgxcceialbbebsbnxgxaalrbsbllgxcceimxcbrxocnxgxaalrbsbllgxcceimxxerreonxgxaalrbsbllgxcceialrexeoonxgxaalrbsbllgxcceimxlbmoscnogxaalrbsbllgxcceimrmbbrcanxgxaalrbcesrgxcceimrmbbrconxgxaalrbcesrgxcceicloaxxmonxgxaalrbcxabgxcceimecmmelonxgxaalrbcomrgmoeimecmmelenxgxaalrbcseegmoeimexexabbnxgxaalrbcmlcgxcceimmooobrbnxgxaalrbcbregxcceialbmmbbenxgxaalrbcbregxcceimmooobranxgxaalrbcbregxcceimxcbrxmbnxgxaalrbcbregxcceimxlbmosanogxaalrbclbbgxcceicxmecmcanxgxaalrbabxbgxcceialbmbrmcnxgxaalrbmormgxcceicloaxxobnxgxaalrbmormgxcceialbmbrmanxgxaalrbmormgxcceimxeemblonxgxaalrbmormgxcceialbmbrabnxgxaalrbmormgxcceialbmlesenxgxaalrbmsrxgxcceicloaecoanxgxaalrbmblxgxcceimmxccmeonxgxaalrbboeagxcceimxlbmoobnogxaalrbboeagxcceimxlbmosonogxaalrbbbaagxcceirreacmsbnxgxaalrbbbaagxcceimcssmlrcnsgxaalrbbbaagxcceimxxrecsanxgxaalrbblorgxcceimeelaclanmgxaalrbblorgxcceimrbleaxonxgxaalrbblorgxcceimellboscnxgxaalrbblorgxcceimellbooenxgxaalrbblorgxcceiaaxcamlcnxgxaalrbblorgxcceimeelaclonagxaalrbblorgxcceimeelaclcnagxaalrbblorgxcceimellbosonxgxaalrbblorgxcceialbmlecanxgxaalrblxcbgxcceimaoolxxbnxgxaalrlebrmgxcceimclsaoxbncgxaalrlebrmgxcceimcoaxmxoncgxaalrlebrmgxcceimcssmlronsgxaalrlebrmgxcceimmxerboonxgxaalrlxccogxcceialbmmbbonxgxaalrlxbsrgxcceimcoaxmxcncgxaalrlxlbcgxcceimmxsrbmensgxaalrlxlbcgxcceimaoolcoenxgxaalrlolaogxcceimecmmelcnxgxaalrlolaogmoeimxlbmxlcnogxaalrlolaogxcceimxrrmllbnxgxaalrlssxbgxcceialblcxmbnxgxaalrlssxbgxcceislmbeslrnxgxaalrlssxbgxcceialblcxbonxgxaalrlssxbgxcceimxrrbeecnxgxaalrlssxbgxcceislmbecesnxgxaalrlssxbgxcceiaaxcabeenxgxaalrlsaaxgxcceimxeemblenogxaalrlsaaogxcceimxeemleanxgxaalrlcelegxcceimxcbrxcenxgxaalrlccrxgxcceialbbebrenxgxaalrlccrxgxcceimxcbrxaonxgxaalrlccrxgxcceimmooobronxgxaalaeelregxcceimxeoxsbenrgxaalaecrlrgxcceimxcbrxbenxgxaalaecrlrgxcceimxcbrxsenxgxaalaererlgxcceimrxmbarenxgxaalaeaxbegxcceiocmlcbssnxgxaalaeaoargxcceimcrxeoconxgxaalaeabesgxcceimcrxeoaonxgxaalaeabesgxcceimcrxeosenxgxaalaeabecgxcceimcrxeorcnxgxaalaeabemgxcceimrxmbacanxgxaalaeallxgxcceimexlaeoonxgxaalaemmbrgxcceimrmbbrmenxgxaalaxsreegxcceimeelarecnxgxaalaxcsbbgxcceialbmlecenxgxaalaxcsbbgxcceicloaecocnxgxaalaxcsbbgxcceimxcbrxrbnxgxaalaxmrsegxcceimaooloranxgxaalaxmbacgxcceicmarxbbonsgxaalaxmbargxcceimxlbalscnxgxaalaxmbargxcceimeembescnxgxaalaxmlbxgxcceimeembecenxgxaalaxmlbxgxcceimrxccoscnxgxaalaossmrgxcceiaaxcamlanxgxaalaossmrgxcceiaaxcamlenxgxaalaossmrgxcceimmxsrbaonxgxaalaocclogxcceimaoolcoonxgxaalaocrxsgxcceixaoossalnxgxaalaocaeegxcceicloaxxmenxgxaalaocaexgxcceicloaxxaanxgxaalaocaexgxcceimrmlcaebnogxaalaocaobgxcceimrrcermonxgxaalaocaolgmoe; expires=Tue, 29 Nov 2022 08:37:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-link%22%3A%22v3%7C%7CNOR%7C3947848%7C75540572%7C0%7C%7C142%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C6384733491cad6.57221471528465370%7C42981c758a9c270dc212bfea7014063f%7C0%7Cxsportshd.com%7C1280x1024%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 29 Nov 2022 08:37:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Location: https://bongacams10.com/track?c=765750&subid2=fpornx.com
X-Robots-Tag: noindex, follow
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 937 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 789ea06014fca6c421e04c07430a283e
b17ab40a65b758bed31dadaf0fbf4240da27500c
798a3fdb5583bbd82689daed73f985e460f3829345341578ed7235a57ac86454
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:09 GMT
Content-Type: application/ocsp-response
Content-Length: 937
Connection: keep-alive
Expires: Fri, 02 Dec 2022 06:01:48 GMT
ETag: "b17ab40a65b758bed31dadaf0fbf4240da27500c"
Last-Modified: Mon, 28 Nov 2022 06:01:49 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1983
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7711c7af9c6fb509-OSL
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash deef0c2872f65265b09a2033bb094db6
ff7c8832bdc0afb28c6f568f835ba2ce46d44881
d6f2c31c5a031c25dad99c0e5a417da71e12dd7499e9f08183069749904470e6
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3850
Cache-Control: max-age=101027
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:09 GMT
Etag: "63834bce-117"
Expires: Tue, 29 Nov 2022 12:40:56 GMT
Last-Modified: Sun, 27 Nov 2022 11:36:46 GMT
Server: ECS (amb/6B7A)
X-Cache: HIT
Content-Length: 279
track.traffic.name/7435c4e6-8097-41e1-ac82-61b3b3ea5694?&banner=5049044&keyword=*&pubfeed=244025&pointid=244025&zoneid=&conversion=Fc7DG13hoxs&bid=0.0003
18.193.235.10200 OK 314 B URL HTTP/2 track.traffic.name/7435c4e6-8097-41e1-ac82-61b3b3ea5694?&banner=5049044&keyword=*&pubfeed=244025&pointid=244025&zoneid=&conversion=Fc7DG13hoxs&bid=0.0003
IP 18.193.235.10:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (314), with no line terminators
Hash 1d58c5bce47e88737f64265b10ffcb9c
3cecac2888ed84a55d858d5eb75e151a53d1f5dd
b27ea6ac8aed51fe69de44f0450f9e94150b8a3e6af8071e5bc08d9e13e9b844
GET /7435c4e6-8097-41e1-ac82-61b3b3ea5694?&banner=5049044&keyword=*&pubfeed=244025&pointid=244025&zoneid=&conversion=Fc7DG13hoxs&bid=0.0003 HTTP/1.1
Host: track.traffic.name
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/html;charset=UTF-8
content-length: 314
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: 7435c4e6-8097-41e1-ac82-61b3b3ea5694-v4=UdjExlevMTX283SudgJ0JqX0y9l-Dvb8UdtDcglfS1Y; Max-Age=86400; Expires=Tue, 29-Nov-2022 08:37:09 GMT; Domain=track.traffic.name; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=9ip5ofGk8nUJIRMcDfTsupGzpldAUVuz3O92VFABn4Nu3DJ1%2B5Dx9ntPRNaAuURIPcuCxrgO7wlZ6c%2B101lEMJ0DvB5Oy7vx7U6UBEjuSDvx3TLQto3Hd51HnXcmdeBUULb7DRBwms0mPYELq%2F8ZSg%3D%3D; Max-Age=31536000; Expires=Tue, 28-Nov-2023 08:37:09 GMT; Domain=track.traffic.name; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
click-v4.expmdiadi.com/click?i=ul7pFF82i2w_0
198.134.116.17302 Found 0 B URL HTTP/1.1 click-v4.expmdiadi.com/click?i=ul7pFF82i2w_0
IP 198.134.116.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=ul7pFF82i2w_0 HTTP/1.1
Host: click-v4.expmdiadi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 08:37:09 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: http://eu.dspsuper.com/api/submit_form_request?p=6385b55b-e6c9-43c1-a38b-7324c1634837&ts=1669624628&z=5561498
Pragma: no-cache
bongacams10.com/track?c=765750&subid2=fpornx.com
195.85.23.222302 Found 138 B URL HTTP/2 bongacams10.com/track?c=765750&subid2=fpornx.com
IP 195.85.23.222:0
ASN #209242 Cloudflare London, LLC
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash aff950cab4c0265e21d401db15f1026d
f03e18461817f7a6546c8bf8fa8d686d7e30aca0
753e0dd54f28c4f7009b9c0b18a68aed175416bd8b7d134858264586eaac56f0
GET /track?c=765750&subid2=fpornx.com HTTP/1.1
Host: bongacams10.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndication.realsrv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/html
content-length: 138
location: https://bngtrk.com/hit.php?c=765750&subid2=fpornx.com
x-bc: ded7856
x-zone: 5a-web55
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=2OMlXhF7kvLPUcNm_NA1Gvc2xD5kMgB1JliqxeH_a2I-1669624629-0-AfET0ufNhQ0fOhnQx6ztvpusDSsH1FrxCpGNiaP3pFN7zlXuGGbbpLC1pRFPtNg/rAt0e0i42T7v3HaG09t7YK4=; path=/; expires=Mon, 28-Nov-22 09:07:09 GMT; domain=.bongacams10.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7711c7afd8440b02-OSL
X-Firefox-Spdy: h2
live.batstream.cc/jquery-ui-1.12.1.custom/jquery-ui.min.js
172.67.138.117200 OK 82 kB URL HTTP/2 live.batstream.cc/jquery-ui-1.12.1.custom/jquery-ui.min.js
IP 172.67.138.117:0
File type ASCII text, with very long lines (17014)
Hash e9e5f68009d03359a89841cb925e1bcb
410368c212155cfb117d107321c02daf9ace0690
f8c2d29f33c5537b1560a0f73dfb2203e6f4e0954f041647715ad6843a12b591
Analyzer Verdict Alert fortinet Malware
GET /jquery-ui-1.12.1.custom/jquery-ui.min.js HTTP/1.1
Host: live.batstream.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://live.batstream.cc/?d=1&s=1&sp=2&fs=12px&tt=none&fc=FFFFFF&tc=FFFFFF&bc=4E5D6C&bhc=3E4A56&thc=FFFFFF&pd=5px&brc=030303&brr=2px&mr=3px&tm=122A33&tmb=FFFFFF&wb=2B3E50&bcc=2B3E50&bsh=0px&rdb=EBEBEB&rdc=333333
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: application/javascript
last-modified: Mon, 28 Jan 2019 22:44:24 GMT
etag: W/"5c4f85c8-433e"
expires: Tue, 27 Dec 2022 21:57:07 GMT
cache-control: public, max-age=31536000
access-control-allow-origin: *
pragma: public
cf-cache-status: HIT
age: 38401
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EkQqp7govEfvPEwz4y4n1IKZEMoWZyIJ7EXWaRyHUgg5oUdD53lF41U%2F3F0VEvmIA8FuHVBuZI7EP8OTNHi59IRPnM2aQwFLk%2BnZ2l3QK%2F5RLwPsep7bzET1RecbsgQbW5HhmA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7711c7aaac240af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bongacams10.com/track?c=765750&subid2=fpornx.com
195.85.23.222302 Found 2.8 kB URL HTTP/2 bongacams10.com/track?c=765750&subid2=fpornx.com
IP 195.85.23.222:0
ASN #209242 Cloudflare London, LLC
File type gzip compressed data, max compression, from Unix\012- data
Hash 130269943033072820389e61a935e43c
919a2a28b0574c7e3487660e99d6f9ab9a072340
62aa151e778eb151b0e804bd8a0c9e6c25f8510ed74d3c294393e219f6b087e6
GET /track?c=765750&subid2=fpornx.com HTTP/1.1
Host: bongacams10.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndication.realsrv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/html
content-length: 138
location: https://bngtrk.com/hit.php?c=765750&subid2=fpornx.com
x-bc: ded7856
x-zone: 5a-web55
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=VEovc8VNLjD3Rly1yk9LZ1U3GV4FeSdxrkAYdvZOTD8-1669624629-0-AVfQszQgs9Q6i0817UccTelkD/AOK6bga2w9A9UQzmgc5vAEDixG7S47bJJwvtVPVeaGEy6zUNgiM2GFMktX+0I=; path=/; expires=Mon, 28-Nov-22 09:07:09 GMT; domain=.bongacams10.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7711c7b028940b02-OSL
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=https%3A%2F%2Fsportsmix.net%2F&sub=&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=0x0&iframe=1
95.211.229.245302 Found 0 B URL HTTP/1.1 syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=https%3A%2F%2Fsportsmix.net%2F&sub=&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=0x0&iframe=1
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /splash.php?cat=&idzone=3947848&type=8&p=https%3A%2F%2Fsportsmix.net%2F&sub=&tested=1&check=0c1c5c30286e1db21a741e4b62c8b6e4&screen_resolution=1280x1024&container_resolution=0x0&iframe=1 HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://syndication.realsrv.com/splash.php?cat=&idzone=3947848&type=8&p=&sub=
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226384733491cad6.57221471528465370%22%3B%7D; c-tag=%7B%22tag-link%22%3A%22v3%7C%7CNOR%7C4785728%7C76650656%7C0%7C%7C502%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C63aaa021a361a4769823bce8ef78977a%7C0%7Cxsportshd.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 08:37:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A32%3A%226384733491cad6.57221471528465370%22%3B%7D; expires=Wed, 27 Nov 2024 08:37:09 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=cmmsxrbonxgxaalsbbboageicmmsxaeenxgxaalsmleergeimacslbecnxgxaaabssxamgeislsaroornxgxaalrmxecrgeicxbmsbxcnxgxaalaxmrsegeioslmrxlrnxgxaalrollmegeiccmmlmlcnxgxaalcscrlmgeialbsereanxgxaalrollmegeioslmrxbrnxgxaalrlccrxgeicxbmsbcenxgxaalrlccrxgeioslmrxlsnxgxaalreolamgeicxbmsbocnxgxaalrcerlbgeicxbmsboenxgxaalrbsbllgeiclsmarcanxgxaaallsxlcgeiclsmrrmanxgxaaallsxlcgeirbabxabbnxgxaablbccmbgeiccmmlleanxgxaalrollmegeimcrxsbcenxgxaameollsmgeimreaoboenxgxaameollsmgeimcclosscnxgxaalccxmexgeimacslbeenxgxaaboslelageioslmroemnxgxaalraseexgeioslmrxbmnxgxaalaxmrsegeicaxsscmbnxgxaalsombbogeicaormlxonxgxaamealeoegeicaormbmcnxgxaamealeoegeimcclsxscnxgxaamsmxlcageimccloscanxgxaalrlccrxgeimreaomxenxgxaamelbbsbgeimreaobscnxgxaamelbbsbgeimcclosconxgxaalrcerllgeimcclsoeonxgxaamxaacblgeimacslbeonxgxaaloesaslgeimcclsxsanxgxaamsmxlcageimcclsxlbnxgxaamssmcolgeimaecseaonxgxaamssmcolgeimaecsxeonxgxaamssmcolgeimaecseronxgxaamssmcolgeimrblelrenxgxaamssmcolgeiccmmllebnxgxaalrrccrxgeimcclsxlonxgxaamcsebsxgeimcclsoeenxgxaamcrclalgeimcclsxsbnxgxaamcrclalgeimcclossbnxgxaammemsrlgeimcclsxlcnxgxaamrscxmxgeimaecseranxgxaabrlemaegeimcclosccnxgxaamrscxmxgeicaormlxcnxgxaalosseolgeicaormbmbnxgxaalrexasogeiclsmrbsenxgxaamaxcsxcgeialbserebnxgxaalolablsgeimcclsxconxgxaalrbbbaageimcclsxmenxgxaalrlccrxgeialbserxonxgxaalcscrlmgeimccloscenxgxaamabsxrmgeimcclsxxonxgxaalrcerllgeimcclsxbcnxgxaammclslageicaormlxanxgxaammacmrxgeimcclsxaonxgxaaloarmmlgeimrblxxxbnxgxaambboecmgeimrblxelcnxgxaambboecmgeimrblxxrbnxgxaambboecmgeialbserxenxgxaalsxarlegeimacslbeanxgxaablxaelxgeialbserecnxgxaalssbrcxgeiccmmllecnxgxaalcsrbbbgeisaeeasslnxgxaabrbeccogeimcclossanxgxaabrlemaegeimcclsxronxgxaalraseexgeimaecseabnxgxaabrlemaegeimrblelrcnxgxaabrlemaegeimrblxemonxgxaabrlemaegeimcclsxcanxgxaalrlccrxgeimaecsxoonxgxaabmalbxxgeircsxcxscnxgxaabbxeomsgeicaormbbenxgxaalexxbcxgeiabeocmconxgxaablxrcmmgeimcclsxxcnxgxaalesmxrsgeimrblxeeanxgxaablsaloageimaecsemanxgxaablsaloageimaecselonxgxaaloaroaageimcclsxacnxgxaalrcerllgeimcclselenxgxaalreolamgeimaecsxronxgxaalxmmoorgeimaecsxsenxgxaalxmmoorgeimaecsercnxgxaalxmmoorgeimaecsembnxgxaalxmmoorgeimaecselenxgxaalxmmoorgeimaecobobnxgxaalsmleergeimaecomoanxgxaalsbbboageimrblxxoenxgxaalsbmacmgeimaecobsbnxgxaalsbbboageimrblxosonxgxaalsbbboageimcclsxmanxgxaalrollmegeimasbmxconxgxaalrsbmlegxcceimxxerrecnxgxaalrcerlbgxcceimxcbrxscnxgxaalrcerllgxcceimxxerreanxgxaalrcerllgxcceimxxerrebnxgxaalrcerllgxcceimxcbrxabnxgxaalrcerllgxcceimrxccosencgxaalrcerllgxcceialbbebsanxgxaalrcerllgxcceimaoobbebnxgxaalrcxbrsgxcceimraeelaanxgxaalrcxbrsgxcceixaoosscrnxgxaalrcrlbmgxcceimrxccosancgxaalrcrlbmgxcceimxcbrxronxgxaalrcrlbmgxcceimraeelabnxgxaalrcmelsgxcceicxsxcobxnxgxaalrclsllgxcceimxlbalsbnogxaalrrccrxgxcceialcaercenxgxaalrrccrxgxcceimaoobrbansgxaalrrccrxgxcceimaoobrbcnsgxaalrrccrxgxcceimmoeosaenxgxaalrrrsccgxcceimeembesonxgxaalrrrsccgxcceimmxsrbabnsgxaalrrrsccgxcceimasbmxsanxgxaalrraxsagxcceimxlbmoconsgxaalrrasoegxcceimxeoxsacnrgxaalrrasoegxcceimxcbrxcbnxgxaalrrasoxgxcceimclxlloanogxaalrrasaagxcceialxosmbanxgxaalrrasaagxcceimxlbmxlonogxaalrrmxcbgxcceimasbmxsonxgxaalrrbbcsgxcceicloaxxoanxgxaalrrleoagxcceicloaecoenxgxaalrrleomgxcceimraeelsonxgxaalrrleomgxcceiallxlmscnxgxaalraexcmgxcceimrmaobxanogxaalraexbmgxcceimcssmlrenrgxaalraoslcgxcceimaoolslanxgxaalrasoccgxcceimmoeosaonxgxaalracloegxcceimmoeosscnxgxaalracloegxcceimmoeosconxgxaalracloegxcceiccblrxrbnxgxaalracloegxcceimsacexoonxgxaalrarlxsgxcceimxlbalcenogxaalrmerbxgxcceimxlbmxbbnogxaalrmerbxgxcceimrxccosoncgxaalrmeabxgxcceicloaxxabnxgxaalrmeabxgxcceimxlbmxlenogxaalrmeabxgxcceirrbbcsacnxgxaalrmxecrgxcceicbbmelocnogxaalrmxecagxcceiaaxcambbnogxaalrmxxllgxcceialrexexbnxgxaalrmxxllgxcceiccblrxaanxgxaalrmocmagxcceimoobcomanxgxaalrmocmagxcceimoobcobenxgxaalrmocmagxcceimoobcoabnxgxaalrmocmagxcceimoobcoaonxgxaalrmocmlgxcceimoobcomonxgxaalrmocmlgxcceimoobcomenxgxaalrmocmlgxcceimoobcoaanxgxaalrmocmlgxcceimeelareanxgxaalrmsbregxcceimemlxbocnogxaalrmsbregxcceimemlxmcbnxgxaalrmccomgxcceimmxcxslenxgxaalrmccolgxcceimasbmxsbnogxaalrmbrrbgxcceimaaaerobnxgxaalrmbrlrgxcceimmossscensgxaalrmlxbegxcceimrbxmxmanxgxaalrmlxbegxcceialbmlexcnxgxaalrbxsrsgxcceimasbmxsenxgxaalrbooecgxcceimxxerrxenxgxaalrbsblcgxcceimmosssconagxaalrbsbllgxcceimxlbmosenogxaalrbsbllgxcceialbbebsbnxgxaalrbsbllgxcceimxcbrxocnxgxaalrbsbllgxcceimxxerreonxgxaalrbsbllgxcceialrexeoonxgxaalrbsbllgxcceimxlbmoscnogxaalrbsbllgxcceimrmbbrcanxgxaalrbcesrgxcceimrmbbrconxgxaalrbcesrgxcceicloaxxmonxgxaalrbcxabgxcceimecmmelonxgxaalrbcomrgmoeimecmmelenxgxaalrbcseegmoeimexexabbnxgxaalrbcmlcgxcceimmooobrbnxgxaalrbcbregxcceialbmmbbenxgxaalrbcbregxcceimmooobranxgxaalrbcbregxcceimxcbrxmbnxgxaalrbcbregxcceimxlbmosanogxaalrbclbbgxcceicxmecmcanxgxaalrbabxbgxcceialbmbrmcnxgxaalrbmormgxcceicloaxxobnxgxaalrbmormgxcceialbmbrmanxgxaalrbmormgxcceimxeemblonxgxaalrbmormgxcceialbmbrabnxgxaalrbmormgxcceialbmlesenxgxaalrbmsrxgxcceicloaecoanxgxaalrbmblxgxcceimmxccmeonxgxaalrbboeagxcceimxlbmoobnogxaalrbboeagxcceimxlbmosonogxaalrbbbaagxcceirreacmsbnxgxaalrbbbaagxcceimcssmlrcnsgxaalrbbbaagxcceimxxrecsanxgxaalrbblorgxcceimeelaclanmgxaalrbblorgxcceimrbleaxonxgxaalrbblorgxcceimellboscnxgxaalrbblorgxcceimellbooenxgxaalrbblorgxcceiaaxcamlcnxgxaalrbblorgxcceimeelaclonagxaalrbblorgxcceimeelaclcnagxaalrbblorgxcceimellbosonxgxaalrbblorgxcceialbmlecanxgxaalrblxcbgxcceimaoolxxbnxgxaalrlebrmgxcceimclsaoxbncgxaalrlebrmgxcceimcoaxmxoncgxaalrlebrmgxcceimcssmlronsgxaalrlebrmgxcceimmxerboonxgxaalrlxccogxcceialbmmbbonxgxaalrlxbsrgxcceimcoaxmxcncgxaalrlxlbcgxcceimmxsrbmensgxaalrlxlbcgxcceimaoolcoenxgxaalrlolaogxcceimecmmelcnxgxaalrlolaogmoeimxlbmxlcnogxaalrlolaogxcceimxrrmllbnxgxaalrlssxbgxcceialblcxmbnxgxaalrlssxbgxcceislmbeslrnxgxaalrlssxbgxcceialblcxbonxgxaalrlssxbgxcceimxrrbeecnxgxaalrlssxbgxcceislmbecesnxgxaalrlssxbgxcceiaaxcabeenxgxaalrlsaaxgxcceimxeemblenogxaalrlsaaogxcceimxeemleanxgxaalrlcelegxcceimxcbrxcenxgxaalrlccrxgxcceialbbebrenxgxaalrlccrxgxcceimxcbrxaonxgxaalrlccrxgxcceimmooobronxgxaalaeelregxcceimxeoxsbenrgxaalaecrlrgxcceimxcbrxbenxgxaalaecrlrgxcceimxcbrxsenxgxaalaererlgxcceimrxmbarenxgxaalaeaxbegxcceiocmlcbssnxgxaalaeaoargxcceimcrxeoconxgxaalaeabesgxcceimcrxeoaonxgxaalaeabesgxcceimcrxeosenxgxaalaeabecgxcceimcrxeorcnxgxaalaeabemgxcceimrxmbacanxgxaalaeallxgxcceimexlaeoonxgxaalaemmbrgxcceimrmbbrmenxgxaalaxsreegxcceimeelarecnxgxaalaxcsbbgxcceialbmlecenxgxaalaxcsbbgxcceicloaecocnxgxaalaxcsbbgxcceimxcbrxrbnxgxaalaxmrsegxcceimaooloranxgxaalaxmbacgxcceicmarxbbonsgxaalaxmbargxcceimxlbalscnxgxaalaxmbargxcceimeembescnxgxaalaxmlbxgxcceimeembecenxgxaalaxmlbxgxcceimrxccoscnxgxaalaossmrgxcceiaaxcamlanxgxaalaossmrgxcceiaaxcamlenxgxaalaossmrgxcceimmxsrbaonxgxaalaocclogxcceimaoolcoonxgxaalaocrxsgxcceixaoossalnxgxaalaocaeegxcceicloaxxmenxgxaalaocaexgxcceicloaxxaanxgxaalaocaexgxcceimrmlcaebnogxaalaocaobgxcceimrblbooanxgxaalaocaolgxcce; expires=Tue, 29 Nov 2022 08:37:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-link%22%3A%22v3%7C%7CNOR%7C3947848%7C75898226%7C0%7C%7C142%7C41%7C3%7C40%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C6384733491cad6.57221471528465370%7C89835382f06f6e03314c6d356e94194e%7C0%7Csportsmix.net%7C1280x1024%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Tue, 29 Nov 2022 08:37:09 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
Location: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
X-Robots-Tag: noindex, follow
ocsp.usertrust.com/
104.18.32.68200 OK 472 B IP 104.18.32.68:0
Hash e1d510d055e91851ded7e20f402bf4da
55d02f507124ec3b80f9441b465d82ed6638e880
1f49de2d98890849ac1dafe557da8362976a4a98f8fc92a19b95d6739f7f26c3
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:09 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 28 Nov 2022 06:10:16 GMT
Expires: Mon, 05 Dec 2022 06:10:15 GMT
Etag: "55d02f507124ec3b80f9441b465d82ed6638e880"
Cache-Control: max-age=603184,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 148
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7711c7b0a924b4f1-OSL
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 882c5e23bd82f7f51591a644bd4098e6
614303de9a1538b56e74c0acffdff394ac411ecb
668baeaaef308ece02deb1b7215c056b8880a50ed6bfc156d008e5225d8d7aa0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4363
Cache-Control: max-age=91089
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:09 GMT
Etag: "638322fb-117"
Expires: Tue, 29 Nov 2022 09:55:18 GMT
Last-Modified: Sun, 27 Nov 2022 08:42:35 GMT
Server: ECS (amb/6B7A)
X-Cache: HIT
Content-Length: 279
click-v4.expmdiadi.com/click?i=a7Qa0oBXBJo_0
198.134.116.17302 Found 0 B URL HTTP/1.1 click-v4.expmdiadi.com/click?i=a7Qa0oBXBJo_0
IP 198.134.116.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=a7Qa0oBXBJo_0 HTTP/1.1
Host: click-v4.expmdiadi.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://socceronline.xyz/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 08:37:09 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: http://eu.dspsuper.com/api/submit_form_request?p=0defcb28-a862-4212-beb8-eb7de89ff85e&ts=1669624629&z=5561498
Pragma: no-cache
hello.lov.net/_fuckbook/loader.css
156.146.33.18200 OK 545 B URL HTTP/2 hello.lov.net/_fuckbook/loader.css
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
Hash eadfd049212bd386a4bc6dd586a77e18
23c690a64e1cc79c0ded0ab69a83a5bd587331d9
600cf633c26791c23deaae3d2187b2151aefbc535949c141f4e1c4ba45c26814
GET /_fuckbook/loader.css HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/css
last-modified: Wed, 23 Nov 2022 16:47:16 GMT
etag: W/"637e4e94-2ba"
access-control-allow-origin: *
x-accel-expires: @1670261252
server: CDN77-Turbo
x-77-nzt: AZySIRC/ZCT/MRsGAA
x-77-nzt-ray: f6587a1df97b4dc4357384631cdbff32
x-cache: HIT
x-age: 400177
x-77-pop: frankfurtDE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
hello.lov.net/lander/lv002_pps/img/logo.png
156.146.33.18200 OK 1.2 kB URL HTTP/2 hello.lov.net/lander/lv002_pps/img/logo.png
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
File type PNG image data, 140 x 42, 8-bit colormap, non-interlaced\012- data
Hash df97d28ef2ff68f2df0d8cefc65b47b7
fab584ab111527e4c1686840a183a90717571345
65d81177b867db951a8755ccff549bc494fce54b7d3088061d13d0bc129c07c9
GET /lander/lv002_pps/img/logo.png HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: image/png
content-length: 1204
last-modified: Wed, 23 Nov 2022 16:58:49 GMT
etag: "637e5149-4b4"
access-control-allow-origin: *
x-accel-expires: @1670261255
server: CDN77-Turbo
x-77-nzt: AZySIRAHqiP/LhsGAA
x-77-nzt-ray: f6587a1df97b4dc435738463ce2b3c34
x-cache: HIT
x-age: 400174
x-77-pop: frankfurtDE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
livestotal.net/football-streaming.html
104.21.57.163200 OK 1.7 kB URL HTTP/2 livestotal.net/football-streaming.html
IP 104.21.57.163:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 3bb12e454e61938d853883f74e2d6d2a
53102115b0a07c7d1dc71b3908e9002febc61b68
c0c680210a90d17b52029febe36fc343c7696b17b01c9f3ed74a5877f2ae9f3d
GET /football-streaming.html HTTP/1.1
Host: livestotal.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: text/html
last-modified: Sun, 17 Jul 2022 08:53:28 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j6zK2R5YaID2%2FkW5YHm9LaafuBpnRfIQXbYQ6rzDT1oRn%2F%2BCI1RLFiL2y5pyxWXfAPBWxCxPwymFGVEgKsMJHlPQLkEDiLGleTbOOXndjDv7JAXkfNUxtsfDQBDOcCqEiA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711c7a4cc911c06-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hello.lov.net/lander/lv002_pps/img/2.png
156.146.33.18200 OK 2.0 kB URL HTTP/2 hello.lov.net/lander/lv002_pps/img/2.png
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
File type PNG image data, 140 x 119, 8-bit colormap, non-interlaced\012- data
Hash 13377d3dc2bd38db928ceeae1b37deb8
1a56ca922304c8aee79730ec6c8547cb31c3a49e
9ebfc34347a389eb0bf2dbfb432f0d17727c8321cc7b53a0f4f76bd16538435e
GET /lander/lv002_pps/img/2.png HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: image/png
content-length: 2038
last-modified: Wed, 23 Nov 2022 16:58:49 GMT
etag: "637e5149-7f6"
access-control-allow-origin: *
x-accel-expires: @1670261255
server: CDN77-Turbo
x-77-nzt: AZySIRB+K+7/LhsGAA
x-77-nzt-ray: f6587a1df97b4dc435738463f15c4e34
x-cache: HIT
x-age: 400174
x-77-pop: frankfurtDE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
hello.lov.net/lander/lv002_pps/img/3.png
156.146.33.18200 OK 1.9 kB URL HTTP/2 hello.lov.net/lander/lv002_pps/img/3.png
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
File type PNG image data, 119 x 119, 8-bit colormap, non-interlaced\012- data
Hash 72b342286902d1ad79d3e1e3bcb844ff
8fcf5a1317a41a494777ccfbaf01a56defd2489f
e05899383280a849e7c194cebb51b4394c244f3b37bb26a72ede92aa94706a55
GET /lander/lv002_pps/img/3.png HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: image/png
content-length: 1946
last-modified: Wed, 23 Nov 2022 16:58:49 GMT
etag: "637e5149-79a"
access-control-allow-origin: *
x-accel-expires: @1670261255
server: CDN77-Turbo
x-77-nzt: AZySIRD4TDv/LhsGAA
x-77-nzt-ray: f6587a1df97b4dc4357384639fb09134
x-cache: HIT
x-age: 400174
x-77-pop: frankfurtDE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
sportsmix.net/hd-streams.html
104.21.5.185200 OK 7.6 kB URL HTTP/2 sportsmix.net/hd-streams.html
IP 104.21.5.185:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 02114c8bcf04c2ec9ed0fb38f526bc95
74cbfff22ad6ba8ecaeee676c27bba4ac3f00889
765e1dadc5ce66c61493292a814672d867a542e1fd69834b1e6712f1bb2e5261
Analyzer Verdict Alert fortinet Malware
GET /hd-streams.html HTTP/1.1
Host: sportsmix.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: text/html
last-modified: Fri, 05 Aug 2022 11:09:31 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7dhsJnmLpfXqM79usiGL%2BcBgXR79kjUqsr%2FSr%2BQvJkMODatTPFdmm0k5mF%2BASS3PRHmhYcwvGF6hbsnQ8c8RTBnavSzD5UMBeFNnRqZmB%2FeWiZg4c43VktWjHfHmpIxc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711c7a5aa39b506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hello.lov.net/lander/lv002_pps/img/testimonial-2.jpg
156.146.33.18200 OK 7.0 kB URL HTTP/2 hello.lov.net/lander/lv002_pps/img/testimonial-2.jpg
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 266409138895dc1872763027541008d5
7a000c6e848b9251b4d3b1c821e3399719d999cb
cd1876d985004c02db9177e353e658f3cc7f9b77225969b80ddfbf634402e15b
GET /lander/lv002_pps/img/testimonial-2.jpg HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: image/jpeg
content-length: 6958
last-modified: Wed, 23 Nov 2022 16:58:49 GMT
etag: "637e5149-1b2e"
access-control-allow-origin: *
x-accel-expires: @1670261255
server: CDN77-Turbo
x-77-nzt: AZySIRDpyoH/LhsGAA
x-77-nzt-ray: f6587a1df97b4dc4357384635f20ac34
x-cache: HIT
x-age: 400174
x-77-pop: frankfurtDE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
hello.lov.net/lander/lv002_pps/img/testimonial-3.jpg
156.146.33.18200 OK 5.9 kB URL HTTP/2 hello.lov.net/lander/lv002_pps/img/testimonial-3.jpg
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 11784400e6c6efd8c7e3a7e1061b34be
db499661cd28b47fca68316159609069e88e6daf
b8c29f26f09941b14923755bd566f3943315c1fb302162858de354f9919c8c52
GET /lander/lv002_pps/img/testimonial-3.jpg HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: image/jpeg
content-length: 5892
last-modified: Wed, 23 Nov 2022 16:58:49 GMT
etag: "637e5149-1704"
access-control-allow-origin: *
x-accel-expires: @1670261255
server: CDN77-Turbo
x-77-nzt: AZySIRDUxiL/LhsGAA
x-77-nzt-ray: f6587a1df97b4dc435738463426faf34
x-cache: HIT
x-age: 400174
x-77-pop: frankfurtDE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
hello.lov.net/lander/lv002_pps/img/testimonial-4.jpg
156.146.33.18200 OK 7.2 kB URL HTTP/2 hello.lov.net/lander/lv002_pps/img/testimonial-4.jpg
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 100x100, components 3\012- data
Hash 63814e660cecba27b2612e8c62f1814d
bf04f5c3fb0c593e3a1c9bfacebb7c98feee9bce
c2f275d45ef647f655a4c80bcf93443ff11f8c39bf7499353bb9610edcb45522
GET /lander/lv002_pps/img/testimonial-4.jpg HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: image/jpeg
content-length: 7198
last-modified: Wed, 23 Nov 2022 16:58:49 GMT
etag: "637e5149-1c1e"
access-control-allow-origin: *
x-accel-expires: @1670261255
server: CDN77-Turbo
x-77-nzt: AZySIRBV6Pn/LhsGAA
x-77-nzt-ray: f6587a1df97b4dc435738463a8bcbf34
x-cache: HIT
x-age: 400174
x-77-pop: frankfurtDE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.okamata.site/site/lm/img/sprits.png
103.224.182.208403 Forbidden 6.5 kB URL HTTP/1.0 cdn.okamata.site/site/lm/img/sprits.png
IP 103.224.182.208:0
ASN #133618 Trellian Pty. Limited
Hash 95dd3e8c43fc2da0b2938ce1be968968
9607ce1576da4667e49aa2857e96acee06457f4c
3f1c7d2cf97b7810e47e42ddf3f5684ecb286a3a3995673e49d0dfa222785066
GET /site/lm/img/sprits.png HTTP/1.1
Host: cdn.okamata.site
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.0 403 Forbidden
Cache-Control: no-cache
Connection: close
Content-Type: text/html
hello.lov.net/lander/lv002_pps/js/api-form-mapper.js
156.146.33.18200 OK 1.2 kB URL HTTP/2 hello.lov.net/lander/lv002_pps/js/api-form-mapper.js
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
Hash e2a7b208d62cce367b59b85671e467af
8da1679cf90c4c1e5864ea69b0adfc79744ef5c2
ac8467d6ccf454278dee1d4d288920f72ed6ac4e8155d5afb3cbafa01e504f12
GET /lander/lv002_pps/js/api-form-mapper.js HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 23 Nov 2022 16:58:49 GMT
etag: W/"637e5149-8d0"
access-control-allow-origin: *
x-accel-expires: @1670261279
server: CDN77-Turbo
x-77-nzt: AZySIRAjJvr/FhsGAA
x-77-nzt-ray: f6587a1df97b4dc43573846313a21d34
x-cache: HIT
x-age: 400150
x-77-pop: frankfurtDE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10008
Expires: Mon, 28 Nov 2022 11:23:57 GMT
Date: Mon, 28 Nov 2022 08:37:09 GMT
Connection: keep-alive
cdn.onesignal.com/sdks/OneSignalSDK.js
104.18.226.52200 OK 3.4 kB URL HTTP/2 cdn.onesignal.com/sdks/OneSignalSDK.js
IP 104.18.226.52:0
File type ASCII text, with very long lines (9097)
Hash 824166f626b2eae6df5033d04e89fe5b
81dd7f0947f46821e894e6e57de9711832e93baf
a0ae599f378455c861d63266fd2c0677f24ca78c67bb860d436c4a049d9185f0
GET /sdks/OneSignalSDK.js HTTP/1.1
Host: cdn.onesignal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: application/javascript
etag: W/"ae63ef8ff03da61fffaa7f165729897a"
via: 1.1 google
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: HIT
age: 727
expires: Thu, 01 Dec 2022 08:37:09 GMT
cache-control: public, max-age=259200
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
server: cloudflare
cf-ray: 7711c7b12fd6b4f7-OSL
content-encoding: br
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
34.120.237.76200 OK 9.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1f434933b5bd6377d299ada22d1ae7ef
075531f525e625b117b2497f31139c9824d0e9c5
b587a3249e4f20112088608e3651c2ccbc44225a5c9d88d3bf5884d7f0e9029c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F165667de-df17-4cc6-832c-94f49703bdf2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9430
x-amzn-requestid: 454ca8bd-a256-45f2-8b41-feee86c5af82
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7wyGCIIAMFhgw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99e-1488f8ce71a91ebc3ad6b7e0;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:50 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: NMMuQ1NNks65LJK_HDAK69MfCJ3pS0Y6VzBs8_5Oku64v4FSWADCdw==
via: 1.1 8f22423015641505b8c857a37450d6c0.cloudfront.net (CloudFront), 1.1 476c2ba6d9f6cd69dbcedbd65688cbc0.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:46 GMT
age: 38123
etag: "075531f525e625b117b2497f31139c9824d0e9c5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10007
Expires: Mon, 28 Nov 2022 11:23:57 GMT
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash aebda342a81ad83f60d2523f54ccda67
e590d9326e4a283e0929a8ffccb13cc4308af0e6
bd123fe3fce93216e2635f9dbc356f081b7599784fb6b67984032f11d82bc7cb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BD123FE3FCE93216E2635F9DBC356F081B7599784FB6B67984032F11D82BC7CB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10007
Expires: Mon, 28 Nov 2022 11:23:57 GMT
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ff6b6f2-e6dd-4654-9894-50de6f502f83.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ff6b6f2-e6dd-4654-9894-50de6f502f83.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6e240caa3153ea25c34d07185b47f8a5
602e8ba5c6671ff947acfda757577ddc8ecec6ec
c2b37bf1ef003ceffaaf4612f2001b6f7998d5b95cd55b32c79fefcb24ccad7f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2ff6b6f2-e6dd-4654-9894-50de6f502f83.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11255
x-amzn-requestid: ce06e0cc-3874-4a3d-a6c5-5cc1cb342138
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR7w8EEOIAMF_6w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d99f-5ca652aa369ee1690b0d08cc;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:41:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 6qKDE2jlIb8D2Mhg-OcsfU1haVtyGYfcMcs1NJT_HPlTv-O26tR60w==
via: 1.1 6ba2a21321beeef65404429d0a4b6380.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:54:34 GMT
age: 38556
etag: "602e8ba5c6671ff947acfda757577ddc8ecec6ec"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a11c6ec-01ab-453a-a13d-c7804535dc69.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a11c6ec-01ab-453a-a13d-c7804535dc69.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b0bd385532089b45a14e461abbecc1af
3da359b1ba09138a425094715b9f3a2f8d0257fe
803001528f2aefc1ea90e585d48de435975862861a1cbe8d898e5cd7ebd297dd
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3a11c6ec-01ab-453a-a13d-c7804535dc69.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8771
x-amzn-requestid: 995d3904-9be1-4b40-9813-ff47e60639ec
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_MEAPoAMF0xw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d861-3fdb7958064e0c4b1aed2136;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:33 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vrBB4JkuL3nbZnDWitQ4dvTruO9M6hSt8mw9NuJliCmcNOw8xvfWhw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:16:08 GMT
age: 37262
etag: "3da359b1ba09138a425094715b9f3a2f8d0257fe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 7505e6a6ec5b5b89eff187cd1e7b73dc
f2407e16efbe99af301250a98e08948199d66225
bca5c29d185ab671d9b97a74c815da37ff5e2a7baa5e1555d272d784b4221236
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4786
Cache-Control: max-age=88682
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:10 GMT
Etag: "638317ee-117"
Expires: Tue, 29 Nov 2022 09:15:12 GMT
Last-Modified: Sun, 27 Nov 2022 07:55:26 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 279
live.batstream.live/?d=1&s=1&sp=2&fs=12px&tt=none&fc=FFFFFF&tc=FFFFFF&bc=4E5D6C&bhc=3E4A56&thc=FFFFFF&pd=5px&brc=030303&brr=2px&mr=3px&tm=122A33&tmb=FFFFFF&wb=2B3E50&bcc=2B3E50&bsh=0px&rdb=EBEBEB&rdc=333333
172.67.162.8301 Moved Permanently 888 B URL HTTP/2 live.batstream.live/?d=1&s=1&sp=2&fs=12px&tt=none&fc=FFFFFF&tc=FFFFFF&bc=4E5D6C&bhc=3E4A56&thc=FFFFFF&pd=5px&brc=030303&brr=2px&mr=3px&tm=122A33&tmb=FFFFFF&wb=2B3E50&bcc=2B3E50&bsh=0px&rdb=EBEBEB&rdc=333333
IP 172.67.162.8:0
Hash d83a0abea99738f7b404afc23e394746
a300bbe094e8c97f1da252bde99e2098686a296c
1a574ea1cfa1728cc32be9b34205b4b536380ec14d2295617c4d4015266e8915
GET /?d=1&s=1&sp=2&fs=12px&tt=none&fc=FFFFFF&tc=FFFFFF&bc=4E5D6C&bhc=3E4A56&thc=FFFFFF&pd=5px&brc=030303&brr=2px&mr=3px&tm=122A33&tmb=FFFFFF&wb=2B3E50&bcc=2B3E50&bsh=0px&rdb=EBEBEB&rdc=333333 HTTP/1.1
Host: live.batstream.live
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: text/html
location: https://live.batstream.cc/?d=1&s=1&sp=2&fs=12px&tt=none&fc=FFFFFF&tc=FFFFFF&bc=4E5D6C&bhc=3E4A56&thc=FFFFFF&pd=5px&brc=030303&brr=2px&mr=3px&tm=122A33&tmb=FFFFFF&wb=2B3E50&bcc=2B3E50&bsh=0px&rdb=EBEBEB&rdc=333333
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sIcJzIqWwTX%2FK3iBRUOFC2s90DS7JKayQfYskb0IECoaKu5Cugx6LKJPgWPOQJAKVa59%2Foyql84xZ26htU2GvgPWMe6k4gQD3kVxy%2BjOVUGwCTSqvOx%2FTerqh8rKwrHzq6EMDajD"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711c7a8a82bb4fd-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
34.120.237.76200 OK 6.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 78b1389f425425d0450c94d900404dc4
53b12a8702f7c5b7cc697e2a24da824d9434be65
0c1659ab3afc6e45f9e3acb12f8865bb99e4668f7df4501b1cc740e53f5b62ed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F36d8942f-c540-4112-a5a9-c7ac53a00a23.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6376
x-amzn-requestid: 25b82353-9c15-44c0-ada5-55f4697de935
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR6_KGeaoAMFb_Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d860-71711cca7c063030292c5e47;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:36:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: odmAWkNyUMevvXStu7zRJyckokhyBjUwu7-JSvj8by-JWJ9eAm9P5Q==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 64f86ae1c24221f3a2e4d653d6dbc416.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 22:01:46 GMT
age: 38124
etag: "53b12a8702f7c5b7cc697e2a24da824d9434be65"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg
34.120.237.76200 OK 6.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fa848cb85e85df184b078fe7aa95ae52
21aa6418f3a0d2b64925b66d5fb9079b7e84a11c
37d299c166e3350dee6dee647e98a86f8bd916d186bae12c42764ed0a3177085
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcd94c980-e701-4603-9381-0bd47116d31d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5989
x-amzn-requestid: db10fcc5-80ab-4650-af49-d5afe36706f3
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR78LHQqIAMF9_g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9e7-4cbd19e3227894844807742c;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: A5n6y1-hpgr4vynnRXkEZNvCvjlNGH6brl7eYMsdN1MST7YoD2BPgA==
via: 1.1 a4fe306096165bb1e86e69365dc8fac2.cloudfront.net (CloudFront), 1.1 be082a2326b7d49643607b097f1e7180.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:13 GMT
age: 38757
etag: "21aa6418f3a0d2b64925b66d5fb9079b7e84a11c"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
eastfeukufu.xyz/redirect?tid=751261&subid=65291.841123
54.230.111.13302 Found 0 B URL HTTP/2 eastfeukufu.xyz/redirect?tid=751261&subid=65291.841123
IP 54.230.111.13:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?tid=751261&subid=65291.841123 HTTP/1.1
Host: eastfeukufu.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
content-type: text/plain
content-length: 0
location: https://odrgqm.nicedates.net/c/da57dc555e50572d?s1=148182&s2=1493372&s3=751261&click_id=4114957158306297148&j1=1
date: Mon, 28 Nov 2022 08:37:09 GMT
server: openresty/1.17.8.2
cache-control: no-store, no-cache, must-revalidate, no-transform
pragma: no-cache
p3p: CP="NID DSP ALL COR"
set-cookie: csu=99d3de64-fd5b-4953-aec2-920c6e2a8939
accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
x-cache: Miss from cloudfront
via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: wDtCunHuEV6xUZSbJxZ8bxpct6Xujd-IwSMmWoRrpx2oWlkIQncaYw==
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa915ba56-f7bc-48fc-b725-b932389634d5.jpeg
34.120.237.76200 OK 16 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa915ba56-f7bc-48fc-b725-b932389634d5.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 0a4e0bb1e2748bdce6bbf685a910f0fc
5b97bfd787afcb912cdbef0f137f78a059082992
a7bc9adeb22cb57675e907bd961a6f554e6b7a46414ed782bcc9b53d68b1c328
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fa915ba56-f7bc-48fc-b725-b932389634d5.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 15639
x-amzn-requestid: 98e846b4-287f-4698-9529-25bcc2727a4a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cR78dGReoAMFiDw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6383d9e9-62c41b2717bd8e6f3b3797da;Sampled=0
x-amzn-remapped-date: Sun, 27 Nov 2022 21:43:05 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: AhbL-wXc_eYsgxdjf0DIEJD7Z3XfXMjXwDC52Bz_SnvmmWAhl3g99A==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 9046e5a276a05e60ee34c8475e92b8e6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 27 Nov 2022 21:51:38 GMT
age: 38732
etag: "5b97bfd787afcb912cdbef0f137f78a059082992"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
hello.lov.net/lander/lv002_pps/img/profile-3.jpg
156.146.33.18200 OK 8.5 kB URL HTTP/2 hello.lov.net/lander/lv002_pps/img/profile-3.jpg
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 125x125, components 3\012- data
Hash 7d168efd725b182e0d4e4018c0dd3cdb
38ca733ab8b99f923d69ce7ceecc1fbf7b794541
cfeb045fb6407b93a5e372f58c75db8b5190c45febd00c7c4d70a0ec280bf28b
GET /lander/lv002_pps/img/profile-3.jpg HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 8477
last-modified: Wed, 23 Nov 2022 16:58:49 GMT
etag: "637e5149-211d"
access-control-allow-origin: *
x-accel-expires: @1670261256
server: CDN77-Turbo
x-77-nzt: AZySIRCq8rD/LhsGAA
x-77-nzt-ray: f6587a1df97b4dc436738463927eea0a
x-cache: HIT
x-age: 400174
x-77-pop: frankfurtDE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
bongacams.com/trans?bcs=aWNhbDE5YTMxNWUwYTQ2YjQ3ZTgyNGRiOWJkNWEyZTUyNTRhOjoxOTQxODQ6Omh0dHBzOi8vc3luZGljYXRpb24ucmVhbHNydi5jb20vOjo6OmZwb3JueC5jb206Ojc2NTc1MDo6MDo6MTo6MTo6OjowOjpkZWZhdWx0Ojow
195.85.23.88302 Found 11 kB URL HTTP/2 bongacams.com/trans?bcs=aWNhbDE5YTMxNWUwYTQ2YjQ3ZTgyNGRiOWJkNWEyZTUyNTRhOjoxOTQxODQ6Omh0dHBzOi8vc3luZGljYXRpb24ucmVhbHNydi5jb20vOjo6OmZwb3JueC5jb206Ojc2NTc1MDo6MDo6MTo6MTo6OjowOjpkZWZhdWx0Ojow
IP 195.85.23.88:0
ASN #209242 Cloudflare London, LLC
Hash aa06bb3c1a5a479def9e1edeb6ed5755
e1d01ac7ff407eabb40696a15b9f8cf5cbb7a491
94258409a1cec50a23efef291c0259c575e93b9085f471c84beac282e3abf9f4
GET /trans?bcs=aWNhbDE5YTMxNWUwYTQ2YjQ3ZTgyNGRiOWJkNWEyZTUyNTRhOjoxOTQxODQ6Omh0dHBzOi8vc3luZGljYXRpb24ucmVhbHNydi5jb20vOjo6OmZwb3JueC5jb206Ojc2NTc1MDo6MDo6MTo6MTo6OjowOjpkZWZhdWx0Ojow HTTP/1.1
Host: bongacams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndication.realsrv.com/
Connection: keep-alive
Cookie: __cf_bm=w1HknIcJtGiMC.W70H2t_ore8gVB4kfxz5rQVzBNN5I-1669624630-0-AdMfLinAWqXRJd8BC1jsNJvMymF8/NoML+2fOcqgTYsyNvbGAj1yQ1uANBXtsb5JZaX4GXlMPxOtAv37QgwYbxs=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: text/html; charset=utf-8
location: https://no.bongacams.com/trans?bcs=aWNhbDE5YTMxNWUwYTQ2YjQ3ZTgyNGRiOWJkNWEyZTUyNTRhOjoxOTQxODQ6Omh0dHBzOi8vc3luZGljYXRpb24ucmVhbHNydi5jb20vOjo6OmZwb3JueC5jb206Ojc2NTc1MDo6MDo6MTo6MTo6OjowOjpkZWZhdWx0Ojow
cache-control: no-cache, no-store, must-revalidate
x-zone: 5a-web55
set-cookie: bonga20120608=801a217cabbdc85ff96a5b61eb796d7c; path=/; domain=.bongacams.com; secure; HttpOnly; SameSite=None
ts_type=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.bongacams.com
ts_type2=1; expires=Tue, 28-Nov-2023 08:37:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
fv=ZQZ2AQV2BGL2ZD==; expires=Tue, 28-Nov-2023 08:37:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
uh=pmuyrRSWnmMlImICL3N3II9MrRWDBN==; expires=Tue, 28-Nov-2023 08:37:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
ratr=194184%3A%3A765750%3A%3A2022-11-28%2010%3A37%3A10%3A%3Ahttps%3A%2F%2Fsyndication.realsrv.com%2F%3A%3A%3A%3Afpornx.com; expires=Tue, 15-Nov-2072 08:37:10 GMT; Max-Age=1576800000; path=/; domain=.bongacams.com; HttpOnly
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7711c7b219c4b503-OSL
X-Firefox-Spdy: h2
hello.lov.net/lander/lv002_pps/img/profile-5.jpg
156.146.33.18200 OK 8.2 kB URL HTTP/2 hello.lov.net/lander/lv002_pps/img/profile-5.jpg
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 125x125, components 3\012- data
Hash 4eb1d7aaf4b6c35a1bc95b06ae7207ba
0932b859d08de1783876020634af8333ce6cdd6d
7426b3d3f58cba61dc96b57449b779b06b9526c74ca519dc2340f4a6cfd3a06c
GET /lander/lv002_pps/img/profile-5.jpg HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 8238
last-modified: Wed, 23 Nov 2022 16:58:49 GMT
etag: "637e5149-202e"
access-control-allow-origin: *
x-accel-expires: @1670261257
server: CDN77-Turbo
x-77-nzt: AZySIRCQR4X/LRsGAA
x-77-nzt-ray: f6587a1df97b4dc4367384634292850b
x-cache: HIT
x-age: 400173
x-77-pop: frankfurtDE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
hello.lov.net/_vendor/fetch.js
156.146.33.18200 OK 14 kB URL HTTP/2 hello.lov.net/_vendor/fetch.js
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
Hash a4f94810b6927e671a1c2773d32fc488
5b53d3b575fa9636f1eeb6b4070ac102e36a4d34
d27d984aae8917c27e7674086cd5c1a57c9bc857856f1b1f2c634fcc00dafaea
GET /_vendor/fetch.js HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 23 Nov 2022 16:47:16 GMT
etag: W/"637e4e94-32d4"
access-control-allow-origin: *
x-accel-expires: @1670261252
server: CDN77-Turbo
x-77-nzt: AZySIRAMLfT/MRsGAA
x-77-nzt-ray: f6587a1df97b4dc435738463d45fd633
x-cache: HIT
x-age: 400177
x-77-pop: frankfurtDE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
hello.lov.net/lander/lv002_pps/img/profile-1.jpg
156.146.33.18200 OK 12 kB URL HTTP/2 hello.lov.net/lander/lv002_pps/img/profile-1.jpg
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 125x125, components 3\012- data
Hash 98b2016934499acb58ef6e6612648206
c6235a1b932b26f8c18a8242d2a3cfa8c9ed252f
375f77671762aca0c682290b807242dc92242b257850b7db7b955f03e0d7c7f4
GET /lander/lv002_pps/img/profile-1.jpg HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 11710
last-modified: Wed, 23 Nov 2022 16:58:49 GMT
etag: "637e5149-2dbe"
access-control-allow-origin: *
x-accel-expires: @1670261257
server: CDN77-Turbo
x-77-nzt: AZySIRDmg+7/LRsGAA
x-77-nzt-ray: f6587a1df97b4dc43673846397ddd10b
x-cache: HIT
x-age: 400173
x-77-pop: frankfurtDE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
hello.lov.net/_vendor/promise.js
156.146.33.18200 OK 16 kB URL HTTP/2 hello.lov.net/_vendor/promise.js
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (35001), with no line terminators
Hash a1fe2146ae53cee2c200a42c8fbd4c0a
2109e601a0d147c8d79dff6b597c607f485d6683
edd3235883ea4ba6cd430343b02e7bbe1e099bfd765d9b8c3bc2009b11ab1979
GET /_vendor/promise.js HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 23 Nov 2022 16:47:16 GMT
etag: W/"637e4e94-185b"
access-control-allow-origin: *
x-accel-expires: @1670261252
server: CDN77-Turbo
x-77-nzt: AZySIRALWWnvMRsGAA
x-77-nzt-ray: f6587a1df97b4dc435738463f4f7c433
x-cache: HIT
x-age: 400177
x-77-pop: frankfurtDE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f48b463f91dd59202ca6462dbbd65058
2428d50f77d8fa9e5653c1b350a67f87584a2b17
7e86bba8f9c6e22bff589d4ebb499f2b3b7e888daeffd6a0c4f090fa309aa7bb
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7E86BBA8F9C6E22BFF589D4EBB499F2B3B7E888DAEFFD6A0C4F090FA309AA7BB"
Last-Modified: Sat, 26 Nov 2022 21:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3945
Expires: Mon, 28 Nov 2022 09:42:55 GMT
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6129f9d0a07981c115cea01e9b1ac6a8
f901bc0e7c958b5542c3e2609a7a77be6bea0a1c
249b64540d5da4e03393274f48a23e6fa7f6231dec22eca62596ece2fac38468
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "249B64540D5DA4E03393274F48A23E6FA7F6231DEC22ECA62596ECE2FAC38468"
Last-Modified: Sat, 26 Nov 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10893
Expires: Mon, 28 Nov 2022 11:38:43 GMT
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124e6c.png
5.45.94.158200 OK 2.8 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124e6c.png
IP 5.45.94.158:0
File type PNG image data, 333 x 60, 8-bit colormap, non-interlaced\012- data
Hash c178cccf1836087c1dc4f30c517a2206
7a5571b9af1bccee46b2136a2c69ec7a8d5fb7a4
018fa069331cb6131aec8a03fe969495c41dce6692d70ca1f51c3a398212d8f9
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124e6c.png HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/png
content-length: 2800
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-af0"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
xml.skinkexchange.com/click?i=-zsGPFyEcRI_0
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.skinkexchange.com/click?i=-zsGPFyEcRI_0
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?i=-zsGPFyEcRI_0 HTTP/1.1
Host: xml.skinkexchange.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://socceronline.xyz/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Mon, 28 Nov 2022 08:37:10 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://www.forza.idescargarapk.com/get.php?code=enVPOS81Z1JyRjFvTDZsdHBFbmI5UT09&clickid=A2FS0T3m-CM&campaignid=945479&siteid=430875.467518&publishid=430875&country=no&os=Windows+10&browser=FIREFOX_105.0&referrer=https%3A%2F%2Fsocceronline.xyz%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002
Pragma: no-cache
ocsp.pki.goog/s/gts1d4/8zRofmzdPas
142.250.74.3200 OK 472 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/8zRofmzdPas
IP 142.250.74.3:0
Hash 3682a5b41ab3fa17a806bad433f3740f
87d4f727f060186c83eaf4baf84f0fe1a6cc383b
431c151bc686f78dec5898103adf81fbb26bc1f33e8b406b6409c27ee7b11ac8
POST /s/gts1d4/8zRofmzdPas HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:10 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124ebd.png
5.45.94.158200 OK 29 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124ebd.png
IP 5.45.94.158:0
File type PNG image data, 222 x 298, 8-bit colormap, non-interlaced\012- data
Hash 93168d8781d27eed516919969fdee837
6279657c5f19040c360c1ad2b8e708463109870e
b23a2d3385ca874475ab43defead980f11af0c419d68640ca2ab6063c1774004
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124ebd.png HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/png
content-length: 29247
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-723f"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124ee1.jpg
5.45.94.158200 OK 6.8 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124ee1.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x220, components 3\012- data
Hash bf3320f2e09ec5224f0a457088af10ea
18b6fa25b716c0d7d11c2e7a7119a35586b0335c
d0a2217771a0323fe1c69fc65566edae2bdc73700b884a2de623812f484c05b5
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124ee1.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 6803
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-1a93"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
5.45.94.158200 OK 3.4 kB URL HTTP/2 starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
IP 5.45.94.158:0
Hash a3178f6d69cbad92994527c32bef321a
b32b45b56c9a050478871a78c229360f6e519e27
2ba213db53e2cbb6d7b4cf8518db4e810bfeb7dacb291861f6337bf62c995395
GET /c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629 HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndication.realsrv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: text/html; charset=utf-8
set-cookie: uclick=ydh9nt6o; expires=Tue, 29-Nov-2022 08:37:10 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5; expires=Tue, 29-Nov-2022 08:37:10 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
peeredfoggy.com/izsmb6wmc?key=981f3db84e16c7cf652706acb2391f25
192.243.59.12200 OK 1.2 kB URL HTTP/1.1 peeredfoggy.com/izsmb6wmc?key=981f3db84e16c7cf652706acb2391f25
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 1b411f79978eb8bd80990c84b151bf27
bb69291372ab43b764154844c4fe7c2f6cc993a2
a4ae52427f22320d464d9b0058f2c027a912149e33b62289366a957fedebf77e
Analyzer Verdict Alert quad9 Sinkholed
GET /izsmb6wmc?key=981f3db84e16c7cf652706acb2391f25 HTTP/1.1
Host: peeredfoggy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://lshunter.me/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 08:37:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17834794; expires=Tue, 29 Nov 2022 08:37:10 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzgzNDc5NCwiayI6Ijk4MWYzZGI4NGUxNmM3Y2Y2NTI3MDZhY2IyMzkxZjI1Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoyMDI0NjE0LCJwaWQiOjU3NzM5NiwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJpenNtYjZ3bWMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOmZhbHNlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vbHNodW50ZXIubWUvIn19._G9FzOucckhw48C7CuH9_u9ilTXuz3Rvm6XL4dzI1v8; expires=Mon, 28 Nov 2022 08:38:10 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cfa9ec466589b208ee6bafb9a95d17c2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124efe.jpg
5.45.94.158200 OK 7.0 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124efe.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x220, components 3\012- data
Hash 7937de479890cd6af5c72bbf48624075
f60a408fa45edf8cc5d09a27cb4b05f325b730ea
005ae5ed46a914dd18b3c2aa4f0cae212f7d3ab938477cebe180c478fa628b61
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124efe.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 7009
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-1b61"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
user-agent.trafficdecisions.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669622400
104.22.36.222200 OK 32 kB URL HTTP/2 user-agent.trafficdecisions.com/cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669622400
IP 104.22.36.222:0
Hash 5e06df9ebbd6d53e28a38fdbfde44b3e
79079c9778c90b8db9204b8d2ad2eaf8c451e854
800460f5fc0f3a7c9a3d79f73e438719638551209cba651dea03422dacd9c02e
GET /cdn-cgi/challenge-platform/h/b/scripts/alpha/invisible.js?ts=1669622400 HTTP/1.1
Host: user-agent.trafficdecisions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __cf_bm=3hJZZjcFXMmGKBAc3ynO5ZCY.GH7cTPThQhBDEzHsz4-1669624629-0-AUW1fmaYr5dTAOgMO3h0iynYsxdLSaIRdnXCshSApDudtq6l3lpqUGdbfMWN/4zgObdOtrKU8KZEwTuJs97P01E=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: application/javascript; charset=UTF-8
x-control-type-options: nosniff
vary: accept-encoding
cache-control: max-age=14400, public
content-encoding: gzip
server: cloudflare
cf-ray: 7711c7b3cec9990e-ARN
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124f37.jpg
5.45.94.158200 OK 6.1 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124f37.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x220, components 3\012- data
Hash d21bb115f529482bec14e12a26594ff1
2a3979ac26a0c6ad79f8a4b56d8022e03d77c350
c1713524cc69368a890059db0026f368f40e65fcb084a1eb6c2ce53fa41df977
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124f37.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 6111
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-17df"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124f80.jpg
5.45.94.158200 OK 11 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124f80.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=0], progressive, precision 8, 220x220, components 3\012- data
Hash 78098cc271cbc13d721ef52f4b635825
4a033fb9cba77dbc79783a48ccddafdbd65f9516
493e4aba498ec5bf56aea36e59f97ac5828daa4ceb5529c0b1aa3358e7d683e2
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124f80.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 10860
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-2a6c"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124f98.jpg
5.45.94.158200 OK 7.6 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124f98.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x220, components 3\012- data
Hash 8ab1b01526d705c6b83d3104e151a4a3
019516854a55bac4db9c9ed854c14bcfe09cf275
eacd36f00fa39e53c03e957287a85f842bc92873ecd44eef098583015a7395b9
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124f98.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 7630
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-1dce"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124fae.jpg
5.45.94.158200 OK 5.6 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124fae.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x220, components 3\012- data
Hash 2394eee81846715acfec1238fa3dd537
37643cd7b693fef9afd22cb02cd8c95d11b7cdbd
a4a90b4bd0c9f3038480d4905fe2303cd09aa8550f81cb66f57988e243b60180
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124fae.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 5609
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-15e9"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124fca.jpg
5.45.94.158200 OK 7.7 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124fca.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x220, components 3\012- data
Hash b9d5213ee8ea9856693dd5819c544e66
3e50571c02b332de88775ccf668f77835ad513be
c35b5c6ccb421d26c14448e5bd6ce09e6316ab4b30fce8b5f473d37b286a4233
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124fca.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 7659
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-1deb"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124fe3.jpg
5.45.94.158200 OK 9.4 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124fe3.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x220, components 3\012- data
Hash f9bf07365f92fc33fe85f5ba306ecb6e
0bbaa09a9b072e9268b006e552c6af5c39ecc728
679748f479bf44ef92cad357ab1c6db27c05817ce867f7eb07b71665810b1c2a
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124fe3.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 9400
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-24b8"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124ffd.jpg
5.45.94.158200 OK 6.4 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124ffd.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x220, components 3\012- data
Hash 9828bf2c62eeba1b5727ac246104470f
ecb467a24790d6ef048dc97cdf3644a0452ba4f1
c2a81b722937cefcf0385eee46ac26fd8ad6c5f9912969e8f64e4847baa16ec7
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f6124ffd.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 6357
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-18d5"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f612501b.jpg
5.45.94.158200 OK 9.3 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f612501b.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x220, components 3\012- data
Hash 341f0d076055c9a32e701b5fa0e267d9
9d2e26dc99e867824d4ce10e1f5add5db330b055
6a4478383d219c3e4b65f819947d568d63c9ec999ff5c600a5f10724a118a834
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f612501b.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 9275
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-243b"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6125036.jpg
5.45.94.158200 OK 8.1 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6125036.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x220, components 3\012- data
Hash 42b10389d86d95be73c6c078f688c449
0cf86a7c873a0a00064d63fb4c910f7ff83e0c0e
1947e4698a69639caf88541d9382ff273007044bfc92df13a8c097b68ce8c7f8
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f6125036.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 8104
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-1fa8"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f612504e.jpg
5.45.94.158200 OK 7.4 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f612504e.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x220, components 3\012- data
Hash 09b04b8b6c8f97a4af49b3de1b54eb28
5e29ed8b464a3fd326af60e56354a2bb73578b7e
3e4de73d05451dea0e8e1885c35f413d9e1d8b706ae94b7e96dc3877402d04ec
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f612504e.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 7353
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-1cb9"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6125069.jpg
5.45.94.158200 OK 11 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f6125069.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 250x250, components 3\012- data
Hash c0117bcdd44b996c720388b5b7e99e2c
f94cbeaed373c787c0232152efbfaa572f5290cb
19c0ed4237ca638c9ba8dd9c69f3bdaa30f995f656342008527b90cae54d3b63
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f6125069.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 10778
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-2a1a"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
hello.lov.net/lander/lv002_pps/css/bootstrap.min.css
156.146.33.18200 OK 37 kB URL HTTP/2 hello.lov.net/lander/lv002_pps/css/bootstrap.min.css
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
File type ASCII text, with very long lines (65324)
Hash fb121d422c9a0ea33d9881b2c9dba9fb
820534eca3125975368401e138c690169eec901e
fc5a3f2bafe37e6c088f1bd1a558257a992924508aee052c72c9ef785bc9ffbb
GET /lander/lv002_pps/css/bootstrap.min.css HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/css
last-modified: Wed, 23 Nov 2022 16:58:49 GMT
etag: W/"637e5149-22682"
access-control-allow-origin: *
x-accel-expires: @1670261279
server: CDN77-Turbo
x-77-nzt: AZySIRB4Rmf/FhsGAA
x-77-nzt-ray: f6587a1df97b4dc4357384635a9b9732
x-cache: HIT
x-age: 400150
x-77-pop: frankfurtDE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f612509a.jpg
5.45.94.158200 OK 8.8 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f612509a.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x220, components 3\012- data
Hash bf81da4f27d99843bc6685e1244acc7d
2a53ab8fef666d0fca75a6803e90ad1ba24553d1
ba65c5f51fc42429058b73a1065726293494137d8905861f850bc31b05ffc6e1
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f612509a.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 8769
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-2241"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f61250b2.jpg
5.45.94.158200 OK 7.6 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f61250b2.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x220, components 3\012- data
Hash 0e11999d9f360a610641a377ecfb8cf2
55934ddfe17523224c6d8c9cfddd6d93280b8899
92f49af397e94db469931e7be94e80c99217d3075d3c2ddfe99854d95aa99376
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f61250b2.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 7589
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-1da5"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ipinfo.io/?callback=jQuery224011740658261760928_1669624629618&_=1669624629619
34.117.59.81429 Too Many Requests 5.8 kB URL HTTP/2 ipinfo.io/?callback=jQuery224011740658261760928_1669624629618&_=1669624629619
IP 34.117.59.81:0
Hash df0cb18d635680bf4478be15a3bc3834
05b55674f3646525e21efc2079211f3bdc710653
003e1894cf4acccca6a90e96a1d0f607856906cd10996b6e15bc645e79bebc40
GET /?callback=jQuery224011740658261760928_1669624629618&_=1669624629619 HTTP/1.1
Host: ipinfo.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 429 Too Many Requests
access-control-allow-origin: *
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
content-type: application/json; charset=utf-8
date: Mon, 28 Nov 2022 08:37:10 GMT
x-envoy-upstream-service-time: 1
strict-transport-security: max-age=2592000; includeSubDomains
vary: Accept-Encoding
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f61250e1.jpg
5.45.94.158200 OK 79 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f61250e1.jpg
IP 5.45.94.158:0
Hash e761589dd13c42f43980312d8c441c87
c4b4bd01c0c735643e4a447ed13815f822f2d034
e84753f3c4c416d628d13441b156ce25dc7a274b381b671cb9fb1e9178a3d749
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f61250e1.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 10143
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-279f"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f61250f8.jpg
5.45.94.158200 OK 6.2 kB URL HTTP/2 starlightwin.info/landers/0f522c4052/no02/60db6f60ccc0c/60db6f61250f8.jpg
IP 5.45.94.158:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 220x220, components 3\012- data
Hash 15ba4ee397c584a9bb5eeda2cb44c927
7fd8c2c2348daae50bf9fb407bb93bc76d66e1df
03f8262d244c69f3385231918ac6e00d270fa2284a147d6d2865be7de54a0e35
GET /landers/0f522c4052/no02/60db6f60ccc0c/60db6f61250f8.jpg HTTP/1.1
Host: starlightwin.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://starlightwin.info/c881l7k.php?key=8cefq6egu7svaptg0psa&tag=ooc4ASOoupstptdZVbdbPPW6VzpqZ3UzOodTK6V0rpXT1UU0uomponpndRNTRPTS6V0zpXSuldK6Z0rpXTOrotpsoopum1z2rjqsnnmpsmqntprqosldbdbRVRbPxLXxXvLRRNTrXtRVXvdTNdTu6VxRBIYv_aowbmdNPbKqaWelzpXSuldK6V0rpXSulcH2&cost=0.00082&source=fpornx.com&varid=75898226&campid=5351950&siteid=871006&zoneid=3947848&catid=142&country=NOR&format=&time=1669624629
Cookie: uclick=ydh9nt6o; uclickhash=ydh9nt6o-ydh9nt6o-17vr-0-17bl-tli4-tl0-1a6ee5
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 6196
last-modified: Thu, 07 Jul 2022 16:32:28 GMT
etag: "62c70a9c-1834"
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
hello.lov.net/lander/lv002_pps/js/jquery.scrollTo.min.js
156.146.33.18200 OK 91 kB URL HTTP/2 hello.lov.net/lander/lv002_pps/js/jquery.scrollTo.min.js
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
File type Unicode text, UTF-8 text, with very long lines (2272)
Hash eca8008397e96bed0928ab8a2d194d7e
47d688bbd2f8196424a3b3e6f05b0a6bbc322f89
fabe495ed14ee184c8f429ff9b7b35d97d38511e55a2635e7f08bbd6a7820497
GET /lander/lv002_pps/js/jquery.scrollTo.min.js HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 23 Nov 2022 16:58:49 GMT
etag: W/"637e5149-988"
access-control-allow-origin: *
x-accel-expires: @1670261254
server: CDN77-Turbo
x-77-nzt: AZySIRAmjdf/LxsGAA
x-77-nzt-ray: f6587a1df97b4dc43573846386179035
x-cache: HIT
x-age: 400175
x-77-pop: frankfurtDE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/277110/1669380007/css/style.css?1669380007
184.31.15.67200 OK 3.6 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/css/style.css?1669380007
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
Hash a794deca04c9a53fbf1a18c99fe6d4e7
a8f5f141a9ebdd3fae905f3f7c5e06ce03073526
fe344d336f5d8a35844886a31934d4aba68ff4836532a435711a13f086a3ffbc
GET /landings/277110/1669380007/css/style.css?1669380007 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 3qLxix7l4P3EkMPQ+ivdSfI3CC4kvyQTfqna30VUsPPpURiEUOs0GUf606oz+6axD93rQMFyHk4=
x-amz-request-id: YHWH4A3SWBAA1TV6
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "85d49a96dad18822746f4cf9e8a3dab6"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 28 Nov 2022 08:37:10 GMT
Content-Length: 3194
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
witalfialdt.xyz/redirect?tid=936840&ref=xsportshd.com
104.21.63.106301 Moved Permanently 2.3 kB URL HTTP/2 witalfialdt.xyz/redirect?tid=936840&ref=xsportshd.com
IP 104.21.63.106:0
Hash 4664264951230985b7a78336f1a18ecb
21d9a72af591ab91f872c2b40503360a28f30d27
db8536cd901d5f6377f619c40cca5d9c3b0d344bc934604042d1c5e5d28028f5
GET /redirect?tid=936840&ref=xsportshd.com HTTP/1.1
Host: witalfialdt.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Mon, 28 Nov 2022 08:37:08 GMT
location: https://syndication.realsrv.com/splash.php?type=8&idzone=4785730&p=https://xsportshd.com&tested=2/
cache-control: max-age=3600
expires: Mon, 28 Nov 2022 09:37:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UQl4WANVZ0g0TJrLNzNr3MUXY%2FBdX1wDNrXG2lFU69Bmw0MH1MTUqiPAK3TqYBAP5E3aftkN%2BLUOvcN%2FoIWxhj33Uygd2JPbUYQ842nUObHzQSY1w9zYE38HqWbckm1Vds8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7711c7a7897fb517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/277110/1669380007/css/safety-block.css?1669380007
184.31.15.67200 OK 474 B URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/css/safety-block.css?1669380007
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type ASCII text, with CRLF line terminators
Hash e38fd88cdc96e7cecbe4ec577e08b70e
8da300538dd2b191464fc932c74fe5ebbed418b7
e07a2aa384841da50892bc7f5d92b1675d291c498ffbe88a89197e9b3f884bf1
GET /landings/277110/1669380007/css/safety-block.css?1669380007 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: Q4UKoP3RH+IoQKg7vu/xPLCAnxkYZ9FK9wPdsOvvcjLU/HB1npe867Y1vAyupdjj7O243zeBmiA=
x-amz-request-id: SE3AV5V17Q2XXGQ6
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "ccfc3e7113030d2214cc5a04295fbaec"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 28 Nov 2022 08:37:10 GMT
Content-Length: 474
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/css/popup.css?1669380007
184.31.15.67200 OK 635 B URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/css/popup.css?1669380007
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type assembler source, ASCII text
Hash 4ed05a608a8ec589e8aa5b040f7bb878
c58649a707ba64aed8b285d3be9f6b06a85ea6cb
bcc5d06c7b102eed1477b062020dc4414e4f6c4f9e390e3e67fa675a5f0fa363
GET /landings/277110/1669380007/css/popup.css?1669380007 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: fnuzZFtuTvJ0ZxLX9Eb6aKCMSlZ0Pg/9WX8sJfWNzP3xGvjcNIsu3Q9YC/UgpabJ/vUmtGCLEw8=
x-amz-request-id: MSXTC4EQ3BNFMX7E
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "5a61d45142ce5764a2b36dc75343fcd5"
Accept-Ranges: bytes
Content-Type: text/css
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 28 Nov 2022 08:37:10 GMT
Content-Length: 635
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/js/vegas.js?1669380007
184.31.15.67200 OK 3.4 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/js/vegas.js?1669380007
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (11568), with CRLF line terminators
Hash 156c4046496d16408b06eb605ce1ab09
0dde2c6bbb3cf64132989866bdc1161be62474e3
657aac4fd9cd122e452b9da290c486d115af6b8fe8d409f39ab1d1d3dff44144
GET /landings/277110/1669380007/js/vegas.js?1669380007 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: rZXZ+X6E8VbZX75uL9nrT0rRNje9gHHGsBncz0i4XPbgt1NdtQe0qkC9PD3OgZjmpjKMxRip7BQ=
x-amz-request-id: YHWQY9B6YRTSJJKK
Last-Modified: Fri, 25 Nov 2022 12:40:12 GMT
ETag: "9acc66fdf18dea05bd75165eb5a96259"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 28 Nov 2022 08:37:10 GMT
Content-Length: 3401
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/js/jquery-2.2.4.min.js?1669380007
184.31.15.67200 OK 30 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/js/jquery-2.2.4.min.js?1669380007
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type ASCII text, with very long lines (32065)
Hash 2fa28552f1ee4e1382ee43930b53afb8
803670da6a35378bf4eb73acc8e72fe4feb5ca30
ecfddf7d1e798dd2778c071bea24c70b650ef990fc09793fce25f2f094b35494
GET /landings/277110/1669380007/js/jquery-2.2.4.min.js?1669380007 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: hA8E0YW8mwo6To7la5raHy1SkF41I2Ljw8eext4bdrxVFbg6y/6v08ew2rpw5VlaORk9AGy5v0Y=
x-amz-request-id: SE3CG9YYWR15EZY5
Last-Modified: Fri, 25 Nov 2022 12:40:12 GMT
ETag: "2f6b11a7e914718e0290410e85366fe9"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 28 Nov 2022 08:37:10 GMT
Content-Length: 29855
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
lshunter.me/hd-streaming.html
172.67.173.192200 OK 1.1 kB URL HTTP/2 lshunter.me/hd-streaming.html
IP 172.67.173.192:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 78fdad5ee876212681e0c0d0eaf0d66a
b72f55f98b72fe9d31ebb9da06eee1ad494491e5
ffe91adbc2f6f8ec904a5fa85d658d830c2a85e5eab22d50ded37fff0026105e
Analyzer Verdict Alert fortinet Malware
GET /hd-streaming.html HTTP/1.1
Host: lshunter.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: text/html
last-modified: Thu, 21 Jul 2022 11:58:03 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JrjAPUvpdeAqWCy5j6AwvgXMhLNIZaSoVArw5laNL54E3HV3t%2F4aFB6tEKT53MWpmocPljR6%2BDFsaRa5y9GtZj76u945g6gt7I%2BV73sXCM977VTl%2BXmVmc%2F1LTs9%2Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711c7a5bdc20afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
socceronline.xyz/football.html
104.21.68.69200 OK 10 kB URL HTTP/2 socceronline.xyz/football.html
IP 104.21.68.69:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 29a72dcd63923fe183a4932c7c16d502
3ac71bbbcf8425b940ad4740759aa20e60fa5ef7
b9a8fbe0ea1bd56c660f063672064695ecde675f42599a206b96e27c8e73c5ed
GET /football.html HTTP/1.1
Host: socceronline.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: text/html
last-modified: Fri, 22 Apr 2022 19:58:57 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4ZvyK6rhUx%2FYHCYeuC8faPqBCBE9w9flq%2FCxBzRXk2GHgWVEh2O06yQRtrwdYp5cfj6orK69eqBQxxc8GcojdmIXYWMERMt3OtHRtekYEGgrbgzRPJ4KopkZC8hbgiLaj3nM"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711c7a68b140b51-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/277110/1669380007/js/translate-secure.js?1669380007
184.31.15.67200 OK 1.7 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/js/translate-secure.js?1669380007
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 41c1e8df3c88e802b717f466ca9ab1fa
a368c67215e488869ec65ecddf2ed58c7362c800
b597b9c82f67d2e16043004ffe9bb0a225f9346fb7170f29f22a32de36e09491
GET /landings/277110/1669380007/js/translate-secure.js?1669380007 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: Hyr7G2TOv+K+Kh2v6Q2rV+xRZ3UnYzAI+QIneslvaSMknijo8Um/MfdbKm5es3VP06UxbdQp5fM=
x-amz-request-id: RB0D4N5N58VMQ67E
Last-Modified: Fri, 25 Nov 2022 12:40:12 GMT
ETag: "8c7421ebb0b50165c5dac2e577203585"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 28 Nov 2022 08:37:10 GMT
Content-Length: 1671
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/js/tn_pHash.js?1669380007
184.31.15.67200 OK 252 B URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/js/tn_pHash.js?1669380007
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
Hash 3544c08851825a863747a126548d6993
01882998e61b9f93d5f346386fa633f6b8d95b2d
9804b1c7443db74b2d7fe81cf11d84c8f0d9a7dee281b4fe8c15552bdc7eed69
GET /landings/277110/1669380007/js/tn_pHash.js?1669380007 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: l24II4je276eDM3kgUQPWR30kPx/oD56tIlmVlUFPfdsJjV+y8vTad6IIGIbUajDuulRqA2F+IQ=
x-amz-request-id: YHWRJCHJWMMN929M
Last-Modified: Fri, 25 Nov 2022 12:40:12 GMT
ETag: "3544c08851825a863747a126548d6993"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Content-Length: 252
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/js/title_tanslate.js?1669380007
184.31.15.67200 OK 1.3 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/js/title_tanslate.js?1669380007
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type Unicode text, UTF-8 text, with CRLF line terminators
Hash 0e212ad4454c941c45c2e57df42c2b4f
fe9d7c484c2c0d7a6475692ef984c53a06c95406
e950a9e5e696f39d02028b27a4cd82fab1b6fd07fa34a238d3a3f7f5e90d95c3
GET /landings/277110/1669380007/js/title_tanslate.js?1669380007 HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: rO3DS8dPWpXnbLvoejmdK1dbs3OuzNIBF/qiBa3OBhVpKo5oCPbq2/Q9l255o3Nxjgdi7BNJTgo=
x-amz-request-id: RB06MYEFKZQ8GNV4
Last-Modified: Fri, 25 Nov 2022 12:40:12 GMT
ETag: "5f373fa5bf21c44b9ad23b70ef96e73d"
Accept-Ranges: bytes
Content-Type: text/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Date: Mon, 28 Nov 2022 08:37:10 GMT
Content-Length: 1298
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/6-eu.jpg
184.31.15.67200 OK 3.3 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/6-eu.jpg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Hash 9a6870069cb979e16b239f9ed485fb3c
c1dc7f3620c8cc391648c550f91b269b04d3c612
3e280ac6e0be5142f62957076a5c99e792eb61533e23f33b165aea4d522de818
GET /landings/277110/1669380007/images/6-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: gDkfNqzfF0VuoA/PUPrrC3TAHfAkT1jcbvXqT4U+ZTfqb1nzuZ5Wv1Vn/oyBFQlQ4j+nUAFOAZA=
x-amz-request-id: 6S4VWG7RHN8T71Y4
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "9a6870069cb979e16b239f9ed485fb3c"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 3256
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/7-eu.jpg
184.31.15.67200 OK 2.3 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/7-eu.jpg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Hash 8155d8ecc7dc2d9b29cf99ab85c3d2a8
ba784563c7787760b318af24ea274ad6df2c5b89
7e368b2c331e65b43d9e6977dde473b4ee4ed25f0253e0d086ca676438b97d27
GET /landings/277110/1669380007/images/7-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: dJTxFgCe1D5Hjh/iDcl9FvMPp+SKYz53rnoP6jF0PAQCBVeEo2tH0gmtMpQvswLw54gmtu1wjHg=
x-amz-request-id: 6S4QB2JNDJC2VTVX
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "8155d8ecc7dc2d9b29cf99ab85c3d2a8"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 2282
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/3-eu.jpg
184.31.15.67200 OK 3.9 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/3-eu.jpg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 80x80, components 3\012- data
Hash 1dc512dcb0850f22cfa72c789578085c
933e9c5648e782c9f9a1504d2248f0acb4b9950b
7a27ad3bbf259cc02f80f496c19e6033d958362c1b5075c1957bb502f2666d00
GET /landings/277110/1669380007/images/3-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 9WwZn7602znhUl3mmGALpZ2HVOc129bj/vYplRa403TxJVwi4SbzGXPvD1q5i6idPWyzwozmWdg=
x-amz-request-id: 6S4SAGRW9Q40ZQQ9
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "1dc512dcb0850f22cfa72c789578085c"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 3946
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/110010_2.jpg
184.31.15.67200 OK 29 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/110010_2.jpg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 682x388, components 3\012- data
Hash 2b8ac4e50a5bbbe4e6ea964bec7f3086
5486267315a7cd9eca01fa2fc6007060189c8b4f
8f700ae9dd68bd1130d528b77e1de92b4945e036060fdb01a02ccc148ab24ab3
GET /landings/277110/1669380007/images/110010_2.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: ynLFmknXLsvmknVGhqo8d0GKw9keAElWb/bh3s11Ub4YAokV7eMLDCK/y+t8qC2pOjIrW4J00xU=
x-amz-request-id: M1E9GH3THM1Q6GWX
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "2b8ac4e50a5bbbe4e6ea964bec7f3086"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 29319
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/8-eu.jpg
184.31.15.67200 OK 2.5 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/8-eu.jpg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Hash 41bbda91cef3f22db1d45d66f7ca0961
e2f8f56674e0180063a4f8287931dc0b273baf8e
d0f8fe31f17be4afd352a60628de61eef59ee08ac0ecddac9cfe4e4a504f4f0e
GET /landings/277110/1669380007/images/8-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: ebHJnUW9OQynVlfVfc5upD9XgOsodCkggKEk07o9WeB5SmFM87tyICuWsgs3ugcumJ9BL235Vec=
x-amz-request-id: SPW2ABQ9XMXC4J3S
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "41bbda91cef3f22db1d45d66f7ca0961"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 2458
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/logo.png
184.31.15.67200 OK 41 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/logo.png
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type PNG image data, 1024 x 256, 8-bit/color RGBA, non-interlaced\012- data
Hash c0647e470e90e4e76c886ef3f4c651ac
fe1dd72ac0432bd8f261672c7c336cf902503d3c
1d4ad487984a8f689c904f3c2532f034b03d361c081dae581752cdc20d983037
GET /landings/277110/1669380007/images/logo.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: WhhpH74LdQNbuUGdziBofeKi7jOdx6xPL3ENXQX5qXAukg1OTNNZ/0Z7rV9phODnRQaJZU3vGBE=
x-amz-request-id: M1E3KG10VSMHC5YY
Last-Modified: Fri, 25 Nov 2022 12:40:09 GMT
ETag: "c0647e470e90e4e76c886ef3f4c651ac"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 40774
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/5-eu.jpg
184.31.15.67200 OK 2.9 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/5-eu.jpg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Hash 27109a247208262e6293950ca8f5450d
cea89616d15ad45a0f2b04082dff608abd96b800
86755df878f9f09c1b06deb1ac049db77b1931d3b0f650548fac960b3fedaa96
GET /landings/277110/1669380007/images/5-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: a2K4LJJYSCMlfkpdi7XYV4YxqqmNrySXxPzHJRPUWKWgf50MnGtJWoxvXiEXZ5AG+GAVRZcig0w=
x-amz-request-id: M1E8E3SXYSEQ0EA2
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "27109a247208262e6293950ca8f5450d"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 2879
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/1.jpg
184.31.15.67200 OK 62 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/1.jpg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 900x1280, components 3\012- data
Hash 765620bf3d6dcdb5495b70409b6b4ba8
f4a00a38ca93130e5e0398deea0ba2f928e2172b
e0d65a21b743f7fe6de2f4bd57316546e7f30c7810740d68322a44dfe3004373
GET /landings/277110/1669380007/images/1.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: IP39waPnZRmPQYSxiMQ3R7r+ER/ouey24ZCI2ectFX7zeNMJwQkULHSb3JK6deLne6wq4/5kWkE=
x-amz-request-id: HXPDAM29RWPPJPC6
Last-Modified: Fri, 25 Nov 2022 12:40:10 GMT
ETag: "765620bf3d6dcdb5495b70409b6b4ba8"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 62164
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/shield.svg
184.31.15.67200 OK 1.5 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/shield.svg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (310)
Hash 0c7a0dfd64cf020cd8a6dc0c3df1dbdf
f705635388aebebae1223d828c38233067f28ab1
856fdb53067254df9495660a355e5ed91936803b567867f1053ce5fb97107888
GET /landings/277110/1669380007/images/shield.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: InmWGGtJz/XQ98t1JAeohiMuTlJ68ZQnVArn6+3DgSaePSKh2X/I9GPw/cnRlcu8xz8Bp8c3e0s=
x-amz-request-id: KJCA28RWFTHW9SXT
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "0c7a0dfd64cf020cd8a6dc0c3df1dbdf"
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 1539
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/logo-white.png
184.31.15.67200 OK 9.5 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/logo-white.png
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type PNG image data, 300 x 124, 8-bit colormap, non-interlaced\012- data
Hash 27a8fdccc08741c52422bd4852f87c3a
b103730d95829f64c0746b97a85e0ada4f6c18a2
7afbc6f7cb728a9b4dfd7791a8207c60bdd255ea2f00ba12880bee15f7fbdff0
GET /landings/277110/1669380007/images/logo-white.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 0hnTOMjaLTEcee6jvhffHOUAVV+6wuHj7snluSjlJDrrvjUYE6vmNQY6i3mHcaQwOxeFjpx0sVQ=
x-amz-request-id: KJC2M7FG6P8NF19M
Last-Modified: Fri, 25 Nov 2022 12:40:10 GMT
ETag: "27a8fdccc08741c52422bd4852f87c3a"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 9461
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/unlock.svg
184.31.15.67200 OK 2.4 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/unlock.svg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (944)
Hash a732e1e06affb4575c050fdb0131e5ca
da4f4f204a4d22c7424274a91520e0ea993c48c7
e17f481e5fe197e600ffe6cf53a94a4e49a73b6b817ff560cd92c3dd501d603f
GET /landings/277110/1669380007/images/unlock.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: XK7/ZJO+fKOMyrNyLwoCRmx3LI5uT7tmN7V2LDucg4jdALTC75dZQdsq8AcPN9CTJc9HS+64hPk=
x-amz-request-id: 6S4HCY8J28HEJFM1
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "a732e1e06affb4575c050fdb0131e5ca"
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 2378
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/1-eu.jpg
184.31.15.67200 OK 4.3 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/1-eu.jpg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Hash 6e6d0b84c81d847e24671a711115a781
20dc2d359e437dc10ceefea4d3c7b5189c2e58d0
515974c9245ead07b3332ca22fa1581622118c75955941452140a602646aa553
GET /landings/277110/1669380007/images/1-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: RMdnqkOTJpdONvTLBYvlaVP+FLsUf5YdfV9XrXcemmHORTZX6ZzgAS9hHjfK9qFfnGQnRw8WNrg=
x-amz-request-id: 6S4T86B48KSRTRSC
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "6e6d0b84c81d847e24671a711115a781"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 4292
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/4-eu.jpg
184.31.15.67200 OK 2.6 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/4-eu.jpg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Hash cb3aff7c886e4f72a98172b873b5e62d
33de244dcb4db4abe54b6508ae8d1546eb279aa5
d22825c9a1ff2c18506f0c2c3abaf3bb77f8352ba7bd410d50d35f20adbab08e
GET /landings/277110/1669380007/images/4-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: XDaBZ7Twy/yMLwL7PQWJnmLepJvl0qcnAXn/Akb8vaOUcWBFN9EyOFQNGu+ZUE/KSIHbMFRuTD4=
x-amz-request-id: 6S4H66PBNGD58VGN
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "cb3aff7c886e4f72a98172b873b5e62d"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 2586
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/2-eu.jpg
184.31.15.67200 OK 2.0 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/2-eu.jpg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 80x80, components 3\012- data
Hash 66b6dc51bd19c799dcadf1dbeb628d9c
ff7fe6049e944186764bfc5041d624ec11f8d362
d3c1502509ae60909fe60c46cc58c41c1a9fe53ee7aeffb92d37a074ba8550f0
GET /landings/277110/1669380007/images/2-eu.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 94B+qg44bfwckEWeh/+FXoD0JuETZNY2gkuV45MB6Wux/V7D90illuhFfcsY9TOtFhQEl5/uUFA=
x-amz-request-id: 6S4WJE4RA6GX4PCE
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "66b6dc51bd19c799dcadf1dbeb628d9c"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 2009
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/password.svg
184.31.15.67200 OK 1.3 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/password.svg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (330)
Hash f42aef7f97d4c9bdb074673081f38ac7
0231df782e371d139c826e091279acd9a07e691c
5fca7f589cd825e1f152e0a1677d6cbd0a3ee3ecde05905d572af87e8b453eac
GET /landings/277110/1669380007/images/password.svg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: S3QKCYrVfXLOPatQoEsuzKWreDpdH2pXAeAZjqiLuW6WSrQEcQlaDc/An6BtrU9jqLlUIUK/v70=
x-amz-request-id: AD6BFCVABJEZ35K3
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "f42aef7f97d4c9bdb074673081f38ac7"
Accept-Ranges: bytes
Content-Type: image/svg+xml
Server: AmazonS3
Content-Length: 1339
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
peeredfoggy.com/izsmb6wmc?shu=8c1152ec6654ba12a8ec3e599c07cc442d3128482a79154820bf5afd33cd95e95842e99dc8d5988eb981d719c3b92d05ffa13e2ac94d6bc0a3d22e696828ff100ee2be7d7287b2808b76758e4901a964f2b91945&pst=1669624690&rmtc=t&uuid=&pii=true&in=false&key=981f3db84e16c7cf652706acb2391f25&refer=https%3A%2F%2Flshunter.me%2F
192.243.59.12302 Found 0 B URL HTTP/1.1 peeredfoggy.com/izsmb6wmc?shu=8c1152ec6654ba12a8ec3e599c07cc442d3128482a79154820bf5afd33cd95e95842e99dc8d5988eb981d719c3b92d05ffa13e2ac94d6bc0a3d22e696828ff100ee2be7d7287b2808b76758e4901a964f2b91945&pst=1669624690&rmtc=t&uuid=&pii=true&in=false&key=981f3db84e16c7cf652706acb2391f25&refer=https%3A%2F%2Flshunter.me%2F
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /izsmb6wmc?shu=8c1152ec6654ba12a8ec3e599c07cc442d3128482a79154820bf5afd33cd95e95842e99dc8d5988eb981d719c3b92d05ffa13e2ac94d6bc0a3d22e696828ff100ee2be7d7287b2808b76758e4901a964f2b91945&pst=1669624690&rmtc=t&uuid=&pii=true&in=false&key=981f3db84e16c7cf652706acb2391f25&refer=https%3A%2F%2Flshunter.me%2F HTTP/1.1
Host: peeredfoggy.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://peeredfoggy.com/izsmb6wmc?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=17834794
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.17.6
Date: Mon, 28 Nov 2022 08:37:10 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: https://gertrk.com/click.php?key=n9wbuyk5h0mq6m6x7xc5&SUB_ID_SHORT=18ed91f4af23d80dbf5b6e07ea639016&COST_CPC=0.002400&PLACEMENT_ID=17834794&CAMPAIGN_ID=691144&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2042909
Set-Cookie: u_pl=17834794; expires=Tue, 29 Nov 2022 08:37:10 GMT
iprc24b29f2432d4b9363a45981739ca675a=3819930; expires=Tue, 29 Nov 2022 08:37:10 GMT
pdhtkv=true; expires=Tue, 29 Nov 2022 08:37:10 GMT
uncs=1; expires=Tue, 29 Nov 2022 08:37:10 GMT
pdhtkv28=true; expires=Tue, 29 Nov 2022 08:37:10 GMT
uncs28=1; expires=Tue, 29 Nov 2022 08:37:10 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 18110b7792b5fe13033f507c6d3341c2
Strict-Transport-Security: max-age=0; includeSubdomains
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 7177a5cb2bab45ffd19f7b96d1717c14
a52e6e683b97e4feeea24a522f9e61783106d752
9405d32da23e474d4cf6bf3a644712e480950a2028e2ec1fe1f378e7fe2c8621
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4797
Cache-Control: max-age=142282
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:10 GMT
Etag: "6383e943-116"
Expires: Wed, 30 Nov 2022 00:08:32 GMT
Last-Modified: Sun, 27 Nov 2022 22:48:35 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 1.8 kB IP 93.184.220.29:0
Hash a3b24df72173a7b4e13e924099efa3d7
5808e9c96230dcb23c84ee80df29e13ea6ce5af5
935ae7480aa1d962d9c0fc166e4912b07968c039177ea77741ec0e8f314d2efa
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 102
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:10 GMT
Etag: "6383e943-116"
Last-Modified: Mon, 28 Nov 2022 08:35:28 GMT
Server: ECS (ska/F715)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 7177a5cb2bab45ffd19f7b96d1717c14
a52e6e683b97e4feeea24a522f9e61783106d752
9405d32da23e474d4cf6bf3a644712e480950a2028e2ec1fe1f378e7fe2c8621
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4797
Cache-Control: max-age=142282
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:10 GMT
Etag: "6383e943-116"
Expires: Wed, 30 Nov 2022 00:08:32 GMT
Last-Modified: Sun, 27 Nov 2022 22:48:35 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 7177a5cb2bab45ffd19f7b96d1717c14
a52e6e683b97e4feeea24a522f9e61783106d752
9405d32da23e474d4cf6bf3a644712e480950a2028e2ec1fe1f378e7fe2c8621
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4797
Cache-Control: max-age=142282
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:10 GMT
Etag: "6383e943-116"
Expires: Wed, 30 Nov 2022 00:08:32 GMT
Last-Modified: Sun, 27 Nov 2022 22:48:35 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 7177a5cb2bab45ffd19f7b96d1717c14
a52e6e683b97e4feeea24a522f9e61783106d752
9405d32da23e474d4cf6bf3a644712e480950a2028e2ec1fe1f378e7fe2c8621
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4797
Cache-Control: max-age=142282
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:10 GMT
Etag: "6383e943-116"
Expires: Wed, 30 Nov 2022 00:08:32 GMT
Last-Modified: Sun, 27 Nov 2022 22:48:35 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278
i.bcicdn.com/live/095/042/3d1/xbig_lq/6ad743.jpg
195.85.23.226200 OK 14 kB URL HTTP/2 i.bcicdn.com/live/095/042/3d1/xbig_lq/6ad743.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash f885bb67c070da01d10f1ffbc07e5d4b
8d87af60beb7b02f0c6a12de4858784550bf2c7e
eb21d20ef0c8585ffffe30667cff7c7837cd14a1796011f18e06c5c889a2477c
GET /live/095/042/3d1/xbig_lq/6ad743.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: image/jpeg
content-length: 13890
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "6384729e-3642"
expires: Mon, 05 Dec 2022 08:34:39 GMT
last-modified: Mon, 28 Nov 2022 08:34:38 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7b809b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09f/15d/0b2/xbig_lq/d4858a.jpg
195.85.23.226200 OK 15 kB URL HTTP/2 i.bcicdn.com/live/09f/15d/0b2/xbig_lq/d4858a.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 5ffb7201bc0757a351b15bbb972953e4
c794bbaeba9ed69f45a8e0477e96e6bd95755f80
f0fcbe3aa89004dfef624c8566c3b0646c005e788b956bf4347c646bd67bb874
GET /live/09f/15d/0b2/xbig_lq/d4858a.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 15213
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "6384731f-3b6d"
expires: Mon, 05 Dec 2022 08:36:48 GMT
last-modified: Mon, 28 Nov 2022 08:36:47 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7b80eb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/025/3c2/2f1/xbig_lq/7bebae.jpg
195.85.23.226200 OK 18 kB URL HTTP/2 i.bcicdn.com/live/025/3c2/2f1/xbig_lq/7bebae.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash d0dd45cc09502a109fe9b340774af98b
69ffd14d341d7afdb87ec14de783296aaa04b4f3
d64ff0038d496948ba68897d0149cff9e76e1bb26c681bd9bb15d8a54bdc3fcd
GET /live/025/3c2/2f1/xbig_lq/7bebae.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 17471
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847312-443f"
expires: Mon, 05 Dec 2022 08:36:35 GMT
last-modified: Mon, 28 Nov 2022 08:36:34 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7b810b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09c/2a7/110/xbig_lq/c8fed7.jpg
195.85.23.226200 OK 17 kB URL HTTP/2 i.bcicdn.com/live/09c/2a7/110/xbig_lq/c8fed7.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash e09df73f5732ecce3d26e2ea2a0e2b0a
5b0c5ab4bb41c88cae18c5cbc920a2c72447e942
74c8c31876c457e478e7f622a5f3d6bd245856a0f7e3abed97b0b1f9825258a4
GET /live/09c/2a7/110/xbig_lq/c8fed7.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 16594
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472a0-40d2"
expires: Mon, 05 Dec 2022 08:34:47 GMT
last-modified: Mon, 28 Nov 2022 08:34:40 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7b80db503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/images/logo/cyber_monday/2022/poster.png
195.85.23.226200 OK 5.9 kB URL HTTP/2 i.bcicdn.com/images/logo/cyber_monday/2022/poster.png
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type PNG image data, 300 x 100, 8-bit colormap, non-interlaced\012- data
Hash 2204b6652631212e41a8a1bc32c76942
cdbc477cba8ba0aded81ce558813edab071d98e9
a8c261dc32e77b2adaf76a5d3e8fecd422fb55ad84c2d3945dec0764c2a75596
GET /images/logo/cyber_monday/2022/poster.png HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/png
content-length: 5939
last-modified: Tue, 22 Nov 2022 02:51:03 GMT
etag: "637c3917-1733"
expires: Tue, 27 Dec 2022 17:00:00 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o1-p4: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 56230
accept-ranges: bytes
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7b80fb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/037/02e/345/xbig_lq/a539fd.jpg
195.85.23.226200 OK 23 kB URL HTTP/2 i.bcicdn.com/live/037/02e/345/xbig_lq/a539fd.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 5c435224bac13431dde232f3c43d3218
d79e86aa12c71c0d383fa3dc573a1807800f8052
4c8f9ea986264fb78b5d3c3148efb556182ae21b7b4c4d50e1019214c828b04b
GET /live/037/02e/345/xbig_lq/a539fd.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 22728
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472f0-58c8"
expires: Mon, 05 Dec 2022 08:36:06 GMT
last-modified: Mon, 28 Nov 2022 08:36:00 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 12
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7b811b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09f/228/0b6/xbig_lq/dcc037.jpg
195.85.23.226200 OK 21 kB URL HTTP/2 i.bcicdn.com/live/09f/228/0b6/xbig_lq/dcc037.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 4c140704194ec66f46be1160af0ff0e1
d3b71a89a210891e53e6dc58670b1f8da3e96286
aa9906029f36a1bc84a283c77dd6c193332a8fa78d1c84d684b6d6e5df42b245
GET /live/09f/228/0b6/xbig_lq/dcc037.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 21033
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472a1-5229"
expires: Mon, 05 Dec 2022 08:34:47 GMT
last-modified: Mon, 28 Nov 2022 08:34:41 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 12
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c816b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/099/373/022/xbig_lq/827964.jpg
195.85.23.226200 OK 22 kB URL HTTP/2 i.bcicdn.com/live/099/373/022/xbig_lq/827964.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 162eaca7393038907ca0e9deebbc031b
9e64d6289e7154abb1f51e697a1f8ee2a857f00e
e9a6a2c6c564a5ae5fb54ddc8fa6c6efc514a432e542aba13b6b8b3d2859f9a9
GET /live/099/373/022/xbig_lq/827964.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 22382
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472c9-576e"
expires: Mon, 05 Dec 2022 08:35:23 GMT
last-modified: Mon, 28 Nov 2022 08:35:21 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c817b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/072/1c5/232/xbig_lq/abbc62.jpg
195.85.23.226200 OK 22 kB URL HTTP/2 i.bcicdn.com/live/072/1c5/232/xbig_lq/abbc62.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash acfcae2ae776823c8942fe462a92a7d9
cd27298520932494dd8017ce23b262951203c220
5acc4502ac54a066e1fb55e3789d49a7c992b5692f25c923b2b728ad9ffa5622
GET /live/072/1c5/232/xbig_lq/abbc62.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 22549
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472b9-5815"
expires: Mon, 05 Dec 2022 08:35:10 GMT
last-modified: Mon, 28 Nov 2022 08:35:05 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7b812b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09f/343/016/xbig_lq/92110c.jpg
195.85.23.226200 OK 14 kB URL HTTP/2 i.bcicdn.com/live/09f/343/016/xbig_lq/92110c.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 54149133cb80f3eab7ee84a695d2a085
e314c65bfd6b2340bba8e29224c647d2608dd7ee
1121ce85164bc7d14ef9eb2761a79691de31bfb25f1525617dd443fe93f04b43
GET /live/09f/343/016/xbig_lq/92110c.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 13982
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847270-369e"
expires: Mon, 05 Dec 2022 08:34:02 GMT
last-modified: Mon, 28 Nov 2022 08:33:52 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7b814b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09f/2c5/2ab/xbig_lq/3b7f94.jpg
195.85.23.226200 OK 18 kB URL HTTP/2 i.bcicdn.com/live/09f/2c5/2ab/xbig_lq/3b7f94.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash f7950a277ce3c2bf14a2da3056df2775
b84d30c7c9a898329cf7bdb37c1781b44659b56c
914d2fa8b7b0d228c87f1124bd9b673ced20f58111757e81cc3697e0db5fb932
GET /live/09f/2c5/2ab/xbig_lq/3b7f94.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 17773
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472c5-456d"
expires: Mon, 05 Dec 2022 08:35:18 GMT
last-modified: Mon, 28 Nov 2022 08:35:17 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 12
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c815b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/045/3ae/01d/xbig_lq/f520be.jpg
195.85.23.226200 OK 15 kB URL HTTP/2 i.bcicdn.com/live/045/3ae/01d/xbig_lq/f520be.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 9f851bfd6f335bc0e918f6ab69e20ff2
9a0526c69c44b1932127e32237ec20694f0f3458
aba7d905abfb0ae3caa1297b5ccf40ee4a104a05c85be6d8c5d5c44f1f369549
GET /live/045/3ae/01d/xbig_lq/f520be.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 14572
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847262-38ec"
expires: Mon, 05 Dec 2022 08:33:38 GMT
last-modified: Mon, 28 Nov 2022 08:33:38 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c81cb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/068/01b/2a3/xbig_lq/72227d.jpg
195.85.23.226200 OK 14 kB URL HTTP/2 i.bcicdn.com/live/068/01b/2a3/xbig_lq/72227d.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 36522dc7780fd11889b9423c7864d01e
81ff3d3cb0369f987e08ac9ea6059af98f043b59
bc283b96771e286cfab335cd47fb8cae424227cae951f04de0b4b23f2d79b3b3
GET /live/068/01b/2a3/xbig_lq/72227d.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 14484
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472e8-3894"
expires: Mon, 05 Dec 2022 08:35:56 GMT
last-modified: Mon, 28 Nov 2022 08:35:52 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c821b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/05e/168/325/xbig_lq/f77fe3.jpg
195.85.23.226200 OK 14 kB URL HTTP/2 i.bcicdn.com/live/05e/168/325/xbig_lq/f77fe3.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash c2306764949059d9e519abaa53aa22a7
7de6e42b647802a935f9104aee1f70b2947ec029
b26ce39948625b1d3c032b433263c7f6b0c0a1d5ec6a7246a31574a700b9e33d
GET /live/05e/168/325/xbig_lq/f77fe3.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 14276
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472b2-37c4"
expires: Mon, 05 Dec 2022 08:35:05 GMT
last-modified: Mon, 28 Nov 2022 08:34:58 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c818b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09d/239/005/xbig_lq/8ad9c8.jpg
195.85.23.226200 OK 14 kB URL HTTP/2 i.bcicdn.com/live/09d/239/005/xbig_lq/8ad9c8.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 01f5de4b4c589e5f400715da0844ce93
d67110ddc9115b11b0caa2124f47fd940a6fc9be
f026ba6e84e95aff881129dd0180bde4f5b086583849662686d48023f8e9a598
GET /live/09d/239/005/xbig_lq/8ad9c8.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 13727
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847292-359f"
expires: Mon, 05 Dec 2022 08:34:30 GMT
last-modified: Mon, 28 Nov 2022 08:34:26 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c81fb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/07b/078/134/xbig_lq/1b11db.jpg
195.85.23.226200 OK 18 kB URL HTTP/2 i.bcicdn.com/live/07b/078/134/xbig_lq/1b11db.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash e7aed628f75287617c64087eac96503d
c268a3df3074df1c09e011de89d0f966422393d4
339db2d6c697b458810b8b9cda5ef57985c93b899cdbfd8e4db3de773c02d0ed
GET /live/07b/078/134/xbig_lq/1b11db.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 18403
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472bb-47e3"
expires: Mon, 05 Dec 2022 08:35:10 GMT
last-modified: Mon, 28 Nov 2022 08:35:07 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 12
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c825b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/093/15f/074/xbig_lq/9a5058.jpg
195.85.23.226200 OK 24 kB URL HTTP/2 i.bcicdn.com/live/093/15f/074/xbig_lq/9a5058.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 524f095770e7c5e53c19289a6adb6b56
efc35b9afa46a378c16f9b2b4312b1c6e1448811
fb8fa51988d32478cd26fb392a4e614bb35fac284773a69d5ea4e9c7ac109a7c
GET /live/093/15f/074/xbig_lq/9a5058.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 24522
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472b9-5fca"
expires: Mon, 05 Dec 2022 08:35:07 GMT
last-modified: Mon, 28 Nov 2022 08:35:05 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 12
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c826b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/063/070/2af/xbig_lq/aaa8ba.jpg
195.85.23.226200 OK 15 kB URL HTTP/2 i.bcicdn.com/live/063/070/2af/xbig_lq/aaa8ba.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 34deb05e99fa45441b15a8ff11d7346c
332189f662e1cdd8727a1e8a2de3b07a81827e59
38d5c172d5e793a9eb763f0cfd8a084f289c0c6d20cf9cf40d2b50ae79bbb81c
GET /live/063/070/2af/xbig_lq/aaa8ba.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 14622
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847321-391e"
expires: Mon, 05 Dec 2022 08:36:51 GMT
last-modified: Mon, 28 Nov 2022 08:36:49 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c828b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/091/3bf/3c4/xbig_lq/0a7f86.jpg
195.85.23.226200 OK 25 kB URL HTTP/2 i.bcicdn.com/live/091/3bf/3c4/xbig_lq/0a7f86.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 387972bbaa6e04e4d79081f0e682fa1c
b40556be16614fca102fd45e6597530fd03be255
648bf70d93f753ff5417b311a46d9f39f4224c047340d8bf752eafd84f456e03
GET /live/091/3bf/3c4/xbig_lq/0a7f86.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 24880
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847272-6130"
expires: Mon, 05 Dec 2022 08:34:02 GMT
last-modified: Mon, 28 Nov 2022 08:33:54 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c829b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/04a/3b1/141/xbig_lq/2ca536.jpg
195.85.23.226200 OK 15 kB URL HTTP/2 i.bcicdn.com/live/04a/3b1/141/xbig_lq/2ca536.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 5035ee448dfeb5f3673117b4669fd45d
dc72269a1eabbc135ea6897bdaad5fcb135a9014
3b1578c4a02414226cd4ab706464b991cffd4c45d0e7dd0144008be108adf87c
GET /live/04a/3b1/141/xbig_lq/2ca536.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 15109
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "6384720b-3b05"
expires: Mon, 05 Dec 2022 08:32:14 GMT
last-modified: Mon, 28 Nov 2022 08:32:11 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 242
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c82ab503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/074/336/357/xbig_lq/9c953b.jpg
195.85.23.226200 OK 19 kB URL HTTP/2 i.bcicdn.com/live/074/336/357/xbig_lq/9c953b.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash bc646da22f1b4c372b538b3c129a7342
93cb4a1509457152020cd507f353a54b3a4b533b
969f132d7168607be17877dc0e08a4a056ae26d7ecf79ed6df27d1cf7fddc2bd
GET /live/074/336/357/xbig_lq/9c953b.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 19259
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472fb-4b3b"
expires: Mon, 05 Dec 2022 08:36:16 GMT
last-modified: Mon, 28 Nov 2022 08:36:11 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c82bb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/062/054/3a1/xbig_lq/03af9c.jpg
195.85.23.226200 OK 23 kB URL HTTP/2 i.bcicdn.com/live/062/054/3a1/xbig_lq/03af9c.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 87616da538e1fdd37c674c2c7ee66b02
c3d806915723b7c1529e849e4998d8d14c489f01
fcc4dca36357edbc69dc247a3d0f3ee5189fc4523ac758e3bd2b32890c828c92
GET /live/062/054/3a1/xbig_lq/03af9c.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 23441
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472c8-5b91"
expires: Mon, 05 Dec 2022 08:35:23 GMT
last-modified: Mon, 28 Nov 2022 08:35:20 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c82cb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/066/2cb/304/xbig_lq/fbcaba.jpg
195.85.23.226200 OK 24 kB URL HTTP/2 i.bcicdn.com/live/066/2cb/304/xbig_lq/fbcaba.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 0df507ef8685e3ed5dd97d23a10e1e08
6a3bae6665b62b1d04663b56ee63f568f9159b83
084331c9337672d54115261ebb80e28ffe5dd61482681fc2981d3a40c282d4f9
GET /live/066/2cb/304/xbig_lq/fbcaba.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 24297
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847242-5ee9"
expires: Mon, 05 Dec 2022 08:33:08 GMT
last-modified: Mon, 28 Nov 2022 08:33:06 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 242
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c82db503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09b/115/364/xbig_lq/ab6aaa.jpg
195.85.23.226200 OK 22 kB URL HTTP/2 i.bcicdn.com/live/09b/115/364/xbig_lq/ab6aaa.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 7d22e3d76156b08eaa7204cbe575b1df
481a603be5803a4b0c8b6ca0b5f09dd2ce29f2c4
3cc0a03a11a68e832f99687c7a4a4cbcb0ce83ab5a0a80556d1cc53cb9914923
GET /live/09b/115/364/xbig_lq/ab6aaa.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 21769
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847303-5509"
expires: Mon, 05 Dec 2022 08:36:29 GMT
last-modified: Mon, 28 Nov 2022 08:36:19 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c82eb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/0a0/110/066/xbig_lq/425b73.jpg
195.85.23.226200 OK 16 kB URL HTTP/2 i.bcicdn.com/live/0a0/110/066/xbig_lq/425b73.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 3e1238c31a6fc24c1baa59235b885aed
d7f3f502cb503bc3053cf07b0592616a8c7c52b9
6a73e6b7948589c49c0ed49fe112ff713826a297eae9e97871d3fb9acb1f9e75
GET /live/0a0/110/066/xbig_lq/425b73.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 15931
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "6384730a-3e3b"
expires: Mon, 05 Dec 2022 08:36:32 GMT
last-modified: Mon, 28 Nov 2022 08:36:26 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c82fb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/063/180/2c6/xbig_lq/8a40be.jpg
195.85.23.226200 OK 16 kB URL HTTP/2 i.bcicdn.com/live/063/180/2c6/xbig_lq/8a40be.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 0135a647586703b3c4f31218650ce017
df2a6a4a9bda4fe8b55695ac64c5016bd66bdd7a
951c4b34009d483c7151336b56c923793c2f462c57d74a8cfded653c07e25687
GET /live/063/180/2c6/xbig_lq/8a40be.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 16472
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "6384729a-4058"
expires: Mon, 05 Dec 2022 08:34:35 GMT
last-modified: Mon, 28 Nov 2022 08:34:34 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c822b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09c/125/0c7/xbig_lq/0a7f86.jpg
195.85.23.226200 OK 21 kB URL HTTP/2 i.bcicdn.com/live/09c/125/0c7/xbig_lq/0a7f86.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash c8bde74564edea96f6cddba787074411
719d2af3772f527de3ad1f255f18f516eac8b093
2879715ac697bbee7a5b294ac4db53f0b80244d2f0cac09f1d5d0911cfdb657d
GET /live/09c/125/0c7/xbig_lq/0a7f86.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 20702
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847272-50de"
expires: Mon, 05 Dec 2022 08:34:02 GMT
last-modified: Mon, 28 Nov 2022 08:33:54 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c834b503-OSL
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/277110/1669380007/images/shutterstock_745475197.png
184.31.15.67200 OK 18 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/shutterstock_745475197.png
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash efeb236e587e3286a604490649f518f3
4397a9f0ff00e6bcb3191f3a7096311180fdddae
845d5e3d1f946b299b717d3c92c9e49cd4b0ff4d62f21db9f84657f2d7c22e9f
GET /landings/277110/1669380007/images/shutterstock_745475197.png HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: ZqCY5lud+RR54imKua/XG7FGzQcNK/3FKnN1bypyb8KvKFTkl3/30Q2+DuS6dxAOt1B/n4OCmzs=
x-amz-request-id: M1EBWBFNP1JJAYW4
Last-Modified: Fri, 25 Nov 2022 12:40:11 GMT
ETag: "13efb7d3bebedd1070118ff26ef75f0e"
Accept-Ranges: bytes
Content-Type: image/png
Server: AmazonS3
Content-Length: 99417
Date: Mon, 28 Nov 2022 08:37:10 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
i.bcicdn.com/live/09f/270/1c2/xbig_lq/e569a0.jpg
195.85.23.226200 OK 14 kB URL HTTP/2 i.bcicdn.com/live/09f/270/1c2/xbig_lq/e569a0.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash bd8b608fd7218fd6b43500c276a7fccd
0d925112f8a3ba78578c87d3dd482deec1914aa0
d9132af7c8cff5da853290c5ae5297672eceffecefc8079fbd313eb2cdf32b19
GET /live/09f/270/1c2/xbig_lq/e569a0.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 14263
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "6384730a-37b7"
expires: Mon, 05 Dec 2022 08:36:31 GMT
last-modified: Mon, 28 Nov 2022 08:36:26 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c836b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/04b/174/331/xbig_lq/f41e35.jpg
195.85.23.226200 OK 18 kB URL HTTP/2 i.bcicdn.com/live/04b/174/331/xbig_lq/f41e35.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash db9fb7a413254027abf93fbc04a4884a
cea8a4ff754efe95c9eddc43ea77fe5ddb3602e1
60b4bc7f92dfac061f3fe437676e4b7fa837e3d050c949790208307def41d5e1
GET /live/04b/174/331/xbig_lq/f41e35.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 18298
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847252-477a"
expires: Mon, 05 Dec 2022 08:33:28 GMT
last-modified: Mon, 28 Nov 2022 08:33:22 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c837b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09f/0f2/025/xbig_lq/9a5058.jpg
195.85.23.226200 OK 19 kB URL HTTP/2 i.bcicdn.com/live/09f/0f2/025/xbig_lq/9a5058.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 134b334159b20afc3e53c800edef0c17
f3795ab15b27d32962bd160703888e4f066fcdb3
34c2c0490feb4eebe66fbbe6c6a7b948135e564798755dc9786b0552661bab82
GET /live/09f/0f2/025/xbig_lq/9a5058.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 19372
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472ba-4bac"
expires: Mon, 05 Dec 2022 08:35:07 GMT
last-modified: Mon, 28 Nov 2022 08:35:06 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c839b503-OSL
X-Firefox-Spdy: h2
hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
156.146.33.18200 OK 78 kB URL HTTP/2 hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (710)
Hash 49c243b20ef2138ecaff53231a673c84
2f9677ad92eb366138b0e1c57e297843fce7291d
30b7b78aef62416be909236cf616f736d8e3c7ae394749a2a04ae1c7b9f4cd37
GET /lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117 HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/html
last-modified: Wed, 23 Nov 2022 16:58:49 GMT
etag: W/"637e5149-52c5"
access-control-allow-origin: *
x-accel-expires: @1670261277
server: CDN77-Turbo
x-77-nzt: AZySIRDa+s7/GBsGAA
x-77-nzt-ray: f6587a1df97b4dc43573846307b47d2d
x-cache: HIT
x-age: 400152
x-77-pop: frankfurtDE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/live/098/2ae/104/xbig_lq/10273a.jpg
195.85.23.226200 OK 15 kB URL HTTP/2 i.bcicdn.com/live/098/2ae/104/xbig_lq/10273a.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash dcea6c6848a2e46f203d23e0db64cfd7
b1d46172964c63ca7d45a45c46755df2d9514d1b
f74bd7d89232e1e8bc15390bfc710619465844712037ea8bae15963805f68740
GET /live/098/2ae/104/xbig_lq/10273a.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 15413
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472a3-3c35"
expires: Mon, 05 Dec 2022 08:34:47 GMT
last-modified: Mon, 28 Nov 2022 08:34:43 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7d840b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/0a0/0e7/37a/xbig_lq/99e334.jpg
195.85.23.226200 OK 12 kB URL HTTP/2 i.bcicdn.com/live/0a0/0e7/37a/xbig_lq/99e334.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash eeb78935f499f86c6c9810d612b56cf3
76f4caa1ec738d7899cb4e780bddbd385c8c73bd
41417ab8f5021aee053f6841c59be93af93cdbb70414e8345c8b3f6c49c03186
GET /live/0a0/0e7/37a/xbig_lq/99e334.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 11472
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "6384729e-2cd0"
expires: Mon, 05 Dec 2022 08:34:40 GMT
last-modified: Mon, 28 Nov 2022 08:34:38 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7d844b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/099/167/162/xbig_lq/3914a9.jpg
195.85.23.226200 OK 18 kB URL HTTP/2 i.bcicdn.com/live/099/167/162/xbig_lq/3914a9.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 1fca9c1ada65431721097918c4b3fde3
9e0674235807d38b247c1737d91c9b1a35442806
43c41c07b7cb82ff3dc3dc29c55647d3c2f5eac670e4b5a1a98df2aca2f384ca
GET /live/099/167/162/xbig_lq/3914a9.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 18415
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "6384728c-47ef"
expires: Mon, 05 Dec 2022 08:34:29 GMT
last-modified: Mon, 28 Nov 2022 08:34:20 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7d845b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/048/1ca/035/xbig_lq/aa66b3.jpg
195.85.23.226200 OK 14 kB URL HTTP/2 i.bcicdn.com/live/048/1ca/035/xbig_lq/aa66b3.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash fc33afe07961498cc38103d5ca0d9a92
4db7183ddf3f79db33147295b97a86a039719f8a
2ebf521f1de849cfe549abfa7e258f10f17ae843a40f9d8034a017153881f5a1
GET /live/048/1ca/035/xbig_lq/aa66b3.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 14226
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847280-3792"
expires: Mon, 05 Dec 2022 08:34:10 GMT
last-modified: Mon, 28 Nov 2022 08:34:08 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7d846b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/074/072/324/xbig_lq/4e6d18.jpg
195.85.23.226200 OK 17 kB URL HTTP/2 i.bcicdn.com/live/074/072/324/xbig_lq/4e6d18.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 2a721df2f53f214fc1fa23b6193e82bc
550e4893e6277b2b91e593fca00445502ecac642
54b6d106144c6564fb9cb2eb3726c6725f889048441364d8ad4fdd730235e596
GET /live/074/072/324/xbig_lq/4e6d18.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 16953
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "6384730e-4239"
expires: Mon, 05 Dec 2022 08:36:32 GMT
last-modified: Mon, 28 Nov 2022 08:36:30 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7d849b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09f/027/3c4/xbig_lq/1e4d7f.jpg
195.85.23.226200 OK 13 kB URL HTTP/2 i.bcicdn.com/live/09f/027/3c4/xbig_lq/1e4d7f.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash e196db4ba5e6fa79dee928567977f0d2
a6a29f00a34fbbc5cc227e8ffee9d0c8b8e7fa7c
7b3adcb62f6223314c440f5d1368f1e0ccae327bd4329a7bd57dd1d8f02a0af2
GET /live/09f/027/3c4/xbig_lq/1e4d7f.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 12768
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847220-31e0"
expires: Mon, 05 Dec 2022 08:32:34 GMT
last-modified: Mon, 28 Nov 2022 08:32:32 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 242
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7d84db503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/091/352/0f2/xbig_lq/d8866b.jpg
195.85.23.226200 OK 16 kB URL HTTP/2 i.bcicdn.com/live/091/352/0f2/xbig_lq/d8866b.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 069aa9804a85afc0fbdfc49c275ee481
fdcc77bfd9646e1d5eae3fc8eeb066941f7d3c5a
945dce80202c3aca510129d17e7bf68655d408ea03eff12f48635bcf70f25f32
GET /live/091/352/0f2/xbig_lq/d8866b.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 15858
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847294-3df2"
expires: Mon, 05 Dec 2022 08:34:32 GMT
last-modified: Mon, 28 Nov 2022 08:34:28 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7d853b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/0a0/1c1/39c/xbig_lq/647b60.jpg
195.85.23.226200 OK 12 kB URL HTTP/2 i.bcicdn.com/live/0a0/1c1/39c/xbig_lq/647b60.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash aff6262b07d474e34a9d58bc34bdc558
bf5ddfe73d49181256ea3fafba69bf1001f5cc03
59f6879a655dbc98ec27a6b901625219280ec47ab9237266a14075e545f70ca6
GET /live/0a0/1c1/39c/xbig_lq/647b60.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 11808
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472fe-2e20"
expires: Mon, 05 Dec 2022 08:36:16 GMT
last-modified: Mon, 28 Nov 2022 08:36:14 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7e854b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/075/0cb/238/xbig_lq/5ba4e5.jpg
195.85.23.226200 OK 18 kB URL HTTP/2 i.bcicdn.com/live/075/0cb/238/xbig_lq/5ba4e5.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 7a1403e21ca26cce758e7c0af0c4afea
5d69873f3412cbf5311a7958b188cfba08209947
9f8d5a0374e188896a693eeb03a2513fee5b193bc687aecb119e8e8e0fe9a04d
GET /live/075/0cb/238/xbig_lq/5ba4e5.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 18072
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847205-4698"
expires: Mon, 05 Dec 2022 08:32:06 GMT
last-modified: Mon, 28 Nov 2022 08:32:05 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 242
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7e855b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09e/252/2a7/xbig_lq/159268.jpg
195.85.23.226200 OK 18 kB URL HTTP/2 i.bcicdn.com/live/09e/252/2a7/xbig_lq/159268.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 5d5bf1fad6ae32af9eb97568ff458a7f
00bc2fb3ceba7de9d916efcbe361c02824fd6722
ace87993de23083f9aac303c93088b76227e7e98d03f6649b587614703b86ca8
GET /live/09e/252/2a7/xbig_lq/159268.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 18075
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472ae-469b"
expires: Mon, 05 Dec 2022 08:34:56 GMT
last-modified: Mon, 28 Nov 2022 08:34:54 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 12
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7e856b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09b/0ef/257/xbig_lq/d44df2.jpg
195.85.23.226200 OK 18 kB URL HTTP/2 i.bcicdn.com/live/09b/0ef/257/xbig_lq/d44df2.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash c454f37d94a53cc2b5b26637038102e2
1e4258260c4041b0f9721eddf82ad09716048590
4941f33d7ce073aba8c120ff186d9148dbd6bccd79ede953af8f447ecf4ebd4f
GET /live/09b/0ef/257/xbig_lq/d44df2.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 17677
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847213-450d"
expires: Mon, 05 Dec 2022 08:32:29 GMT
last-modified: Mon, 28 Nov 2022 08:32:19 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 242
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7e85cb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/0a0/0cc/00c/xbig_lq/2b8588.jpg
195.85.23.226200 OK 14 kB URL HTTP/2 i.bcicdn.com/live/0a0/0cc/00c/xbig_lq/2b8588.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash ee814dbbf9494bc07756bf65e69dec33
58be3fa47290c5112aa9ceb0902411867fffb750
7c6eca45f9e6fc44bfc1a5d02392301b141edff717512ac4a115b4fccd881332
GET /live/0a0/0cc/00c/xbig_lq/2b8588.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 14278
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472fb-37c6"
expires: Mon, 05 Dec 2022 08:36:15 GMT
last-modified: Mon, 28 Nov 2022 08:36:11 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7f86eb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09f/0f3/2bf/xbig_lq/2d5ea9.jpg
195.85.23.226200 OK 11 kB URL HTTP/2 i.bcicdn.com/live/09f/0f3/2bf/xbig_lq/2d5ea9.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 63404d0b4d49e5fc92790ecd18bb6c7e
b5b9419d1e06b9b7832963702bbbf7f98310fe52
de50bd054e8d36f9f2ca164df16d5b8b80c1100c9b13a31bcad2b3e65d62e352
GET /live/09f/0f3/2bf/xbig_lq/2d5ea9.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 10921
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472ca-2aa9"
expires: Mon, 05 Dec 2022 08:35:23 GMT
last-modified: Mon, 28 Nov 2022 08:35:22 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7f870b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09f/248/07a/xbig_lq/08247b.jpg
195.85.23.226200 OK 17 kB URL HTTP/2 i.bcicdn.com/live/09f/248/07a/xbig_lq/08247b.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 49e9b66d73df2b687a951e6df5f602bd
2e9f617df0bd6decd8f9c240748f3ca277be98e0
f10e6153b751bca637a623a0022734fdcc3264ee6f603d6fafd90bcae4bc8c84
GET /live/09f/248/07a/xbig_lq/08247b.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 17447
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "6384725b-4427"
expires: Mon, 05 Dec 2022 08:33:33 GMT
last-modified: Mon, 28 Nov 2022 08:33:31 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7f871b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/093/390/1cc/xbig_lq/0deb00.jpg
195.85.23.226200 OK 16 kB URL HTTP/2 i.bcicdn.com/live/093/390/1cc/xbig_lq/0deb00.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 464ac006a34e0d2ad2130f8a4babc474
5c9559074de7819308a929f3f776bfe2df678082
2f2b5592b6cd5a4e7462690b5bb1ada9e8cd666ce1c7bd05478499eacc9fd5a7
GET /live/093/390/1cc/xbig_lq/0deb00.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 15975
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847327-3e67"
expires: Mon, 05 Dec 2022 08:36:57 GMT
last-modified: Mon, 28 Nov 2022 08:36:55 GMT
x-circle-r3: MISS
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c81ab503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/096/307/382/xbig_lq/3b8c55.jpg
195.85.23.226200 OK 10 kB URL HTTP/2 i.bcicdn.com/live/096/307/382/xbig_lq/3b8c55.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 93a172d9747c07f8834a1ae53419ba40
8e373c07c4e986d23e0fa24ce7904687938b0a3e
7b637f94da38acbc4bb8915b703fcc13ae1d83367b525bbd3dc7d500fb87195e
GET /live/096/307/382/xbig_lq/3b8c55.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 10013
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847328-271d"
expires: Mon, 05 Dec 2022 08:36:57 GMT
last-modified: Mon, 28 Nov 2022 08:36:56 GMT
x-circle-r1: MISS
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c823b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/06c/129/2ea/xbig_lq/238b29.jpg
195.85.23.226200 OK 17 kB URL HTTP/2 i.bcicdn.com/live/06c/129/2ea/xbig_lq/238b29.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 5d12ac2b850fa336f648aadcaacd0332
3358e9d8ea1326769ad19ee8c62053c40d1326a0
f7c368fd3787dda0f20af138377a8a0217d692ae95abdceb8f3220d303d83051
GET /live/06c/129/2ea/xbig_lq/238b29.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 16892
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847328-41fc"
expires: Mon, 05 Dec 2022 08:36:57 GMT
last-modified: Mon, 28 Nov 2022 08:36:56 GMT
x-circle-r3: MISS
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c81eb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/0a0/0f4/373/xbig_lq/d8e46f.jpg
195.85.23.226200 OK 18 kB URL HTTP/2 i.bcicdn.com/live/0a0/0f4/373/xbig_lq/d8e46f.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash c95a4e3bc23355fc1c40b5ea37218c55
e9d5f9556d45d21739f99ff3fa138470710c079c
2749b3652b3055092d0d9dc55f0b2412b60dc0aea623e64a870e3300479845dc
GET /live/0a0/0f4/373/xbig_lq/d8e46f.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 17793
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847328-4581"
expires: Mon, 05 Dec 2022 08:36:58 GMT
last-modified: Mon, 28 Nov 2022 08:36:56 GMT
x-circle-r1: MISS
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7c832b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/063/2c4/07e/xbig_lq/ca943b.jpg
195.85.23.226200 OK 29 kB URL HTTP/2 i.bcicdn.com/live/063/2c4/07e/xbig_lq/ca943b.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash fcb116650d607665811120f663a137bb
141b2add2b634cccdacde377be65fafb39f5857f
197af84b100bf56ac57bdce401f5ff65610f47bd77be1ef0aeaf4532151eb61f
GET /live/063/2c4/07e/xbig_lq/ca943b.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 29435
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847202-72fb"
expires: Mon, 05 Dec 2022 08:32:06 GMT
last-modified: Mon, 28 Nov 2022 08:32:02 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 242
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b8188eb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/094/314/282/xbig_lq/e4edb1.jpg
195.85.23.226200 OK 18 kB URL HTTP/2 i.bcicdn.com/live/094/314/282/xbig_lq/e4edb1.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 6fad1d7e1faa9bc5fe0f909d0db5a8dc
9c2cd420157bf1abc25fd73b8575b42c3bebfcc4
e9c11c732431bd6988f2533af43251648303b305708e7e488a95710dc8c2c450
GET /live/094/314/282/xbig_lq/e4edb1.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 17461
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472e5-4435"
expires: Mon, 05 Dec 2022 08:36:08 GMT
last-modified: Mon, 28 Nov 2022 08:35:49 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b828a5b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09e/240/25a/xbig_lq/b4db62.jpg
195.85.23.226200 OK 10 kB URL HTTP/2 i.bcicdn.com/live/09e/240/25a/xbig_lq/b4db62.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash bd717b3249f6f600da5c2c18c1297fc3
e3c2399d97624db7e3420a12be353c55dc5eb447
640e5ec5119e4a9110a9c4e9d3b9eb926c3d923620af0cc2bcec73a68204ddfa
GET /live/09e/240/25a/xbig_lq/b4db62.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 10530
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847295-2922"
expires: Mon, 05 Dec 2022 08:34:34 GMT
last-modified: Mon, 28 Nov 2022 08:34:29 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b828a4b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09e/273/04d/xbig_lq/238b29.jpg
195.85.23.226200 OK 16 kB URL HTTP/2 i.bcicdn.com/live/09e/273/04d/xbig_lq/238b29.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 1583361d66a195b7009e491a2584d97c
a5336580a154988d7b0e8572a27c8a19d37f7f2c
fc2bdc975c63e8e0a2d30ef4fb88b8ef02a1173803eaabcfab4c96a99f051fb9
GET /live/09e/273/04d/xbig_lq/238b29.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 16453
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847323-4045"
expires: Mon, 05 Dec 2022 08:37:00 GMT
last-modified: Mon, 28 Nov 2022 08:36:51 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b838b4b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/06f/37d/32c/xbig_lq/a5e4e8.jpg
195.85.23.226200 OK 14 kB URL HTTP/2 i.bcicdn.com/live/06f/37d/32c/xbig_lq/a5e4e8.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 725f82641e3e5c4b16a9f0526731e225
82230c73b4200aedf736a9bbcbc97f62dd3e708e
966fd77acc2e8a2137d1f08b1f9a7ac57132b50ca044d2321754320b1a696a51
GET /live/06f/37d/32c/xbig_lq/a5e4e8.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 13518
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472ec-34ce"
expires: Mon, 05 Dec 2022 08:35:56 GMT
last-modified: Mon, 28 Nov 2022 08:35:56 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b838beb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09c/044/013/xbig_lq/83bb5c.jpg
195.85.23.226200 OK 17 kB URL HTTP/2 i.bcicdn.com/live/09c/044/013/xbig_lq/83bb5c.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 0f8b18734e1b8e27e9b63ab9547a919a
ed6d2bbde459a1ad160c96f426c2f4781fd5fb47
6b3f11b0a5ebd9182279914d512eb51c3bab5d77269cc0fb23e1a824aad58c8e
GET /live/09c/044/013/xbig_lq/83bb5c.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 17191
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847333-4327"
expires: Mon, 05 Dec 2022 08:37:08 GMT
last-modified: Mon, 28 Nov 2022 08:37:07 GMT
x-circle-r1: MISS
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7e857b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09d/10d/1d4/xbig_lq/f3f4ce.jpg
195.85.23.226200 OK 16 kB URL HTTP/2 i.bcicdn.com/live/09d/10d/1d4/xbig_lq/f3f4ce.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 4b2ca017b38e1c83897406e5cc859e49
459a2172efcb7016c3a1710a84b07370cedb89e7
118e780322b2758f615e4ce6c4bd114faf8a153166fa4dd9708c93746c3bd889
GET /live/09d/10d/1d4/xbig_lq/f3f4ce.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 16416
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847202-4020"
expires: Mon, 05 Dec 2022 08:32:06 GMT
last-modified: Mon, 28 Nov 2022 08:32:02 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 242
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b838bcb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/079/0d3/200/xbig_lq/3904b1.jpg
195.85.23.226200 OK 18 kB URL HTTP/2 i.bcicdn.com/live/079/0d3/200/xbig_lq/3904b1.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash c6d3a3ecda8a003cce567238bd1b896f
52c1c1a65eb02b0e9de40d81ab0cb3bcd4d634c2
5038ad02db87d75eca9d6d3e98afff166eb14fccd200b0bc07f0a3f4323ab1e1
GET /live/079/0d3/200/xbig_lq/3904b1.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 17628
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472f1-44dc"
expires: Mon, 05 Dec 2022 08:36:08 GMT
last-modified: Mon, 28 Nov 2022 08:36:01 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b868feb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09e/31a/3c3/xbig_lq/af6148.jpg
195.85.23.226200 OK 31 kB URL HTTP/2 i.bcicdn.com/live/09e/31a/3c3/xbig_lq/af6148.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3 DIY-Thermocam raw data\012- (Lepton 2.x), scale 260-260, spot sensor temperature 0.000000, unit celsius, color scheme 1, calibration: offset 0.000000, slope 51825020928.000000\012- data
Hash 5e77188d0dba5eb7529640f752d1e0c1
37f90cb20d8d8e1c13eeadc6a051f1f8950b1b28
63c792ba05c59b351a7713e1e87cb42fc414bd0c3091b9bf1c74987b5f5f5686
GET /live/09e/31a/3c3/xbig_lq/af6148.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 31020
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "6384727e-792c"
expires: Mon, 05 Dec 2022 08:34:10 GMT
last-modified: Mon, 28 Nov 2022 08:34:06 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b868fbb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/098/0bf/233/xbig_lq/060d7e.jpg
195.85.23.226200 OK 12 kB URL HTTP/2 i.bcicdn.com/live/098/0bf/233/xbig_lq/060d7e.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash cc10377fc539712e3d63900a7477549c
9c8f3a215bcd0e03aad83d2d62617487d1260091
d0d77fb24fe1b568e468d1bf8c423fad58bfe576d6c90b496fe3f29ad0ddb41a
GET /live/098/0bf/233/xbig_lq/060d7e.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 12250
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638471ee-2fda"
expires: Mon, 05 Dec 2022 08:31:48 GMT
last-modified: Mon, 28 Nov 2022 08:31:42 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 242
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b868ffb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/06e/2c6/34e/xbig_lq/47bfd9.jpg
195.85.23.226200 OK 21 kB URL HTTP/2 i.bcicdn.com/live/06e/2c6/34e/xbig_lq/47bfd9.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 18d098f1e337c4e662cadc713ec2010b
1b4a5e97d9e866e5c15bb117e41b32d52f8e1e28
31108b5181e32b0e137307cf3f41095f85028f15a63dd911818034f984a2b96c
GET /live/06e/2c6/34e/xbig_lq/47bfd9.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 20965
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472d8-51e5"
expires: Mon, 05 Dec 2022 08:35:37 GMT
last-modified: Mon, 28 Nov 2022 08:35:36 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b86905b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09e/2e4/16b/xbig_lq/9fc364.jpg
195.85.23.226200 OK 21 kB URL HTTP/2 i.bcicdn.com/live/09e/2e4/16b/xbig_lq/9fc364.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash b78143e9cfd53fc053744ce74415286e
6471796e467aa65516b31119ceeed01f6da26956
b2e40b26f7c07417176a0841b08021543fc0e19ef969aef822df70596502d042
GET /live/09e/2e4/16b/xbig_lq/9fc364.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 21002
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472a2-520a"
expires: Mon, 05 Dec 2022 08:34:47 GMT
last-modified: Mon, 28 Nov 2022 08:34:42 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b86903b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/090/37a/27a/xbig_lq/350370.jpg
195.85.23.226200 OK 16 kB URL HTTP/2 i.bcicdn.com/live/090/37a/27a/xbig_lq/350370.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 75b7993c1e13bafae049f34cf51a1ce9
2288942c346f8a0f61cfacf7a4b42a297f744fdf
bce5c23fcbac5af71bc5102dd8c2f8f8107b2ad11cb485193153bdaf829ca2cc
GET /live/090/37a/27a/xbig_lq/350370.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 15983
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "6384721d-3e6f"
expires: Mon, 05 Dec 2022 08:32:31 GMT
last-modified: Mon, 28 Nov 2022 08:32:29 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 238
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b86902b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09e/038/0df/xbig_lq/8aff6b.jpg
195.85.23.226200 OK 12 kB URL HTTP/2 i.bcicdn.com/live/09e/038/0df/xbig_lq/8aff6b.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 8634c0a5d2a225497efdd9026cbcf878
418ded519e2ec84bd4a1e8092052e1fab36003b9
6c1353ed2a1dd4eca9a402fcce8174f1fd2bca04cb1059f7e27d6b1def76fa95
GET /live/09e/038/0df/xbig_lq/8aff6b.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 12478
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847292-30be"
expires: Mon, 05 Dec 2022 08:34:34 GMT
last-modified: Mon, 28 Nov 2022 08:34:26 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b86906b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09e/091/3e2/xbig_lq/27707c.jpg
195.85.23.226200 OK 16 kB URL HTTP/2 i.bcicdn.com/live/09e/091/3e2/xbig_lq/27707c.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 01d8c94379d783d895797628721fbda4
b1dd1e145a00eac161202707238bdf14d5945d22
1eebb0e7f8d6025eb842231f784a54275a398b1eed9129e4a460ceb61b5b0b22
GET /live/09e/091/3e2/xbig_lq/27707c.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 16002
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "6384724a-3e82"
expires: Mon, 05 Dec 2022 08:33:28 GMT
last-modified: Mon, 28 Nov 2022 08:33:14 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b8690ab503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/05d/021/3bd/xbig_lq/27846e.jpg
195.85.23.226200 OK 14 kB URL HTTP/2 i.bcicdn.com/live/05d/021/3bd/xbig_lq/27846e.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 272ebc14deeec695ae9a2ef8e67dfcab
1d7f9b955703251a31f18138bf8a5dacbea77789
0d1fc0abebf3b6990a83d9b12c7d82861440d3478aed4a78c09f1a24d6ec04ad
GET /live/05d/021/3bd/xbig_lq/27846e.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 13610
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472c8-352a"
expires: Mon, 05 Dec 2022 08:35:23 GMT
last-modified: Mon, 28 Nov 2022 08:35:20 GMT
x-circle-r1: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b8690bb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/069/0fb/1c6/xbig_lq/243f4a.jpg
195.85.23.226200 OK 19 kB URL HTTP/2 i.bcicdn.com/live/069/0fb/1c6/xbig_lq/243f4a.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash f76df23b82cd51c4c8a0dba20ff4bdcd
a5222e8fe3c7e421cce13d47533ad429f1cf6e01
994fa55a8a9404981f1f0ba8b0619f2626a4d63aee24e0422c5d1c6b63ceadfb
GET /live/069/0fb/1c6/xbig_lq/243f4a.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 18999
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847303-4a37"
expires: Mon, 05 Dec 2022 08:36:34 GMT
last-modified: Mon, 28 Nov 2022 08:36:19 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b8690db503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/09a/28a/08d/xbig_lq/a633eb.jpg
195.85.23.226200 OK 15 kB URL HTTP/2 i.bcicdn.com/live/09a/28a/08d/xbig_lq/a633eb.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash c22e1cfd2c920e3558adce57458e0011
66271c9310e96f003fde19c45eb901520a956f91
a62e35ad9883d076379d72b610c808b5fada7e18c4eae73c1a02d07701d4879b
GET /live/09a/28a/08d/xbig_lq/a633eb.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 14777
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847269-39b9"
expires: Mon, 05 Dec 2022 08:33:47 GMT
last-modified: Mon, 28 Nov 2022 08:33:45 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 12
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b86908b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/099/306/332/xbig_lq/2b8588.jpg
195.85.23.226200 OK 15 kB URL HTTP/2 i.bcicdn.com/live/099/306/332/xbig_lq/2b8588.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 97748874610779a00e31dd7e024c1c3c
07790e543bb80434bc8835dc0900ce85386ad40e
d5b5e3deca8cba52e56205063a8202d7284364e24dde3ef48ca55f5fc25c4400
GET /live/099/306/332/xbig_lq/2b8588.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 14647
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "638472fa-3937"
expires: Mon, 05 Dec 2022 08:36:16 GMT
last-modified: Mon, 28 Nov 2022 08:36:10 GMT
x-circle-r3: MISS
cf-cache-status: HIT
age: 11
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b8690cb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/042/3b8/220/0d273e8d37b8c9e25e8df7515ac92131_thumb_medium.jpg
195.85.23.226200 OK 8.4 kB URL HTTP/2 i.bcicdn.com/042/3b8/220/0d273e8d37b8c9e25e8df7515ac92131_thumb_medium.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 232x174, components 3\012- data
Hash c3478e2c6c670c6ee88aa0b52005d455
73b14f9a627c7e04064ed4178a825f7ae6daf3fc
ae1bc73f1b6479a3408dac1c94f9a0e6c53543fcf8974e810e68cdd6f6de36db
GET /042/3b8/220/0d273e8d37b8c9e25e8df7515ac92131_thumb_medium.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 8380
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=2592000
etag: "61917a2f-20bc"
expires: Tue, 27 Dec 2022 18:17:31 GMT
last-modified: Sun, 14 Nov 2021 21:05:51 GMT
x-o1-p4: EXPIRED
cf-cache-status: HIT
age: 37903
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b8690fb503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/097/117/3ab/xbig_lq/83bb5c.jpg
195.85.23.226200 OK 21 kB URL HTTP/2 i.bcicdn.com/live/097/117/3ab/xbig_lq/83bb5c.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash a9a5a5cf9c77f462f41bb33fffdc8882
3da2c80d057144efc464d347ccf6e171b7729cfe
e5238eb2bee7e13e5f5bd8c715b71637fa22f9414cb25022737155d72a08bebc
GET /live/097/117/3ab/xbig_lq/83bb5c.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 20774
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "63847332-5126"
expires: Mon, 05 Dec 2022 08:37:08 GMT
last-modified: Mon, 28 Nov 2022 08:37:06 GMT
x-circle-r1: MISS
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b868fab503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/live/098/04f/158/xbig_lq/008a8e.jpg
195.85.23.226200 OK 15 kB URL HTTP/2 i.bcicdn.com/live/098/04f/158/xbig_lq/008a8e.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash c4df993068463c17aede6076d75a9375
1e5ba9916f1af0222a9372def5fdb71a12f3595b
91397bfba7a9669b894a99c1a31bf2d7dca236028822c4ce3eb356aacce92af8
GET /live/098/04f/158/xbig_lq/008a8e.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 14818
cf-bgj: h2pri
access-control-allow-origin: *
cache-control: max-age=604800
etag: "6384728c-39e2"
expires: Mon, 05 Dec 2022 08:34:32 GMT
last-modified: Mon, 28 Nov 2022 08:34:20 GMT
x-circle-r1: MISS
cf-cache-status: HIT
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b8690eb503-OSL
X-Firefox-Spdy: h2
odrgqm.nicedates.net/ortb
52.19.101.114200 OK 13 B URL HTTP/2 odrgqm.nicedates.net/ortb
IP 52.19.101.114:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 1031bf08481e45e42ceb3fd978c3d379
3d6d43df4c45f09f5d68593646fd83352323a5ea
c99e0e70ba976626855bf7f83fc0e333b57833bcaf3dcfba16215a6e4fa3e208
POST /ortb HTTP/1.1
Host: odrgqm.nicedates.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 294
Origin: https://odrgqm.nicedates.net
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/c/da57dc555e50572d?s1=148182&s2=1493372&s3=751261&s5=backuser&click_id=4114957158306297148&iexpp=1&j1=1
Cookie: unique_id=63843f04000430af; unique_id2=6383d4bf000f889a; 6383d4bf000f889a_c=1; ref_token=109669_148182; 6383d4bf000f889a_sl=[277110]
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: text/plain; charset=utf-8
content-length: 13
X-Firefox-Spdy: h2
i.bcicdn.com/live/09e/37c/3d1/xbig_lq/5a2cfb.jpg
195.85.23.226200 OK 17 kB URL HTTP/2 i.bcicdn.com/live/09e/37c/3d1/xbig_lq/5a2cfb.jpg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type JPEG image data, progressive, precision 8, 640x480, components 3\012- data
Hash 51c9eac9fa3935cf2977c82a12b701e8
3517761dfc734135f1d48b1bcb7e92de20c9c008
0b7928610d8f5a540492f8782f7182d664a974a960d37e424fda82dfcf8401f3
GET /live/09e/37c/3d1/xbig_lq/5a2cfb.jpg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/jpeg
content-length: 16742
last-modified: Mon, 28 Nov 2022 08:36:55 GMT
etag: "63847327-4166"
expires: Mon, 05 Dec 2022 08:37:11 GMT
cache-control: max-age=604800
access-control-allow-origin: *
x-circle-r1: MISS
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b868f9b503-OSL
X-Firefox-Spdy: h2
www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js
142.250.74.163200 OK 10 kB URL HTTP/2 www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (35547)
Hash fa9987a23f5a9d865766e952511baa30
f2e620b99ee61a01671ba6a9e22ca75d58a1b52d
655daa1e20bf3aff16bc8462339dfea48c7ea5d3dd3505937015af3586d15fb7
GET /firebasejs/5.0.2/firebase-messaging.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 10017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 21 Nov 2022 18:29:53 GMT
expires: Tue, 21 Nov 2023 18:29:53 GMT
cache-control: public, max-age=31536000
age: 569238
last-modified: Thu, 10 May 2018 20:35:52 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.gstatic.com/firebasejs/5.0.2/firebase-app.js
142.250.74.163200 OK 8.6 kB URL HTTP/2 www.gstatic.com/firebasejs/5.0.2/firebase-app.js
IP 142.250.74.163:0
File type ASCII text, with very long lines (25088)
Hash 73069e532b7039778d3a7128c997c61a
c523bbf1ac7f4e612c8ade75434c42fbca885adc
b6d7aec09aad2bb78dfbad4c9530fd03c0f33aed8385c3ee57c10b1fe959c4d5
GET /firebasejs/5.0.2/firebase-app.js HTTP/1.1
Host: www.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/firebase-js
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups; report-to="firebase-js"
report-to: {"group":"firebase-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/firebase-js"}]}
content-length: 8604
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 23 Nov 2022 18:32:45 GMT
expires: Thu, 23 Nov 2023 18:32:45 GMT
cache-control: public, max-age=31536000
age: 396266
last-modified: Thu, 10 May 2018 20:35:51 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
gertrk.com/click.php?key=n9wbuyk5h0mq6m6x7xc5&SUB_ID_SHORT=18ed91f4af23d80dbf5b6e07ea639016&COST_CPC=0.002400&PLACEMENT_ID=17834794&CAMPAIGN_ID=691144&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2042909
168.119.139.96302 Found 347 B URL HTTP/2 gertrk.com/click.php?key=n9wbuyk5h0mq6m6x7xc5&SUB_ID_SHORT=18ed91f4af23d80dbf5b6e07ea639016&COST_CPC=0.002400&PLACEMENT_ID=17834794&CAMPAIGN_ID=691144&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2042909
IP 168.119.139.96:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 7fbf3be5a159e0a498996c3400edc5c5
b8ccc843fc06cf47005ac4f0c87a7f588613b1b5
8c2519acc5f0cbc7b707eb5c76572b773419291281f33fe68d6e86e5300f8007
GET /click.php?key=n9wbuyk5h0mq6m6x7xc5&SUB_ID_SHORT=18ed91f4af23d80dbf5b6e07ea639016&COST_CPC=0.002400&PLACEMENT_ID=17834794&CAMPAIGN_ID=691144&DEVICE_BRAND=Unknown&BROWSER_NAME=Firefox&USER_OS=Windows&USER_CARRIER=Blix%20Solutions&USERAGENT=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&REMOTE_LANGUAGE=11&BANNER_ID=2042909 HTTP/1.1
Host: gertrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://peeredfoggy.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.18.0
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: text/html; charset=UTF-8
location: https://euro-times.org/no/vg?lpkey=16a469f4628e49fc31&uclick=yd5mpm17&uclickhash=yd5mpm17-yd5mpm17-tw8n-wffe-1mwj-8rg6-8rdu-37575d
set-cookie: uclick=yd5mpm17; expires=Tue, 29-Nov-2022 08:37:11 GMT; Max-Age=86400; path=/; secure; SameSite=none
uclickhash=yd5mpm17-yd5mpm17-tw8n-wffe-1mwj-8rg6-8rdu-37575d; expires=Tue, 29-Nov-2022 08:37:11 GMT; Max-Age=86400; path=/; secure; SameSite=none
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
odrgqm.nicedates.net/js/pushjs/1.0.0/subscriber.js
52.19.101.114200 OK 15 kB URL HTTP/2 odrgqm.nicedates.net/js/pushjs/1.0.0/subscriber.js
IP 52.19.101.114:0
Hash e1e8eaed597cdd0c8f50d7438813aee4
362b8bca91ce61e6e813dba929c9cc015bc29507
ab1b14d3731fd45ff3207c4c70bc2fcfefcdb2c906b61220a847bd50d8dc9518
GET /js/pushjs/1.0.0/subscriber.js HTTP/1.1
Host: odrgqm.nicedates.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/c/da57dc555e50572d?s1=148182&s2=1493372&s3=751261&s5=backuser&click_id=4114957158306297148&iexpp=1&j1=1
Cookie: unique_id=63843f04000430af; unique_id2=6383d4bf000f889a; 6383d4bf000f889a_c=1; ref_token=109669_148182; 6383d4bf000f889a_sl=[277110]
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
expires: Mon, 05 Dec 2022 08:37:11 GMT
cache-control: max-age=604800
content-encoding: gzip
X-Firefox-Spdy: h2
i.bcicdn.com/images/logo/cyber_monday/2022/1x/en.gif
195.85.23.226200 OK 161 kB URL HTTP/2 i.bcicdn.com/images/logo/cyber_monday/2022/1x/en.gif
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type GIF image data, version 89a, 150 x 50\012- data
Size 161 kB (160570 bytes)
Hash 28bb225dbfe03f3bd77d224108f475e4
12c51b5a999ef0b390c62743fea0ebe87a7898ac
5d81dc6f0c3c682360a57b59cfdda9821198e33fc0985ee91a59ef348db50b38
GET /images/logo/cyber_monday/2022/1x/en.gif HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/gif
content-length: 160570
last-modified: Tue, 22 Nov 2022 02:51:03 GMT
etag: "637c3917-2733a"
expires: Tue, 27 Dec 2022 17:00:00 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-p4: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 56230
accept-ranges: bytes
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7bbfd11b503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/3107.js
195.85.23.226200 OK 56 kB URL HTTP/2 i.bcicdn.com/js-min/1W6iL/3107.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (6094), with no line terminators
Hash 8fb62279488fb45295878abfaa1a0ff9
81490ce7964fa8bc3956870f9c943a45c3d7fd9a
d2d222191018c244562055641996a31acd0abadc08c39e55d45683f8b83c22ec
GET /js-min/1W6iL/3107.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-17ce"
expires: Wed, 28 Dec 2022 07:02:31 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5676
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7ba7b54b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/2779n.js
195.85.23.226200 OK 7.8 kB URL HTTP/2 i.bcicdn.com/js-min/1W6iL/2779n.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (881), with no line terminators
Hash fafcfad0b69298018bf4c26cb0b8f1c8
6ae1c9fb6d6e624c4360addfa1578580593e6450
08493a4bc68d6061cb68e6d29ecac749448647b703f12ae6cadc66b4c7df744d
GET /js-min/1W6iL/2779n.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-371"
expires: Wed, 28 Dec 2022 07:02:30 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5675
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7ba9b78b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
no.bongacams.com/ajax-filter
195.85.23.95200 OK 13 kB URL HTTP/2 no.bongacams.com/ajax-filter
IP 195.85.23.95:0
ASN #209242 Cloudflare London, LLC
File type JSON data\012- , ASCII text, with very long lines (5453), with no line terminators
Hash f90290d0da0ec260cb270f7dcd35b36e
526e39618bbd2fc1f02b91d81ad45f72db032736
464d045b683e34924617e4a689659aff7665c5f0e8ad13092a0c1a39c5a5676d
GET /ajax-filter HTTP/1.1
Host: no.bongacams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://no.bongacams.com/trans?bcs=b3JoaTE5YTMxNWUwYTQ2YjQ3ZTgyNGRiOWJkNWEyZTUyNTRhOjoxOTQxODQ6Omh0dHBzOi8vc3luZGljYXRpb24ucmVhbHNydi5jb20vOjo6OmZwb3JueC5jb206Ojc2NTc1MDo6MDo6MTo6MTo6OjowOjpkZWZhdWx0Ojow
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Cookie: __cf_bm=8x7xeFcWpoiBV0redXtoLWDiqaSjUSASSDkhtQL2X40-1669624630-0-ActCotYqIijnMn8KYAKEGOSQllXadt3HSNo8PuE4U5tlVr9xm9Xw6YsgHXzbaRotgsTv4m2I2HKYmq9CN5/HQp0=; bonga20120608=801a217cabbdc85ff96a5b61eb796d7c; BONGAH_HIT=19a315e0a46b47e824db9bd5a2e5254a%3A%3A194184%3A%3Ahttps%3A%2F%2Fsyndication.realsrv.com%2F%3A%3A%3A%3Afpornx.com%3A%3A765750%3A%3A%3A%3A%3A%3A0%3A%3A1%3A%3A1%3A%3A0%3A%3A%3A%3A0%3A%3Adefault%3A%3A0%3A%3A2022-11-28%2010%3A37%3A10; sg=66; warning18=%5B%22no_NO%22%5D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:12 GMT
content-type: application/json
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: origin-when-cross-origin
x-ua-compatible: IE=edge,chrome=1
cache-control: no-cache, no-store, must-revalidate
x-zone: 5a-web54
set-cookie: ts_type2=1; expires=Tue, 28-Nov-2023 08:37:12 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
fv=ZwZ2AQV2BGL2ZD==; expires=Tue, 28-Nov-2023 08:37:12 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
uh=AxkPMy9iHx5+K343BK5ZEaMRIGSuKj==; expires=Tue, 28-Nov-2023 08:37:12 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7711c7bdfdb6b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/h.js
195.85.23.226200 OK 202 kB URL HTTP/2 i.bcicdn.com/js-min/1W6iL/h.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type Unicode text, UTF-8 text, with very long lines (65535), with no line terminators
Size 202 kB (201598 bytes)
Hash dc7d8a331e91a2e2a01f15b5c0746823
b676a6a4125ae427ac52b81f7f45ee2b5a830be1
b35c1bc01b22d2002edb2f5fa6878bc975098d3e433d88d38ee441c1c96a8cc2
GET /js-min/1W6iL/h.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-a0dea"
expires: Wed, 28 Dec 2022 07:02:30 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5676
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b86915b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
euro-times.org/no/vg/vendor.67e32aaf581c20179082.css
94.242.54.185200 OK 60 kB URL HTTP/1.1 euro-times.org/no/vg/vendor.67e32aaf581c20179082.css
IP 94.242.54.185:0
File type ASCII text, with very long lines (59489)
Hash 1e0d1ba4e4338c872503027231d9dc3b
e34dec9da85672c3980361b52b74ea476328e661
f9fe5280ae54a95dc50e6cacfd7ff7815ff23439761c00ff95719c84b261e769
GET /no/vg/vendor.67e32aaf581c20179082.css HTTP/1.1
Host: euro-times.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:12 GMT
Server: Apache
Last-Modified: Sun, 01 Jul 2018 08:35:28 GMT
Accept-Ranges: bytes
Content-Length: 59548
Cache-Control: max-age=2592000
Expires: Wed, 28 Dec 2022 08:37:12 GMT
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Type: text/css
i.bcicdn.com/js-min/1W6iL/0ffdb.js
195.85.23.226200 OK 22 kB URL HTTP/2 i.bcicdn.com/js-min/1W6iL/0ffdb.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (446), with no line terminators
Hash 5b2a57e5dd6f348a439338c70d9f6722
538c2d85a7253cbe3102fccd260e986e7deb3c57
d792a160efaa2f78f852d5777805b9736470eddcbef590d597bd306430ccbd66
GET /js-min/1W6iL/0ffdb.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-1be"
expires: Wed, 28 Dec 2022 07:02:32 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5675
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7baab92b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/css-min/1V4Jb/hg.css
195.85.23.226200 OK 169 kB URL HTTP/2 i.bcicdn.com/css-min/1V4Jb/hg.css
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
Size 169 kB (168946 bytes)
Hash accdbaaf82e0095a4a6b13f7a35003c9
256e8ae1272c7dae273e4ff870f0ae7713811c6d
82d42fab1824ae9d90a91a59f35191f860667b1aba65e1c9dd43b5370c6b1591
GET /css-min/1V4Jb/hg.css HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: text/css
last-modified: Fri, 25 Nov 2022 11:07:06 GMT
etag: W/"6380a1da-c459"
expires: Sun, 25 Dec 2022 11:07:24 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 250172
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b86907b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/e85d0.js
195.85.23.226200 OK 2.0 kB URL HTTP/2 i.bcicdn.com/js-min/1W6iL/e85d0.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (5754), with no line terminators
Hash 3a21ec47c6576e83dc77f3b998bc1be8
92bc8c9c56bdf190757c9bf1bf1adf81b30a2c1a
9d3d6b6d9dfebda1fc7878e516f96bc6ccf5f7eb40dfbe5a4f97d12f51d16e68
GET /js-min/1W6iL/e85d0.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-167a"
expires: Wed, 28 Dec 2022 07:02:31 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5675
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7bc1d37b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/css-min/1V4Jb/cr.css
195.85.23.226200 OK 124 kB URL HTTP/2 i.bcicdn.com/css-min/1V4Jb/cr.css
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (65536), with no line terminators
Size 124 kB (123613 bytes)
Hash b0fdb88c5b6b14dfe8e17046068a7fd3
45f30b766b7ceaef75c740c690d3c36521c3be6b
7cad7331952725de6fdb449d9f0e412e9f38ae33c720de11abcc6703c301d10a
GET /css-min/1V4Jb/cr.css HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: text/css
last-modified: Fri, 25 Nov 2022 11:07:06 GMT
etag: W/"6380a1da-132d4"
expires: Sun, 25 Dec 2022 11:07:24 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 250172
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b868f6b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/9480.js
195.85.23.226200 OK 36 kB URL HTTP/2 i.bcicdn.com/js-min/1W6iL/9480.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (65536), with no line terminators
Hash 1c7a8963d3b1296ae5839e0852d14084
f4d6dbe847135d380cb6485ea0b52ba8f2767359
b1a886d79d0d91bef8e3562ccbcb8b9304fbf16c3c1edb7188b6a4b1b3458207
GET /js-min/1W6iL/9480.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:12 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-1462b"
expires: Wed, 28 Dec 2022 07:02:31 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5677
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7be1f9fb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/ff97n.js
195.85.23.226200 OK 3.5 kB URL HTTP/2 i.bcicdn.com/js-min/1W6iL/ff97n.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (4900), with no line terminators
Hash 03b1e82de4b2252977bdf8b3e31fc4aa
b80e66356969107c8553a56bf752bcec0cc47080
ac21adf9078f15040153ed549f90b5b90f92d408c05cd613d340b5b3ca0d6a70
GET /js-min/1W6iL/ff97n.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-1324"
expires: Wed, 28 Dec 2022 07:02:30 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5677
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7ba9b6ab503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/c9caa.js
195.85.23.226200 OK 2.7 kB URL HTTP/2 i.bcicdn.com/js-min/1W6iL/c9caa.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (1818), with no line terminators
Hash fdf66dc99d618b48fbb700d2c0831f7c
1ec58cd6066bddfca70e41373111581dd3a2dc7c
77e7d73363bbfe3215ccc33e3da0210208d3b52b18573614433f4c1cca160afd
GET /js-min/1W6iL/c9caa.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-71a"
expires: Wed, 28 Dec 2022 07:02:30 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5675
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7bacbb9b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/2d4cb.js
195.85.23.226200 OK 4.5 kB URL HTTP/2 i.bcicdn.com/js-min/1W6iL/2d4cb.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (8008), with no line terminators
Hash fffe4258031cf2dfa99abae0c069a039
66e97f73af1d48772671ca2da54923cc1b80ff2e
f618d6206a46d3c479c7ff59b4694153903ea836624a9a1ecf4e5ac82f4e106f
GET /js-min/1W6iL/2d4cb.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-1f48"
expires: Wed, 28 Dec 2022 07:02:31 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5675
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7baab8cb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
euro-times.org/no/vg/css.css
94.242.54.185200 OK 6.9 kB URL HTTP/1.1 euro-times.org/no/vg/css.css
IP 94.242.54.185:0
Hash d466b4fce52545fc65db3dea539f295e
122c952287f265a041f49984e76d4c4b91d8793e
1bb33da015e40392c387bdb088b426bd437fa0d25195c56d73e722f1a4a45c92
GET /no/vg/css.css HTTP/1.1
Host: euro-times.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://euro-times.org/no/vg/vendor.67e32aaf581c20179082.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:12 GMT
Server: Apache
Last-Modified: Sun, 01 Jul 2018 08:35:16 GMT
Accept-Ranges: bytes
Content-Length: 6904
Cache-Control: max-age=2592000
Expires: Wed, 28 Dec 2022 08:37:12 GMT
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/css
euro-times.org/no/vg/addesk.php
94.242.54.185200 OK 43 B URL HTTP/1.1 euro-times.org/no/vg/addesk.php
IP 94.242.54.185:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 6b552c49e4947f4e0ca8830489ab4755
24c37b7fed326d6bed050ba6d605a195e3e80635
ff11de8dd53431deb0047e022373452b60b0b432a9be16ee04121a7ced084337
GET /no/vg/addesk.php HTTP/1.1
Host: euro-times.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:12 GMT
Server: Apache
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
euro-times.org/no/vg/mapbox-gl.css
94.242.54.185200 OK 40 kB URL HTTP/1.1 euro-times.org/no/vg/mapbox-gl.css
IP 94.242.54.185:0
File type ASCII text, with very long lines (13302)
Hash 5805495ed9ceac85c259bc9031d77b15
ca5140c4b10c476efc309166aaa3dfdc841748e8
70659bc9428ad79353ad8ce663c4b3b145af109a5b3e31c062f7c758706d04f7
GET /no/vg/mapbox-gl.css HTTP/1.1
Host: euro-times.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://euro-times.org/no/vg/app.67e32aaf581c20179082.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:12 GMT
Server: Apache
Last-Modified: Sun, 01 Jul 2018 08:35:26 GMT
Accept-Ranges: bytes
Content-Length: 39768
Cache-Control: max-age=2592000
Expires: Wed, 28 Dec 2022 08:37:12 GMT
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Content-Type: text/css
i.bcicdn.com/js-min/1W6iL/9e0d6.js
195.85.23.226200 OK 21 kB URL HTTP/2 i.bcicdn.com/js-min/1W6iL/9e0d6.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (22401), with no line terminators
Hash a8338202f47a745c07695bb6890df713
555765044c00524cd901b5171e53023fca94b444
cd01984c03ef5fd9d003cc41c477863f6c21c64f57e9e55cdd520ea8bc29bb32
GET /js-min/1W6iL/9e0d6.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-5781"
expires: Wed, 28 Dec 2022 07:02:31 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5675
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7bacbb6b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
a.exdynsrv.com/popunder1000.js
205.185.216.42200 OK 40 kB URL HTTP/1.1 a.exdynsrv.com/popunder1000.js
IP 205.185.216.42:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash e29e61608dcf36a4dd6b3d8eacf48d3f
ae219c941ce5ab23148e010464c3762c6a4f2527
81a3a060539f23b2b95ddb995d84b30c0a4f1985221e1b9b84d31d89ddb7f2fb
GET /popunder1000.js HTTP/1.1
Host: a.exdynsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:12 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 39971
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"3ad893acf0f115f3a9b29e6fafa"
X-HW: 1669624632.dop201.sk1.t,1669624632.cds245.sk1.shn,1669624632.dop201.sk1.t,1669624632.cds001.sk1.c
Access-Control-Allow-Origin: *, *
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8d8b15331315026393a08caf8f936461
2e4c5cc8ac6b5bd0388859e3c98978702a6ec491
79ce55527e6fa31129afec92c875c69ca36f9904a5bba3df8f0aabcd16f5ebc4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 930
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:12 GMT
Etag: "63831d71-117"
Last-Modified: Mon, 28 Nov 2022 08:21:42 GMT
Server: ECS (amb/6B9F)
X-Cache: HIT
Content-Length: 278
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 778b826b702fc6d2cc630864cacca068
7404b289e464d9c4366db6010b669338001be75f
94a76dc890b7ed1ec52001d703bfeca75fc22bfecac778c2a046310d59d328d1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "94A76DC890B7ED1EC52001D703BFECA75FC22BFECAC778C2A046310D59D328D1"
Last-Modified: Sat, 26 Nov 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3355
Expires: Mon, 28 Nov 2022 09:33:07 GMT
Date: Mon, 28 Nov 2022 08:37:12 GMT
Connection: keep-alive
s10.histats.com/js15_as.js
46.105.201.240200 OK 4.4 kB URL HTTP/2 s10.histats.com/js15_as.js
IP 46.105.201.240:0
File type HTML document, ASCII text, with very long lines (11440), with no line terminators
Hash ed192092c129db6123a3397855f42619
067e9b8e26cf6246eb84c6b9cf3da0c192ce7b3e
998fff486a7fb38b6ed445edc36c9b317b70950cd39efcf4012ca641312fcee1
GET /js15_as.js HTTP/1.1
Host: s10.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:28:23 GMT
etag: "-375139978"
last-modified: Thu, 16 Apr 2020 10:44:16 GMT
x-request-id: 63931754
content-type: application/javascript; charset=UTF-8
content-encoding: br
x-cdn-pop: sbg
x-cdn-pop-ip: 137.74.120.0/27
x-cacheable: Matched cache
accept-ranges: bytes
content-length: 4364
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 43dca8ebcf06bd09eb16b5516072ec48
84fe572e189c13383dc0a805a90c07de69c48ee6
be524e069364f1231ff9f6f8a5ca6ae8aa4353ba95fa7913c30c13ed008ab8fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BE524E069364F1231FF9F6F8A5CA6AE8AA4353BA95FA7913C30C13ED008AB8FD"
Last-Modified: Sat, 26 Nov 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15373
Expires: Mon, 28 Nov 2022 12:53:25 GMT
Date: Mon, 28 Nov 2022 08:37:12 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 8d8b15331315026393a08caf8f936461
2e4c5cc8ac6b5bd0388859e3c98978702a6ec491
79ce55527e6fa31129afec92c875c69ca36f9904a5bba3df8f0aabcd16f5ebc4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 930
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Mon, 28 Nov 2022 08:37:12 GMT
Last-Modified: Mon, 28 Nov 2022 08:21:42 GMT
Server: ECS (ska/F706)
X-Cache: HIT
Content-Length: 278
my.rtmark.net/gid.js?userId=50cbcfe595dd46be87d72e08af9b6075
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=50cbcfe595dd46be87d72e08af9b6075
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 14f451c64630bb84c71d132df9efc7a6
0d88c18a265ba367938812ed190c5ef2330b6d1a
1bbac04a9f0f6f21820c3fad86831756865195ce8533e9b60a9521029454c6a4
GET /gid.js?userId=50cbcfe595dd46be87d72e08af9b6075 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://live.batstream.cc
Connection: keep-alive
Referer: https://live.batstream.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 08:37:12 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://live.batstream.cc
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=50cbcfe595dd46be87d72e08af9b6075; expires=Tue, 28 Nov 2023 08:37:12 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/032c9.js
195.85.23.226200 OK 5.8 kB URL HTTP/2 i.bcicdn.com/js-min/1W6iL/032c9.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
File type Unicode text, UTF-8 text, with very long lines (11635), with no line terminators
Hash 5f4c7cecd6343739999d31d3fc60835c
07d1a97291606cdccbd1349f813e371da0355a81
f83966da0a5eaf39ddffefcbe587c0905b59c8d4e21649d28c6d2fec16f4c47e
GET /js-min/1W6iL/032c9.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:12 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-2d75"
expires: Wed, 28 Dec 2022 07:02:31 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5675
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7bf5988b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
hello.lov.net/_vendor/jquery-2.2.4.min.js
156.146.33.18200 OK 588 B URL HTTP/2 hello.lov.net/_vendor/jquery-2.2.4.min.js
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
Hash b284238c9ad5d7095fb645aa32e171f2
0c704d9cc4130a300f4ec261b2be154f479b9e3b
983b7332a381ad08e8384709d6cc87465095e6f820b12b4e3b30fb7242c6cbd1
GET /_vendor/jquery-2.2.4.min.js HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 23 Nov 2022 16:47:16 GMT
etag: W/"637e4e94-14e49"
access-control-allow-origin: *
x-accel-expires: @1670261279
server: CDN77-Turbo
x-77-nzt: AZySIRCA8Qz/FhsGAA
x-77-nzt-ray: f6587a1df97b4dc435738463c3d22e33
x-cache: HIT
x-age: 400150
x-77-pop: frankfurtDE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
cdn-dimi.akamaized.net/landings/277110/1669380007/images/2.jpg
184.31.15.67200 OK 103 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/2.jpg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 960x1280, components 3\012- data
Size 103 kB (102832 bytes)
Hash 3b8b455b24c71ae1f928266241e9517e
8b98ca60c92b83e039c3b996f090883ed8b7ca75
c8d05f7eda85f68f0a08307eeee4e481282fda95570dd53f300b8aadd4f504f6
GET /landings/277110/1669380007/images/2.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: 2SS0ccQiImX7GK6Z2uPJiu1s3NQUjgFcnDfwC3OpNZqfeFxGwnDCnvQbEA9NIax5M9HT1+9madA=
x-amz-request-id: XEPYD4CV3JPFPJGT
Last-Modified: Fri, 25 Nov 2022 12:40:10 GMT
ETag: "3b8b455b24c71ae1f928266241e9517e"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 102832
Date: Mon, 28 Nov 2022 08:37:13 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/4.jpg
184.31.15.67200 OK 68 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/4.jpg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 875x1280, components 3\012- data
Hash f1b9a37200eeaf9dd178b748abc775ee
dffc2369c478d72df3a09bbba23fa55c336f404a
dd939925e556e737df90a5b48b5224aeb2b92d061a104880774c6cdc7b1a1e71
GET /landings/277110/1669380007/images/4.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: hfWuyVSlXF3GrNkEiww3rYtpUDone4Imd9GfpwpdrCm1yOZ/2lHBbP/nOkll4+Vhz6LCwdUhYc8=
x-amz-request-id: XEPRC7BQ6GPC0PNR
Last-Modified: Fri, 25 Nov 2022 12:40:10 GMT
ETag: "f1b9a37200eeaf9dd178b748abc775ee"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 67631
Date: Mon, 28 Nov 2022 08:37:13 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/3.jpg
184.31.15.67200 OK 150 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/3.jpg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 1108x1280, components 3\012- data
Size 150 kB (149812 bytes)
Hash 8ff03d86c53d978e5527374b5bcd5114
2b63b0853d74e24d74d26dbf9622c407e3c74ea9
10dedae19a11a0cf1cea2db4646bde720e63e35140f38ae3453fa2a4e4649e1c
GET /landings/277110/1669380007/images/3.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: mujQkU5bBZxk2esbQzkJw8R2YF+eM2odlv+AwUGp4LhSGFsVJsBE6mUyaQiQTARWACoIOhF7hWM=
x-amz-request-id: XEPRXN6QMY0CFMNK
Last-Modified: Fri, 25 Nov 2022 12:40:10 GMT
ETag: "8ff03d86c53d978e5527374b5bcd5114"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 149812
Date: Mon, 28 Nov 2022 08:37:13 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/5.jpg
184.31.15.67200 OK 85 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/5.jpg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 942x1280, components 3\012- data
Hash 932a29d21d50cce49fd57f45b8fada77
c5f240cdaff9f21ba9e75c43d8d962ed353dcc67
b406efc66569ca181f46bdc7292c06ce12ddd9d8581a63ee88cc5dd95bd0ca0e
GET /landings/277110/1669380007/images/5.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: nHilXOecyj/YrFtLaaLPoH4xPnLKnWVbQ7+fL8/lVhmN61piXXHl0kht5XfRGvnCbGYyTdG4exo=
x-amz-request-id: SPW105MPXH38T20Z
Last-Modified: Fri, 25 Nov 2022 12:40:10 GMT
ETag: "932a29d21d50cce49fd57f45b8fada77"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 85215
Date: Mon, 28 Nov 2022 08:37:13 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
cdn-dimi.akamaized.net/landings/277110/1669380007/images/6.jpg
184.31.15.67200 OK 116 kB URL HTTP/1.1 cdn-dimi.akamaized.net/landings/277110/1669380007/images/6.jpg
IP 184.31.15.67:0
ASN #20940 Akamai International B.V.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 960x1280, components 3\012- data
Size 116 kB (116404 bytes)
Hash ae59f6b10cd1ae9cc3659862a6d8713d
7bcc60474232d1509a59b56d27000c7ebf3353a7
c74ac70aa88c93f3109517f66dffa93906fbcb3e9d1dab30d50f9140a12454ad
GET /landings/277110/1669380007/images/6.jpg HTTP/1.1
Host: cdn-dimi.akamaized.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://odrgqm.nicedates.net/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
x-amz-id-2: SZhV+nMm6Oi3f2Zofi0ewWU8nDMzpIVYq2j5NGLn93t2eNLWX1Zt/nrKUMYLZ6EQu78grsf9NS8=
x-amz-request-id: SPW0A1J149JW4N68
Last-Modified: Fri, 25 Nov 2022 12:40:10 GMT
ETag: "ae59f6b10cd1ae9cc3659862a6d8713d"
Accept-Ranges: bytes
Content-Type: image/jpeg
Server: AmazonS3
Content-Length: 116404
Date: Mon, 28 Nov 2022 08:37:13 GMT
Connection: keep-alive
Alt-Svc: h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
s4.histats.com/stats/0.php?4581304&@f16&@g1&@h1&@i1&@j1669624632524&@k0&@l1&@mLive%20Football%20Stream%20Online%20%7C%20XsportsHD%20Soccer%20Stream&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:20537200&@b3:1669624633&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fxsportshd.com%2FNBA-NFL-Streaming.html&@w
149.56.240.128200 OK 52 B URL HTTP/1.1 s4.histats.com/stats/0.php?4581304&@f16&@g1&@h1&@i1&@j1669624632524&@k0&@l1&@mLive%20Football%20Stream%20Online%20%7C%20XsportsHD%20Soccer%20Stream&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:20537200&@b3:1669624633&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fxsportshd.com%2FNBA-NFL-Streaming.html&@w
IP 149.56.240.128:0
File type ASCII text, with no line terminators
Hash bbab35637a6f284a4e7a0515e7c337ec
7fdbaca113f5246e464875fd0a53c13ab1821ead
5eab7cf86b5fb468b439745c7ec02438bbdfc8dcb05142c84701c70a0b4db7a2
GET /stats/0.php?4581304&@f16&@g1&@h1&@i1&@j1669624632524&@k0&@l1&@mLive%20Football%20Stream%20Online%20%7C%20XsportsHD%20Soccer%20Stream&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1280&@b1:20537200&@b3:1669624633&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttps%3A%2F%2Fxsportshd.com%2FNBA-NFL-Streaming.html&@w HTTP/1.1
Host: s4.histats.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:13 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 52
Connection: close
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash c910a44bf58b708c25d146fd52adb8e9
374a72c3026ea1fa5defd1e8eb7be2ca7184dfd5
3cf34029e6a112320130d154ac1291e49bcb4a80f0caaf84309456986f0adc77
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 28 Nov 2022 08:37:14 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Fri, 25 Nov 2022 13:33:17 GMT
Expires: Fri, 02 Dec 2022 13:33:16 GMT
Etag: "374a72c3026ea1fa5defd1e8eb7be2ca7184dfd5"
Cache-Control: max-age=362761,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7711c7ca7812b4ff-OSL
datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
37.48.68.71200 OK 18 B URL HTTP/1.1 datatechonert.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 37.48.68.71:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash 882d7edaf5ac4fcde21a0ef1f176ee41
bcdc56195352ff8b75fdf4000bafb42e07c32ab5
5bbdb6093675ea930e0061da4f9fa52d6c6779618227ccfdfc202f317b9672dc
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: datatechonert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 1098
Origin: https://live.batstream.cc
Connection: keep-alive
Referer: https://live.batstream.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Mon, 28 Nov 2022 08:37:14 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://live.batstream.cc
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
mc.yandex.ru/watch/55348681/1?wmode=7&page-url=https%3A%2F%2Flive.batstream.cc%2F%3Fd%3D1%26s%3D1%26sp%3D2%26fs%3D12px%26tt%3Dnone%26fc%3DFFFFFF%26tc%3DFFFFFF%26bc%3D4E5D6C%26bhc%3D3E4A56%26thc%3DFFFFFF%26pd%3D5px%26brc%3D030303%26brr%3D2px%26mr%3D3px%26tm%3D122A33%26tmb%3DFFFFFF%26wb%3D2B3E50%26bcc%3D2B3E50%26bsh%3D0px%26rdb%3DEBEBEB%26rdc%3D333333&page-ref=https%3A%2F%2Fxsportshd.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A1780%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A780334750434%3Ahid%3A622587579%3Az%3A0%3Ai%3A20221128083713%3Aet%3A1669624633%3Arn%3A451706172%3Arqn%3A1%3Au%3A16696246301073462594%3Aw%3A835x3000%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1305%2C0%2C%2C247%2C12%2C2918%2C2918%2C1%2C1738%3Ans%3A1669624626862%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669624633%3At%3ALive%20Stream%20Sports%20%7C%20Batmanstream&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
93.158.134.119200 OK 419 B URL HTTP/2 mc.yandex.ru/watch/55348681/1?wmode=7&page-url=https%3A%2F%2Flive.batstream.cc%2F%3Fd%3D1%26s%3D1%26sp%3D2%26fs%3D12px%26tt%3Dnone%26fc%3DFFFFFF%26tc%3DFFFFFF%26bc%3D4E5D6C%26bhc%3D3E4A56%26thc%3DFFFFFF%26pd%3D5px%26brc%3D030303%26brr%3D2px%26mr%3D3px%26tm%3D122A33%26tmb%3DFFFFFF%26wb%3D2B3E50%26bcc%3D2B3E50%26bsh%3D0px%26rdb%3DEBEBEB%26rdc%3D333333&page-ref=https%3A%2F%2Fxsportshd.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A1780%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A780334750434%3Ahid%3A622587579%3Az%3A0%3Ai%3A20221128083713%3Aet%3A1669624633%3Arn%3A451706172%3Arqn%3A1%3Au%3A16696246301073462594%3Aw%3A835x3000%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1305%2C0%2C%2C247%2C12%2C2918%2C2918%2C1%2C1738%3Ans%3A1669624626862%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669624633%3At%3ALive%20Stream%20Sports%20%7C%20Batmanstream&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
IP 93.158.134.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 52619ff2317a594b09e5297f01eae174
c75f19e070388b959b01bb835086bd6ec280b8f8
070fe15bdf1b0cf89d5d6636cf4d17203596bcf769d8c44143d2b2d088e87166
GET /watch/55348681/1?wmode=7&page-url=https%3A%2F%2Flive.batstream.cc%2F%3Fd%3D1%26s%3D1%26sp%3D2%26fs%3D12px%26tt%3Dnone%26fc%3DFFFFFF%26tc%3DFFFFFF%26bc%3D4E5D6C%26bhc%3D3E4A56%26thc%3DFFFFFF%26pd%3D5px%26brc%3D030303%26brr%3D2px%26mr%3D3px%26tm%3D122A33%26tmb%3DFFFFFF%26wb%3D2B3E50%26bcc%3D2B3E50%26bsh%3D0px%26rdb%3DEBEBEB%26rdc%3D333333&page-ref=https%3A%2F%2Fxsportshd.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A1780%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A780334750434%3Ahid%3A622587579%3Az%3A0%3Ai%3A20221128083713%3Aet%3A1669624633%3Arn%3A451706172%3Arqn%3A1%3Au%3A16696246301073462594%3Aw%3A835x3000%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1305%2C0%2C%2C247%2C12%2C2918%2C2918%2C1%2C1738%3Ans%3A1669624626862%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669624633%3At%3ALive%20Stream%20Sports%20%7C%20Batmanstream&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://live.batstream.cc
Referer: https://live.batstream.cc/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 419
date: Mon, 28 Nov 2022 08:37:14 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://live.batstream.cc
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 28-Nov-2022 08:37:14 GMT
last-modified: Mon, 28-Nov-2022 08:37:14 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
user-agent.trafficdecisions.com/okay/?d=okay&t=2
104.22.36.222200 OK 0 B URL HTTP/2 user-agent.trafficdecisions.com/okay/?d=okay&t=2
IP 104.22.36.222:0
GET /okay/?d=okay&t=2 HTTP/1.1
Host: user-agent.trafficdecisions.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/html;charset=UTF-8
referrer-policy: no-referrer
set-cookie: __cf_bm=3hJZZjcFXMmGKBAc3ynO5ZCY.GH7cTPThQhBDEzHsz4-1669624629-0-AUW1fmaYr5dTAOgMO3h0iynYsxdLSaIRdnXCshSApDudtq6l3lpqUGdbfMWN/4zgObdOtrKU8KZEwTuJs97P01E=; path=/; expires=Mon, 28-Nov-22 09:07:09 GMT; domain=.trafficdecisions.com; HttpOnly; Secure; SameSite=None
vary: Accept-Encoding
server: cloudflare
cf-ray: 7711c7b10b3c990e-ARN
content-encoding: gzip
X-Firefox-Spdy: h2
no.bongacams.com/trans?bcs=b3JoaTE5YTMxNWUwYTQ2YjQ3ZTgyNGRiOWJkNWEyZTUyNTRhOjoxOTQxODQ6Omh0dHBzOi8vc3luZGljYXRpb24ucmVhbHNydi5jb20vOjo6OmZwb3JueC5jb206Ojc2NTc1MDo6MDo6MTo6MTo6OjowOjpkZWZhdWx0Ojow
195.85.23.95200 OK 0 B URL HTTP/2 no.bongacams.com/trans?bcs=b3JoaTE5YTMxNWUwYTQ2YjQ3ZTgyNGRiOWJkNWEyZTUyNTRhOjoxOTQxODQ6Omh0dHBzOi8vc3luZGljYXRpb24ucmVhbHNydi5jb20vOjo6OmZwb3JueC5jb206Ojc2NTc1MDo6MDo6MTo6MTo6OjowOjpkZWZhdWx0Ojow
IP 195.85.23.95:0
ASN #209242 Cloudflare London, LLC
GET /trans?bcs=b3JoaTE5YTMxNWUwYTQ2YjQ3ZTgyNGRiOWJkNWEyZTUyNTRhOjoxOTQxODQ6Omh0dHBzOi8vc3luZGljYXRpb24ucmVhbHNydi5jb20vOjo6OmZwb3JueC5jb206Ojc2NTc1MDo6MDo6MTo6MTo6OjowOjpkZWZhdWx0Ojow HTTP/1.1
Host: no.bongacams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndication.realsrv.com/
Connection: keep-alive
Cookie: __cf_bm=8x7xeFcWpoiBV0redXtoLWDiqaSjUSASSDkhtQL2X40-1669624630-0-ActCotYqIijnMn8KYAKEGOSQllXadt3HSNo8PuE4U5tlVr9xm9Xw6YsgHXzbaRotgsTv4m2I2HKYmq9CN5/HQp0=; bonga20120608=801a217cabbdc85ff96a5b61eb796d7c
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: text/html; charset=utf-8
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: origin-when-cross-origin
x-ua-compatible: IE=edge,chrome=1
cache-control: no-cache, no-store, must-revalidate
x-zone: 5a-web51
set-cookie: ts_type2=1; expires=Tue, 28-Nov-2023 08:37:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
fv=ZQZ2AQV2BGL2ZD==; expires=Tue, 28-Nov-2023 08:37:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
uh=K3OuA3Eapz1DETEBo0k2MxkvHQIYpt==; expires=Tue, 28-Nov-2023 08:37:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
ratr=194184%3A%3A765750%3A%3A2022-11-28%2010%3A37%3A10%3A%3Ahttps%3A%2F%2Fsyndication.realsrv.com%2F%3A%3A%3A%3Afpornx.com; expires=Tue, 15-Nov-2072 08:37:10 GMT; Max-Age=1576800000; path=/; domain=.bongacams.com; HttpOnly
BONGAH_HIT=19a315e0a46b47e824db9bd5a2e5254a%3A%3A194184%3A%3Ahttps%3A%2F%2Fsyndication.realsrv.com%2F%3A%3A%3A%3Afpornx.com%3A%3A765750%3A%3A%3A%3A%3A%3A0%3A%3A1%3A%3A1%3A%3A0%3A%3A%3A%3A0%3A%3Adefault%3A%3A0%3A%3A2022-11-28%2010%3A37%3A10; expires=Tue, 15-Nov-2072 08:37:10 GMT; Max-Age=1576800000; path=/; domain=.bongacams.com; secure; HttpOnly; SameSite=None
BONGA_REF=https%3A%2F%2Fsyndication.realsrv.com%2F; expires=Sat, 27-May-2023 08:37:10 GMT; Max-Age=15552000; path=/; domain=.bongacams.com; HttpOnly
reg_ver2=3; expires=Tue, 28-Nov-2023 08:37:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com
sg=66; expires=Tue, 28-Nov-2023 08:37:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com; secure; SameSite=None
__ti=H4sIAAAAAAACA6uttVYyMLQyN7YyMFSwMNI1NNQ1MjIwUrKyNLQqtlZKUbIC0-WpmWVKViYgZglEyNAq01qpDMyutjK2SrQ2BOrIrAbyEwFLgzspVAAAAA~~; expires=Mon, 05-Dec-2022 08:37:10 GMT; Max-Age=604800; path=/; domain=.bongacams.com
warning18=%5B%22no_NO%22%5D; expires=Tue, 28-Nov-2023 08:37:10 GMT; Max-Age=31536000; path=/; domain=.bongacams.com; secure; SameSite=None
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7711c7b54988b4eb-OSL
content-encoding: br
X-Firefox-Spdy: h2
xsportshd.com/NBA-NFL-Streaming.html
172.67.164.123200 OK 0 B URL HTTP/2 xsportshd.com/NBA-NFL-Streaming.html
IP 172.67.164.123:0
Analyzer Verdict Alert fortinet Malware
GET /NBA-NFL-Streaming.html HTTP/1.1
Host: xsportshd.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:07 GMT
content-type: text/html
last-modified: Fri, 25 Nov 2022 19:24:37 GMT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f3GcLb7czgHQkynOyUIqJfxcQmUWdPeEPeuCE3PqH4Nv88ryeFHw0umXFuhB%2FCcPygso8jULC439uYaGkAvq3FY9M9n%2BGyzhXuKfmOMa5TROEL0jPpPHXrGfvBFGtVHK"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711c7a04b871bfa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
bit-maximalist.com/views/pages/templates/13/17/6
172.67.216.65301 Moved Permanently 0 B URL HTTP/2 bit-maximalist.com/views/pages/templates/13/17/6
IP 172.67.216.65:0
Analyzer Verdict Alert fortinet Malware
GET /views/pages/templates/13/17/6 HTTP/1.1
Host: bit-maximalist.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/html; charset=iso-8859-1
location: http://bit-maximalist.com/views/pages/templates/13/17/6/
age: 611
x-cache: HIT
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DdrFC5fGVCFhbM5mO9oBwNmEUI9P6yU7Av47XqQTL9xgI6aLenvMar577qWTUEvak5vLigDDz2WIXWPfrSMtRErmCdHc%2BJ3SMRuqug1o8zxJshR8zv%2F97mfmWPbCIOYmPpst%2FME%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7711c7aad8d1b4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/b81bk.js
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/js-min/1W6iL/b81bk.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /js-min/1W6iL/b81bk.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:12 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-5aef"
expires: Wed, 28 Dec 2022 07:02:31 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5677
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7c01a3cb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
hello.lov.net/_webpack/bundle.js
156.146.33.18200 OK 0 B URL HTTP/2 hello.lov.net/_webpack/bundle.js
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
GET /_webpack/bundle.js HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 23 Nov 2022 16:47:16 GMT
etag: W/"637e4e94-25bd"
access-control-allow-origin: *
x-accel-expires: @1670261253
server: CDN77-Turbo
x-77-nzt: AZySIRCZCnX/MBsGAA
x-77-nzt-ray: f6587a1df97b4dc435738463b0d6b033
x-cache: HIT
x-age: 400176
x-77-pop: frankfurtDE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/css-min/1V4Jb/extra/listing_catrows.css
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/css-min/1V4Jb/extra/listing_catrows.css
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /css-min/1V4Jb/extra/listing_catrows.css HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: text/css
last-modified: Fri, 25 Nov 2022 11:07:06 GMT
etag: W/"6380a1da-1408"
expires: Sun, 25 Dec 2022 11:07:24 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 250172
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b86901b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
witalfialdt.xyz/redirect?tid=841125&ref=xsportshd.com
104.21.63.106301 Moved Permanently 0 B URL HTTP/2 witalfialdt.xyz/redirect?tid=841125&ref=xsportshd.com
IP 104.21.63.106:0
GET /redirect?tid=841125&ref=xsportshd.com HTTP/1.1
Host: witalfialdt.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Mon, 28 Nov 2022 08:37:08 GMT
location: https://syndication.realsrv.com/splash.php?type=8&idzone=4785728&p=https://xsportshd.com&tested=2/
cache-control: max-age=3600
expires: Mon, 28 Nov 2022 09:37:08 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2F2kFOanmPQwzGLNqSfsW1bmJnP%2Bjp%2FGF0MHPk1BCzbMZJzOqtscGbC%2BKdhDb4fFnbP8bbnTcP1jaw3MH5fs6l98SPFnaoWiBZrZP97kXtcFwc8TY7jebzBAKfDLXnXpo9M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7711c7a708d1b517-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/3575f.js
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/js-min/1W6iL/3575f.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /js-min/1W6iL/3575f.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-d5b2"
expires: Wed, 28 Dec 2022 07:02:31 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5675
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7baab8ab503-OSL
content-encoding: br
X-Firefox-Spdy: h2
capta48-link.com/click?a=1117&o=580&link_id=20928&sub_id1=wkb20sl15boeoopk2udl9h56&sub_id3=5416286_4785728
3.66.74.238200 OK 0 B URL HTTP/2 capta48-link.com/click?a=1117&o=580&link_id=20928&sub_id1=wkb20sl15boeoopk2udl9h56&sub_id3=5416286_4785728
IP 3.66.74.238:0
GET /click?a=1117&o=580&link_id=20928&sub_id1=wkb20sl15boeoopk2udl9h56&sub_id3=5416286_4785728 HTTP/1.1
Host: capta48-link.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://xsportshd.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/html; charset=UTF-8
server: nginx/1.20.0
x-powered-by: PHP/7.4.21
set-cookie: U-069d3bb002acd8d7dd095917f9efe4cb=unique; expires=Wed, 28-Dec-2022 08:37:09 GMT; Max-Age=2592000; path=/; secure; SameSite=None
o_069d3bb002acd8d7dd095917f9efe4cb=36c9052f-ff36-401e-80b5-ea8a5efa2c80; expires=Mon, 05-Dec-2022 08:37:09 GMT; Max-Age=604800; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
hello.lov.net/lander/lv002_pps/css/main.css
156.146.33.18200 OK 0 B URL HTTP/2 hello.lov.net/lander/lv002_pps/css/main.css
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
GET /lander/lv002_pps/css/main.css HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/css
last-modified: Wed, 23 Nov 2022 16:58:49 GMT
etag: W/"637e5149-fa8"
access-control-allow-origin: *
x-accel-expires: @1670261279
server: CDN77-Turbo
x-77-nzt: AZySIRC8USH/FhsGAA
x-77-nzt-ray: f6587a1df97b4dc43573846381370a33
x-cache: HIT
x-age: 400150
x-77-pop: frankfurtDE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
hello.lov.net/_fuckbook/CommonMapper.js
156.146.33.18200 OK 0 B URL HTTP/2 hello.lov.net/_fuckbook/CommonMapper.js
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
GET /_fuckbook/CommonMapper.js HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 23 Nov 2022 16:47:16 GMT
etag: W/"637e4e94-185"
access-control-allow-origin: *
x-accel-expires: @1670261252
server: CDN77-Turbo
x-77-nzt: AZySIRDAurr/MRsGAA
x-77-nzt-ray: f6587a1df97b4dc43573846357e20334
x-cache: HIT
x-age: 400177
x-77-pop: frankfurtDE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/i18n-min/1669350485/messages/no.js
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/i18n-min/1669350485/messages/no.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /i18n-min/1669350485/messages/no.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Fri, 25 Nov 2022 04:28:23 GMT
etag: W/"63804467-2ce65"
expires: Sun, 25 Dec 2022 04:28:53 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 274037
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b86914b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
publicatadlit.com/monero.svg
172.67.132.30404 Not Found 0 B URL HTTP/2 publicatadlit.com/monero.svg
IP 172.67.132.30:0
GET /monero.svg HTTP/1.1
Host: publicatadlit.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publicatadlit.com/tid=215664.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Mon, 28 Nov 2022 08:37:07 GMT
content-type: text/html
cache-control: max-age=14400
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3tXFf6e7MQq3tdbDHMcuqysN51rUwm%2FwEKMzJ7kWTb9am9f3%2BaF2JpV%2FcArvoyfLskzBXZt94se1lfVS1pTK0iXmNAMM8mv0aFOrlKI8QZmdqo6UfpwDpxm2Oa2PW6nqAjcZaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7711c7a39c000afa-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
whos.amung.us/cwidget/6hz6n4r6jb/000000ffffff.png
104.22.75.171307 Temporary Redirect 0 B URL HTTP/2 whos.amung.us/cwidget/6hz6n4r6jb/000000ffffff.png
IP 104.22.75.171:0
GET /cwidget/6hz6n4r6jb/000000ffffff.png HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: text/html; charset=UTF-8
location: https://widgets.amung.us/draw/?w=colored&n=33&c=000000ffffff&p=left
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7711c7a4dfc29908-ARN
X-Firefox-Spdy: h2
hello.lov.net/lander/lv002_pps/js/jquery.fancySelect.js
156.146.33.18200 OK 0 B URL HTTP/2 hello.lov.net/lander/lv002_pps/js/jquery.fancySelect.js
IP 156.146.33.18:0
ASN #60068 Datacamp Limited
GET /lander/lv002_pps/js/jquery.fancySelect.js HTTP/1.1
Host: hello.lov.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hello.lov.net/lander/lv002_pps/?offerit_code=Tremendio.33.33.358.0.0.0.0.0.0.0.0&offerit_conversion_variables._ocid=d9fe850f696461596bace06e45fb3aa5&offerit_conversion_variables.subaff=1117
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 23 Nov 2022 16:58:49 GMT
etag: W/"637e5149-291"
access-control-allow-origin: *
x-accel-expires: @1670261279
server: CDN77-Turbo
x-77-nzt: AZySIRA9O13/FhsGAA
x-77-nzt-ray: f6587a1df97b4dc4357384631088a333
x-cache: HIT
x-age: 400150
x-77-pop: frankfurtDE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
bedrapiona.com/5/3505548/?oo=1&js_build=iclick-v1.454.0
139.45.197.234200 OK 0 B URL HTTP/2 bedrapiona.com/5/3505548/?oo=1&js_build=iclick-v1.454.0
IP 139.45.197.234:0
GET /5/3505548/?oo=1&js_build=iclick-v1.454.0 HTTP/1.1
Host: bedrapiona.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://live.batstream.cc
Connection: keep-alive
Referer: https://live.batstream.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: application/json
x-trace-id: 084918d497aadf1af6e65dbc2d6472f6
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://live.batstream.cc
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=50cbcfe595dd46be87d72e08af9b6075; expires=Tue, 28 Nov 2023 08:37:09 GMT; path=/; secure; SameSite=None
oaidts=1669624629; expires=Tue, 28 Nov 2023 08:37:09 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/0f4af.js
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/js-min/1W6iL/0f4af.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /js-min/1W6iL/0f4af.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-2c9"
expires: Wed, 28 Dec 2022 07:02:31 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5675
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7bacbbfb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/images/replace/10/arial/999/bnct_add2.svg
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/images/replace/10/arial/999/bnct_add2.svg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /images/replace/10/arial/999/bnct_add2.svg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/svg+xml
last-modified: Wed, 09 Jun 2021 09:45:11 GMT
etag: W/"60c08da7-2a63"
expires: Sun, 18 Dec 2022 13:47:21 GMT
cache-control: max-age=2592000
x-bc-o: 1
x-o1-p4: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 845371
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b86913b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/css-min/1V4Jb/extra/listing.css
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/css-min/1V4Jb/extra/listing.css
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /css-min/1V4Jb/extra/listing.css HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: text/css
last-modified: Fri, 25 Nov 2022 11:07:06 GMT
etag: W/"6380a1da-12181"
expires: Sun, 25 Dec 2022 11:07:24 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 250172
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b86916b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
mc.yandex.ru/watch/55348681?wmode=7&page-url=https%3A%2F%2Flive.batstream.cc%2F%3Fd%3D1%26s%3D1%26sp%3D2%26fs%3D12px%26tt%3Dnone%26fc%3DFFFFFF%26tc%3DFFFFFF%26bc%3D4E5D6C%26bhc%3D3E4A56%26thc%3DFFFFFF%26pd%3D5px%26brc%3D030303%26brr%3D2px%26mr%3D3px%26tm%3D122A33%26tmb%3DFFFFFF%26wb%3D2B3E50%26bcc%3D2B3E50%26bsh%3D0px%26rdb%3DEBEBEB%26rdc%3D333333&page-ref=https%3A%2F%2Fxsportshd.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A1780%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A780334750434%3Ahid%3A622587579%3Az%3A0%3Ai%3A20221128083713%3Aet%3A1669624633%3Arn%3A451706172%3Arqn%3A1%3Au%3A16696246301073462594%3Aw%3A835x3000%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1305%2C0%2C%2C247%2C12%2C2918%2C2918%2C1%2C1738%3Ans%3A1669624626862%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669624633%3At%3ALive%20Stream%20Sports%20%7C%20Batmanstream&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
93.158.134.119302 Found 0 B URL HTTP/2 mc.yandex.ru/watch/55348681?wmode=7&page-url=https%3A%2F%2Flive.batstream.cc%2F%3Fd%3D1%26s%3D1%26sp%3D2%26fs%3D12px%26tt%3Dnone%26fc%3DFFFFFF%26tc%3DFFFFFF%26bc%3D4E5D6C%26bhc%3D3E4A56%26thc%3DFFFFFF%26pd%3D5px%26brc%3D030303%26brr%3D2px%26mr%3D3px%26tm%3D122A33%26tmb%3DFFFFFF%26wb%3D2B3E50%26bcc%3D2B3E50%26bsh%3D0px%26rdb%3DEBEBEB%26rdc%3D333333&page-ref=https%3A%2F%2Fxsportshd.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A1780%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A780334750434%3Ahid%3A622587579%3Az%3A0%3Ai%3A20221128083713%3Aet%3A1669624633%3Arn%3A451706172%3Arqn%3A1%3Au%3A16696246301073462594%3Aw%3A835x3000%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1305%2C0%2C%2C247%2C12%2C2918%2C2918%2C1%2C1738%3Ans%3A1669624626862%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669624633%3At%3ALive%20Stream%20Sports%20%7C%20Batmanstream&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2)
IP 93.158.134.119:0
GET /watch/55348681?wmode=7&page-url=https%3A%2F%2Flive.batstream.cc%2F%3Fd%3D1%26s%3D1%26sp%3D2%26fs%3D12px%26tt%3Dnone%26fc%3DFFFFFF%26tc%3DFFFFFF%26bc%3D4E5D6C%26bhc%3D3E4A56%26thc%3DFFFFFF%26pd%3D5px%26brc%3D030303%26brr%3D2px%26mr%3D3px%26tm%3D122A33%26tmb%3DFFFFFF%26wb%3D2B3E50%26bcc%3D2B3E50%26bsh%3D0px%26rdb%3DEBEBEB%26rdc%3D333333&page-ref=https%3A%2F%2Fxsportshd.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A1780%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A780334750434%3Ahid%3A622587579%3Az%3A0%3Ai%3A20221128083713%3Aet%3A1669624633%3Arn%3A451706172%3Arqn%3A1%3Au%3A16696246301073462594%3Aw%3A835x3000%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1305%2C0%2C%2C247%2C12%2C2918%2C2918%2C1%2C1738%3Ans%3A1669624626862%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669624633%3At%3ALive%20Stream%20Sports%20%7C%20Batmanstream&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://live.batstream.cc
Connection: keep-alive
Referer: https://live.batstream.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/55348681/1?wmode=7&page-url=https%3A%2F%2Flive.batstream.cc%2F%3Fd%3D1%26s%3D1%26sp%3D2%26fs%3D12px%26tt%3Dnone%26fc%3DFFFFFF%26tc%3DFFFFFF%26bc%3D4E5D6C%26bhc%3D3E4A56%26thc%3DFFFFFF%26pd%3D5px%26brc%3D030303%26brr%3D2px%26mr%3D3px%26tm%3D122A33%26tmb%3DFFFFFF%26wb%3D2B3E50%26bcc%3D2B3E50%26bsh%3D0px%26rdb%3DEBEBEB%26rdc%3D333333&page-ref=https%3A%2F%2Fxsportshd.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Ahbzj7lpjz3smdgzs1sf0c%3Afp%3A1780%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A923%3Acn%3A1%3Adp%3A0%3Als%3A780334750434%3Ahid%3A622587579%3Az%3A0%3Ai%3A20221128083713%3Aet%3A1669624633%3Arn%3A451706172%3Arqn%3A1%3Au%3A16696246301073462594%3Aw%3A835x3000%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C1305%2C0%2C%2C247%2C12%2C2918%2C2918%2C1%2C1738%3Ans%3A1669624626862%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1669624633%3At%3ALive%20Stream%20Sports%20%7C%20Batmanstream&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29fip%281%29rqnl%281%29ti%282%29
date: Mon, 28 Nov 2022 08:37:14 GMT
access-control-allow-origin: https://live.batstream.cc
set-cookie: yandexuid=6289083451669624634; Expires=Tue, 28-Nov-2023 08:37:14 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=6289083451669624634; Expires=Tue, 28-Nov-2023 08:37:14 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=662555121669624634; Path=/; SameSite=None; Secure
i=2LHMj6mHbxr9qqnSlbrzGKhvh/QhyCmvPvzubYrKc/4hifRxRQWQWXUUMMdJmXHZknLOFLOC2s62OmLnYoxGVCqdK94=; Expires=Thu, 25-Nov-2032 08:37:07 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1701160634.yc.1669624634#1701160634.yrts.1669624634#1701160634.yrtsi.1669624634; Expires=Tue, 28-Nov-2023 08:37:14 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Mon, 28-Nov-2022 08:37:14 GMT
last-modified: Mon, 28-Nov-2022 08:37:14 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
adspredictiv.com/jump/next.php?r=2475779&sub1=9111920
35.190.38.40200 OK 0 B URL HTTP/2 adspredictiv.com/jump/next.php?r=2475779&sub1=9111920
IP 35.190.38.40:0
GET /jump/next.php?r=2475779&sub1=9111920 HTTP/1.1
Host: adspredictiv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://granorizes.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/html; charset=utf-8
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.forza.idescargarapk.com/get.php?code=enVPOS81Z1JyRjFvTDZsdHBFbmI5UT09&clickid=A2FS0T3m-CM&campaignid=945479&siteid=430875.467518&publishid=430875&country=no&os=Windows+10&browser=FIREFOX_105.0&referrer=https%3A%2F%2Fsocceronline.xyz%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002
50.31.176.38200 OK 0 B URL HTTP/2 www.forza.idescargarapk.com/get.php?code=enVPOS81Z1JyRjFvTDZsdHBFbmI5UT09&clickid=A2FS0T3m-CM&campaignid=945479&siteid=430875.467518&publishid=430875&country=no&os=Windows+10&browser=FIREFOX_105.0&referrer=https%3A%2F%2Fsocceronline.xyz%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002
IP 50.31.176.38:0
GET /get.php?code=enVPOS81Z1JyRjFvTDZsdHBFbmI5UT09&clickid=A2FS0T3m-CM&campaignid=945479&siteid=430875.467518&publishid=430875&country=no&os=Windows+10&browser=FIREFOX_105.0&referrer=https%3A%2F%2Fsocceronline.xyz%2F&device=Desktop&carrier=Blix+Solutions&connection=&bid=0.0002 HTTP/1.1
Host: www.forza.idescargarapk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://socceronline.xyz/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
set-cookie: PHPSESSID=783073e8b6827876087abd6f96b63311; path=/; secure
expires: Tue, 03 Jul 2001 06:00:00 GMT
last-modified: Mon, 28 Nov 2022 08:37:10 GMT
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
content-encoding: gzip
date: Mon, 28 Nov 2022 08:37:10 GMT
alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
X-Firefox-Spdy: h2
bongacams.com/transsexual?bcs=aWNhbDE5YTMxNWUwYTQ2YjQ3ZTgyNGRiOWJkNWEyZTUyNTRhOjoxOTQxODQ6Omh0dHBzOi8vc3luZGljYXRpb24ucmVhbHNydi5jb20vOjo6OmZwb3JueC5jb206Ojc2NTc1MDo6MDo6MTo6MTo6OjowOjpkZWZhdWx0Ojow
195.85.23.88301 Moved Permanently 0 B URL HTTP/2 bongacams.com/transsexual?bcs=aWNhbDE5YTMxNWUwYTQ2YjQ3ZTgyNGRiOWJkNWEyZTUyNTRhOjoxOTQxODQ6Omh0dHBzOi8vc3luZGljYXRpb24ucmVhbHNydi5jb20vOjo6OmZwb3JueC5jb206Ojc2NTc1MDo6MDo6MTo6MTo6OjowOjpkZWZhdWx0Ojow
IP 195.85.23.88:0
ASN #209242 Cloudflare London, LLC
GET /transsexual?bcs=aWNhbDE5YTMxNWUwYTQ2YjQ3ZTgyNGRiOWJkNWEyZTUyNTRhOjoxOTQxODQ6Omh0dHBzOi8vc3luZGljYXRpb24ucmVhbHNydi5jb20vOjo6OmZwb3JueC5jb206Ojc2NTc1MDo6MDo6MTo6MTo6OjowOjpkZWZhdWx0Ojow HTTP/1.1
Host: bongacams.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndication.realsrv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Mon, 28 Nov 2022 08:37:10 GMT
content-type: text/html; charset=UTF-8
location: /trans?bcs=aWNhbDE5YTMxNWUwYTQ2YjQ3ZTgyNGRiOWJkNWEyZTUyNTRhOjoxOTQxODQ6Omh0dHBzOi8vc3luZGljYXRpb24ucmVhbHNydi5jb20vOjo6OmZwb3JueC5jb206Ojc2NTc1MDo6MDo6MTo6MTo6OjowOjpkZWZhdWx0Ojow
cache-control: no-cache, no-store, must-revalidate
x-zone: 5a-web51
cf-cache-status: DYNAMIC
set-cookie: __cf_bm=w1HknIcJtGiMC.W70H2t_ore8gVB4kfxz5rQVzBNN5I-1669624630-0-AdMfLinAWqXRJd8BC1jsNJvMymF8/NoML+2fOcqgTYsyNvbGAj1yQ1uANBXtsb5JZaX4GXlMPxOtAv37QgwYbxs=; path=/; expires=Mon, 28-Nov-22 09:07:10 GMT; domain=.bongacams.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 7711c7b1d96ab503-OSL
X-Firefox-Spdy: h2
i.bcicdn.com/images/replace/10/arial/999/bnct_add1_v2.svg
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/images/replace/10/arial/999/bnct_add1_v2.svg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /images/replace/10/arial/999/bnct_add1_v2.svg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Mar 2022 11:31:02 GMT
etag: W/"6231ca76-35ac"
expires: Sun, 18 Dec 2022 13:47:21 GMT
cache-control: max-age=2592000
x-bc-o: 1
x-o1-p4: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 845371
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b86912b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/7717s.js
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/js-min/1W6iL/7717s.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /js-min/1W6iL/7717s.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-3965"
expires: Wed, 28 Dec 2022 07:02:30 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5675
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7ba8b5db503-OSL
content-encoding: br
X-Firefox-Spdy: h2
live.batstream.tv/?d=1&s=1&sp=2&fs=12px&tt=none&fc=FFFFFF&tc=FFFFFF&bc=4E5D6C&bhc=3E4A56&thc=FFFFFF&pd=5px&brc=030303&brr=2px&mr=3px&tm=122A33&tmb=FFFFFF&wb=2B3E50&bcc=2B3E50&bsh=0px&rdb=EBEBEB&rdc=333333
172.67.171.45301 Moved Permanently 0 B URL HTTP/2 live.batstream.tv/?d=1&s=1&sp=2&fs=12px&tt=none&fc=FFFFFF&tc=FFFFFF&bc=4E5D6C&bhc=3E4A56&thc=FFFFFF&pd=5px&brc=030303&brr=2px&mr=3px&tm=122A33&tmb=FFFFFF&wb=2B3E50&bcc=2B3E50&bsh=0px&rdb=EBEBEB&rdc=333333
IP 172.67.171.45:0
GET /?d=1&s=1&sp=2&fs=12px&tt=none&fc=FFFFFF&tc=FFFFFF&bc=4E5D6C&bhc=3E4A56&thc=FFFFFF&pd=5px&brc=030303&brr=2px&mr=3px&tm=122A33&tmb=FFFFFF&wb=2B3E50&bcc=2B3E50&bsh=0px&rdb=EBEBEB&rdc=333333 HTTP/1.1
Host: live.batstream.tv
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://xsportshd.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Mon, 28 Nov 2022 08:37:07 GMT
location: https://live.batstream.live/?d=1&s=1&sp=2&fs=12px&tt=none&fc=FFFFFF&tc=FFFFFF&bc=4E5D6C&bhc=3E4A56&thc=FFFFFF&pd=5px&brc=030303&brr=2px&mr=3px&tm=122A33&tmb=FFFFFF&wb=2B3E50&bcc=2B3E50&bsh=0px&rdb=EBEBEB&rdc=333333
cache-control: max-age=3600
expires: Mon, 28 Nov 2022 09:37:07 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=i9Niv0liDNooK4w3t%2FG5ul4rrkjsig5VBYhJbpwc8JBDtKv3pygiPzkeDHbmmsJuNbA%2FP3XR0Waqs5TOiTX2NxTpyTvj8yRpjeS38IVAMXbaTXY26%2B4n4xu3PV6yegQiNUZXig%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7711c7a20e25b4ee-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/6e7bh.js
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/js-min/1W6iL/6e7bh.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /js-min/1W6iL/6e7bh.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:12 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-64cd"
expires: Wed, 28 Dec 2022 07:02:31 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5677
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7c01a3fb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
live.batstream.cc/js/jquery.min.js
172.67.138.117200 OK 0 B URL HTTP/2 live.batstream.cc/js/jquery.min.js
IP 172.67.138.117:0
Analyzer Verdict Alert fortinet Malware
GET /js/jquery.min.js HTTP/1.1
Host: live.batstream.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://live.batstream.cc/?d=1&s=1&sp=2&fs=12px&tt=none&fc=FFFFFF&tc=FFFFFF&bc=4E5D6C&bhc=3E4A56&thc=FFFFFF&pd=5px&brc=030303&brr=2px&mr=3px&tm=122A33&tmb=FFFFFF&wb=2B3E50&bcc=2B3E50&bsh=0px&rdb=EBEBEB&rdc=333333
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: application/javascript
last-modified: Mon, 28 Jan 2019 22:44:24 GMT
etag: W/"5c4f85c8-17b8a"
expires: Sun, 04 Dec 2022 00:13:06 GMT
cache-control: public, max-age=31536000
access-control-allow-origin: *
pragma: public
cf-cache-status: HIT
age: 2103842
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YTT1C40LudSIo3xJGawD2171T7Oq%2BhyXlOorFlFgWYgDxMWUu9q8QS3Qglrl9%2BoNvhxTboaBfey%2BFXR21gy6qG5aJKAcJMtQdhm%2FnO42KOkV991Kb87Ry%2FN6OnYbK9vcGrkzag%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7711c7aa9c1d0af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/54adc.js
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/js-min/1W6iL/54adc.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /js-min/1W6iL/54adc.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-13c3"
expires: Wed, 28 Dec 2022 07:02:30 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5675
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7bacbbdb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/019b6.js
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/js-min/1W6iL/019b6.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /js-min/1W6iL/019b6.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:12 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-183d0"
expires: Wed, 28 Dec 2022 07:02:31 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5677
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7c03a5bb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
104.18.10.207200 OK 0 B URL HTTP/2 maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
IP 104.18.10.207:0
GET /bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://live.batstream.cc
Connection: keep-alive
Referer: https://live.batstream.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
cdn-edgestorageid: 632, 617, 617, 617
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
cdn-cachedat: 2021-06-08 21:21:23
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: 1f6cca2ca001a8a1218abb0bf0311f50
cdn-status: 200
cdn-cache: HIT
cf-cache-status: HIT
age: 20781626
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7711c7aaea64b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.bcicdn.com/css-min/1V4Jb/lt.css
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/css-min/1V4Jb/lt.css
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /css-min/1V4Jb/lt.css HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: text/css
last-modified: Fri, 25 Nov 2022 11:07:06 GMT
etag: W/"6380a1da-1a795"
expires: Sun, 25 Dec 2022 11:07:24 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 250172
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b868f7b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/d16ci.js
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/js-min/1W6iL/d16ci.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /js-min/1W6iL/d16ci.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:12 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-1dbf"
expires: Wed, 28 Dec 2022 07:02:31 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5677
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7bf5981b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
bngtrk.com/hit.php?c=765750&subid2=fpornx.com
31.192.112.221302 Found 0 B URL HTTP/2 bngtrk.com/hit.php?c=765750&subid2=fpornx.com
IP 31.192.112.221:0
ASN #48684 Viking Host B.V.
GET /hit.php?c=765750&subid2=fpornx.com HTTP/1.1
Host: bngtrk.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://syndication.realsrv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Mon, 28 Nov 2022 08:37:09 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
set-cookie: BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.promo-bc.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bongacams.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bongocams.biz
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bongacams.org
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bongacams10.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bcmspt.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bngwlt.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bngpt.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bngpst.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bngprl.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bngpop.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bngosv.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bngvs.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bngdyn.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.dynspt.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.ecdyn.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.trkbc.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.trkbng.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bngtrk.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bcprm.com
BCH_H=19a315e0a46b47e824db9bd5a2e5254a%7C2022-11-28; expires=Tue, 15-Nov-2072 08:37:09 GMT; Max-Age=1576800000; path=/; domain=.bngprm.com
location: https://bongacams.com/transsexual?bcs=aWNhbDE5YTMxNWUwYTQ2YjQ3ZTgyNGRiOWJkNWEyZTUyNTRhOjoxOTQxODQ6Omh0dHBzOi8vc3luZGljYXRpb24ucmVhbHNydi5jb20vOjo6OmZwb3JueC5jb206Ojc2NTc1MDo6MDo6MTo6MTo6OjowOjpkZWZhdWx0Ojow
expires: Mon, 28 Nov 2022 08:37:08 GMT
x-bcs: ded7015
strict-transport-security: max-age=0;
cache-control: no-cache, public
x-bc-bl: 102
X-Firefox-Spdy: h2
i.bcicdn.com/css-min/1V4Jb/ft.css
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/css-min/1V4Jb/ft.css
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /css-min/1V4Jb/ft.css HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: text/css
last-modified: Fri, 25 Nov 2022 11:07:06 GMT
etag: W/"6380a1da-3a14"
expires: Sun, 25 Dec 2022 11:07:24 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 250172
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b7b808b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/b5c6.js
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/js-min/1W6iL/b5c6.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /js-min/1W6iL/b5c6.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-cc"
expires: Wed, 28 Dec 2022 07:02:31 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o1-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5677
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7ba6b48b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/5b17v.js
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/js-min/1W6iL/5b17v.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /js-min/1W6iL/5b17v.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-84b"
expires: Wed, 28 Dec 2022 07:02:30 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5675
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7ba7b59b503-OSL
content-encoding: br
X-Firefox-Spdy: h2
i.bcicdn.com/js-min/1W6iL/adbbg.js
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/js-min/1W6iL/adbbg.js
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /js-min/1W6iL/adbbg.js HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:12 GMT
content-type: application/javascript
last-modified: Mon, 28 Nov 2022 07:01:56 GMT
etag: W/"63845ce4-d3d1"
expires: Wed, 28 Dec 2022 07:02:31 GMT
cache-control: max-age=2592000
x-bc-o-lcf: 3
x-o3-css: MISS
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 5675
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7bf598bb503-OSL
content-encoding: br
X-Firefox-Spdy: h2
whos.amung.us/cwidget/8qxnu1d28l/000000ffffff.png
104.22.75.171307 Temporary Redirect 0 B URL HTTP/2 whos.amung.us/cwidget/8qxnu1d28l/000000ffffff.png
IP 104.22.75.171:0
GET /cwidget/8qxnu1d28l/000000ffffff.png HTTP/1.1
Host: whos.amung.us
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://publicatadlit.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: text/html; charset=UTF-8
location: https://widgets.amung.us/draw/?w=colored&n=432&c=000000ffffff&p=left
cache-control: no-cache, no-store, must-revalidate
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 7711c7a5a8a89908-ARN
X-Firefox-Spdy: h2
sportsmix.net/cdn-cgi/apps/head/fuYqKeshy7sXwBO0ofXB9ZKxlDE.js
104.21.5.185200 OK 0 B URL HTTP/2 sportsmix.net/cdn-cgi/apps/head/fuYqKeshy7sXwBO0ofXB9ZKxlDE.js
IP 104.21.5.185:0
Analyzer Verdict Alert fortinet Malware
GET /cdn-cgi/apps/head/fuYqKeshy7sXwBO0ofXB9ZKxlDE.js HTTP/1.1
Host: sportsmix.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://sportsmix.net/hd-streams.html
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: application/javascript; charset=utf-8
x-amz-id-2: G5r2eZjJ2x/l9p0f34BHHV/5i2tQFHQyo7d4LvOf2N+TB6EPQiGDYF2+syhTvbdpULzlykU7k1s=
x-amz-request-id: K2R8Z20PQEAJC466
cache-control: public, max-age=31536000
last-modified: Sat, 11 Dec 2021 19:45:58 GMT
x-amz-version-id: fnNV8M6bqJb3xGv9XU1F5E4g5pwjEsZV
etag: W/"3838d84f2113c01d90ea66faa2520e32"
cf-cache-status: HIT
age: 8023798
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q57elKacRa%2BAckX6c2T3tyHRxYBXEdSw4P0%2FQhNd%2Fk12ybyxLjSNvFSPCGRmpGUG6amkOY3KUf0vs5NxAqzJOEeA7FTTSZlhh4Kauf8zt4HxHweG%2B48XCBINmbEj2nTg"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7711c7a68ba1b506-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
live.batstream.cc/css/widget.css
172.67.138.117200 OK 0 B URL HTTP/2 live.batstream.cc/css/widget.css
IP 172.67.138.117:0
GET /css/widget.css HTTP/1.1
Host: live.batstream.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://live.batstream.cc/?d=1&s=1&sp=2&fs=12px&tt=none&fc=FFFFFF&tc=FFFFFF&bc=4E5D6C&bhc=3E4A56&thc=FFFFFF&pd=5px&brc=030303&brr=2px&mr=3px&tm=122A33&tmb=FFFFFF&wb=2B3E50&bcc=2B3E50&bsh=0px&rdb=EBEBEB&rdc=333333
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:08 GMT
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-bgj: minify
cf-polished: origSize=14530
etag: W/"5c4f85c8-38c2"
expires: Tue, 27 Dec 2022 22:23:07 GMT
last-modified: Mon, 28 Jan 2019 22:44:24 GMT
pragma: public
cf-cache-status: HIT
age: 36841
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BefYrhaKJX5IZw18QT34NnyV8mLsOgDr8eGJGZIjDIW2C7DyJk%2B1oTpAEzFlgiZIK6jU5PBgDIYQDKjc2XA4uGWttoRenVsFfvihzewar%2BkoIW0beo4cpROd037JoIjYaVJvdQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7711c7aa8c040af6-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.bcicdn.com/images/replace/10/arial/999/bnct_v2.svg
195.85.23.226200 OK 0 B URL HTTP/2 i.bcicdn.com/images/replace/10/arial/999/bnct_v2.svg
IP 195.85.23.226:0
ASN #209242 Cloudflare London, LLC
GET /images/replace/10/arial/999/bnct_v2.svg HTTP/1.1
Host: i.bcicdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://no.bongacams.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 28 Nov 2022 08:37:11 GMT
content-type: image/svg+xml
last-modified: Wed, 16 Mar 2022 11:31:02 GMT
etag: W/"6231ca76-345d"
expires: Sun, 18 Dec 2022 13:47:21 GMT
cache-control: max-age=2592000
x-bc-o: 2
x-o1-p4: HIT
vary: Accept-Encoding
access-control-allow-origin: *
cf-cache-status: HIT
age: 845389
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7711c7b86911b503-OSL
content-encoding: br
X-Firefox-Spdy: h2