qatarstreams.me/stream/3/netherlands-vs-argentina
45.178.7.43301 Moved Permanently 162 B URL HTTP/1.1 qatarstreams.me/stream/3/netherlands-vs-argentina
IP 45.178.7.43:0
ASN #64122 SWISS GLOBAL SERVICES S.A.S
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
GET /stream/3/netherlands-vs-argentina HTTP/1.1
Host: qatarstreams.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Fri, 09 Dec 2022 21:50:13 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://qatarstreams.me/stream/3/netherlands-vs-argentina
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f2acd891dc6eb1f09f57a2b086791781
1e2088306501a61edcca1ade62c4d54f23b3b083
51148fed95cc00d60dc3640350f135b1b2763ff0e3cfbffc40f0948317894be9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "51148FED95CC00D60DC3640350F135B1B2763FF0E3CFBFFC40F0948317894BE9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13615
Expires: Sat, 10 Dec 2022 01:37:08 GMT
Date: Fri, 09 Dec 2022 21:50:13 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 388f6fea5bafa378266622b72311a6ee
447f102dc12172ce1ba44c5e94e1d7bb49d43372
a597afb4d4f7f3c82f0f2857322226fc69dc92e099bfd0605f7a0cd562be9d21
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A597AFB4D4F7F3C82F0F2857322226FC69DC92E099BFD0605F7A0CD562BE9D21"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5752
Expires: Fri, 09 Dec 2022 23:26:05 GMT
Date: Fri, 09 Dec 2022 21:50:13 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash b44c4b5daa307a355e7bab1c83c1ca82
dbd14cd873f1dd4502f277b3f51cb7bc8da0c080
fd4604461cfa002c8a261bb14eb8dda56817db231b9012b2eb38d6dbc2674df5
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Backoff, Content-Length, Alert, Retry-After, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Fri, 09 Dec 2022 21:33:14 GMT
content-type: application/json
age: 1019
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4ee537977be9c03702f8ffe0025bf1fe
21637881c4aa34c4add703f8bff4eff573159f45
4819229fd8f502a0c68c80bd7409e104c1b4d1a98ca8a6cd9deba629b1511aea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4819229FD8F502A0C68C80BD7409E104C1B4D1A98CA8A6CD9DEBA629B1511AEA"
Last-Modified: Thu, 08 Dec 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8502
Expires: Sat, 10 Dec 2022 00:11:55 GMT
Date: Fri, 09 Dec 2022 21:50:13 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 53341dea33f4f3d9b4966f80589f429a
20f7b07c686c986d2ed1e3e9ad1bb2aef8edaf0d
651683e52cdbc96b289f8f123155f0b96d9f67432689e89156fa56f5a346c6a0
GET /chains/remote-settings.content-signature.mozilla.org-2023-01-19-10-06-33.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: iK6LjfH0SNTkEMXwFMSp/X1OIb5F5t1Y/F10DVPzSTIXqiiZrjjEzTKgzi7XC5KM/2FlP4qawPw=
x-amz-request-id: V90PYEZRVKA09J25
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Fri, 09 Dec 2022 21:48:32 GMT
age: 101
last-modified: Wed, 30 Nov 2022 10:06:34 GMT
etag: "53341dea33f4f3d9b4966f80589f429a"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:13 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-credentials: true
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
qatarstreams.me/spacelab.css
45.178.7.43200 OK 24 kB URL HTTP/2 qatarstreams.me/spacelab.css
IP 45.178.7.43:0
ASN #64122 SWISS GLOBAL SERVICES S.A.S
File type Unicode text, UTF-8 text, with very long lines (65534), with no line terminators
Hash 4e458e72f299cc7cf8c65911cb4546bf
7545cf100da04b2693f657da7a249bd396cd85d8
d8511cdc61e880b2e8083ca098eaeb809a9eb263c22b9e7dfbbf6259e6d7e2e4
GET /spacelab.css HTTP/1.1
Host: qatarstreams.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qatarstreams.me/stream/3/netherlands-vs-argentina
Cookie: _dt_qs=AAAAAhQDEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXINEQpzdHJlYW1fYWx0BgE%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:14 GMT
content-type: text/css
last-modified: Fri, 11 Nov 2022 08:51:50 GMT
vary: Accept-Encoding
etag: W/"636e0d26-305af"
expires: Sun, 08 Jan 2023 21:50:14 GMT
cache-control: max-age=2592000, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
qatarstreams.me/stream/3/netherlands-vs-argentina
45.178.7.43200 OK 22 kB URL HTTP/2 qatarstreams.me/stream/3/netherlands-vs-argentina
IP 45.178.7.43:0
ASN #64122 SWISS GLOBAL SERVICES S.A.S
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (39277)
Hash 51922ffbb63c37422e7d4b096ccb5052
9fb0b2a5d244d089ab7a1bc332b5dcac3baf5105
ccc5090c28214bb686946a9b8d17dc2259fda63bed62e23d910e8be332e81c34
GET /stream/3/netherlands-vs-argentina HTTP/1.1
Host: qatarstreams.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:14 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
set-cookie: _dt_qs=AAAAAhQDEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXINEQpzdHJlYW1fYWx0BgE%3D; expires=Sat, 10-Dec-2022 09:50:14 GMT; Max-Age=43200; path=/; domain=.qatarstreams.me; secure; HttpOnly; SameSite=Strict
link: <https://fonts.googleapis.com>; rel=preconnect; crossorigin=anonymous, <https://fonts.gstatic.com>; rel=preconnect; crossorigin=anonymous, <https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap>; rel=preload; as=style, </spacelab.css>; rel=preload; as=style, </stream.min.css>; rel=preload; as=style
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f7aef7109978f8c1c53298563756a403
d610bb812b080710945dd47f9cccd794af9fe2f7
6366bc97e3f9ac9a6e8a294da60f2d961d2106180fd8ffaae97bc82ea399edb9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 21:50:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagmanager.com/gtag/js?id=UA-147757201-11
142.250.74.168200 OK 44 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-147757201-11
IP 142.250.74.168:0
File type ASCII text, with very long lines (1921)
Hash 3ddbe210015a2c6ae018537da8919cb3
aa9316f3928aa070a663786ea04b5ed9a820e272
6790439ef96e7976dcc7616bfbd9dd83f97c5253a9e8b62516f2d91f48cd2573
GET /gtag/js?id=UA-147757201-11 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qatarstreams.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 09 Dec 2022 21:50:14 GMT
expires: Fri, 09 Dec 2022 21:50:14 GMT
cache-control: private, max-age=900
last-modified: Fri, 09 Dec 2022 21:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 43579
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap
142.250.74.106200 OK 1.3 kB URL HTTP/2 fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap
IP 142.250.74.106:0
Hash 64ad449c0ca3e97589a67caded4ca7b7
00001818933db2acd6ad54d1a871eb93a97f9824
342163480aa3a8056738e86947876cc67cd0e31ba4d35002cb53fbb7fc583c87
GET /css2?family=Open+Sans:ital,wght@0,400;0,700;1,400;1,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qatarstreams.me/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Fri, 09 Dec 2022 21:50:14 GMT
date: Fri, 09 Dec 2022 21:50:14 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash edac2b4e678c48b1fc3be3a06793bfcb
23f1f41a2194536d77a2497d7255b13747fd9af0
e6b36b71f3633bd9d2b80043967f9579820f0ef1d5f66e5c401806de13cbe2a1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 21:50:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash f7aef7109978f8c1c53298563756a403
d610bb812b080710945dd47f9cccd794af9fe2f7
6366bc97e3f9ac9a6e8a294da60f2d961d2106180fd8ffaae97bc82ea399edb9
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 21:50:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
qatarstreams.me/img/lang/portugal.svg
45.178.7.43200 OK 2.2 kB URL HTTP/2 qatarstreams.me/img/lang/portugal.svg
IP 45.178.7.43:0
ASN #64122 SWISS GLOBAL SERVICES S.A.S
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (7638), with no line terminators
Hash 7f9cf89cd365622b6062f153a1a38f05
f6a6fc87fde883857ecc44f8349b062772e6bf3d
fefd6199dc86dcafa8945870d7f93058a892159d2ef4ae6ea6212a8bea78fdbd
GET /img/lang/portugal.svg HTTP/1.1
Host: qatarstreams.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qatarstreams.me/stream/3/netherlands-vs-argentina
Connection: keep-alive
Cookie: _dt_qs=AAAAAhQDEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXINEQpzdHJlYW1fYWx0BgE%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:14 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Dec 2022 09:35:33 GMT
vary: Accept-Encoding
etag: W/"638dbb65-1dd6"
expires: Fri, 09 Dec 2022 21:50:44 GMT
cache-control: max-age=30, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
skiableethyls.com/thRPFjI0rSrv5TNE/10879
142.91.159.171200 OK 25 B URL HTTP/1.1 skiableethyls.com/thRPFjI0rSrv5TNE/10879
IP 142.91.159.171:0
File type ASCII text, with no line terminators
Hash d488addc5df5fc9b9ff4135bb4e3a823
6ce56f48e851df4d562b43d3bc1269a504ae83fc
d1e90b8aef655ca37932287e04cbda72092eb029fe90de2bac019c10d3431f60
Analyzer Verdict Alert quad9 Sinkholed
GET /thRPFjI0rSrv5TNE/10879 HTTP/1.1
Host: skiableethyls.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qatarstreams.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 09 Dec 2022 21:50:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://qatarstreams.me
Access-Control-Allow-Headers: content-type, megageocheckolololo, x-forwarded-for
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET, POST, OPTIONS
X-Frame-Options: SAMEORIGIN
Set-Cookie: GL_UI4=eJw9jd1OhDAYRIHy42aFOAkPsI9QVBAvvfEVvCSl%2FcC60G5KXfTtbUz07mTmTCaKoqSuEF9zBvYpWpzU1HSS9428bx9417WPgtM09s9j%2F9Q1gvc46G3wYlzIp7idyZDTcpBWUYm7UP0lZ2N3kyIbnTCqRLYGYylRjM7uG7maITViJRSv2tFkv4IhPqwDa3gbWJvAMUdit5pVBxRv2qiwrI5IGl6VeYTjZRF%2Bsm4dtMpjZLMTihC%2F4EYKT7N13ygUbWdvL4Bd1PDv%2Fx6zveHIFV21JGTWv5P7AaoaStk%3D; expires=Sat, 10-Dec-2022 21:50:14 GMT; Max-Age=86400; path=/; secure; SameSite=None
GL_GI10=eJxNjM0KgkAYRW0qSwrjQg%2FQC2T%2Fi7bVMnThAwxmXzFg84kz%2FdjTpwbR5nI4cK7jOGLsQ6gcw%2B0i2M6D9TJYbNZoX4khwgjDlO%2FaFqXUyY3ghlw8kxJuQVfFGmK%2BwuDLMuUzoRtG0z%2FXRIPIZDzZ1z8lOqmqt1bwav52vaprXFuZHP4uU69JzNndVi8GniYrTU50hrdPThnNDvER%2Fs82H24LfWVkXvCrrHhk1Y3erEny5WLIVqr1cMUHDLFHVQ%3D%3D; expires=Sat, 10-Dec-2022 21:50:14 GMT; Max-Age=86400; path=/; secure; SameSite=None
Content-Encoding: gzip
Vary: Accept-Encoding
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
qatarstreams.me/stream.min.css
45.178.7.43200 OK 290 B URL HTTP/2 qatarstreams.me/stream.min.css
IP 45.178.7.43:0
ASN #64122 SWISS GLOBAL SERVICES S.A.S
File type ASCII text, with very long lines (1424), with no line terminators
Hash f9763f31f3f79c1eea116e7f5a206c40
147873fd163f609c75502e458182b95491e7811c
dbde82f637d538284a8151bfc7d4fb846a6c9b8ad9089158b4849d0c536acddf
GET /stream.min.css HTTP/1.1
Host: qatarstreams.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qatarstreams.me/stream/3/netherlands-vs-argentina
Cookie: _dt_qs=AAAAAhQDEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXINEQpzdHJlYW1fYWx0BgE%3D
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:14 GMT
content-type: text/css
last-modified: Sun, 20 Nov 2022 18:42:42 GMT
vary: Accept-Encoding
etag: W/"637a7522-590"
expires: Sun, 08 Jan 2023 21:50:14 GMT
cache-control: max-age=2592000, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Cache-Control, Backoff, Content-Length, Pragma, Alert, Expires, Last-Modified, Retry-After, ETag, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Fri, 09 Dec 2022 21:33:13 GMT
age: 1021
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 28ad598210d8e13959e76652a51ef0c0
a6e78888b423ab98907a88cdf450b0b7e0d7fc8a
6b7190755143bb65dbdbf17ef4a3181a5cfaeea1e098617612167f29b83de6f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6B7190755143BB65DBDBF17EF4A3181A5CFAEEA1E098617612167F29B83DE6F4"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13260
Expires: Sat, 10 Dec 2022 01:31:14 GMT
Date: Fri, 09 Dec 2022 21:50:14 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 28ad598210d8e13959e76652a51ef0c0
a6e78888b423ab98907a88cdf450b0b7e0d7fc8a
6b7190755143bb65dbdbf17ef4a3181a5cfaeea1e098617612167f29b83de6f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6B7190755143BB65DBDBF17EF4A3181A5CFAEEA1E098617612167F29B83DE6F4"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13260
Expires: Sat, 10 Dec 2022 01:31:14 GMT
Date: Fri, 09 Dec 2022 21:50:14 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 21:50:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 21:50:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
142.250.74.35200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://qatarstreams.me
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 05 Dec 2022 18:52:41 GMT
expires: Tue, 05 Dec 2023 18:52:41 GMT
cache-control: public, max-age=31536000
age: 356253
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
qatarstreams.me/img/lang/english.svg
45.178.7.43200 OK 24 kB URL HTTP/2 qatarstreams.me/img/lang/english.svg
IP 45.178.7.43:0
ASN #64122 SWISS GLOBAL SERVICES S.A.S
File type SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (2612), with no line terminators
Hash c5f7749384a50bb62ab59900779f60db
e241cc81f4975e2eaec9b1adf1795cac9e463e09
86a1f2ce20272d7049d1dfa07d385019a9f71fdf7ed476611922c1256771b789
GET /img/lang/english.svg HTTP/1.1
Host: qatarstreams.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qatarstreams.me/stream/3/netherlands-vs-argentina
Connection: keep-alive
Cookie: _dt_qs=AAAAAhQDEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXINEQpzdHJlYW1fYWx0BgE%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:14 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Dec 2022 09:35:33 GMT
vary: Accept-Encoding
etag: W/"638dbb65-a34"
expires: Fri, 09 Dec 2022 21:50:44 GMT
cache-control: max-age=30, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash e4f546e102d986faf1029509d599b730
cc045a705fd6758b7b575fde5dfb79facc9c3546
ef492301b2b30e5076f7dffa07973e65e9a200ba9ef4d3568a527d3f973f3349
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 21:50:14 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
qatarstreams.me/img/qatarstreams.png
45.178.7.43200 OK 25 kB URL HTTP/2 qatarstreams.me/img/qatarstreams.png
IP 45.178.7.43:0
ASN #64122 SWISS GLOBAL SERVICES S.A.S
File type PNG image data, 30 x 4766, 8-bit colormap, non-interlaced\012- data
Hash dcd200a51fdd686072c06b3c4ef2856c
289f4660ddd8ca6ba7626d7a73c2e8838f33a840
9bfdac573b52effa282e49b4cbfdf7c84a9a498d362145066316529f222e360d
GET /img/qatarstreams.png HTTP/1.1
Host: qatarstreams.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qatarstreams.me/stream.min.css
Cookie: _dt_qs=AAAAAhQDEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXINEQpzdHJlYW1fYWx0BgE%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:14 GMT
content-type: image/png
content-length: 24752
last-modified: Fri, 11 Nov 2022 08:57:57 GMT
vary: Accept-Encoding
etag: "636e0e95-60b0"
expires: Fri, 09 Dec 2022 21:50:44 GMT
cache-control: max-age=30, must-revalidate
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 18324297b0d0a76b08b63ff39e13c393
35b3710a19759fb6c26286a1ad03580b726430d1
68c6e910de4628e8cc17d624cd1690981add4214b8aa633439956529d8a2e711
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "68C6E910DE4628E8CC17D624CD1690981ADD4214B8AA633439956529D8A2E711"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4677
Expires: Fri, 09 Dec 2022 23:08:11 GMT
Date: Fri, 09 Dec 2022 21:50:14 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash e6be4d2155028ffff5d01ab6e7edf6da
07172071b5cf43c4cd7d7930b4ad8518ec1e32e9
4d8a5fa2362fd0910babd6d128d850d4460829468eb23d34ee5ee6eaa42d5a38
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2265
Cache-Control: max-age=129266
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 21:50:14 GMT
Etag: "6392faaf-1d7"
Expires: Sun, 11 Dec 2022 09:44:40 GMT
Last-Modified: Fri, 09 Dec 2022 09:06:55 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1325)
Hash 47e6f374ca946fddd5b59871b325736c
baa9282efc8785e84d247c3bff518eaa45f101c4
16580b5c87c58e5702e411f1888fdef511094e4cd6d62bb47d16291ffb25985e
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qatarstreams.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20039
date: Fri, 09 Dec 2022 20:41:08 GMT
expires: Fri, 09 Dec 2022 22:41:08 GMT
cache-control: public, max-age=7200
age: 4146
last-modified: Tue, 27 Sep 2022 22:01:05 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
vip.jams.wiki/?pge=stream&lang=en&dom=qs&ref=&gid=181098&lno=3&gname=Netherlands+vs+Argentina&gcat=1&h=1
104.26.6.186200 OK 2.8 kB URL HTTP/2 vip.jams.wiki/?pge=stream&lang=en&dom=qs&ref=&gid=181098&lno=3&gname=Netherlands+vs+Argentina&gcat=1&h=1
IP 104.26.6.186:0
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 166aefd502d4dedc9bea2f13379fb16c
365fa7fb59f129b3656481a8d5a9d835d0cd32d8
673e0acdcf196f4bfe92234e178cdafce24c5247cdb6b8375d8bbd8a3853c494
GET /?pge=stream&lang=en&dom=qs&ref=&gid=181098&lno=3&gname=Netherlands+vs+Argentina&gcat=1&h=1 HTTP/1.1
Host: vip.jams.wiki
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qatarstreams.me/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 21:50:14 GMT
content-type: image/png
ser-loc-id: loc-004
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kACo86WVFCW25FMpNugpP4UH0Ftl13CRQB5wKq1BAAvXtb67Kmc2C5fFZiAw4%2BndCq3M19TBeKodDJjyibad9kx7ccXRRhJF2Fmri6zy9fz5kXhFDDRJyEYnVwJ9Rdc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7770f48e4a3fb50b-OSL
X-Firefox-Spdy: h2
grunoaph.net/5/5532923/?oo=1&aab=1
139.45.197.238200 OK 2.2 kB URL HTTP/2 grunoaph.net/5/5532923/?oo=1&aab=1
IP 139.45.197.238:0
Hash b3e75159fd92af7b43508eab74e053aa
c00b8b583d7aa86175f0b0a068ea7b66d9cbb3d8
27b7eb4407ff243dec24e7c961327589dde4cebf88452833cf14ab1285b4ff74
Analyzer Verdict Alert quad9 Sinkholed
GET /5/5532923/?oo=1&aab=1 HTTP/1.1
Host: grunoaph.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://qatarstreams.me
Connection: keep-alive
Referer: https://qatarstreams.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:14 GMT
content-type: application/json
x-trace-id: 7411bed514374cd27eac2b53ab560f1f
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://qatarstreams.me
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=1ead1ad10df049c3a0d0b17006365351; expires=Sat, 09 Dec 2023 21:50:14 GMT; path=/; secure; SameSite=None
oaidts=1670622614; expires=Sat, 09 Dec 2023 21:50:14 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.jsdelivr.net/gh/teranode/jw-provider@0.0.12/provider.hlsjs.min.js
151.101.1.229200 OK 109 kB URL HTTP/2 cdn.jsdelivr.net/gh/teranode/jw-provider@0.0.12/provider.hlsjs.min.js
IP 151.101.1.229:0
File type ASCII text, with very long lines (64857)
Size 109 kB (109074 bytes)
Hash c6a7dc1e022e7f5e9cb2ef80e640fe4e
908b7fa79a8dcc46c8e44b2a0196cf127096e803
1d8858e7dea10d043406106c35a43589eca5ea71e58dc1f92c42b5b41da04ca6
GET /gh/teranode/jw-provider@0.0.12/provider.hlsjs.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nolive.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 0.0.12
x-jsd-version-type: version
etag: W/"5b6a7-VhwLDZarj6lT7kevP4EJmuxjQzA"
content-encoding: gzip
accept-ranges: bytes
date: Fri, 09 Dec 2022 21:50:15 GMT
age: 337914
x-served-by: cache-fra-eddf8230108-FRA, cache-bma1672-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 109074
X-Firefox-Spdy: h2
sts.nolive.me/scripts/v2/embed2.min.js
172.67.143.157200 OK 523 B URL HTTP/2 sts.nolive.me/scripts/v2/embed2.min.js
IP 172.67.143.157:0
File type ASCII text, with very long lines (1071), with no line terminators
Hash 65721f5ed6bcca986440ec64c2de1e8f
0305121676c056146428e7e5e9b764864b1074e3
a58cd2e8403393f67ee48af7ed9162686e36a912d33bc5955fb0c240fc6e7596
GET /scripts/v2/embed2.min.js HTTP/1.1
Host: sts.nolive.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qatarstreams.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 21:50:14 GMT
content-type: application/javascript
last-modified: Tue, 25 Oct 2022 08:06:23 GMT
vary: Accept-Encoding
etag: W/"635798ff-42f"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000, must-revalidate
cf-cache-status: HIT
age: 2539802
server: cloudflare
cf-ray: 7770f48bac0ab51b-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
104.18.20.226200 OK 1.5 kB URL HTTP/1.1 ocsp.globalsign.com/ca/gsatlasr3dvtlsca2022q1
IP 104.18.20.226:0
Hash 29a98a5a9a97e3cf5a7b8f10e8ae6f2a
db01633979436d6b402e019b3b5b31a2362948a2
f601ca16524bd84335229f9c5413c7fdd4a3b68bce904c24d1c92363b519ebe5
POST /ca/gsatlasr3dvtlsca2022q1 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 21:50:15 GMT
Content-Type: application/ocsp-response
Transfer-Encoding: chunked
Connection: keep-alive
Etag: "B264A3FCF78757CDA92C2AC6AE7B224320C6C094"
Expires: Sat, 10 Dec 2022 08:00:00 GMT
Last-Modified: Fri, 09 Dec 2022 20:00:00 UTC
Cache-Control: s-maxage=3600, public, no-transform, must-revalidate
CF-Cache-Status: HIT
Age: 2623
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7770f4904f4a1c0a-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5d57d5ae8bac6ade669a51519a8d251e
8f0ed02645b371da6cf3c0d331d7a7f0e1e2c1ea
1a40f137c56f35b7a1d44b2773bac84e6723d0c57be995d26b26f0e0092fd74f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1A40F137C56F35B7A1D44B2773BAC84E6723D0C57BE995D26B26F0E0092FD74F"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=36
Expires: Fri, 09 Dec 2022 21:50:51 GMT
Date: Fri, 09 Dec 2022 21:50:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 43 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 199a59d68a448f8f23dec0e99c66d23c
dbe7d09e98c187de980089145b9b4e59c172f433
3d9cb6e6e547a22a89c7595e048296154c7c5cb666a5b343794340837bcb9f82
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "907BFF5886C7B9A138F540090F7E0010621667C24AA02C3FD075F083D0A3B683"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14071
Expires: Sat, 10 Dec 2022 01:44:46 GMT
Date: Fri, 09 Dec 2022 21:50:15 GMT
Connection: keep-alive
my.rtmark.net/gid.js?userId=1ead1ad10df049c3a0d0b17006365351
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=1ead1ad10df049c3a0d0b17006365351
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 1ce91a3ac1756d769631812b9c8a9bc9
611b9f9008f10a20382a313684573f6833e3d9dc
cdf620ef3a8952ea38ca902c524714aaebfc7b54455ae36ea46d0adafa29514e
GET /gid.js?userId=1ead1ad10df049c3a0d0b17006365351 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://qatarstreams.me
Connection: keep-alive
Referer: https://qatarstreams.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://qatarstreams.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=1ead1ad10df049c3a0d0b17006365351; expires=Sat, 09 Dec 2023 21:50:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash dd3e3f47a780ad747758b2457e0a27a8
f20dd04406884afe136e1521c70dfe9f980c03e1
6fc193b49cfa6e6dec17b93909653b4f6d9a951a2e7b8092e6b752d8d7c64d56
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3515
Cache-Control: max-age=119020
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 21:50:15 GMT
Etag: "6392cdc8-117"
Expires: Sun, 11 Dec 2022 06:53:55 GMT
Last-Modified: Fri, 09 Dec 2022 05:55:20 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
www.nolive.me/sd0embed
45.178.6.170200 OK 85 kB IP 45.178.6.170:0
ASN #64122 SWISS GLOBAL SERVICES S.A.S
Hash 616aacff0c296c2c152b0f5f5bc2e4d6
dfd5ca0186311ab475000c464c6ef81e9d368ef7
e0d8a6a9fb50dea78772ea96a2c966cc42ebd54b56559f7d864b7fbcbe9b98eb
HEAD /sd0embed HTTP/1.1
Host: www.nolive.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nolive.me/sd0embed
Connection: keep-alive
Cookie: tamedy=1; _pshflg=~
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:15 GMT
content-type: application/octet-stream
content-length: 2
strict-transport-security: max-age=324000; includeSubDomains
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 4873ee0ac9521799b047839039c6466e
7c849a904c03794f529a24e084ad52fd9eca0dd2
292e1b87b4a256dec8cc65faa2cd08c3c282526d8e2c4764bf1b8021f03ade98
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 5148
Cache-Control: max-age=106922
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 21:50:15 GMT
Etag: "63929825-117"
Expires: Sun, 11 Dec 2022 03:32:17 GMT
Last-Modified: Fri, 09 Dec 2022 02:06:29 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 50fba75f31a752164e57056cf698c8d9
3c49cbf779402bf1a378246e85da4f3d5a3d305d
7822070508b2064f083b924d6bedeac41d6633da3377f6ab658b7d4216611f9a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7822070508B2064F083B924D6BEDEAC41D6633DA3377F6AB658B7D4216611F9A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7684
Expires: Fri, 09 Dec 2022 23:58:19 GMT
Date: Fri, 09 Dec 2022 21:50:15 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 133 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Size 133 kB (132851 bytes)
Hash fe727eb9e3302a2d0c37abdb1a982187
0b59e8ba2384af372c32f1ba94ae885c2648d997
52dc7b05891516c35dae599f59b303a0bd384b9c7b417d3c1f939ff3b22c44f1
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7822070508B2064F083B924D6BEDEAC41D6633DA3377F6AB658B7D4216611F9A"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7684
Expires: Fri, 09 Dec 2022 23:58:19 GMT
Date: Fri, 09 Dec 2022 21:50:15 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash dd3e3f47a780ad747758b2457e0a27a8
f20dd04406884afe136e1521c70dfe9f980c03e1
6fc193b49cfa6e6dec17b93909653b4f6d9a951a2e7b8092e6b752d8d7c64d56
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3515
Cache-Control: max-age=119020
Content-Type: application/ocsp-response
Date: Fri, 09 Dec 2022 21:50:15 GMT
Etag: "6392cdc8-117"
Expires: Sun, 11 Dec 2022 06:53:55 GMT
Last-Modified: Fri, 09 Dec 2022 05:55:20 GMT
Server: ECS (ska/F712)
X-Cache: HIT
Content-Length: 279
ipp.littlecdn.com/web/static/ball.png
104.22.25.116200 OK 9.6 kB URL HTTP/2 ipp.littlecdn.com/web/static/ball.png
IP 104.22.25.116:0
File type PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 903ff2b408f3246176c88a3936d5fd22
158954159a9ee7549b03bd5b93faa739dbbae7c3
7d82e30c72c434e3660014ff97d2cceea967d2014ce801844d784095133896cc
GET /web/static/ball.png HTTP/1.1
Host: ipp.littlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 21:50:15 GMT
content-type: image/png
content-length: 9637
last-modified: Fri, 16 Apr 2021 13:05:23 GMT
etag: "903ff2b408f3246176c88a3936d5fd22"
expires: Sat, 10 Dec 2022 21:44:28 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 347
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7770f4927e7dfab8-OSL
X-Firefox-Spdy: h2
whairtoa.com/tag.min.js
139.45.197.238200 OK 23 kB IP 139.45.197.238:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash fc4b8cf5c4bf15997c887aaaf24d1ffa
6be0ce49f4840f61713462272352db221fd242de
96e4ca96f57882c52a700177c1e3aa277e8a72032cbae412be9bb7e99925adfa
Analyzer Verdict Alert quad9 Sinkholed
GET /tag.min.js HTTP/1.1
Host: whairtoa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nolive.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:15 GMT
content-type: text/javascript; charset=utf-8
content-length: 23393
content-encoding: br
x-trace-id: 71c16117b635efcd759b9202cb2dc8a7
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Fri, 09 Dec 2022 06:45:38 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
my.rtmark.net/gid.js?userId=76d3bcddc27545edaeb8e93f078ac99c
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=76d3bcddc27545edaeb8e93f078ac99c
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 1ce91a3ac1756d769631812b9c8a9bc9
611b9f9008f10a20382a313684573f6833e3d9dc
cdf620ef3a8952ea38ca902c524714aaebfc7b54455ae36ea46d0adafa29514e
GET /gid.js?userId=76d3bcddc27545edaeb8e93f078ac99c HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nolive.me
Connection: keep-alive
Referer: https://www.nolive.me/
Cookie: ID=1ead1ad10df049c3a0d0b17006365351
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:15 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://www.nolive.me
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=1ead1ad10df049c3a0d0b17006365351; expires=Sat, 09 Dec 2023 21:50:15 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
ply.jams.wiki/?v=wc12hd~wc12sd&d=desktop&u=qatarstreams.me&url=https%3A%2F%2Fwww.nolive.me%2Fsd0embed&h=1
104.26.6.186200 OK 572 B URL HTTP/2 ply.jams.wiki/?v=wc12hd~wc12sd&d=desktop&u=qatarstreams.me&url=https%3A%2F%2Fwww.nolive.me%2Fsd0embed&h=1
IP 104.26.6.186:0
File type PNG image data, 1 x 1, 8-bit gray+alpha, non-interlaced\012- data
Hash 06cf986f38546d4e62465be81ba44567
1f31b897015293e266e24631b3375174514ab911
ddd8e8bf6d38be75f3209bbec63ded7c114046a5f1263069b30fd7aae39b9677
GET /?v=wc12hd~wc12sd&d=desktop&u=qatarstreams.me&url=https%3A%2F%2Fwww.nolive.me%2Fsd0embed&h=1 HTTP/1.1
Host: ply.jams.wiki
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://www.nolive.me/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 09 Dec 2022 21:50:15 GMT
content-type: image/png
ser-loc-id: loc-004
access-control-allow-origin: *
access-control-allow-credentials: true
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ad5Gx0JnqUBraijrevhLrI2kIUYd%2BfiIxS5yZGwDj%2Fp6TKrxCL2ukkRsm9XBNMNxJcdB7KV6V7EkK1JTpC53BIxi%2BF1Cx2UfjVG%2F3UH01fkqYFie6bbwDXMZl5yjFRM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7770f4926f1db50b-OSL
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5befea1ff179e1346422afeace6ac43d
313a8a8c24dd6a29b69d6fa15a29826250995e29
f61f64c91aed0910ea20c1b3cf030f219d080a3bb2087a1fe2b80a403074edb9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F61F64C91AED0910EA20C1B3CF030F219D080A3BB2087A1FE2B80A403074EDB9"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11783
Expires: Sat, 10 Dec 2022 01:06:38 GMT
Date: Fri, 09 Dec 2022 21:50:15 GMT
Connection: keep-alive
whairtoa.com/5/2836667/?oo=1&aab=1
139.45.197.238200 OK 1.4 kB URL HTTP/2 whairtoa.com/5/2836667/?oo=1&aab=1
IP 139.45.197.238:0
Hash a2d2e12b4191e1be60d5e7d74807251e
11046d32cfe95c2c0d0df5e622cfeb81de9cfa14
9591a78da87802b1dc257f191f6272d1f1502317fa87af1495421900cde20a46
Analyzer Verdict Alert quad9 Sinkholed
GET /5/2836667/?oo=1&aab=1 HTTP/1.1
Host: whairtoa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nolive.me
Connection: keep-alive
Referer: https://www.nolive.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:15 GMT
content-type: application/json
x-trace-id: abd757abbf805314c06be51eb33e5938
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://www.nolive.me
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=76d3bcddc27545edaeb8e93f078ac99c; expires=Sat, 09 Dec 2023 21:50:15 GMT; path=/; secure; SameSite=None
oaidts=1670622615; expires=Sat, 09 Dec 2023 21:50:15 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
nanouwho.com/1?z=5149528
139.45.197.242404 Not Found 7 B IP 139.45.197.242:0
File type ASCII text, with no line terminators
Hash 3b66fb7a307f3ca29bd59b2f354055bd
d6ae6ccb37eb272d94d4a5191fa50372f4d06bba
de68e8f959bc131328db7581860711517d6ae1eb03aa047043dc7f826906e5a4
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=5149528 HTTP/1.1
Host: nanouwho.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.nolive.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 404 Not Found
server: nginx
date: Fri, 09 Dec 2022 21:50:15 GMT
content-type: text/plain; charset=utf-8
content-length: 7
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: fe453f387d99b52067619e88659f94fc
access-control-expose-headers: X-Sc
x-sc: 4KdnrdofxFOHMlcU
set-cookie: scm=1; expires=Sat, 09 Dec 2023 21:50:15 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10294
Expires: Sat, 10 Dec 2022 00:41:50 GMT
Date: Fri, 09 Dec 2022 21:50:16 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10294
Expires: Sat, 10 Dec 2022 00:41:50 GMT
Date: Fri, 09 Dec 2022 21:50:16 GMT
Connection: keep-alive
whairtoa.com/?rb=W64NMsXXnTwSDHfL4FR7bHXKu8uJbr6Hby-CRycfOLli1Moi5bVBZkQEGWzmf7fryAqIuD3HcO5A0HNCZsmr6BqzF_6O47oluN_9qajYY8NOuY0K20vuJXS8buCqTORNBHzL1jUlD0z_MahNq6xPaEj7BhoaHBMwr-eXEPIxO_BOL2sBN7kMEuDRo_Z0cnMpdT7l7VrliLYrq0mAixU182SgwyOcWcDyu2i-KqTVRejndL33&request_ab2=96003&zoneid=2836667&js_build=iclick-v1.459.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=927&wih=521&wiw=927&wfc=3&pl=https%3A%2F%2Fwww.nolive.me%2Fsd0embed&drf=https%3A%2F%2Fqatarstreams.me%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&js_build=iclick-v1.459.0&bs=4115f72d-362c-4039-aedc-ee4c72b69585&userId=1ead1ad10df049c3a0d0b17006365351&m=link
139.45.197.238200 OK 2.1 kB URL HTTP/2 whairtoa.com/?rb=W64NMsXXnTwSDHfL4FR7bHXKu8uJbr6Hby-CRycfOLli1Moi5bVBZkQEGWzmf7fryAqIuD3HcO5A0HNCZsmr6BqzF_6O47oluN_9qajYY8NOuY0K20vuJXS8buCqTORNBHzL1jUlD0z_MahNq6xPaEj7BhoaHBMwr-eXEPIxO_BOL2sBN7kMEuDRo_Z0cnMpdT7l7VrliLYrq0mAixU182SgwyOcWcDyu2i-KqTVRejndL33&request_ab2=96003&zoneid=2836667&js_build=iclick-v1.459.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=927&wih=521&wiw=927&wfc=3&pl=https%3A%2F%2Fwww.nolive.me%2Fsd0embed&drf=https%3A%2F%2Fqatarstreams.me%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&js_build=iclick-v1.459.0&bs=4115f72d-362c-4039-aedc-ee4c72b69585&userId=1ead1ad10df049c3a0d0b17006365351&m=link
IP 139.45.197.238:0
Hash a87bfdc333e4ef34518139965bc9082e
835382cce45901dd4a3b6cc634fc0c1e9aab7a4f
db1dd4385b554b2c50538092c6b53b749a8f2020f904c39aed1a6f3925f88569
Analyzer Verdict Alert quad9 Sinkholed
GET /?rb=W64NMsXXnTwSDHfL4FR7bHXKu8uJbr6Hby-CRycfOLli1Moi5bVBZkQEGWzmf7fryAqIuD3HcO5A0HNCZsmr6BqzF_6O47oluN_9qajYY8NOuY0K20vuJXS8buCqTORNBHzL1jUlD0z_MahNq6xPaEj7BhoaHBMwr-eXEPIxO_BOL2sBN7kMEuDRo_Z0cnMpdT7l7VrliLYrq0mAixU182SgwyOcWcDyu2i-KqTVRejndL33&request_ab2=96003&zoneid=2836667&js_build=iclick-v1.459.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=927&wih=521&wiw=927&wfc=3&pl=https%3A%2F%2Fwww.nolive.me%2Fsd0embed&drf=https%3A%2F%2Fqatarstreams.me%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&js_build=iclick-v1.459.0&bs=4115f72d-362c-4039-aedc-ee4c72b69585&userId=1ead1ad10df049c3a0d0b17006365351&m=link HTTP/1.1
Host: whairtoa.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nolive.me
Connection: keep-alive
Referer: https://www.nolive.me/
Cookie: OAID=76d3bcddc27545edaeb8e93f078ac99c; oaidts=1670622615
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:15 GMT
content-type: application/json
x-trace-id: 95d72790fd2a80a3b33fe89fb0c94e5d
access-control-allow-origin: https://www.nolive.me
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=1ead1ad10df049c3a0d0b17006365351; expires=Sat, 09 Dec 2023 21:50:15 GMT; path=/; secure; SameSite=None
oaidts=1670622615; expires=Sat, 09 Dec 2023 21:50:15 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 16 Dec 2022 21:50:15 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7b8c1870f03a90aac6370fc69516f95f
1e94fd7c9a2f9fe4867e21ab217879a2180a9cdb
f43702cd363447680d545d928f9ea6f997a770228108b4c9312999b76891bb38
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F43702CD363447680D545D928F9EA6F997A770228108B4C9312999B76891BB38"
Last-Modified: Wed, 07 Dec 2022 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10294
Expires: Sat, 10 Dec 2022 00:41:50 GMT
Date: Fri, 09 Dec 2022 21:50:16 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
34.120.237.76200 OK 6.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8546542f00ea29ef4df6ab8d3c7c2164
5c8ffe91490006a9890188b53f875568c2b6bd8f
7fb11750ac339ac283da62fd370862c6b95a103a585ca5dd8c90038718d818a1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F6a20bda5-6ca4-42c4-8729-6e975652e66a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6578
x-amzn-requestid: 6392feb9-e33e-42fa-bc10-b5e31e654c9b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cw4beGG7oAMF8hA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63903aaf-2c890b7b0a16617346a0f7e7;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 07:03:11 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: H067kZXU_djWxbWO34bYMqa0xZ-WF9ntEBhZ-kV_TDoJFXQL_J1hqQ==
via: 1.1 4d7fa73f804f1c93f20cfc24c4b1266e.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:34:27 GMT
age: 65749
etag: "5c8ffe91490006a9890188b53f875568c2b6bd8f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
34.120.237.76200 OK 7.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c3214044657f3b876d1f1848bca5684
7558222788f06623ddae6e883413e38e1146281e
e1f9c9c445bba7765f371dbb655cab43c1e12de7cbd015f8034c494118f7f708
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbe602fad-66c2-48db-acd3-371ca6dcb8f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7897
x-amzn-requestid: 032fd8ae-b7e9-4e12-8546-838191a73688
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cwVM_F51IAMFunw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63900252-345ae6cd107d207f5dbe29a8;Sampled=0
x-amzn-remapped-date: Wed, 07 Dec 2022 03:02:42 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: N-zFZ8yeL7RrOZ5xfqvfBaE3zcXWecvr6Jd-93nKiUZlCXp2n2_Bgw==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 325ed3ba58a560748d886354beef39c0.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 03:41:46 GMT
age: 65310
etag: "7558222788f06623ddae6e883413e38e1146281e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 730ba1a8edb79ba6f83b46d1ba5aed7b
55a236fedf6f5f7ca2bb88ae13e20846a50fd36d
f8043e76265c59073d111987fd4c08d05a3ac80989af9269cca9ebcc21af4013
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcf07b4f3-8986-4a9c-8c85-b126338852d2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12748
x-amzn-requestid: edd028e3-c23e-4985-b12d-d3ebe760df47
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cjuciEptIAMFj9A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638af783-1c151eb66f590c9c0e0c4c82;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 07:15:15 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: -y4-_OwHl5_OFykJYYZSqwIopjKoYy1MhaGTpVXd4Grq2EsUP2c3IA==
via: 1.1 cd48ffda04934d18865e47e99ea080bc.cloudfront.net (CloudFront), 1.1 57a21088b36c69a83578b5a5579df58e.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 07:44:29 GMT
age: 50747
etag: "55a236fedf6f5f7ca2bb88ae13e20846a50fd36d"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18fc6c7c-4552-4358-9e4d-cdf93bc52b43.webp
34.120.237.76200 OK 4.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18fc6c7c-4552-4358-9e4d-cdf93bc52b43.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 06799a30d9977b0845f525ae82355d23
6ae9a3c17dcbac5912a46ca0c99977ca3adad4ea
d7a7eeb42d36167243b3dea7147a61119cbb5d1dcc2e2304c6ddd4a62e41efd3
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F18fc6c7c-4552-4358-9e4d-cdf93bc52b43.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4914
x-amzn-requestid: b709d5ff-617b-480b-8fc3-b1408ee358b6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: cZQsoEkSIAMF0ZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6386c7ea-4150ac397b97d1217cece045;Sampled=0
x-amzn-remapped-date: Wed, 30 Nov 2022 03:03:06 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: vU8PVYI3RMCLSJ_lK5NDOv5wBeEXeqngYURGrYkY-jZ9rvOw_MrBIw==
via: 1.1 0aebf3fe433ff96e68d785fad4ea4c0e.cloudfront.net (CloudFront), 1.1 570075675953459325e00b7bcd171df2.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 08:55:58 GMT
age: 46458
etag: "6ae9a3c17dcbac5912a46ca0c99977ca3adad4ea"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
34.120.237.76200 OK 5.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fba9a3854df65740512f96efe7442e58
8fbff7725c842d70e047c635a725723a9dc9c55a
6e639298ebc82343cee9267d2910d15735af55f910e2c3de9218266b7c6fffc9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F60d2c55a-1a85-4fbf-b256-9d812a2b5ec2.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5188
x-amzn-requestid: afb8cbd2-3674-4dac-9cd9-9ff83618ac0a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ck2-5G9joAMFlPA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638b6b92-2979ff216b9028aa70baef8b;Sampled=0
x-amzn-remapped-date: Sat, 03 Dec 2022 15:30:26 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 7Dp35PIr_WYUI1bBa21AvmCMEPi0d3jnhuS8eEk3Q3CXRcGWAnkD8g==
via: 1.1 8ae6af4d17aae7471e5fe2792eb6abcc.cloudfront.net (CloudFront), 1.1 7eb3b782ab09047ce0d11ee03763894c.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 16:56:53 GMT
age: 17603
etag: "8fbff7725c842d70e047c635a725723a9dc9c55a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
34.120.237.76200 OK 7.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5de5d319f43d9c9c641419d96655541f
cde4c7fa0145d3645af17e34c83c63c08f76a076
fdb114eb142f035c7a54195d16af51b5b423642c312f4bccc0f407d8fcc245aa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F29d00d08-ec53-4c7b-a2ef-5901b64cdefd.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7557
x-amzn-requestid: 400d1465-ecbf-4d95-8aa8-4dce5dca0716
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ctluwGo4oAMFhTg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-638ee991-6dba29ae7065d5347a1a420d;Sampled=0
x-amzn-remapped-date: Tue, 06 Dec 2022 07:04:49 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: Lazl-stakC-31gMuQ2WzH9uFkIb0g7HaaM3xkwSFdFJMWKTaKqrBEQ==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 591683988172c7980c4ebb318cbf18a8.cloudfront.net (CloudFront), 1.1 google
date: Fri, 09 Dec 2022 04:07:07 GMT
age: 63789
etag: "cde4c7fa0145d3645af17e34c83c63c08f76a076"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
onvictinitor.com/apu.php?zoneid=5475261
139.45.197.238200 OK 0 B URL HTTP/2 onvictinitor.com/apu.php?zoneid=5475261
IP 139.45.197.238:0
GET /apu.php?zoneid=5475261 HTTP/1.1
Host: onvictinitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qatarstreams.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:15 GMT
content-type: application/javascript
x-trace-id: f75f9e54dbd7050a3dd698412ce29608
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=8264c7233d0244a2acaa9066af8b8674; expires=Sat, 09 Dec 2023 21:50:15 GMT; path=/; secure; SameSite=None
oaidts=1670622615; expires=Sat, 09 Dec 2023 21:50:15 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
onvictinitor.com/?rb=dhUqD7vIS3CSe0HjSR3OrmHj9hI9XkElIOIUocFfbNuRT4wKTxUokP1bcmLfiLx4IlAkmsqVOLmo6uFCMX1vXAvRT0_Ll1-n3KiLokKijrV5YZ0t3rXp0Y6WmUPILrZLIQoZVSCGo7uclemnxhRgKmWZcmc88ztJ7RlFDIyZaD41C9kA1KGdGD2lg70gubGZzZA9MAz03CtXaqkdir5Fhn0i_L7w-t4hKlaXD_Fh0qZOS2Xc&request_ab2=96003&zoneid=5475261&js_build=iclick-v1.459.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=2&pl=https%3A%2F%2Fqatarstreams.me%2Fstream%2F3%2Fnetherlands-vs-argentina&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.459.0&bs=4a64aebd-0c4f-44f7-8d92-8c824dfb50a1&userId=1ead1ad10df049c3a0d0b17006365351&m=link
139.45.197.238200 OK 0 B URL HTTP/2 onvictinitor.com/?rb=dhUqD7vIS3CSe0HjSR3OrmHj9hI9XkElIOIUocFfbNuRT4wKTxUokP1bcmLfiLx4IlAkmsqVOLmo6uFCMX1vXAvRT0_Ll1-n3KiLokKijrV5YZ0t3rXp0Y6WmUPILrZLIQoZVSCGo7uclemnxhRgKmWZcmc88ztJ7RlFDIyZaD41C9kA1KGdGD2lg70gubGZzZA9MAz03CtXaqkdir5Fhn0i_L7w-t4hKlaXD_Fh0qZOS2Xc&request_ab2=96003&zoneid=5475261&js_build=iclick-v1.459.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=2&pl=https%3A%2F%2Fqatarstreams.me%2Fstream%2F3%2Fnetherlands-vs-argentina&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.459.0&bs=4a64aebd-0c4f-44f7-8d92-8c824dfb50a1&userId=1ead1ad10df049c3a0d0b17006365351&m=link
IP 139.45.197.238:0
GET /?rb=dhUqD7vIS3CSe0HjSR3OrmHj9hI9XkElIOIUocFfbNuRT4wKTxUokP1bcmLfiLx4IlAkmsqVOLmo6uFCMX1vXAvRT0_Ll1-n3KiLokKijrV5YZ0t3rXp0Y6WmUPILrZLIQoZVSCGo7uclemnxhRgKmWZcmc88ztJ7RlFDIyZaD41C9kA1KGdGD2lg70gubGZzZA9MAz03CtXaqkdir5Fhn0i_L7w-t4hKlaXD_Fh0qZOS2Xc&request_ab2=96003&zoneid=5475261&js_build=iclick-v1.459.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=1268&wih=939&wiw=1280&wfc=2&pl=https%3A%2F%2Fqatarstreams.me%2Fstream%2F3%2Fnetherlands-vs-argentina&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=1&tb=false&js_build=iclick-v1.459.0&bs=4a64aebd-0c4f-44f7-8d92-8c824dfb50a1&userId=1ead1ad10df049c3a0d0b17006365351&m=link HTTP/1.1
Host: onvictinitor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://qatarstreams.me
Connection: keep-alive
Referer: https://qatarstreams.me/
Cookie: OAID=8264c7233d0244a2acaa9066af8b8674; oaidts=1670622615
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:15 GMT
content-type: application/json
x-trace-id: 617d3b53de2af1bd44a76772bee731da
access-control-allow-origin: https://qatarstreams.me
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=1ead1ad10df049c3a0d0b17006365351; expires=Sat, 09 Dec 2023 21:50:15 GMT; path=/; secure; SameSite=None
oaidts=1670622615; expires=Sat, 09 Dec 2023 21:50:15 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Fri, 16 Dec 2022 21:50:15 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
qatarstreams.me/img/lang/france.svg
45.178.7.43200 OK 0 B URL HTTP/2 qatarstreams.me/img/lang/france.svg
IP 45.178.7.43:0
ASN #64122 SWISS GLOBAL SERVICES S.A.S
GET /img/lang/france.svg HTTP/1.1
Host: qatarstreams.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qatarstreams.me/stream/3/netherlands-vs-argentina
Connection: keep-alive
Cookie: _dt_qs=AAAAAhQDEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXINEQpzdHJlYW1fYWx0BgE%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:14 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Dec 2022 09:35:33 GMT
vary: Accept-Encoding
etag: W/"638dbb65-20b"
expires: Fri, 09 Dec 2022 21:50:44 GMT
cache-control: max-age=30, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
qatarstreams.me/img/lang/saudi-arabia.svg
45.178.7.43200 OK 0 B URL HTTP/2 qatarstreams.me/img/lang/saudi-arabia.svg
IP 45.178.7.43:0
ASN #64122 SWISS GLOBAL SERVICES S.A.S
GET /img/lang/saudi-arabia.svg HTTP/1.1
Host: qatarstreams.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qatarstreams.me/stream/3/netherlands-vs-argentina
Connection: keep-alive
Cookie: _dt_qs=AAAAAhQDEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXINEQpzdHJlYW1fYWx0BgE%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:14 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Dec 2022 09:35:33 GMT
vary: Accept-Encoding
etag: W/"638dbb65-482"
expires: Fri, 09 Dec 2022 21:50:44 GMT
cache-control: max-age=30, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
qatarstreams.me/stream.bun.min.js
45.178.7.43200 OK 0 B URL HTTP/2 qatarstreams.me/stream.bun.min.js
IP 45.178.7.43:0
ASN #64122 SWISS GLOBAL SERVICES S.A.S
GET /stream.bun.min.js HTTP/1.1
Host: qatarstreams.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qatarstreams.me/stream/3/netherlands-vs-argentina
Connection: keep-alive
Cookie: _dt_qs=AAAAAhQDEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXINEQpzdHJlYW1fYWx0BgE%3D
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:14 GMT
content-type: application/javascript
last-modified: Sat, 15 Oct 2022 16:02:32 GMT
vary: Accept-Encoding
etag: W/"634ad998-2651a"
expires: Sun, 08 Jan 2023 21:50:14 GMT
cache-control: max-age=2592000, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
key.seckeyserv.me/?stream=u3h4t9j1v4v6f9k2e6g6&scode=nMB4Rhlk-x12aXolvgBHXw&expires=1670622644
104.26.5.140200 OK 0 B URL HTTP/2 key.seckeyserv.me/?stream=u3h4t9j1v4v6f9k2e6g6&scode=nMB4Rhlk-x12aXolvgBHXw&expires=1670622644
IP 104.26.5.140:0
GET /?stream=u3h4t9j1v4v6f9k2e6g6&scode=nMB4Rhlk-x12aXolvgBHXw&expires=1670622644 HTTP/1.1
Host: key.seckeyserv.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.nolive.me
Connection: keep-alive
Referer: https://www.nolive.me/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 21:50:15 GMT
content-type: application/json
vary: Accept-Encoding
k-auth-type: hit
ser-loc-id: loc-004
expires: Fri, 09 Dec 2022 21:50:15 GMT
cache-control: max-age=0
access-control-allow-origin: https://www.nolive.me
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Cache-Control,Content-Type,Range
access-control-expose-headers: Content-Length,Content-Range
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l8F5MStOWKMiL4jVaQJZeY9IiGMCBgTHUC0I7mb7Wj%2FKqL3KyAccej7zOYxCn0fwtpk81C6OYCqjAeAA5G7Tt41ioEcjSXXSFQiZ%2FkA4R3%2BfYdvb5DQaMF2P9bsQmKb8NpZx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 7770f491a80eb4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
qatarstreams.me/img/qatarstreams.svg
45.178.7.43200 OK 0 B URL HTTP/2 qatarstreams.me/img/qatarstreams.svg
IP 45.178.7.43:0
ASN #64122 SWISS GLOBAL SERVICES S.A.S
GET /img/qatarstreams.svg HTTP/1.1
Host: qatarstreams.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qatarstreams.me/stream/3/netherlands-vs-argentina
Connection: keep-alive
Cookie: _dt_qs=AAAAAhQDEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXINEQpzdHJlYW1fYWx0BgE%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:14 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Dec 2022 09:49:23 GMT
vary: Accept-Encoding
etag: W/"638dbea3-41c2"
expires: Fri, 09 Dec 2022 21:50:44 GMT
cache-control: max-age=30, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
ipp.littlecdn.com/web/static/sport.js
104.22.25.116200 OK 0 B URL HTTP/2 ipp.littlecdn.com/web/static/sport.js
IP 104.22.25.116:0
GET /web/static/sport.js HTTP/1.1
Host: ipp.littlecdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://qatarstreams.me/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 09 Dec 2022 21:50:15 GMT
content-type: application/javascript
last-modified: Thu, 24 Nov 2022 12:40:16 GMT
etag: W/"d9fd7638e4b5122530bbc3715cdba2ad"
expires: Sat, 10 Dec 2022 21:21:27 GMT
cache-control: max-age=86400
timing-allow-origin: *
cf-cache-status: HIT
age: 1728
vary: Accept-Encoding
server: cloudflare
cf-ray: 7770f4923e49fab8-OSL
content-encoding: br
X-Firefox-Spdy: h2
qatarstreams.me/img/lang/spain.svg
45.178.7.43200 OK 0 B URL HTTP/2 qatarstreams.me/img/lang/spain.svg
IP 45.178.7.43:0
ASN #64122 SWISS GLOBAL SERVICES S.A.S
GET /img/lang/spain.svg HTTP/1.1
Host: qatarstreams.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qatarstreams.me/stream/3/netherlands-vs-argentina
Connection: keep-alive
Cookie: _dt_qs=AAAAAhQDEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXINEQpzdHJlYW1fYWx0BgE%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:14 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Dec 2022 09:35:33 GMT
vary: Accept-Encoding
etag: W/"638dbb65-1f4"
expires: Fri, 09 Dec 2022 21:50:44 GMT
cache-control: max-age=30, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2
qatarstreams.me/img/lang/germany.svg
45.178.7.43200 OK 0 B URL HTTP/2 qatarstreams.me/img/lang/germany.svg
IP 45.178.7.43:0
ASN #64122 SWISS GLOBAL SERVICES S.A.S
GET /img/lang/germany.svg HTTP/1.1
Host: qatarstreams.me
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://qatarstreams.me/stream/3/netherlands-vs-argentina
Connection: keep-alive
Cookie: _dt_qs=AAAAAhQDEQNhZHMUAREGc3RyZWFtFAMRA3BvcAYAEQZiYW5uZXIGABEGYnV0dG9uBgARB3JlZmVyZXINEQpzdHJlYW1fYWx0BgE%3D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Fri, 09 Dec 2022 21:50:14 GMT
content-type: image/svg+xml
last-modified: Mon, 05 Dec 2022 09:35:33 GMT
vary: Accept-Encoding
etag: W/"638dbb65-23d"
expires: Fri, 09 Dec 2022 21:50:44 GMT
cache-control: max-age=30, must-revalidate
content-encoding: br
X-Firefox-Spdy: h2