pushsar.com/pfe/current/qf.html?action=http://omnatuor.com/ck?ab=13130&actionid=0&ad_scheme=4&au=55416,97402,97947&bannerid=13528130&brt=9¤cy=USD&d=m.topflix.tv&dp=0.013408&ds=v170986d95ff&dti=1674260065&dvc=12&dztc=37&ex_a=true&force_oaid=0c34786a3cb0473d84c79c6b8e71c25e<=902&mm=2&nmsg=0&pub=0&rt=25&ruid=e4aec239-dbb2-3d80-a039-f3a7fbb00be9&sg=e624d0ec87f0aaaebbbae87b041fb3d9&sid=7462936312&tsg=%0A%02ae%10%02%18%03+%04*%02LG2%03V30&type=redirect&uact=1&vc=229&zoneid=3461590&bt=push
139.45.197.251200 OK 56 B URL HTTP/1.1 pushsar.com/pfe/current/qf.html?action=http://omnatuor.com/ck?ab=13130&actionid=0&ad_scheme=4&au=55416,97402,97947&bannerid=13528130&brt=9¤cy=USD&d=m.topflix.tv&dp=0.013408&ds=v170986d95ff&dti=1674260065&dvc=12&dztc=37&ex_a=true&force_oaid=0c34786a3cb0473d84c79c6b8e71c25e<=902&mm=2&nmsg=0&pub=0&rt=25&ruid=e4aec239-dbb2-3d80-a039-f3a7fbb00be9&sg=e624d0ec87f0aaaebbbae87b041fb3d9&sid=7462936312&tsg=%0A%02ae%10%02%18%03+%04*%02LG2%03V30&type=redirect&uact=1&vc=229&zoneid=3461590&bt=push
IP 139.45.197.251:0
File type HTML document, ASCII text
Hash 3a11a1a650ccddf405930e03e566f1d3
3b1b5e77a14d4d9042b575a26b40b3397ead5641
85f98cb2f2a7ac3cb053c33e3544fcf30ce82d7313e5d036ddd597b9d0948d87
GET /pfe/current/qf.html?action=http://omnatuor.com/ck?ab=13130&actionid=0&ad_scheme=4&au=55416,97402,97947&bannerid=13528130&brt=9¤cy=USD&d=m.topflix.tv&dp=0.013408&ds=v170986d95ff&dti=1674260065&dvc=12&dztc=37&ex_a=true&force_oaid=0c34786a3cb0473d84c79c6b8e71c25e<=902&mm=2&nmsg=0&pub=0&rt=25&ruid=e4aec239-dbb2-3d80-a039-f3a7fbb00be9&sg=e624d0ec87f0aaaebbbae87b041fb3d9&sid=7462936312&tsg=%0A%02ae%10%02%18%03+%04*%02LG2%03V30&type=redirect&uact=1&vc=229&zoneid=3461590&bt=push HTTP/1.1
Host: pushsar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 14:43:03 GMT
Content-Type: text/html
Content-Length: 56
Last-Modified: Tue, 07 Feb 2023 14:32:43 GMT
Connection: keep-alive
ETag: "63e2610b-38"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Accept-Ranges: bytes
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash dca68db7aea32f6683ce8d542c078f04
19c495238df74fca680e21f18627ff94de5dd2e5
35cab3987fc0e4a41b305cb208c1e33fa38ce8bdfd9f386c3dc0411dd4d5ac61
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "35CAB3987FC0E4A41B305CB208C1E33FA38CE8BDFD9F386C3DC0411DD4D5AC61"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5652
Expires: Wed, 08 Feb 2023 16:17:15 GMT
Date: Wed, 08 Feb 2023 14:43:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 565c1bbc5c1c40be1988b3bf6fd9dc1a
cfdba5bc597130461dd67bf6cda53183be592493
60ceb36a8329c92fc49a3caf50daf511a38e01eac21a07d7a0a838166bea058d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "60CEB36A8329C92FC49A3CAF50DAF511A38E01EAC21A07D7A0A838166BEA058D"
Last-Modified: Mon, 06 Feb 2023 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=14038
Expires: Wed, 08 Feb 2023 18:37:01 GMT
Date: Wed, 08 Feb 2023 14:43:03 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Wed, 08 Feb 2023 14:34:13 GMT
content-type: application/json
age: 530
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cc14b0d2f7c451f6431dc87ba54d1d60
bab8bfda6fa3e2f17125353f5147211787dc25d0
b58fe18a5cc8fe5aaf49ba7eadd0ef34692892e68e9c52eb5bb56ea27e1300ad
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B58FE18A5CC8FE5AAF49BA7EADD0EF34692892E68E9C52EB5BB56EA27E1300AD"
Last-Modified: Mon, 06 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9954
Expires: Wed, 08 Feb 2023 17:28:57 GMT
Date: Wed, 08 Feb 2023 14:43:03 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: xpn4fGqJXmGNIjVBQcNf51nOgQP/IEhKQ/ZwuWoIDF5cIo1cfnX9a8saz3zjXP4b9fD6yhMKG6s=
x-amz-request-id: 95ZWNYPDV0ZFFSRB
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 08 Feb 2023 14:35:58 GMT
age: 425
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
pushsar.com/pfe/current/qualityForm.min.js
139.45.197.251200 OK 1.9 kB URL HTTP/1.1 pushsar.com/pfe/current/qualityForm.min.js
IP 139.45.197.251:0
File type ASCII text, with very long lines (4163), with no line terminators
Hash 7c74881e49d067a62a54f0d2654a808b
c7915cc347b776a0e554dde612b5f9419884f305
c0f96096574d46131e0719b03ba50886314fa2ca2f8181707efc9e2bfb1b5dd1
GET /pfe/current/qualityForm.min.js HTTP/1.1
Host: pushsar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://pushsar.com/pfe/current/qf.html?action=http://omnatuor.com/ck?ab=13130&actionid=0&ad_scheme=4&au=55416,97402,97947&bannerid=13528130&brt=9¤cy=USD&d=m.topflix.tv&dp=0.013408&ds=v170986d95ff&dti=1674260065&dvc=12&dztc=37&ex_a=true&force_oaid=0c34786a3cb0473d84c79c6b8e71c25e<=902&mm=2&nmsg=0&pub=0&rt=25&ruid=e4aec239-dbb2-3d80-a039-f3a7fbb00be9&sg=e624d0ec87f0aaaebbbae87b041fb3d9&sid=7462936312&tsg=%0A%02ae%10%02%18%03+%04*%02LG2%03V30&type=redirect&uact=1&vc=229&zoneid=3461590&bt=push
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 14:43:03 GMT
Content-Type: application/javascript
Last-Modified: Tue, 07 Feb 2023 14:32:43 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"63e2610b-1043"
Access-Control-Allow-Credentials: true
Cache-Control: no-cache
Pragma: no-cache
Content-Encoding: gzip
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 14:43:03 GMT
content-type: application/json
content-length: 12
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
access-control-allow-credentials: true
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
omnatuor.com/ck?ab=13130
139.45.197.253302 Found 0 B IP 139.45.197.253:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /ck?ab=13130 HTTP/1.1
Host: omnatuor.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 837
Origin: http://pushsar.com
Connection: keep-alive
Referer: http://pushsar.com/
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 08 Feb 2023 14:43:01 GMT
Content-Length: 0
Connection: keep-alive
X-Trace-Id: 43889f341d377ef6d13ffc218352e8a4
Referrer-Policy: no-referrer
Location: https://zuphaims.com/4/2222056
Strict-Transport-Security: max-age=1
X-Content-Type-Options: nosniff
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash cccad344c340f38794f2c67632edb457
687a3cacadd6a7ec4f42a2faa0a083919cead7f8
a2d0b41ce36a31e03fe63a9e1ebd4ec71eb484b17d313f501726809e03b972fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A2D0B41CE36A31E03FE63A9E1EBD4EC71EB484B17D313F501726809E03B972FD"
Last-Modified: Mon, 06 Feb 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18045
Expires: Wed, 08 Feb 2023 19:43:49 GMT
Date: Wed, 08 Feb 2023 14:43:04 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Alert, Content-Type, Expires, Pragma, Retry-After, Last-Modified, ETag, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Wed, 08 Feb 2023 13:51:20 GMT
age: 3104
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
deebcards-themier.com/d822ef3a-711b-4795-915b-6de8484e54f0?zoneid=2222056&bannerid=16602256&geo=NO&random=890446173&SUBID=647197319376412999&campaignid=6581711&category={category}&adformat=onclick&ntk=19&cost=0.003475&rdk=rk1
52.57.25.237200 OK 1.1 kB URL HTTP/2 deebcards-themier.com/d822ef3a-711b-4795-915b-6de8484e54f0?zoneid=2222056&bannerid=16602256&geo=NO&random=890446173&SUBID=647197319376412999&campaignid=6581711&category={category}&adformat=onclick&ntk=19&cost=0.003475&rdk=rk1
IP 52.57.25.237:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1128), with no line terminators
Hash 2b4bb25a835d74f5561d59211b1bdcba
4b461e3c94dce2dfc3307e78e2fb1d8c05c91692
68bfd7dce82bd9531b1fac3c27602901712e5f1ab2e01e6889b784ad540e6b7f
GET /d822ef3a-711b-4795-915b-6de8484e54f0?zoneid=2222056&bannerid=16602256&geo=NO&random=890446173&SUBID=647197319376412999&campaignid=6581711&category={category}&adformat=onclick&ntk=19&cost=0.003475&rdk=rk1 HTTP/1.1
Host: deebcards-themier.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 14:43:04 GMT
content-type: text/html;charset=UTF-8
content-length: 1128
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
pragma: no-cache
set-cookie: d822ef3a-711b-4795-915b-6de8484e54f0-v4=XCLPQtPC_ZqFN7nb5TY9NCZdx82YBLCZwTSWDUgPl7A; Max-Age=86400; Expires=Thu, 09-Feb-2023 14:43:04 GMT; Domain=deebcards-themier.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=OVC13SasHayB7YdHOMcbTO4ngAk3OBscsZX0B8f7naUAAKhipwu5L6cgu%2Bdv6Flv2%2BgZBP5j1R1LIgpMTMrBpCSpe4%2B5HfA46Dw3k%2Fu27EEV25ySaBvGv4OCqLI0AUU8pSyYjRf0CtN%2FzK2EyUkhgg%3D%3D; Max-Age=31536000; Expires=Thu, 08-Feb-2024 14:43:04 GMT; Domain=deebcards-themier.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9c14e228f19415f2af825294ff401241
dabb4fa3c22980b27aa873fd8aa429366655c95e
df9ed274a8026ea08f348145695717b6f8a11fa8f3c14e60b30b4cd60f7e2fde
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DF9ED274A8026EA08F348145695717B6F8A11FA8F3C14E60B30B4CD60F7E2FDE"
Last-Modified: Mon, 06 Feb 2023 17:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7792
Expires: Wed, 08 Feb 2023 16:52:56 GMT
Date: Wed, 08 Feb 2023 14:43:04 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9b88bae61bca33aba8aa99f6128db8d9
a07b61fb2458917699613fcae68710941b595416
54915c2f79822732e06a592d027da421ad1e7a6458c545f98333db25612b3dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "54915C2F79822732E06A592D027DA421AD1E7A6458C545F98333DB25612B3DEA"
Last-Modified: Mon, 06 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4762
Expires: Wed, 08 Feb 2023 16:02:26 GMT
Date: Wed, 08 Feb 2023 14:43:04 GMT
Connection: keep-alive
my.rtmark.net/img.gif?f=merge&userId=776db78a913e44e19f20f5455c9ddb28
139.45.195.8200 OK 43 B URL HTTP/2 my.rtmark.net/img.gif?f=merge&userId=776db78a913e44e19f20f5455c9ddb28
IP 139.45.195.8:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash b4491705564909da7f9eaf749dbbfbb1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
POST /img.gif?f=merge&userId=776db78a913e44e19f20f5455c9ddb28 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 14:43:04 GMT
content-type: image/gif
content-length: 43
access-control-allow-origin: null
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=776db78a913e44e19f20f5455c9ddb28; expires=Thu, 08 Feb 2024 14:43:04 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
track.bestgames2018.net/redirect?target=BASE64aHR0cHM6Ly93d3cub3N0bG9uLmNvbS82NDZCRDI3LzQ2Q0RYNzMvP3NvdXJjZV9pZD1jODY4MTcyNS0zYmY4LTQ4MjAtYjdhMi02YWE1ZDk1MDJiOTQmc3ViMT1kODIyZWYzYS03MTFiLTQ3OTUtOTE1Yi02ZGU4NDg0ZTU0ZjAmc3ViMj13dGxqcmZqMGthZWNkdWZtMjdkajdsYW8mc3ViMz05ZWYxM2U5MC1lMDg2LTQzMTUtYmFkMi1hNWY5MTBjYTVlMWE&ts=1675867384488&hash=FdHBDs-wXKRw0mYHI3oeDY6M5bR0beNTMYzi5tg5dys&rm=DJ
18.194.134.212200 738 B URL HTTP/1.1 track.bestgames2018.net/redirect?target=BASE64aHR0cHM6Ly93d3cub3N0bG9uLmNvbS82NDZCRDI3LzQ2Q0RYNzMvP3NvdXJjZV9pZD1jODY4MTcyNS0zYmY4LTQ4MjAtYjdhMi02YWE1ZDk1MDJiOTQmc3ViMT1kODIyZWYzYS03MTFiLTQ3OTUtOTE1Yi02ZGU4NDg0ZTU0ZjAmc3ViMj13dGxqcmZqMGthZWNkdWZtMjdkajdsYW8mc3ViMz05ZWYxM2U5MC1lMDg2LTQzMTUtYmFkMi1hNWY5MTBjYTVlMWE&ts=1675867384488&hash=FdHBDs-wXKRw0mYHI3oeDY6M5bR0beNTMYzi5tg5dys&rm=DJ
IP 18.194.134.212:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (738), with no line terminators
Hash 4a11fc69478328450d11b2f3318e2421
fbda5bc873eade2709515cc04b5d506c0b7cd09d
af73ecf2a64bec54405c71011f2baadbc405de5d09ad08eb8dcf9e926749e0f6
GET /redirect?target=BASE64aHR0cHM6Ly93d3cub3N0bG9uLmNvbS82NDZCRDI3LzQ2Q0RYNzMvP3NvdXJjZV9pZD1jODY4MTcyNS0zYmY4LTQ4MjAtYjdhMi02YWE1ZDk1MDJiOTQmc3ViMT1kODIyZWYzYS03MTFiLTQ3OTUtOTE1Yi02ZGU4NDg0ZTU0ZjAmc3ViMj13dGxqcmZqMGthZWNkdWZtMjdkajdsYW8mc3ViMz05ZWYxM2U5MC1lMDg2LTQzMTUtYmFkMi1hNWY5MTBjYTVlMWE&ts=1675867384488&hash=FdHBDs-wXKRw0mYHI3oeDY6M5bR0beNTMYzi5tg5dys&rm=DJ HTTP/1.1
Host: track.bestgames2018.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 200
Server: nginx
Date: Wed, 08 Feb 2023 14:43:04 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-store, no-cache, pre-check=0, post-check=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 73838929fda4d318ab360982429fa257
3653f6fe4799e3372f11484a1499f992caa176d1
0df78ec66487714e8e86c1d123933908bedf12d33d01129581bf5cac9bb53640
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 425
Cache-Control: max-age=124623
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 14:43:04 GMT
Etag: "63e2f71e-118"
Expires: Fri, 10 Feb 2023 01:20:07 GMT
Last-Modified: Wed, 08 Feb 2023 01:13:02 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
push.services.mozilla.com/
44.233.250.150101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.233.250.150:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: AwDsHwRl8xalAf/oWW/XjQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: gM5zKQb0w4Em+VOe8Zh7b9iL07I=
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 73838929fda4d318ab360982429fa257
3653f6fe4799e3372f11484a1499f992caa176d1
0df78ec66487714e8e86c1d123933908bedf12d33d01129581bf5cac9bb53640
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 425
Cache-Control: max-age=124623
Content-Type: application/ocsp-response
Date: Wed, 08 Feb 2023 14:43:04 GMT
Etag: "63e2f71e-118"
Expires: Fri, 10 Feb 2023 01:20:07 GMT
Last-Modified: Wed, 08 Feb 2023 01:13:02 GMT
Server: ECS (ska/F6FD)
X-Cache: HIT
Content-Length: 280
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 9bd35ce918ba8a7712ce7a618f5bd62d
663587afda870007831b9e2467e9e10d849191e3
4358c944540016df6fd369f8a0e5421876b0fb8b4d4dceadd59140828001b270
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 08 Feb 2023 14:43:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Sun, 05 Feb 2023 09:56:11 GMT
Expires: Sun, 12 Feb 2023 09:56:10 GMT
Etag: "663587afda870007831b9e2467e9e10d849191e3"
Cache-Control: max-age=327784,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb4
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 796522b4191bb50b-OSL
lps.innogamescdn.com/media/js/runtime.55378534.js
151.101.194.109200 OK 741 B URL HTTP/2 lps.innogamescdn.com/media/js/runtime.55378534.js
IP 151.101.194.109:0
File type ASCII text, with very long lines (1499), with no line terminators
Hash dc2522a59c37252d154d7bfe468095c6
64437ad0eb561e1e5cb97461a2ea81525222d44f
b32bcab9bb514c750f0e808802cfcbfd01cee816a2b006b6d2b9d1800eebf6fc
GET /media/js/runtime.55378534.js HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://om.elvenar.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript
last-modified: Wed, 18 Jan 2023 10:38:45 GMT
etag: W/"63c7cc35-5db"
expires: Thu, 02 Mar 2023 03:04:51 GMT
cache-control: max-age=2592000
x-host: 516323
content-encoding: gzip
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 733094
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 40
x-timer: S1675867385.361431,VS0,VE0
vary: Accept-Encoding
content-length: 741
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/js/metrics-1.2.31.min.js
151.101.194.109200 OK 7.7 kB URL HTTP/2 lps.innogamescdn.com/media/js/metrics-1.2.31.min.js
IP 151.101.194.109:0
File type ASCII text, with very long lines (23681), with no line terminators
Hash 8fb1df15569d60a5e6d8851a86246d1b
75ad0d788fbdeeb7b460e7690c9a70888954c17b
879fef11644659d51d4c1fc479ed7919a28df630e56cd7b3ffa82dc6ceb01c94
GET /media/js/metrics-1.2.31.min.js HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://om.elvenar.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript
last-modified: Wed, 03 Aug 2022 09:18:14 GMT
etag: W/"62ea3d56-5c81"
expires: Wed, 08 Feb 2023 23:57:05 GMT
cache-control: max-age=2592000
x-host: 516312
content-encoding: gzip
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 2558760
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 37
x-timer: S1675867385.363856,VS0,VE0
vary: Accept-Encoding
content-length: 7723
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/onyx/js/m1151a-dataoptin.f2a0f7bc.js
151.101.194.109200 OK 40 kB URL HTTP/2 lps.innogamescdn.com/media/onyx/js/m1151a-dataoptin.f2a0f7bc.js
IP 151.101.194.109:0
File type Unicode text, UTF-8 text, with very long lines (59148)
Hash af804830d4e588ffbdd3d494093a2d77
3e2ee7eb2aa0b5aabfc8cc8c4bb990fffee40a3c
aa9da8f60e5fc60e9d079d4f9a544946299146aa1cd20755a1aad03da1c5055e
GET /media/onyx/js/m1151a-dataoptin.f2a0f7bc.js HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://om.elvenar.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript
last-modified: Wed, 11 Jan 2023 13:20:47 GMT
etag: W/"63beb7af-18474"
expires: Fri, 17 Feb 2023 23:56:53 GMT
cache-control: max-age=2592000
x-host: 516325
content-encoding: gzip
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 1781172
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 22
x-timer: S1675867385.367324,VS0,VE0
vary: Accept-Encoding
content-length: 39467
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/onyx/css/m1151a-dataoptin.cb29795e.css
151.101.194.109200 OK 5.8 kB URL HTTP/2 lps.innogamescdn.com/media/onyx/css/m1151a-dataoptin.cb29795e.css
IP 151.101.194.109:0
File type ASCII text, with very long lines (19657)
Hash e6a3e39eb954adf6957016a7325628ad
92f4182b6e17ee9c5c0af0e4e5a8785a3ec4f911
8ad94286a709b14414835ba7074c10b07ede7262fecdc9bd26b0638a5e5d2136
GET /media/onyx/css/m1151a-dataoptin.cb29795e.css HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://om.elvenar.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: text/css
last-modified: Wed, 11 Jan 2023 13:20:47 GMT
etag: W/"63beb7af-4d03"
expires: Fri, 17 Feb 2023 23:56:53 GMT
cache-control: max-age=2592000
x-host: 516324
content-encoding: gzip
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 1781172
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 24
x-timer: S1675867385.367845,VS0,VE0
vary: Accept-Encoding
content-length: 5792
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/onyx/images/logo-onyx.86d9c1e7.png
151.101.194.109200 OK 37 kB URL HTTP/2 lps.innogamescdn.com/media/onyx/images/logo-onyx.86d9c1e7.png
IP 151.101.194.109:0
File type PNG image data, 373 x 238, 8-bit colormap, non-interlaced\012- data
Hash 86d9c1e7dd75df3fbe1efd1a08dd134d
498ac17c7e96eac60ac3598d924e0c63b69f260e
ebb1c648dae84c7f96e644b3020e8ea5a6c5595027708bb024a835dec9e1449b
GET /media/onyx/images/logo-onyx.86d9c1e7.png HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/onyx/css/m1151a-dataoptin.cb29795e.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
last-modified: Wed, 01 Feb 2023 15:28:22 GMT
etag: "63da8516-909c"
expires: Sat, 04 Mar 2023 00:35:24 GMT
cache-control: max-age=2592000
x-host: 516324
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 569262
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 8
x-timer: S1675867385.468291,VS0,VE0
content-length: 37020
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/onyx/images/contentbox-onyx-top.69a8ac09.png
151.101.194.109200 OK 4.2 kB URL HTTP/2 lps.innogamescdn.com/media/onyx/images/contentbox-onyx-top.69a8ac09.png
IP 151.101.194.109:0
File type PNG image data, 412 x 70, 8-bit colormap, non-interlaced\012- data
Hash 69a8ac095a2f933ce1adc91fa0d0c994
cb43044a79e72ddebbb001a22ffc919cbb1e2361
a079f0763e1e5f5bdd0d38341499b060e4011450afb594d5414608499994e0d0
GET /media/onyx/images/contentbox-onyx-top.69a8ac09.png HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/onyx/css/m1151a-dataoptin.cb29795e.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
last-modified: Wed, 01 Feb 2023 15:28:22 GMT
etag: "63da8516-1095"
expires: Thu, 09 Mar 2023 02:33:56 GMT
cache-control: max-age=2592000
x-host: 516312
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 130149
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 8
x-timer: S1675867385.469233,VS0,VE0
content-length: 4245
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/onyx/images/contentbox-onyx-inner.288b43a6.png
151.101.194.109200 OK 15 kB URL HTTP/2 lps.innogamescdn.com/media/onyx/images/contentbox-onyx-inner.288b43a6.png
IP 151.101.194.109:0
File type PNG image data, 388 x 410, 4-bit colormap, non-interlaced\012- data
Hash 288b43a65b685cbf3c4b9ed291163ead
581cbc1e8f5fb1a6978049acca39a1ec3689a1e7
709ac3344cc32cb8d9931bb25a85ab507dfe3abf9346568e3b212f57f805cde2
GET /media/onyx/images/contentbox-onyx-inner.288b43a6.png HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/onyx/css/m1151a-dataoptin.cb29795e.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
last-modified: Wed, 11 Jan 2023 13:20:47 GMT
etag: "63beb7af-3bb0"
expires: Thu, 16 Feb 2023 05:12:50 GMT
cache-control: max-age=2592000
x-host: 516321
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 1935015
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 8
x-timer: S1675867385.470105,VS0,VE0
content-length: 15280
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/onyx/images/form-onyx-button.f0178eff.jpg
151.101.194.109200 OK 5.5 kB URL HTTP/2 lps.innogamescdn.com/media/onyx/images/form-onyx-button.f0178eff.jpg
IP 151.101.194.109:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 337x170, components 3\012- data
Hash f0178eff54fbb6364fd5aa6bf932fb5b
7a3f03261310cd6daa3519b81ce080ec3e827286
194f6fdf67861a52315d6574646c16333975f7be52ca6d0f0874ac210e4f94d6
GET /media/onyx/images/form-onyx-button.f0178eff.jpg HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/onyx/css/m1151a-dataoptin.cb29795e.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/jpeg
last-modified: Wed, 11 Jan 2023 13:20:47 GMT
etag: "63beb7af-1583"
expires: Thu, 16 Feb 2023 19:18:11 GMT
cache-control: max-age=2592000
x-host: 516322
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 1884294
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 8
x-timer: S1675867385.470951,VS0,VE0
content-length: 5507
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/onyx/images/ipp-buttons.c810b546.png
151.101.194.109200 OK 1.7 kB URL HTTP/2 lps.innogamescdn.com/media/onyx/images/ipp-buttons.c810b546.png
IP 151.101.194.109:0
File type PNG image data, 83 x 41, 8-bit colormap, non-interlaced\012- data
Hash c810b54625488dadffac9bfc2d1260b3
44eaf8a5a1736effbdf45cd37429f513ab34fc64
fecd17d8d9e4ed6415b0f065181d729d5a84fee42799a208e3ba1d6f10bd1062
GET /media/onyx/images/ipp-buttons.c810b546.png HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/onyx/css/m1151a-dataoptin.cb29795e.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
last-modified: Wed, 01 Feb 2023 15:28:22 GMT
etag: "63da8516-68f"
expires: Thu, 09 Mar 2023 00:04:23 GMT
cache-control: max-age=2592000
x-host: 516322
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 139123
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 8
x-timer: S1675867385.471872,VS0,VE0
content-length: 1679
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/onyx/images/form-onyx-section-link-top.90e9136d.jpg
151.101.194.109200 OK 1.6 kB URL HTTP/2 lps.innogamescdn.com/media/onyx/images/form-onyx-section-link-top.90e9136d.jpg
IP 151.101.194.109:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 230x66, components 3\012- data
Hash 90e9136d8690b5081e047fca81efff16
401c90fc1d530043fd098e05c9b69464e7ea266c
ba8b5703c92b2164182ac4034c5299c6e7c1b11492e8c13cd9dc3f5346977134
GET /media/onyx/images/form-onyx-section-link-top.90e9136d.jpg HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/onyx/css/m1151a-dataoptin.cb29795e.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/jpeg
last-modified: Wed, 18 Jan 2023 10:38:44 GMT
etag: "63c7cc34-66f"
expires: Sat, 25 Feb 2023 19:31:04 GMT
cache-control: max-age=2592000
x-host: 516322
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 1105921
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 7
x-timer: S1675867385.473831,VS0,VE0
content-length: 1647
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/onyx/images/form-onyx-section-link-top-roll.cd74c436.png
151.101.194.109200 OK 960 B URL HTTP/2 lps.innogamescdn.com/media/onyx/images/form-onyx-section-link-top-roll.cd74c436.png
IP 151.101.194.109:0
File type PNG image data, 24 x 33, 8-bit colormap, non-interlaced\012- data
Hash cd74c4365a6ce5968cf2d23c8386bba5
736b4327c518d981fe763a7240cb9cf7919a8908
f2e1c5c6d95a6b890e3c725f52f4e11d3920e3e86fadf4c2c0ce2964d8a79de0
GET /media/onyx/images/form-onyx-section-link-top-roll.cd74c436.png HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/onyx/css/m1151a-dataoptin.cb29795e.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
last-modified: Wed, 03 Aug 2022 09:18:43 GMT
etag: "62ea3d73-3c0"
expires: Thu, 09 Feb 2023 14:02:38 GMT
cache-control: max-age=2592000
x-host: 516325
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 2508027
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 7
x-timer: S1675867385.474571,VS0,VE0
content-length: 960
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/onyx/images/contentbox-onyx-decor.7cab6e7d.png
151.101.194.109200 OK 5.6 kB URL HTTP/2 lps.innogamescdn.com/media/onyx/images/contentbox-onyx-decor.7cab6e7d.png
IP 151.101.194.109:0
File type PNG image data, 194 x 104, 8-bit colormap, non-interlaced\012- data
Hash 7cab6e7dbbdc2c26ed9c65a50581ded3
145b3038553e7db69fe45a42107fed79fc08d713
5b0b6614e50468cb99aa33507a8840f92359cd20a834fe43527d272c81d3451e
GET /media/onyx/images/contentbox-onyx-decor.7cab6e7d.png HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/onyx/css/m1151a-dataoptin.cb29795e.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
last-modified: Wed, 11 Jan 2023 13:20:47 GMT
etag: "63beb7af-1600"
expires: Thu, 16 Feb 2023 05:12:50 GMT
cache-control: max-age=2592000
x-host: 516312
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 1935015
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 8
x-timer: S1675867385.475298,VS0,VE0
content-length: 5632
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/onyx/images/footer0-innogames-logo.969bd2fc.png
151.101.194.109200 OK 1.6 kB URL HTTP/2 lps.innogamescdn.com/media/onyx/images/footer0-innogames-logo.969bd2fc.png
IP 151.101.194.109:0
File type PNG image data, 175 x 60, 8-bit colormap, non-interlaced\012- data
Hash 969bd2fcda6c1258dbbd2b072a0f0cdc
522d0aee6315fb5ff0a01cbae8188d847c91552d
dac719348569240dc00be9efaa870ace08a8589f98099b03793e49a4f5dba06d
GET /media/onyx/images/footer0-innogames-logo.969bd2fc.png HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/onyx/css/m1151a-dataoptin.cb29795e.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
last-modified: Wed, 18 Jan 2023 10:38:44 GMT
etag: "63c7cc34-652"
expires: Thu, 02 Mar 2023 08:23:41 GMT
cache-control: max-age=2592000
x-host: 516324
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 713964
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 8
x-timer: S1675867385.475935,VS0,VE0
content-length: 1618
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/onyx/fonts/arimo-v11-latin-ext_greek_cyrillic_cyrillic-ext_greek-ext_latin-700.b9e9b799.woff2
151.101.194.109200 OK 173 kB URL HTTP/2 lps.innogamescdn.com/media/onyx/fonts/arimo-v11-latin-ext_greek_cyrillic_cyrillic-ext_greek-ext_latin-700.b9e9b799.woff2
IP 151.101.194.109:0
File type Web Open Font Format (Version 2), TrueType, length 172868, version 1.0\012- data
Size 173 kB (172868 bytes)
Hash b9e9b79919598e8efc48945d664cfb11
774f360a44478542c8699909b9b9f4fcc403cd0a
51ce22880306c1d8c19b623ac80c3461df36e359c8792150be539110fa327c4a
GET /media/onyx/fonts/arimo-v11-latin-ext_greek_cyrillic_cyrillic-ext_greek-ext_latin-700.b9e9b799.woff2 HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://om.elvenar.com
Connection: keep-alive
Referer: https://lps.innogamescdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/octet-stream
last-modified: Wed, 18 Jan 2023 10:38:44 GMT
etag: "63c7cc34-2a344"
expires: Thu, 02 Mar 2023 01:09:06 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 740039
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1675867385.476601,VS0,VE1
content-length: 172868
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/onyx/fonts/arimo-v11-latin-ext_greek_cyrillic_cyrillic-ext_greek-ext_latin-regular.cf403133.woff2
151.101.194.109200 OK 173 kB URL HTTP/2 lps.innogamescdn.com/media/onyx/fonts/arimo-v11-latin-ext_greek_cyrillic_cyrillic-ext_greek-ext_latin-regular.cf403133.woff2
IP 151.101.194.109:0
File type Web Open Font Format (Version 2), TrueType, length 172572, version 1.0\012- data
Size 173 kB (172572 bytes)
Hash cf40313320ac71b1cba441a17e21eda8
3b0a344d9f22d045c9fb9fcaca7e417a26f21f85
6ade9134420682cba1de819a721df266e7f16e270e3e54bbad8ea8a3dc777ca6
GET /media/onyx/fonts/arimo-v11-latin-ext_greek_cyrillic_cyrillic-ext_greek-ext_latin-regular.cf403133.woff2 HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://om.elvenar.com
Connection: keep-alive
Referer: https://lps.innogamescdn.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: application/octet-stream
last-modified: Wed, 01 Feb 2023 15:28:22 GMT
etag: "63da8516-2a21c"
expires: Thu, 09 Mar 2023 03:40:44 GMT
cache-control: max-age=2592000
access-control-allow-origin: *
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 126141
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1675867385.486743,VS0,VE1
content-length: 172572
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/images/onyx-apple-touch-icon-192x192-precomposed.44ec8892.png
151.101.194.109200 OK 21 kB URL HTTP/2 lps.innogamescdn.com/media/images/onyx-apple-touch-icon-192x192-precomposed.44ec8892.png
IP 151.101.194.109:0
File type PNG image data, 192 x 192, 8-bit colormap, non-interlaced\012- data
Hash 44ec88927a61b111dc44636bc7a67949
0523f4926966ec0f6cf1c8d643a272eb5211d988
67b08afb90aa69eb401d8b047265f21a93b83aee43c0e5c79ccce7fa7f088d54
GET /media/images/onyx-apple-touch-icon-192x192-precomposed.44ec8892.png HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://om.elvenar.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/png
last-modified: Wed, 11 Jan 2023 13:20:47 GMT
etag: "63beb7af-53a8"
expires: Thu, 23 Feb 2023 23:20:14 GMT
cache-control: max-age=2592000
x-host: 516321
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 1264971
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1675867386.560258,VS0,VE1
content-length: 21416
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/images/favicon-onyx.32a4c63f.ico
151.101.194.109200 OK 1.8 kB URL HTTP/2 lps.innogamescdn.com/media/images/favicon-onyx.32a4c63f.ico
IP 151.101.194.109:0
File type PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced\012- data
Hash 32a4c63fdbf3da15a9d0ba18d2cff1b3
9cd19727c07443b6a0055325e298f38d923f01fd
bf389a3a109b19d4204b58871fb6694d56a3ebb9decddcf1dd154acc05cc0c35
GET /media/images/favicon-onyx.32a4c63f.ico HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://om.elvenar.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/x-icon
last-modified: Wed, 11 Jan 2023 13:20:47 GMT
etag: "63beb7af-6f8"
expires: Thu, 16 Feb 2023 00:20:54 GMT
cache-control: max-age=2592000
x-host: 516312
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 1952532
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 4
x-timer: S1675867386.561528,VS0,VE0
content-length: 1784
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/onyx/images/background-onyx-animated-landscape-mirrored-poster.2cbb7a0a.jpg
151.101.194.109200 OK 152 kB URL HTTP/2 lps.innogamescdn.com/media/onyx/images/background-onyx-animated-landscape-mirrored-poster.2cbb7a0a.jpg
IP 151.101.194.109:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1920x1080, components 3\012- data
Size 152 kB (151901 bytes)
Hash 2cbb7a0a94db26cfafeec8a71a4b8562
17340c94cfeb01079cac7a07a638c7b8bc5f74d5
46d1ffed49cca4d0ab52e09573ca5304c0a7af550050d42e62b12811e40cf180
GET /media/onyx/images/background-onyx-animated-landscape-mirrored-poster.2cbb7a0a.jpg HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://lps.innogamescdn.com/media/onyx/css/m1151a-dataoptin.cb29795e.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
content-type: image/jpeg
last-modified: Wed, 01 Feb 2023 15:28:22 GMT
etag: "63da8516-2515d"
expires: Wed, 08 Mar 2023 23:37:55 GMT
cache-control: max-age=2592000
x-host: 516324
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 140710
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1675867386.621647,VS0,VE1
content-length: 151901
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/video/video-background/onyx/video-background-onyx-animated-landscape-mirrored.webm
151.101.194.109206 Partial Content 5.5 MB URL HTTP/2 lps.innogamescdn.com/media/video/video-background/onyx/video-background-onyx-animated-landscape-mirrored.webm
IP 151.101.194.109:0
File type WebM\012- EBML file, creator webmB\20\012- data
Size 5.5 MB (5493348 bytes)
Hash 478e2d196d928a1c49f9fe12f8097363
e3adb23a48de39c15c312e4f8fb9354d8d81823b
18c8933a2314979295c744976c102ebcc537c8c6e064233b9ac05117e12ee942
GET /media/video/video-background/onyx/video-background-onyx-animated-landscape-mirrored.webm HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://om.elvenar.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
server: nginx
content-type: video/webm
last-modified: Wed, 01 Feb 2023 15:33:37 GMT
etag: "63da8651-53d264"
expires: Sun, 05 Mar 2023 14:32:49 GMT
cache-control: max-age=2592000
x-host: 516312
accept-ranges: bytes
age: 432616
content-range: bytes 0-5493347/5493348
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 0
x-timer: S1675867386.661708,VS0,VE1
content-length: 5493348
X-Firefox-Spdy: h2
fstrk.net/api/tracker/9872ed9fc22fc182d371c3e9ed316094/landing.js
54.230.111.3200 OK 12 kB URL HTTP/2 fstrk.net/api/tracker/9872ed9fc22fc182d371c3e9ed316094/landing.js
IP 54.230.111.3:0
Hash 608340479960c30d7c715b6d1d4bd48f
1b6b89cfea9c85fe0dc049e27a4744ed22ebe488
0e9db9f26872408145374abba478abb5747fd0513a05ee2d01aac5ff84827a53
GET /api/tracker/9872ed9fc22fc182d371c3e9ed316094/landing.js HTTP/1.1
Host: fstrk.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://om.elvenar.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript
date: Sun, 08 Jan 2023 04:22:23 GMT
last-modified: Tue, 25 Aug 2020 07:41:27 GMT
etag: W/"eb7829ce6a2b4b948d088074f5994521"
x-amz-meta-cache-control: 315360000
cache-control: 31556926
server: AmazonS3
content-encoding: gzip
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 5916f6b8d469d1bee1e905ff13761ebc.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
x-amz-cf-id: Mhg5s7CaU_o48APqlbjTaMpp-iRgAVgp2bxMyNCav8YQwdXQy20eHQ==
age: 2715643
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6035
Expires: Wed, 08 Feb 2023 16:23:41 GMT
Date: Wed, 08 Feb 2023 14:43:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6035
Expires: Wed, 08 Feb 2023 16:23:41 GMT
Date: Wed, 08 Feb 2023 14:43:06 GMT
Connection: keep-alive
www.ostlon.com/646BD27/46CDX73/?source_id=c8681725-3bf8-4820-b7a2-6aa5d9502b94&sub1=d822ef3a-711b-4795-915b-6de8484e54f0&sub2=wtljrfj0kaecdufm27dj7lao&sub3=9ef13e90-e086-4315-bad2-a5f910ca5e1a
172.67.201.95302 Found 671 B URL HTTP/2 www.ostlon.com/646BD27/46CDX73/?source_id=c8681725-3bf8-4820-b7a2-6aa5d9502b94&sub1=d822ef3a-711b-4795-915b-6de8484e54f0&sub2=wtljrfj0kaecdufm27dj7lao&sub3=9ef13e90-e086-4315-bad2-a5f910ca5e1a
IP 172.67.201.95:0
Hash 381348948f632f9156e5e0c77f1358df
dd161853bb1e41565befa6cf589940e866d95c8d
29128f7168d18147065f24bc0cacb5a200132c77dcc8b0df87f7db29d9439c36
GET /646BD27/46CDX73/?source_id=c8681725-3bf8-4820-b7a2-6aa5d9502b94&sub1=d822ef3a-711b-4795-915b-6de8484e54f0&sub2=wtljrfj0kaecdufm27dj7lao&sub3=9ef13e90-e086-4315-bad2-a5f910ca5e1a HTTP/1.1
Host: www.ostlon.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 08 Feb 2023 14:43:04 GMT
content-type: text/html; charset=utf-8
location: https://om.elvenar.com/ox/no/?ref=pwn_no_no&pid=3154_d822ef3a-711b-4795-915b-6de8484e54f0&external_param=23f6a65ea91e4146800189d07d4c5d7f
x-eflow-request-id: 02b20c39-05f7-4ec8-86d3-c8af51bc87c8
via: 1.1 google, 1.1 varnish
accept-ranges: bytes
x-served-by: cache-bma1631-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1675867385.721966,VS0,VE118
vary: Origin
set-cookie: uniqueClick_46CDX73=cbe232de-17c3-4815-993a-da02559f360b:1675867384; Path=/; Expires=Thu, 09 Feb 2023 14:43:04 GMT; SameSite=None; Secure
transaction_id=23f6a65ea91e4146800189d07d4c5d7f; Path=/; Expires=Tue, 09 May 2023 14:43:04 GMT; SameSite=None; Secure
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dU6f01KJSH74mbTXwLYPe%2For3UEk7DYCpcC2MrklVmxT3lGBDMbt9c781KUmE76EWJL6DQlWT%2F8uIFbATlhpzZFv1B6hNH8zbPwtBjgehmKGD1ufVCcYZlXwHnOYOVJKUw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796522b25faab51d-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cst.innogames.de/e.gif?data=eyJldmVudF90eXBlIjoibWxwcyIsImV2ZW50X25hbWUiOiJwYWdlLXJlYWR5IiwiZXZlbnRfc2NvcGUiOiJzeXN0ZW0iLCJkYXRhIjp7InJlc29sdXRpb24iOnsid2lkdGgiOjEyODAsImhlaWdodCI6MTAyNH0sImZsYXNoX2F2YWlsYWJsZSI6bnVsbCwidGltaW5nIjp7Im5hdmlnYXRpb25TdGFydCI6MTY3NTg2NzQzOTQwMSwidW5sb2FkRXZlbnRTdGFydCI6MCwidW5sb2FkRXZlbnRFbmQiOjAsInJlZGlyZWN0U3RhcnQiOjAsInJlZGlyZWN0RW5kIjowLCJmZXRjaFN0YXJ0IjoxNjc1ODY3NDM5NjIzLCJkb21haW5Mb29rdXBTdGFydCI6MTY3NTg2NzQzOTYyNSwiZG9tYWluTG9va3VwRW5kIjoxNjc1ODY3NDM5NjYwLCJjb25uZWN0U3RhcnQiOjE2NzU4Njc0Mzk2NjEsImNvbm5lY3RFbmQiOjE2NzU4Njc0Mzk5MzksInNlY3VyZUNvbm5lY3Rpb25TdGFydCI6MTY3NTg2NzQzOTY5MywicmVxdWVzdFN0YXJ0IjoxNjc1ODY3NDM5OTQwLCJyZXNwb25zZVN0YXJ0IjoxNjc1ODY3NDQwMDEzLCJyZXNwb25zZUVuZCI6MTY3NTg2NzQ0MDAxNCwiZG9tTG9hZGluZyI6MTY3NTg2NzQ0MDAxNywiZG9tSW50ZXJhY3RpdmUiOjE2NzU4Njc0NDAzMDksImRvbUNvbnRlbnRMb2FkZWRFdmVudFN0YXJ0IjoxNjc1ODY3NDQwMzIwLCJkb21Db250ZW50TG9hZGVkRXZlbnRFbmQiOjAsImRvbUNvbXBsZXRlIjowLCJsb2FkRXZlbnRTdGFydCI6MCwibG9hZEV2ZW50RW5kIjowfSwiZHVyYXRpb24iOjkwOH0sInNjaGVtYV92ZXJzaW9uIjoiMjAyMDExMTMwODAzMTMiLCJldmVudF9pZCI6IiMjI1VVSUQjIyMiLCJzeXN0ZW1fdHlwZSI6ImNvbnZlcnNpb24iLCJzeXN0ZW1fbmFtZSI6Im1ldHJpY3Nqcy1mcm9udGVuZCIsImdhbWUiOiJvbnl4IiwibWFya2V0Ijoibm8iLCJwbGF5ZXJfaWQiOm51bGwsImNyZWF0ZWRfYXQiOiIyMDIzLTAyLTA4VDE0OjQ0OjAwLjMyMloiLCJyZWNlaXZlZF9hdCI6bnVsbCwiaG9zdG5hbWUiOiJvbS5lbHZlbmFyLmNvbSIsImNvbnRleHQiOnsiY2F0ZWdvcnkiOiJtbHBzIiwidmlzaXRvcl9pZCI6ImY0MGIxMjI4LTU2MmMtNDFjYS05Y2ZmLTBiOTk4MmNkOTAxNiIsImZpbmdlcnByaW50IjoxMTk1NzMwODExLCJ1c2VyX2lwIjoiIyMjVVNFUl9JUCMjIyIsIm9zX3R5cGUiOiJicm93c2VyIiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wIiwibGFuZGluZ19wYWdlX2lkIjoibTExNTFhLWRhdGFvcHRpbiIsInBhcnRuZXJfcHJlZml4IjoicHduIiwiY2FtcGFpZ25faWQiOiJwd25fbm9fbm8iLCJiYW5uZXJfaWQiOm51bGwsImNyZWF0aXZlX2lkIjpudWxsLCJwdWJsaXNoZXJfaWQiOiIzMTU0X2Q4MjJlZjNhLTcxMWItNDc5NS05MTViLTZkZTg0ODRlNTRmMCIsInZpZXdwb3J0Ijp7IndpZHRoIjoxMjgwLCJoZWlnaHQiOjkzOX0sImJhY2tlbmRfcmVxdWVzdF9ldmVudF9pZCI6ImZmNTliYzZjLTgyNDUtNGU5Zi05ODI5LWU2ODNlODAzNzhlYSJ9fQ==
212.53.143.141200 OK 43 B URL HTTP/1.1 cst.innogames.de/e.gif?data=eyJldmVudF90eXBlIjoibWxwcyIsImV2ZW50X25hbWUiOiJwYWdlLXJlYWR5IiwiZXZlbnRfc2NvcGUiOiJzeXN0ZW0iLCJkYXRhIjp7InJlc29sdXRpb24iOnsid2lkdGgiOjEyODAsImhlaWdodCI6MTAyNH0sImZsYXNoX2F2YWlsYWJsZSI6bnVsbCwidGltaW5nIjp7Im5hdmlnYXRpb25TdGFydCI6MTY3NTg2NzQzOTQwMSwidW5sb2FkRXZlbnRTdGFydCI6MCwidW5sb2FkRXZlbnRFbmQiOjAsInJlZGlyZWN0U3RhcnQiOjAsInJlZGlyZWN0RW5kIjowLCJmZXRjaFN0YXJ0IjoxNjc1ODY3NDM5NjIzLCJkb21haW5Mb29rdXBTdGFydCI6MTY3NTg2NzQzOTYyNSwiZG9tYWluTG9va3VwRW5kIjoxNjc1ODY3NDM5NjYwLCJjb25uZWN0U3RhcnQiOjE2NzU4Njc0Mzk2NjEsImNvbm5lY3RFbmQiOjE2NzU4Njc0Mzk5MzksInNlY3VyZUNvbm5lY3Rpb25TdGFydCI6MTY3NTg2NzQzOTY5MywicmVxdWVzdFN0YXJ0IjoxNjc1ODY3NDM5OTQwLCJyZXNwb25zZVN0YXJ0IjoxNjc1ODY3NDQwMDEzLCJyZXNwb25zZUVuZCI6MTY3NTg2NzQ0MDAxNCwiZG9tTG9hZGluZyI6MTY3NTg2NzQ0MDAxNywiZG9tSW50ZXJhY3RpdmUiOjE2NzU4Njc0NDAzMDksImRvbUNvbnRlbnRMb2FkZWRFdmVudFN0YXJ0IjoxNjc1ODY3NDQwMzIwLCJkb21Db250ZW50TG9hZGVkRXZlbnRFbmQiOjAsImRvbUNvbXBsZXRlIjowLCJsb2FkRXZlbnRTdGFydCI6MCwibG9hZEV2ZW50RW5kIjowfSwiZHVyYXRpb24iOjkwOH0sInNjaGVtYV92ZXJzaW9uIjoiMjAyMDExMTMwODAzMTMiLCJldmVudF9pZCI6IiMjI1VVSUQjIyMiLCJzeXN0ZW1fdHlwZSI6ImNvbnZlcnNpb24iLCJzeXN0ZW1fbmFtZSI6Im1ldHJpY3Nqcy1mcm9udGVuZCIsImdhbWUiOiJvbnl4IiwibWFya2V0Ijoibm8iLCJwbGF5ZXJfaWQiOm51bGwsImNyZWF0ZWRfYXQiOiIyMDIzLTAyLTA4VDE0OjQ0OjAwLjMyMloiLCJyZWNlaXZlZF9hdCI6bnVsbCwiaG9zdG5hbWUiOiJvbS5lbHZlbmFyLmNvbSIsImNvbnRleHQiOnsiY2F0ZWdvcnkiOiJtbHBzIiwidmlzaXRvcl9pZCI6ImY0MGIxMjI4LTU2MmMtNDFjYS05Y2ZmLTBiOTk4MmNkOTAxNiIsImZpbmdlcnByaW50IjoxMTk1NzMwODExLCJ1c2VyX2lwIjoiIyMjVVNFUl9JUCMjIyIsIm9zX3R5cGUiOiJicm93c2VyIiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wIiwibGFuZGluZ19wYWdlX2lkIjoibTExNTFhLWRhdGFvcHRpbiIsInBhcnRuZXJfcHJlZml4IjoicHduIiwiY2FtcGFpZ25faWQiOiJwd25fbm9fbm8iLCJiYW5uZXJfaWQiOm51bGwsImNyZWF0aXZlX2lkIjpudWxsLCJwdWJsaXNoZXJfaWQiOiIzMTU0X2Q4MjJlZjNhLTcxMWItNDc5NS05MTViLTZkZTg0ODRlNTRmMCIsInZpZXdwb3J0Ijp7IndpZHRoIjoxMjgwLCJoZWlnaHQiOjkzOX0sImJhY2tlbmRfcmVxdWVzdF9ldmVudF9pZCI6ImZmNTliYzZjLTgyNDUtNGU5Zi05ODI5LWU2ODNlODAzNzhlYSJ9fQ==
IP 212.53.143.141:0
ASN #8893 Artfiles New Media GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /e.gif?data=eyJldmVudF90eXBlIjoibWxwcyIsImV2ZW50X25hbWUiOiJwYWdlLXJlYWR5IiwiZXZlbnRfc2NvcGUiOiJzeXN0ZW0iLCJkYXRhIjp7InJlc29sdXRpb24iOnsid2lkdGgiOjEyODAsImhlaWdodCI6MTAyNH0sImZsYXNoX2F2YWlsYWJsZSI6bnVsbCwidGltaW5nIjp7Im5hdmlnYXRpb25TdGFydCI6MTY3NTg2NzQzOTQwMSwidW5sb2FkRXZlbnRTdGFydCI6MCwidW5sb2FkRXZlbnRFbmQiOjAsInJlZGlyZWN0U3RhcnQiOjAsInJlZGlyZWN0RW5kIjowLCJmZXRjaFN0YXJ0IjoxNjc1ODY3NDM5NjIzLCJkb21haW5Mb29rdXBTdGFydCI6MTY3NTg2NzQzOTYyNSwiZG9tYWluTG9va3VwRW5kIjoxNjc1ODY3NDM5NjYwLCJjb25uZWN0U3RhcnQiOjE2NzU4Njc0Mzk2NjEsImNvbm5lY3RFbmQiOjE2NzU4Njc0Mzk5MzksInNlY3VyZUNvbm5lY3Rpb25TdGFydCI6MTY3NTg2NzQzOTY5MywicmVxdWVzdFN0YXJ0IjoxNjc1ODY3NDM5OTQwLCJyZXNwb25zZVN0YXJ0IjoxNjc1ODY3NDQwMDEzLCJyZXNwb25zZUVuZCI6MTY3NTg2NzQ0MDAxNCwiZG9tTG9hZGluZyI6MTY3NTg2NzQ0MDAxNywiZG9tSW50ZXJhY3RpdmUiOjE2NzU4Njc0NDAzMDksImRvbUNvbnRlbnRMb2FkZWRFdmVudFN0YXJ0IjoxNjc1ODY3NDQwMzIwLCJkb21Db250ZW50TG9hZGVkRXZlbnRFbmQiOjAsImRvbUNvbXBsZXRlIjowLCJsb2FkRXZlbnRTdGFydCI6MCwibG9hZEV2ZW50RW5kIjowfSwiZHVyYXRpb24iOjkwOH0sInNjaGVtYV92ZXJzaW9uIjoiMjAyMDExMTMwODAzMTMiLCJldmVudF9pZCI6IiMjI1VVSUQjIyMiLCJzeXN0ZW1fdHlwZSI6ImNvbnZlcnNpb24iLCJzeXN0ZW1fbmFtZSI6Im1ldHJpY3Nqcy1mcm9udGVuZCIsImdhbWUiOiJvbnl4IiwibWFya2V0Ijoibm8iLCJwbGF5ZXJfaWQiOm51bGwsImNyZWF0ZWRfYXQiOiIyMDIzLTAyLTA4VDE0OjQ0OjAwLjMyMloiLCJyZWNlaXZlZF9hdCI6bnVsbCwiaG9zdG5hbWUiOiJvbS5lbHZlbmFyLmNvbSIsImNvbnRleHQiOnsiY2F0ZWdvcnkiOiJtbHBzIiwidmlzaXRvcl9pZCI6ImY0MGIxMjI4LTU2MmMtNDFjYS05Y2ZmLTBiOTk4MmNkOTAxNiIsImZpbmdlcnByaW50IjoxMTk1NzMwODExLCJ1c2VyX2lwIjoiIyMjVVNFUl9JUCMjIyIsIm9zX3R5cGUiOiJicm93c2VyIiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wIiwibGFuZGluZ19wYWdlX2lkIjoibTExNTFhLWRhdGFvcHRpbiIsInBhcnRuZXJfcHJlZml4IjoicHduIiwiY2FtcGFpZ25faWQiOiJwd25fbm9fbm8iLCJiYW5uZXJfaWQiOm51bGwsImNyZWF0aXZlX2lkIjpudWxsLCJwdWJsaXNoZXJfaWQiOiIzMTU0X2Q4MjJlZjNhLTcxMWItNDc5NS05MTViLTZkZTg0ODRlNTRmMCIsInZpZXdwb3J0Ijp7IndpZHRoIjoxMjgwLCJoZWlnaHQiOjkzOX0sImJhY2tlbmRfcmVxdWVzdF9ldmVudF9pZCI6ImZmNTliYzZjLTgyNDUtNGU5Zi05ODI5LWU2ODNlODAzNzhlYSJ9fQ== HTTP/1.1
Host: cst.innogames.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://om.elvenar.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 14:43:06 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
X-JoinUs: We are always searching for skilled admins and passionate coders! Go to career.innogames.com and mention this header in your application!
X-SaId: 591471
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6035
Expires: Wed, 08 Feb 2023 16:23:41 GMT
Date: Wed, 08 Feb 2023 14:43:06 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg
34.120.237.76200 OK 6.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d8a3fa4f1ec82d501942f9db3de2cb7d
b91c2aea7f2fb26131c8929b254c5596a1bb25ff
9d246eeab8ba04c775a03fd960c8859934a0accb737e845e89aba40bc573fdaa
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbcb27041-48b2-474f-b9d5-f88e9e662723.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6342
x-amzn-requestid: b2b61a71-5326-4fc6-baba-7baad29cf7c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OkbHfDIAMF5AQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c482-5cc4028d01d05305637af317;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:37:06 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: xc32O6lBfn7jYg9I3VlZ5FnR9YpJtU3DbYD_ozsf_-R_Ih1-2e1-CQ==
via: 1.1 8dbfaf7df256a75768461d934659b6b2.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:42:10 GMT
age: 61256
etag: "b91c2aea7f2fb26131c8929b254c5596a1bb25ff"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3ed9aa0-a88e-4b92-a2bb-567735d813b6.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3ed9aa0-a88e-4b92-a2bb-567735d813b6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fbe359ce6fb136add75c8f3d3cc06330
e6584afcf39b6fad21eccbcce95c6645b8e1b3b8
29478bf1b8168dc457bb7d298448a78e1040bd3aa80cbf11cfa37475568590d8
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc3ed9aa0-a88e-4b92-a2bb-567735d813b6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8170
x-amzn-requestid: d1ddb47f-3472-4015-8d55-72f435671f03
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f5aSPHiroAMFpSg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e070da-114975440d70915472cdba2f;Sampled=0
x-amzn-remapped-date: Mon, 06 Feb 2023 03:15:38 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 0w6JgtsKSRHLPJ3LyY6YUI8N7PS-gVlLuivQUq9jdyeYYm3STiJJIQ==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 7e87179efaa9e3c316bd3d3a74cfded8.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 04:13:34 GMT
age: 37772
etag: "e6584afcf39b6fad21eccbcce95c6645b8e1b3b8"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
34.120.237.76200 OK 13 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 003fc35e140a75a12b7795c3986426ec
da002b22e2a01f48a545b369d4403eabb17a10d5
bb0754411aa7d0a5036b86b282d0e93d13227765ca9ccaf3a34e8e486cb413d1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff6de3153-62d2-494b-8acf-6d3ac8adba7d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13160
x-amzn-requestid: 34aa6dfe-7f14-48d0-89b2-90548621be79
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fzVxSHh7IAMFjAg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63de033b-49587fff75aebe96136137be;Sampled=0
x-amzn-remapped-date: Sat, 04 Feb 2023 07:03:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: qwSN-ztVJgRfu3bFIjYaVYV8Cnx77j1ugkRjqhRtRXdPju7AhEMg-A==
via: 1.1 e5af640ced3aa8764b82c4bc3f7af38e.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 05:30:12 GMT
age: 33174
etag: "da002b22e2a01f48a545b369d4403eabb17a10d5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f175de8eebe398f5de2829cd551b3f04
e6da63e9b03289bfded190d999a20da78232437c
b5d1ee4bd6186cbac1e4ac037766c9e453e166b0cfb2e08004cb11b8bb7daa88
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ffcee4072-2c9e-4db4-b200-065a1ef67ace.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10202
x-amzn-requestid: 15e6c7ee-acef-4638-9a15-a01864ac74f6
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_PEYFZOoAMFzEA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c54f-3681217a71e5b9472b9cdb8a;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:40:31 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: PyOVGtKFSYIU2don5C7_L_pTUxdP_VEAhLZUhtBWo2PZ4kvPqaTg9g==
via: 1.1 e291f351a18746d40754b367095a2872.cloudfront.net (CloudFront), 1.1 1b74ccf4cb51eacf97a0e6d60ae46a3e.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 22:13:47 GMT
etag: "e6da63e9b03289bfded190d999a20da78232437c"
content-type: image/jpeg
age: 59359
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363ca744-ffa5-4390-9968-412e24620e36.jpeg
34.120.237.76200 OK 7.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363ca744-ffa5-4390-9968-412e24620e36.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5129898de057eb92808f18d120eb7a70
eb0a900843beac5c4ee46686b89b3e8b8d77f80f
7ce3e4f7be652895e93cb8c1a9019b70d699c0a9da013d311395a6440b4e9f96
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F363ca744-ffa5-4390-9968-412e24620e36.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7847
x-amzn-requestid: 60759e32-ac58-4dda-8ea3-fd80413c0deb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_OkkEpMoAMFnGw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c483-61b8715a0da73f4526215649;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:37:07 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: TCX7ZFhV73kN0UBshXeb0qdSkY-8qdeNN6EgioqOUmSAnraEhAohMQ==
via: 1.1 49b94a8674d6e86a841d6523f7dbaf14.cloudfront.net (CloudFront), 1.1 6a9b42e38e76b7d4a4044ebe0e0eca08.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:42:11 GMT
age: 61255
etag: "eb0a900843beac5c4ee46686b89b3e8b8d77f80f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5416f10c-2a0c-46e5-a76b-853a2be4c374.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5416f10c-2a0c-46e5-a76b-853a2be4c374.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash fe800d6af728cd622a6192ad5e7dda6a
3a301dd894fc428c7d1863c9d5eaf2652f5c2083
f4923c211ef24e933bbe73bd8d2033d6b6da4a9fa0c9d4699a1041a7bd8bf5a2
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5416f10c-2a0c-46e5-a76b-853a2be4c374.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12216
x-amzn-requestid: cc61a63b-35fe-4bfa-ad20-1db3f4165446
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: f_O7LFrCIAMFoYQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e2c514-2b5e27c62218510b74ea0989;Sampled=0
x-amzn-remapped-date: Tue, 07 Feb 2023 21:39:32 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: C1EXSLUCdc9GzSKxUzv9_uWK4ZTqggdr03uVW5SWuZwVVSn2wc4k7w==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 07 Feb 2023 21:44:01 GMT
age: 61145
etag: "3a301dd894fc428c7d1863c9d5eaf2652f5c2083"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.76.226200 OK 503 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 9c9711912f2c9fb0cd5029b3bf707386
51b6c6ff89efd6fc6bb26ef007e6bfc12f083061
40dd7fc248d6a4e0f3113c5e2cd89b059380d9cbac05c51def18b57edb9d24d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40DD7FC248D6A4E0F3113C5E2CD89B059380D9CBAC05C51DEF18B57EDB9D24D4"
Last-Modified: Tue, 07 Feb 2023 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6490
Expires: Wed, 08 Feb 2023 16:31:16 GMT
Date: Wed, 08 Feb 2023 14:43:06 GMT
Connection: keep-alive
cst.innogames.de/e.gif?data=eyJldmVudF9uYW1lIjoicGFnZS1sb2FkZWQiLCJldmVudF9zY29wZSI6InN5c3RlbSIsImRhdGEiOnsidGltaW5nIjp7Im5hdmlnYXRpb25TdGFydCI6MTY3NTg2NzQzOTQwMSwidW5sb2FkRXZlbnRTdGFydCI6MCwidW5sb2FkRXZlbnRFbmQiOjAsInJlZGlyZWN0U3RhcnQiOjAsInJlZGlyZWN0RW5kIjowLCJmZXRjaFN0YXJ0IjoxNjc1ODY3NDM5NjIzLCJkb21haW5Mb29rdXBTdGFydCI6MTY3NTg2NzQzOTYyNSwiZG9tYWluTG9va3VwRW5kIjoxNjc1ODY3NDM5NjYwLCJjb25uZWN0U3RhcnQiOjE2NzU4Njc0Mzk2NjEsImNvbm5lY3RFbmQiOjE2NzU4Njc0Mzk5MzksInNlY3VyZUNvbm5lY3Rpb25TdGFydCI6MTY3NTg2NzQzOTY5MywicmVxdWVzdFN0YXJ0IjoxNjc1ODY3NDM5OTQwLCJyZXNwb25zZVN0YXJ0IjoxNjc1ODY3NDQwMDEzLCJyZXNwb25zZUVuZCI6MTY3NTg2NzQ0MDAxNCwiZG9tTG9hZGluZyI6MTY3NTg2NzQ0MDAxNywiZG9tSW50ZXJhY3RpdmUiOjE2NzU4Njc0NDAzMDksImRvbUNvbnRlbnRMb2FkZWRFdmVudFN0YXJ0IjoxNjc1ODY3NDQwMzIwLCJkb21Db250ZW50TG9hZGVkRXZlbnRFbmQiOjE2NzU4Njc0NDAzNzYsImRvbUNvbXBsZXRlIjoxNjc1ODY3NDQxMjIxLCJsb2FkRXZlbnRTdGFydCI6MTY3NTg2NzQ0MTIyMSwibG9hZEV2ZW50RW5kIjowfSwiZHVyYXRpb24iOjE4MjB9LCJzY2hlbWFfdmVyc2lvbiI6IjIwMjAxMTEzMDgwMzEzIiwiZXZlbnRfaWQiOiIjIyNVVUlEIyMjIiwic3lzdGVtX3R5cGUiOiJjb252ZXJzaW9uIiwic3lzdGVtX25hbWUiOiJtZXRyaWNzanMtZnJvbnRlbmQiLCJnYW1lIjoib255eCIsIm1hcmtldCI6Im5vIiwicGxheWVyX2lkIjpudWxsLCJldmVudF90eXBlIjoibWxwcyIsImNyZWF0ZWRfYXQiOiIyMDIzLTAyLTA4VDE0OjQ0OjAxLjIyM1oiLCJyZWNlaXZlZF9hdCI6bnVsbCwiaG9zdG5hbWUiOiJvbS5lbHZlbmFyLmNvbSIsImNvbnRleHQiOnsiY2F0ZWdvcnkiOiJtbHBzIiwidmlzaXRvcl9pZCI6ImY0MGIxMjI4LTU2MmMtNDFjYS05Y2ZmLTBiOTk4MmNkOTAxNiIsImZpbmdlcnByaW50IjoxMTk1NzMwODExLCJ1c2VyX2lwIjoiIyMjVVNFUl9JUCMjIyIsIm9zX3R5cGUiOiJicm93c2VyIiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wIiwibGFuZGluZ19wYWdlX2lkIjoibTExNTFhLWRhdGFvcHRpbiIsInBhcnRuZXJfcHJlZml4IjoicHduIiwiY2FtcGFpZ25faWQiOiJwd25fbm9fbm8iLCJiYW5uZXJfaWQiOm51bGwsImNyZWF0aXZlX2lkIjpudWxsLCJwdWJsaXNoZXJfaWQiOiIzMTU0X2Q4MjJlZjNhLTcxMWItNDc5NS05MTViLTZkZTg0ODRlNTRmMCIsInZpZXdwb3J0Ijp7IndpZHRoIjoxMjgwLCJoZWlnaHQiOjkzOX0sImJhY2tlbmRfcmVxdWVzdF9ldmVudF9pZCI6ImZmNTliYzZjLTgyNDUtNGU5Zi05ODI5LWU2ODNlODAzNzhlYSJ9fQ==
212.53.143.141200 OK 43 B URL HTTP/1.1 cst.innogames.de/e.gif?data=eyJldmVudF9uYW1lIjoicGFnZS1sb2FkZWQiLCJldmVudF9zY29wZSI6InN5c3RlbSIsImRhdGEiOnsidGltaW5nIjp7Im5hdmlnYXRpb25TdGFydCI6MTY3NTg2NzQzOTQwMSwidW5sb2FkRXZlbnRTdGFydCI6MCwidW5sb2FkRXZlbnRFbmQiOjAsInJlZGlyZWN0U3RhcnQiOjAsInJlZGlyZWN0RW5kIjowLCJmZXRjaFN0YXJ0IjoxNjc1ODY3NDM5NjIzLCJkb21haW5Mb29rdXBTdGFydCI6MTY3NTg2NzQzOTYyNSwiZG9tYWluTG9va3VwRW5kIjoxNjc1ODY3NDM5NjYwLCJjb25uZWN0U3RhcnQiOjE2NzU4Njc0Mzk2NjEsImNvbm5lY3RFbmQiOjE2NzU4Njc0Mzk5MzksInNlY3VyZUNvbm5lY3Rpb25TdGFydCI6MTY3NTg2NzQzOTY5MywicmVxdWVzdFN0YXJ0IjoxNjc1ODY3NDM5OTQwLCJyZXNwb25zZVN0YXJ0IjoxNjc1ODY3NDQwMDEzLCJyZXNwb25zZUVuZCI6MTY3NTg2NzQ0MDAxNCwiZG9tTG9hZGluZyI6MTY3NTg2NzQ0MDAxNywiZG9tSW50ZXJhY3RpdmUiOjE2NzU4Njc0NDAzMDksImRvbUNvbnRlbnRMb2FkZWRFdmVudFN0YXJ0IjoxNjc1ODY3NDQwMzIwLCJkb21Db250ZW50TG9hZGVkRXZlbnRFbmQiOjE2NzU4Njc0NDAzNzYsImRvbUNvbXBsZXRlIjoxNjc1ODY3NDQxMjIxLCJsb2FkRXZlbnRTdGFydCI6MTY3NTg2NzQ0MTIyMSwibG9hZEV2ZW50RW5kIjowfSwiZHVyYXRpb24iOjE4MjB9LCJzY2hlbWFfdmVyc2lvbiI6IjIwMjAxMTEzMDgwMzEzIiwiZXZlbnRfaWQiOiIjIyNVVUlEIyMjIiwic3lzdGVtX3R5cGUiOiJjb252ZXJzaW9uIiwic3lzdGVtX25hbWUiOiJtZXRyaWNzanMtZnJvbnRlbmQiLCJnYW1lIjoib255eCIsIm1hcmtldCI6Im5vIiwicGxheWVyX2lkIjpudWxsLCJldmVudF90eXBlIjoibWxwcyIsImNyZWF0ZWRfYXQiOiIyMDIzLTAyLTA4VDE0OjQ0OjAxLjIyM1oiLCJyZWNlaXZlZF9hdCI6bnVsbCwiaG9zdG5hbWUiOiJvbS5lbHZlbmFyLmNvbSIsImNvbnRleHQiOnsiY2F0ZWdvcnkiOiJtbHBzIiwidmlzaXRvcl9pZCI6ImY0MGIxMjI4LTU2MmMtNDFjYS05Y2ZmLTBiOTk4MmNkOTAxNiIsImZpbmdlcnByaW50IjoxMTk1NzMwODExLCJ1c2VyX2lwIjoiIyMjVVNFUl9JUCMjIyIsIm9zX3R5cGUiOiJicm93c2VyIiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wIiwibGFuZGluZ19wYWdlX2lkIjoibTExNTFhLWRhdGFvcHRpbiIsInBhcnRuZXJfcHJlZml4IjoicHduIiwiY2FtcGFpZ25faWQiOiJwd25fbm9fbm8iLCJiYW5uZXJfaWQiOm51bGwsImNyZWF0aXZlX2lkIjpudWxsLCJwdWJsaXNoZXJfaWQiOiIzMTU0X2Q4MjJlZjNhLTcxMWItNDc5NS05MTViLTZkZTg0ODRlNTRmMCIsInZpZXdwb3J0Ijp7IndpZHRoIjoxMjgwLCJoZWlnaHQiOjkzOX0sImJhY2tlbmRfcmVxdWVzdF9ldmVudF9pZCI6ImZmNTliYzZjLTgyNDUtNGU5Zi05ODI5LWU2ODNlODAzNzhlYSJ9fQ==
IP 212.53.143.141:0
ASN #8893 Artfiles New Media GmbH
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /e.gif?data=eyJldmVudF9uYW1lIjoicGFnZS1sb2FkZWQiLCJldmVudF9zY29wZSI6InN5c3RlbSIsImRhdGEiOnsidGltaW5nIjp7Im5hdmlnYXRpb25TdGFydCI6MTY3NTg2NzQzOTQwMSwidW5sb2FkRXZlbnRTdGFydCI6MCwidW5sb2FkRXZlbnRFbmQiOjAsInJlZGlyZWN0U3RhcnQiOjAsInJlZGlyZWN0RW5kIjowLCJmZXRjaFN0YXJ0IjoxNjc1ODY3NDM5NjIzLCJkb21haW5Mb29rdXBTdGFydCI6MTY3NTg2NzQzOTYyNSwiZG9tYWluTG9va3VwRW5kIjoxNjc1ODY3NDM5NjYwLCJjb25uZWN0U3RhcnQiOjE2NzU4Njc0Mzk2NjEsImNvbm5lY3RFbmQiOjE2NzU4Njc0Mzk5MzksInNlY3VyZUNvbm5lY3Rpb25TdGFydCI6MTY3NTg2NzQzOTY5MywicmVxdWVzdFN0YXJ0IjoxNjc1ODY3NDM5OTQwLCJyZXNwb25zZVN0YXJ0IjoxNjc1ODY3NDQwMDEzLCJyZXNwb25zZUVuZCI6MTY3NTg2NzQ0MDAxNCwiZG9tTG9hZGluZyI6MTY3NTg2NzQ0MDAxNywiZG9tSW50ZXJhY3RpdmUiOjE2NzU4Njc0NDAzMDksImRvbUNvbnRlbnRMb2FkZWRFdmVudFN0YXJ0IjoxNjc1ODY3NDQwMzIwLCJkb21Db250ZW50TG9hZGVkRXZlbnRFbmQiOjE2NzU4Njc0NDAzNzYsImRvbUNvbXBsZXRlIjoxNjc1ODY3NDQxMjIxLCJsb2FkRXZlbnRTdGFydCI6MTY3NTg2NzQ0MTIyMSwibG9hZEV2ZW50RW5kIjowfSwiZHVyYXRpb24iOjE4MjB9LCJzY2hlbWFfdmVyc2lvbiI6IjIwMjAxMTEzMDgwMzEzIiwiZXZlbnRfaWQiOiIjIyNVVUlEIyMjIiwic3lzdGVtX3R5cGUiOiJjb252ZXJzaW9uIiwic3lzdGVtX25hbWUiOiJtZXRyaWNzanMtZnJvbnRlbmQiLCJnYW1lIjoib255eCIsIm1hcmtldCI6Im5vIiwicGxheWVyX2lkIjpudWxsLCJldmVudF90eXBlIjoibWxwcyIsImNyZWF0ZWRfYXQiOiIyMDIzLTAyLTA4VDE0OjQ0OjAxLjIyM1oiLCJyZWNlaXZlZF9hdCI6bnVsbCwiaG9zdG5hbWUiOiJvbS5lbHZlbmFyLmNvbSIsImNvbnRleHQiOnsiY2F0ZWdvcnkiOiJtbHBzIiwidmlzaXRvcl9pZCI6ImY0MGIxMjI4LTU2MmMtNDFjYS05Y2ZmLTBiOTk4MmNkOTAxNiIsImZpbmdlcnByaW50IjoxMTk1NzMwODExLCJ1c2VyX2lwIjoiIyMjVVNFUl9JUCMjIyIsIm9zX3R5cGUiOiJicm93c2VyIiwidXNlcl9hZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEwNS4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEwNS4wIiwibGFuZGluZ19wYWdlX2lkIjoibTExNTFhLWRhdGFvcHRpbiIsInBhcnRuZXJfcHJlZml4IjoicHduIiwiY2FtcGFpZ25faWQiOiJwd25fbm9fbm8iLCJiYW5uZXJfaWQiOm51bGwsImNyZWF0aXZlX2lkIjpudWxsLCJwdWJsaXNoZXJfaWQiOiIzMTU0X2Q4MjJlZjNhLTcxMWItNDc5NS05MTViLTZkZTg0ODRlNTRmMCIsInZpZXdwb3J0Ijp7IndpZHRoIjoxMjgwLCJoZWlnaHQiOjkzOX0sImJhY2tlbmRfcmVxdWVzdF9ldmVudF9pZCI6ImZmNTliYzZjLTgyNDUtNGU5Zi05ODI5LWU2ODNlODAzNzhlYSJ9fQ== HTTP/1.1
Host: cst.innogames.de
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://om.elvenar.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 08 Feb 2023 14:43:06 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
X-JoinUs: We are always searching for skilled admins and passionate coders! Go to career.innogames.com and mention this header in your application!
X-SaId: 591471
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F198b8ebd-22a2-44e4-af1d-3429fb3e64bb.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F198b8ebd-22a2-44e4-af1d-3429fb3e64bb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 08d66d83f1ae9acd6e442c4dcaed2a20
8c258ac6de196f8c32f1af69e7a754da0610b090
a32b5df8fd6bea737e04679d05e9f0cc645cbe6d799329877e78f9e994a6eff6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F198b8ebd-22a2-44e4-af1d-3429fb3e64bb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 12368
x-amzn-requestid: 506be160-90b5-47a2-9f47-1f6a6af27b10
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fswBJHbeoAMFjtg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db606d-441629d063701cbe4d0c6f63;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 07:04:13 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: ee7OrYwHY-_VfNe-K_yx3dk6AXXQvwZul-79xUaZegbBXFFqUydskw==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 01:50:55 GMT
age: 46337
etag: "8c258ac6de196f8c32f1af69e7a754da0610b090"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
zuphaims.com/4/2222056
139.45.197.247200 OK 0 B IP 139.45.197.247:0
Analyzer Verdict Alert quad9 Sinkholed
GET /4/2222056 HTTP/1.1
Host: zuphaims.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 08 Feb 2023 14:43:04 GMT
content-type: text/html; charset=utf8
x-trace-id: 4ad720c54ad2e41a5d0f9b2c3e79aeac
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch", <https://deebcards-themier.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-credentials: true
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=776db78a913e44e19f20f5455c9ddb28; expires=Thu, 08 Feb 2024 14:43:04 GMT; path=/; secure; SameSite=None
oaidts=1675867384; expires=Thu, 08 Feb 2024 14:43:04 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
access-control-allow-origin: *, *
access-control-allow-methods: GET, POST, OPTIONS, POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Accept, Content-Type, Content-Length, Accept-Encoding
content-encoding: gzip
X-Firefox-Spdy: h2
click.fstrk.net/9872ed9fc22fc182d371c3e9ed316094/track?http_click_referer=&fingerprint=1fc0e685854bff881d426fe88d37b382&fs_aff_source=3154_d822ef3a-711b-4795-915b-6de8484e54f0&fs_p_id=pwn&fs_ref=pwn_no_no&fs_product_id=Elvenar&callback=jsonp1675868318463
35.190.210.193200 OK 0 B URL HTTP/2 click.fstrk.net/9872ed9fc22fc182d371c3e9ed316094/track?http_click_referer=&fingerprint=1fc0e685854bff881d426fe88d37b382&fs_aff_source=3154_d822ef3a-711b-4795-915b-6de8484e54f0&fs_p_id=pwn&fs_ref=pwn_no_no&fs_product_id=Elvenar&callback=jsonp1675868318463
IP 35.190.210.193:0
GET /9872ed9fc22fc182d371c3e9ed316094/track?http_click_referer=&fingerprint=1fc0e685854bff881d426fe88d37b382&fs_aff_source=3154_d822ef3a-711b-4795-915b-6de8484e54f0&fs_p_id=pwn&fs_ref=pwn_no_no&fs_product_id=Elvenar&callback=jsonp1675868318463 HTTP/1.1
Host: click.fstrk.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://om.elvenar.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty/1.15.8.1
date: Wed, 08 Feb 2023 14:43:06 GMT
content-type: text/plain; charset=utf-8
vary: Accept-Encoding
set-cookie: fs_cr=1675867386000; Path=/; Domain=fstrk.net
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
X-Firefox-Spdy: h2
om.elvenar.com/ox/no/?ref=pwn_no_no&pid=3154_d822ef3a-711b-4795-915b-6de8484e54f0&external_param=23f6a65ea91e4146800189d07d4c5d7f
212.48.98.37200 OK 0 B URL HTTP/2 om.elvenar.com/ox/no/?ref=pwn_no_no&pid=3154_d822ef3a-711b-4795-915b-6de8484e54f0&external_param=23f6a65ea91e4146800189d07d4c5d7f
IP 212.48.98.37:0
ASN #8893 Artfiles New Media GmbH
GET /ox/no/?ref=pwn_no_no&pid=3154_d822ef3a-711b-4795-915b-6de8484e54f0&external_param=23f6a65ea91e4146800189d07d4c5d7f HTTP/1.1
Host: om.elvenar.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: text/html; charset=UTF-8
set-cookie: PHPSESSID=92a6f7e1cf0cebb6b425a0659dea85ff; path=/; secure; HttpOnly; SameSite=None
expires: Thu, 19 Nov 1981 08:52:00 GMT
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, no-cache, private
date: Wed, 08 Feb 2023 14:43:05 GMT
x-host: 516325
content-encoding: gzip
X-Firefox-Spdy: h2
lps.innogamescdn.com/media/js/layout-vue-gdpr.49ecdc73.js
151.101.194.109200 OK 0 B URL HTTP/2 lps.innogamescdn.com/media/js/layout-vue-gdpr.49ecdc73.js
IP 151.101.194.109:0
GET /media/js/layout-vue-gdpr.49ecdc73.js HTTP/1.1
Host: lps.innogamescdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://om.elvenar.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-type: application/javascript
last-modified: Wed, 11 Jan 2023 13:20:47 GMT
etag: W/"63beb7af-509fc"
expires: Fri, 24 Feb 2023 02:25:09 GMT
cache-control: max-age=2592000
x-host: 516323
content-encoding: gzip
accept-ranges: bytes
date: Wed, 08 Feb 2023 14:43:05 GMT
via: 1.1 varnish
age: 1253876
x-served-by: cache-bma1635-BMA
x-cache: HIT
x-cache-hits: 1
x-timer: S1675867385.371411,VS0,VE1
vary: Accept-Encoding
content-length: 128458
X-Firefox-Spdy: h2