laughing-lemur.com/WW/SB/
116.203.124.201301 Moved Permanently 162 B URL HTTP/1.1 laughing-lemur.com/WW/SB/
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert fortinet Malware
GET /WW/SB/ HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Thu, 09 Feb 2023 20:27:04 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://laughing-lemur.com/WW/SB/
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 408d1564e8f59e6626e41be4106ce2e6
4149a1f17e8f7c446e7aa4963f3a49b6a00b6164
46e2e79c7977854058dec9cde88f963dd498dd235c3bb15b39a9e5ce1027d7fe
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "46E2E79C7977854058DEC9CDE88F963DD498DD235C3BB15B39A9E5CE1027D7FE"
Last-Modified: Thu, 09 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=15407
Expires: Fri, 10 Feb 2023 00:43:52 GMT
Date: Thu, 09 Feb 2023 20:27:05 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 84247d80b610d0c6da587141b21323ae
46461f8709d099f5295998f41aaafa5be4387ea6
bee5e9e0d7b4a24609950ceb40194bffb482c36152d376bb119e7cc3aba488dc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "BEE5E9E0D7B4A24609950CEB40194BFFB482C36152D376BB119E7CC3ABA488DC"
Last-Modified: Thu, 09 Feb 2023 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10164
Expires: Thu, 09 Feb 2023 23:16:29 GMT
Date: Thu, 09 Feb 2023 20:27:05 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash ff250d3ef3fa45322bf05039a0122a9f
b3e7a2c383bce1bab807dbe1a03c375258b51f1d
d07f109a96e0ae6ec7b1d46ce8761b3f06fe845769ce65d69e053dd40aa561ba
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Content-Type, Alert, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Thu, 09 Feb 2023 19:34:16 GMT
content-type: application/json
age: 3169
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 50a2f8cdbbd1059f5318753155bba7ef
405e63ea4683be44f876feae34b5cb645ff751f2
f6ac743a5a17d64d2858fec5791050d2dc8074ddd823826c93e67bffdb2f0868
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F6AC743A5A17D64D2858FEC5791050D2DC8074DDD823826C93E67BFFDB2F0868"
Last-Modified: Thu, 09 Feb 2023 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11928
Expires: Thu, 09 Feb 2023 23:45:53 GMT
Date: Thu, 09 Feb 2023 20:27:05 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e76071a28ee566dababb3834f46d68ed
aebb4e68c1ba2de0f90025283e8ed8470944fde0
78b6df2627172e5b35476bc31020f02898cdc412aaf4337af2c3b049a60912b6
GET /chains/remote-settings.content-signature.mozilla.org-2023-03-20-18-44-46.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: nAEljaKqV/OjEI8cuQvaPuVSH6IynKf90Fa6dS5fva3PBnADwTAVpUsHLuhgeNo/FbwWlWs+Obc=
x-amz-request-id: PJ5FVRQ5C4ZW04KP
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Thu, 09 Feb 2023 19:46:31 GMT
age: 2434
last-modified: Sun, 29 Jan 2023 18:44:47 GMT
etag: "e76071a28ee566dababb3834f46d68ed"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 20:27:05 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d12e91cb0f29385198f93339d38acb68
4843457f7054dc9ffae7d23a95fd1fbfd88adbb7
3e986606cef7b94263d7c0671a921879da4a50f5adedc3034a0d0507a8001d83
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E986606CEF7B94263D7C0671A921879DA4A50F5ADEDC3034A0D0507A8001D83"
Last-Modified: Wed, 08 Feb 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10872
Expires: Thu, 09 Feb 2023 23:28:17 GMT
Date: Thu, 09 Feb 2023 20:27:05 GMT
Connection: keep-alive
laughing-lemur.com/WW/SB/style.css
116.203.124.201200 OK 2.3 kB URL HTTP/2 laughing-lemur.com/WW/SB/style.css
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type ASCII text, with very long lines (2332), with no line terminators
Hash 955c1d9b95fb7c9b743726bffc073da7
60ef6f9baf9211f74d765370f2c9565171bb0711
79e220d0cc09b63de81927cf8f76ac3f29b928a61f7dbd022e9124993e600d4f
GET /WW/SB/style.css HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 20:27:05 GMT
content-type: text/css
content-length: 2332
last-modified: Tue, 27 Sep 2022 13:47:04 GMT
etag: "6332fed8-91c"
expires: Thu, 16 Feb 2023 20:27:05 GMT
cache-control: max-age=604800
accept-ranges: bytes
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/logo.png
116.203.124.201200 OK 947 B URL HTTP/2 laughing-lemur.com/WW/SB/logo.png
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash 33945cc89eb107c9dc76a136c80d334f
20345714ea8b7a13a5a26b78d76a2d370516d1e8
b7abb33953367ca8cbd7992cfac8d74385407227e3de75105ee9cfbf38070a41
GET /WW/SB/logo.png HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 20:27:05 GMT
content-type: image/png
content-length: 947
last-modified: Tue, 27 Sep 2022 13:47:05 GMT
etag: "6332fed9-3b3"
expires: Sat, 11 Mar 2023 20:27:05 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/bet365.jpg
116.203.124.201200 OK 4.3 kB URL HTTP/2 laughing-lemur.com/WW/SB/bet365.jpg
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 99x50, components 3\012- data
Hash e45e084e8d23cf8f6464881cba24261c
db7b875f455f5c8b22c1402d82390f94096815e2
63aad7331d7e736a0c7d78bf605358194aed3befe6702c8606b6c5e43f34a469
GET /WW/SB/bet365.jpg HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 20:27:05 GMT
content-type: image/jpeg
content-length: 4270
last-modified: Tue, 27 Sep 2022 13:47:04 GMT
etag: "6332fed8-10ae"
expires: Sat, 11 Mar 2023 20:27:05 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/arrow.png
116.203.124.201200 OK 343 B URL HTTP/2 laughing-lemur.com/WW/SB/arrow.png
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 12 x 11, 8-bit/color RGBA, non-interlaced\012- data
Hash c73ad1b4a907d4d7a112253bd6d326fb
29f9917836224c3d7188c1a0e24b5bb81e2bf462
5f43899197d72dd57f227ae6741b80791fd187b8f11bad546dffbaf2e3743523
GET /WW/SB/arrow.png HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 20:27:05 GMT
content-type: image/png
content-length: 343
last-modified: Tue, 27 Sep 2022 13:47:04 GMT
etag: "6332fed8-157"
expires: Sat, 11 Mar 2023 20:27:05 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/888.jpg
116.203.124.201200 OK 2.6 kB URL HTTP/2 laughing-lemur.com/WW/SB/888.jpg
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 97x49, components 3\012- data
Hash 6e181a5198429bd5dc35c1a92f12e151
0c8682a58ee05fefe9da3c0cce995efaadf89398
a8e15586ce9e1f0e25da37516d4aa232bc0b14eaca4edc1c2bd2f03dbc8026f6
GET /WW/SB/888.jpg HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 20:27:05 GMT
content-type: image/jpeg
content-length: 2647
last-modified: Tue, 27 Sep 2022 13:47:04 GMT
etag: "6332fed8-a57"
expires: Sat, 11 Mar 2023 20:27:05 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 764f6498bfc9fce44fcfaca97119697f
d285cc1f81ca9f23891ff68c2380e0f9e9e96e0c
8d1b5c3b41446c6b296d3a8c96bfdfca8f1a68cc8aa2008ea1b86a8194281f5e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
laughing-lemur.com/WW/SB/ggbet1.jpg
116.203.124.201200 OK 3.4 kB URL HTTP/2 laughing-lemur.com/WW/SB/ggbet1.jpg
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 98 x 58, 8-bit/color RGBA, non-interlaced\012- data
Hash b674463255d4bf4035b934e400a9b4ae
3bc0701cf4ce1649700c74f1c39c6b69ab20fab6
1a3863425abe5597f1ab325154a20b2d7c1104df0ff1cda7aef6ef00aa46d4f4
GET /WW/SB/ggbet1.jpg HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 20:27:05 GMT
content-type: image/jpeg
content-length: 3350
last-modified: Tue, 27 Sep 2022 13:47:05 GMT
etag: "6332fed9-d16"
expires: Sat, 11 Mar 2023 20:27:05 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/begambleaware.png
116.203.124.201200 OK 2.8 kB URL HTTP/2 laughing-lemur.com/WW/SB/begambleaware.png
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 116 x 28, 8-bit/color RGBA, non-interlaced\012- data
Hash c994f474dca6804ccc5d9fcbd825c127
3bef6c2a02045cb8e3643462f11824c4cf3d7832
8afe943621b346d68d17f9764c8b1890d92459d738025bbf7ab6f79f6b2fa89f
GET /WW/SB/begambleaware.png HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 20:27:05 GMT
content-type: image/png
content-length: 2804
last-modified: Tue, 27 Sep 2022 13:47:04 GMT
etag: "6332fed8-af4"
expires: Sat, 11 Mar 2023 20:27:05 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/gamcare.png
116.203.124.201200 OK 1.1 kB URL HTTP/2 laughing-lemur.com/WW/SB/gamcare.png
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 7bdf9f20366b5636bc698de6e866ffc2
bbef31f004b068961441662ac0e7699905282dd9
70f114ad6d1b1bded9a33e3065aef7d7fbd39da53c8af508321a2ebce6d0e1f7
GET /WW/SB/gamcare.png HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 20:27:05 GMT
content-type: image/png
content-length: 1100
last-modified: Tue, 27 Sep 2022 13:47:05 GMT
etag: "6332fed9-44c"
expires: Sat, 11 Mar 2023 20:27:05 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/18.png
116.203.124.201200 OK 1.5 kB URL HTTP/2 laughing-lemur.com/WW/SB/18.png
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced\012- data
Hash 87d2ca45eb79db526b5d40919e3aabde
0b49095eb96eeff3651587f3a7f985d929227285
c2df13c5fde252964991099d203d6f5f12e0db23d9cf8971e89475fccc8776c1
GET /WW/SB/18.png HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 20:27:05 GMT
content-type: image/png
content-length: 1468
last-modified: Tue, 27 Sep 2022 13:47:04 GMT
etag: "6332fed8-5bc"
expires: Sat, 11 Mar 2023 20:27:05 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 764f6498bfc9fce44fcfaca97119697f
d285cc1f81ca9f23891ff68c2380e0f9e9e96e0c
8d1b5c3b41446c6b296d3a8c96bfdfca8f1a68cc8aa2008ea1b86a8194281f5e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
securely-send.com/storage/CMdP1H3Z9HlefCQpTg5ix1xhs3juAfSK.js
161.35.78.172200 OK 37 kB URL HTTP/2 securely-send.com/storage/CMdP1H3Z9HlefCQpTg5ix1xhs3juAfSK.js
IP 161.35.78.172:0
ASN #14061 DIGITALOCEAN-ASN
File type ASCII text, with very long lines (36785), with no line terminators
Hash 3c0cb3af71f121d56d51f3bd00d7f9ba
7c7730e3057f3412e1149edf436bbbe24a8b0034
e2cd5a61924ab39babd7f2deb8c5a9709d08faab2e6def8ceb1329f4c3d7dfde
Analyzer Verdict Alert fortinet Phishing
GET /storage/CMdP1H3Z9HlefCQpTg5ix1xhs3juAfSK.js HTTP/1.1
Host: securely-send.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Thu, 09 Feb 2023 20:27:05 GMT
content-type: application/javascript; charset=utf-8
content-length: 36785
last-modified: Tue, 17 Jan 2023 14:00:34 GMT
etag: "63c6aa02-8fb1"
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 4f2f88314f749d4c7a7e191f6048e567
664f0e39dd5da0a254653709a6e5c7758796e7b1
06b8f63716968fbcda99cab5960c2629c985a2886f78fcb674b981e88486ae79
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
142.250.74.35200 OK 31 kB URL HTTP/2 fonts.gstatic.com/s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 30928, version 1.0\012- data
Hash ac0d2859ea5f8fd6bcb3c305c08ec184
7f6c17e3e592cd8bd346b9cc261d8dd961b8aef7
ae919a7c9f25f0fd97fc18e398ae8e453fcaae487e4a4cb4f896e7fecde4a780
GET /s/montserrat/v25/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://laughing-lemur.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 30928
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 03 Feb 2023 07:08:09 GMT
expires: Sat, 03 Feb 2024 07:08:09 GMT
cache-control: public, max-age=31536000
age: 566336
last-modified: Mon, 11 Jul 2022 18:57:39 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;600&display=swap
142.250.74.106200 OK 297 kB URL HTTP/2 fonts.googleapis.com/css2?family=Montserrat:wght@300;400;500;600&display=swap
IP 142.250.74.106:0
Size 297 kB (297245 bytes)
Hash 579b364c4af08a24899fc98b057b603d
c5040189c9de24303878c428eada608898b2ced3
334cd55cad343a7af44bd831da2c5a276ed6f26f3c81bb3b1da4d1700643d480
GET /css2?family=Montserrat:wght@300;400;500;600&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Thu, 09 Feb 2023 20:27:05 GMT
date: Thu, 09 Feb 2023 20:27:05 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Expires, Retry-After, Content-Length, Content-Type, ETag, Cache-Control, Alert, Pragma, Backoff, Last-Modified
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Thu, 09 Feb 2023 20:14:53 GMT
age: 732
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 471 B IP 142.250.74.163:0
Hash 986afab4bad851da3c4a2b8db670c876
c58b7142ce3bebda918b77649973715dbd71b4d2
24e4025e6576d86e781fd0861a0a87338b7b5d52b9e559ae76ca52755cc3a865
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 248ce16379b12f11927ecc3142aec450
fa5b189f2d9182479170cb61cc1723571e437bd2
a8d259b331bdefb00625b9bf057d44d0b3290fda0734c57eda187b04e23d59d4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A8D259B331BDEFB00625B9BF057D44D0B3290FDA0734C57EDA187B04E23D59D4"
Last-Modified: Wed, 08 Feb 2023 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10189
Expires: Thu, 09 Feb 2023 23:16:55 GMT
Date: Thu, 09 Feb 2023 20:27:06 GMT
Connection: keep-alive
laughing-lemur.com/favicon.ico
116.203.124.201200 OK 32 kB URL HTTP/2 laughing-lemur.com/favicon.ico
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
File type MS Windows icon resource - 4 icons, 64x64, 32 bits/pixel, 48x48, 32 bits/pixel\012- data
Hash cc859fa0d6660ee587b0edcd03744dd7
7f36f62ca571d94292242f777bce7cce55c55065
f476190c67553763999acc4d90f8f0257828e7eb0728bc2bef0a8dae7d83cf02
GET /favicon.ico HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 20:27:06 GMT
content-type: image/x-icon
content-length: 32038
last-modified: Wed, 13 Oct 2021 10:42:35 GMT
etag: "6166b81b-7d26"
expires: Sat, 11 Mar 2023 20:27:06 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 278 B IP 93.184.220.29:0
Hash 328c32ce8fe90eb1964e50f4290c0f58
ddd01f9d3bdd99f77db3f834d9231f82b99ec15a
719df9b2067d7dd6c614ef7fd7a2a518d4d2b5cf62953ae9f58af122ff1b491d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4571
Cache-Control: max-age=105253
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Etag: "63e43d64-116"
Expires: Sat, 11 Feb 2023 01:41:19 GMT
Last-Modified: Thu, 09 Feb 2023 00:25:08 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 278
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash d50e5874792c0fb9622058261d8ac866
7ae248b878cd1d6a30ad0c5be7f76c09caaf28f9
99e2e184d26178f8b408b28beaab82755a73f7a9f2d7f7ae198469855914676f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6388
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Etag: "63e40aa5-118"
Last-Modified: Thu, 09 Feb 2023 18:40:38 GMT
Server: ECS (amb/6BBF)
X-Cache: HIT
Content-Length: 280
www.bet365.com/olp/open-account?affiliate=365_01211427
5.226.179.10200 OK 4.6 kB URL HTTP/1.1 www.bet365.com/olp/open-account?affiliate=365_01211427
IP 5.226.179.10:0
ASN #209242 Cloudflare London, LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with CRLF line terminators
Hash e2163284e97c57b43e5745b89513863e
100589509e7d9a667c27f002cb605759b8495c31
88635c2f9dff3908b5fdf93278afbe008e672828f6357afa8c7bc9f6ba117ce7
GET /olp/open-account?affiliate=365_01211427 HTTP/1.1
Host: www.bet365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 20:27:06 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ServerDetails: <!--1P1 - 78-->
CF-Cache-Status: DYNAMIC
Set-Cookie: __cf_bm=CdpgWZmSuaOZP8F_dBKdAV9yglIipDJ2LPXsNdrHb_o-1675974426-0-AVqxHhkmUScKD/5O/IoLKSeRBa8BN6HB3f4hdr902XHcAqJ1Oa9B4acGxtrSZqg+mUJHLneXRsdzC4SdEbRTQ0w=; path=/; expires=Thu, 09-Feb-23 20:57:06 GMT; domain=.bet365.com; HttpOnly; Secure; SameSite=None
Server: cloudflare
CF-RAY: 796f5802fca0b4f7-OSL
status.thawte.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b18d165eaebe465ab2589aa8124d4e24
07c97b82ba869f5b2107b1e81f80e4df78a86618
97ee202f7fc8a8ff739fa588fc9358cd651b0b1d44683dbb754145317a24e2da
POST / HTTP/1.1
Host: status.thawte.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2942
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Last-Modified: Thu, 09 Feb 2023 19:38:04 GMT
Server: ECS (ska/F716)
X-Cache: HIT
Content-Length: 471
www.bet365.com/olpc/nn/143/0/1/open-account
5.226.179.10200 OK 13 kB URL HTTP/1.1 www.bet365.com/olpc/nn/143/0/1/open-account
IP 5.226.179.10:0
ASN #209242 Cloudflare London, LLC
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2285), with CRLF line terminators
Hash d92094801b93fe020399ea5ce3be22a2
fc23a163778859468b9e8130f1b0a615f5e39d1d
a322357909aba9c6c4570d9d9a707ee0689e7c26e6e403916f2621e787fb3f6e
GET /olpc/nn/143/0/1/open-account HTTP/1.1
Host: www.bet365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bet365.com/olp/open-account?affiliate=365_01211427
Cookie: __cf_bm=CdpgWZmSuaOZP8F_dBKdAV9yglIipDJ2LPXsNdrHb_o-1675974426-0-AVqxHhkmUScKD/5O/IoLKSeRBa8BN6HB3f4hdr902XHcAqJ1Oa9B4acGxtrSZqg+mUJHLneXRsdzC4SdEbRTQ0w=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 20:27:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 12844
Connection: keep-alive
Cache-Control: private
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Security-Policy: default-src 'self';script-src 'self' 'unsafe-inline' https://www.googletagmanager.com;frame-src 'self' http://members.bet365.com 'nonce-DVeh+BqKNEl0iLlCsHwwaXHmlQYMlNS9JdS6VojAagI=';style-src 'self' 'unsafe-inline';img-src 'self' data: https://content001.bet365.com/ https://content001.bet365.com/SportsContent/ 'nonce-DVeh+BqKNEl0iLlCsHwwaXHmlQYMlNS9JdS6VojAagI=';connect-src 'self' https://www.google-analytics.com http://members.bet365.com https://extra.bet365.com 'nonce-DVeh+BqKNEl0iLlCsHwwaXHmlQYMlNS9JdS6VojAagI=';font-src 'self' data: 'nonce-DVeh+BqKNEl0iLlCsHwwaXHmlQYMlNS9JdS6VojAagI=';
Last-Modified: Thu, 09 Feb 2023 14:38:10 GMT
CF-Cache-Status: HIT
Age: 6529
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 796f5803bdabb4f7-OSL
ic.aff-handler.com/c/47824?sr=1860383
217.147.127.42302 Found 319 B URL HTTP/1.1 ic.aff-handler.com/c/47824?sr=1860383
IP 217.147.127.42:0
ASN #201071 Virtual Internet Services Limited
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash d5a9d6910b34e7b111656749c1fbd555
19f4344413e7fd0bd195871d89494cd5d8c70281
cdc0ba615c731ee56dbd41ebb3a2b5b3f5f22a269e6a661faedd2510280c8ba9
GET /c/47824?sr=1860383 HTTP/1.1
Host: ic.aff-handler.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: 0
Location: https://www.888casino.com/promotions/welcome-bonus-offer/#tc?sr=1860383&mm_id=47824&utm_source=aff&utm_medium=casap&utm_content=100136647&utm_campaign=100136647_1860383_nodescription
Server:
X-AspNetMvc-Version: 4.0
Set-Cookie: uffiliate_click_47824_1860383_=uffiliate_click_47824_1860383_; expires=Sat, 11-Mar-2023 20:27:06 GMT; path=/; SameSite=None; Secure
srv: 1231321
Date: Thu, 09 Feb 2023 20:27:05 GMT
Content-Length: 319
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash d50e5874792c0fb9622058261d8ac866
7ae248b878cd1d6a30ad0c5be7f76c09caaf28f9
99e2e184d26178f8b408b28beaab82755a73f7a9f2d7f7ae198469855914676f
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6388
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Last-Modified: Thu, 09 Feb 2023 18:40:38 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 737ee6af9809e44c078c61769b2e65f5
8fa5ac57358b98b08ee99db57f01371779d0de70
68ba4fd3978c17529d14e8296960da9fdc803d5baf1c3c04fec74411ead13509
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 991
Cache-Control: max-age=89071
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Etag: "63e40c2a-117"
Expires: Fri, 10 Feb 2023 21:11:37 GMT
Last-Modified: Wed, 08 Feb 2023 20:55:06 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
www.bet365.com/olpc/Content/Fonts/FTN45__W.woff2
5.226.179.10200 OK 46 kB URL HTTP/1.1 www.bet365.com/olpc/Content/Fonts/FTN45__W.woff2
IP 5.226.179.10:0
ASN #209242 Cloudflare London, LLC
File type Web Open Font Format (Version 2), TrueType, length 45892, version 1.590\012- data
Hash e3596a29429736364ebfef73786a55ab
7bd9b6b18b0985c080d520610c0ab74a128d71bd
6e28311fc68644a88a32df782c7371991894bc6a6a81f8ff70f971b4470c3751
GET /olpc/Content/Fonts/FTN45__W.woff2 HTTP/1.1
Host: www.bet365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bet365.com/olpc/nn/143/0/1/open-account
Cookie: __cf_bm=CdpgWZmSuaOZP8F_dBKdAV9yglIipDJ2LPXsNdrHb_o-1675974426-0-AVqxHhkmUScKD/5O/IoLKSeRBa8BN6HB3f4hdr902XHcAqJ1Oa9B4acGxtrSZqg+mUJHLneXRsdzC4SdEbRTQ0w=
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 20:27:06 GMT
Content-Length: 45892
Connection: keep-alive
Last-Modified: Thu, 09 Feb 2023 18:37:41 GMT
CF-Cache-Status: HIT
Age: 5747
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796f58042e56b4f7-OSL
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash fe5809f86383be4ef7cd85b1c7433bdd
f97f924005c31bb4ee148213ddc54f5f66b8415e
d63c85d89684ea96d46e7b17a59536e5d2d10d44acaba2f2a6a01913334cc0e7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6388
Cache-Control: max-age=104512
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Etag: "63e43366-117"
Expires: Sat, 11 Feb 2023 01:28:58 GMT
Last-Modified: Wed, 08 Feb 2023 23:42:30 GMT
Server: ECS (amb/6BBF)
X-Cache: HIT
Content-Length: 279
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash c401431df81ddb15caa41c0dd46d1e89
1425acaf4f62be49ed25a6ed3ee9ea9f4b64cc27
728bea4c87ad7bdc5e5755af61323951bdd7604698a67360e38837131b20c426
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.bet365.com/olpc/olpc-scripts.js?v=QiTdi93Kjo0gOLPeEMbGjBwZr56JrtuCD56Ga17ZGYM1
5.226.179.10200 OK 10 kB URL HTTP/1.1 www.bet365.com/olpc/olpc-scripts.js?v=QiTdi93Kjo0gOLPeEMbGjBwZr56JrtuCD56Ga17ZGYM1
IP 5.226.179.10:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (29663), with no line terminators
Hash c8c98c853fd59ed983bce0aba30cf701
f923bfe2192a18cd77057e0d903b2c836b7a6004
1e79a0fec6fd042aa473e69ac2b1227595b52138784c2aeed59a02ec1e8660fa
GET /olpc/olpc-scripts.js?v=QiTdi93Kjo0gOLPeEMbGjBwZr56JrtuCD56Ga17ZGYM1 HTTP/1.1
Host: www.bet365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bet365.com/olpc/nn/143/0/1/open-account
Cookie: __cf_bm=CdpgWZmSuaOZP8F_dBKdAV9yglIipDJ2LPXsNdrHb_o-1675974426-0-AVqxHhkmUScKD/5O/IoLKSeRBa8BN6HB3f4hdr902XHcAqJ1Oa9B4acGxtrSZqg+mUJHLneXRsdzC4SdEbRTQ0w=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 20:27:06 GMT
Content-Type: text/javascript; charset=utf-8
Content-Length: 9965
Connection: keep-alive
Cache-Control: public
Content-Encoding: gzip
Expires: Fri, 09 Feb 2024 18:37:36 GMT
Last-Modified: Thu, 09 Feb 2023 18:37:36 GMT
Vary: User-Agent,Accept-Encoding
CF-Cache-Status: HIT
Age: 6531
Accept-Ranges: bytes
Server: cloudflare
CF-RAY: 796f58044e8fb4f7-OSL
www.bet365.com/olpc/olpc-styles.css?v=OUCNRoz5UJA_hlonvvM-zKypUxxoB69C1PKm61WNx101
5.226.179.10200 OK 128 kB URL HTTP/1.1 www.bet365.com/olpc/olpc-styles.css?v=OUCNRoz5UJA_hlonvvM-zKypUxxoB69C1PKm61WNx101
IP 5.226.179.10:0
ASN #209242 Cloudflare London, LLC
File type Unicode text, UTF-8 text, with very long lines (335), with CRLF line terminators
Size 128 kB (128522 bytes)
Hash 70c566a3f45d214eb461698a7039aeec
91577629b42f6b6feac44540599606e777922121
572bcd269e50b62ebdd6b42cd36e0e0bc62796cfbe975dc375547674619ce655
GET /olpc/olpc-styles.css?v=OUCNRoz5UJA_hlonvvM-zKypUxxoB69C1PKm61WNx101 HTTP/1.1
Host: www.bet365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bet365.com/olpc/nn/143/0/1/open-account
Cookie: __cf_bm=CdpgWZmSuaOZP8F_dBKdAV9yglIipDJ2LPXsNdrHb_o-1675974426-0-AVqxHhkmUScKD/5O/IoLKSeRBa8BN6HB3f4hdr902XHcAqJ1Oa9B4acGxtrSZqg+mUJHLneXRsdzC4SdEbRTQ0w=
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 20:27:06 GMT
Content-Type: text/css; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public
Content-Encoding: gzip
Expires: Fri, 09 Feb 2024 14:37:47 GMT
Last-Modified: Thu, 09 Feb 2023 14:37:47 GMT
Vary: User-Agent,Accept-Encoding
CF-Cache-Status: HIT
Age: 6531
Server: cloudflare
CF-RAY: 796f58044e5e0b4d-OSL
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a8e7321e3a76678d715453736096ce7d
5911d23c66de937df2f3ad200e0397ad38859751
d631225648980ee1a8470b814068f79b3e800f08c431c22a60a9db1ef7282c32
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1206
Cache-Control: max-age=97925
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Etag: "63e42de9-117"
Expires: Fri, 10 Feb 2023 23:39:11 GMT
Last-Modified: Wed, 08 Feb 2023 23:19:05 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash a8e7321e3a76678d715453736096ce7d
5911d23c66de937df2f3ad200e0397ad38859751
d631225648980ee1a8470b814068f79b3e800f08c431c22a60a9db1ef7282c32
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1206
Cache-Control: max-age=97925
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Etag: "63e42de9-117"
Expires: Fri, 10 Feb 2023 23:39:11 GMT
Last-Modified: Wed, 08 Feb 2023 23:19:05 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
www.googletagmanager.com/gtm.js?id=GTM-T2BKDHM
142.250.74.168200 OK 40 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-T2BKDHM
IP 142.250.74.168:0
File type ASCII text, with very long lines (1759)
Hash b7adb8dbb0ddc1b37b48cc4baee58dd0
3aed76f114028bd9ec25763b41380027e3336137
ed66f6f6d6db185da44af3bff3a88ca1668997562d66fa79558b4a2c60d040d4
GET /gtm.js?id=GTM-T2BKDHM HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bet365.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Thu, 09 Feb 2023 20:27:06 GMT
expires: Thu, 09 Feb 2023 20:27:06 GMT
cache-control: private, max-age=900
last-modified: Thu, 09 Feb 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 40293
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.bet365.com/members/services/host/Scripts/js/ProductCommon_v1.js?async
5.226.179.10200 OK 693 B URL HTTP/1.1 www.bet365.com/members/services/host/Scripts/js/ProductCommon_v1.js?async
IP 5.226.179.10:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (988), with no line terminators
Hash 1e7b3646ba472cabab4d9bf4167ef55c
49c3904e7c6b0f7e26b812990a8773dacc524612
37185b9fc8d8c4c95cd7e6ebfa5c90244784c6a3f6a0374716d6dc0b68eee60b
GET /members/services/host/Scripts/js/ProductCommon_v1.js?async HTTP/1.1
Host: www.bet365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bet365.com/olpc/nn/143/0/1/open-account
Cookie: __cf_bm=CdpgWZmSuaOZP8F_dBKdAV9yglIipDJ2LPXsNdrHb_o-1675974426-0-AVqxHhkmUScKD/5O/IoLKSeRBa8BN6HB3f4hdr902XHcAqJ1Oa9B4acGxtrSZqg+mUJHLneXRsdzC4SdEbRTQ0w=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 20:27:06 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
x-bet-hop: 1
Content-Encoding: gzip
Last-Modified: Thu, 09 Feb 2023 20:27:06 GMT
CF-Cache-Status: MISS
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796f58045a49b509-OSL
push.services.mozilla.com/
52.41.18.18101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 52.41.18.18:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Cx8BKeqAW8ptWoubfaOgGA==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: HE1ElUq6VIvZyLz1jAvEdSjxD9M=
www.bet365.com/members/services/host/Scripts/js/ProductCommon_v1.js
5.226.179.10200 OK 3.6 kB URL HTTP/1.1 www.bet365.com/members/services/host/Scripts/js/ProductCommon_v1.js
IP 5.226.179.10:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (9857), with no line terminators
Hash 8526418443f6bcfead67615247d3e38a
6935cb6ce3e37192afcd3d08ec3b2d9c18035d20
49fa8353e8973f41c38723a669bd3200fd658ba87d6c121eb45da4af631825aa
GET /members/services/host/Scripts/js/ProductCommon_v1.js HTTP/1.1
Host: www.bet365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bet365.com/olpc/nn/143/0/1/open-account
Cookie: __cf_bm=CdpgWZmSuaOZP8F_dBKdAV9yglIipDJ2LPXsNdrHb_o-1675974426-0-AVqxHhkmUScKD/5O/IoLKSeRBa8BN6HB3f4hdr902XHcAqJ1Oa9B4acGxtrSZqg+mUJHLneXRsdzC4SdEbRTQ0w=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 20:27:06 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Expires: 0
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache
x-bet-hop: 1
Content-Encoding: gzip
Last-Modified: Thu, 09 Feb 2023 20:27:06 GMT
CF-Cache-Status: MISS
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796f58044c800b49-OSL
ocsp.pki.goog/gts1c3
142.250.74.163200 OK 472 B IP 142.250.74.163:0
Hash c401431df81ddb15caa41c0dd46d1e89
1425acaf4f62be49ed25a6ed3ee9ea9f4b64cc27
728bea4c87ad7bdc5e5755af61323951bdd7604698a67360e38837131b20c426
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
members.bet365.com/Members/Helpers/DefaultAff.aspx?affiliate=365_01211427
5.226.179.10200 OK 177 B URL HTTP/1.1 members.bet365.com/Members/Helpers/DefaultAff.aspx?affiliate=365_01211427
IP 5.226.179.10:0
ASN #209242 Cloudflare London, LLC
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 475774a26d4f30240a3534bcbd2fd161
9fd7b986673786b4fc80943b330bd1c03256049e
f7541d6ca43b4da74a89ec05885dceabf1a4af132d36326cf7974a47c904c811
GET /Members/Helpers/DefaultAff.aspx?affiliate=365_01211427 HTTP/1.1
Host: members.bet365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bet365.com/
Cookie: __cf_bm=CdpgWZmSuaOZP8F_dBKdAV9yglIipDJ2LPXsNdrHb_o-1675974426-0-AVqxHhkmUScKD/5O/IoLKSeRBa8BN6HB3f4hdr902XHcAqJ1Oa9B4acGxtrSZqg+mUJHLneXRsdzC4SdEbRTQ0w=
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 20:27:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 177
Connection: keep-alive
Cache-Control: private
Content-Encoding: gzip
Vary: Accept-Encoding
ME-Redirect: PQB
Set-Cookie: Affiliates=Code=365_01211427%2f166711913865&prd=Sports; domain=.bet365.com; expires=Sun, 26-Mar-2023 19:27:06 GMT; path=/; secure
session=processform=0; path=/; secure
pstk=D63EBCD8CC7894FBBF9FA25A9EED2410000003; domain=.bet365.com; path=/; secure
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 796f58044ce2b4e8-OSL
content001.bet365.com/SportsContent/Global/Footer/eCogra-Horizontal2x.png
5.226.179.10200 OK 1.7 kB URL HTTP/1.1 content001.bet365.com/SportsContent/Global/Footer/eCogra-Horizontal2x.png
IP 5.226.179.10:0
ASN #209242 Cloudflare London, LLC
File type PNG image data, 206 x 48, 8-bit colormap, non-interlaced\012- data
Hash 9c970e4a7854f871873d7b1401701536
2236689845834104a586507057840c7229c7353c
d0438c85b7b5f9c21ac9a1975ccd12464f5f8cbf15d3353ee700e2617f913349
GET /SportsContent/Global/Footer/eCogra-Horizontal2x.png HTTP/1.1
Host: content001.bet365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bet365.com/
Cookie: __cf_bm=CdpgWZmSuaOZP8F_dBKdAV9yglIipDJ2LPXsNdrHb_o-1675974426-0-AVqxHhkmUScKD/5O/IoLKSeRBa8BN6HB3f4hdr902XHcAqJ1Oa9B4acGxtrSZqg+mUJHLneXRsdzC4SdEbRTQ0w=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 20:27:06 GMT
Content-Type: image/png
Content-Length: 1671
Connection: keep-alive
Last-Modified: Wed, 11 Aug 2021 10:23:12 GMT
Timing-Allow-Origin: *
CF-Cache-Status: HIT
Expires: Tue, 14 Feb 2023 20:27:06 GMT
Cache-Control: public, max-age=432000
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796f5804fc25b515-OSL
content001.bet365.com/SportsContent/Global/Footer/SPORTSX2-18.png
5.226.179.10200 OK 4.4 kB URL HTTP/1.1 content001.bet365.com/SportsContent/Global/Footer/SPORTSX2-18.png
IP 5.226.179.10:0
ASN #209242 Cloudflare London, LLC
File type PNG image data, 65 x 65, 8-bit/color RGBA, non-interlaced\012- data
Hash 097b1799e6f2ab026f137f91b4627384
fd6a5222f5743cccc954a311b6d30b4125179244
5af616c5e6ad0d97aa233ed4644776ca94de0cfb1a653844d8a5d9ee46e756af
GET /SportsContent/Global/Footer/SPORTSX2-18.png HTTP/1.1
Host: content001.bet365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bet365.com/
Cookie: __cf_bm=CdpgWZmSuaOZP8F_dBKdAV9yglIipDJ2LPXsNdrHb_o-1675974426-0-AVqxHhkmUScKD/5O/IoLKSeRBa8BN6HB3f4hdr902XHcAqJ1Oa9B4acGxtrSZqg+mUJHLneXRsdzC4SdEbRTQ0w=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 20:27:06 GMT
Content-Type: image/png
Content-Length: 4400
Connection: keep-alive
Last-Modified: Fri, 20 Mar 2015 09:13:01 GMT
Timing-Allow-Origin: *
CF-Cache-Status: HIT
Expires: Tue, 14 Feb 2023 20:27:06 GMT
Cache-Control: public, max-age=432000
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796f5804f98bb521-OSL
www.bet365.com/members/services/host/Scripts/js/ProductCommon_v1.js?seed=AABuwzeGAQAAhqrK_PK5DVU1WgAdARPIThWPrWs7tFsKZfRiUB6LVLM_r4qR&PIRXTcSdwp--z=q
5.226.179.10200 OK 180 kB URL HTTP/1.1 www.bet365.com/members/services/host/Scripts/js/ProductCommon_v1.js?seed=AABuwzeGAQAAhqrK_PK5DVU1WgAdARPIThWPrWs7tFsKZfRiUB6LVLM_r4qR&PIRXTcSdwp--z=q
IP 5.226.179.10:0
ASN #209242 Cloudflare London, LLC
File type ASCII text, with very long lines (65536), with no line terminators
Size 180 kB (179758 bytes)
Hash 2664d50bc147165838a26bbe139f7d81
de50da65f3249826ae55bd3ce5b536976f608761
33a81da274d4c791e318226b307cbab5ee261e74ef178ed10dac563ef6c00152
GET /members/services/host/Scripts/js/ProductCommon_v1.js?seed=AABuwzeGAQAAhqrK_PK5DVU1WgAdARPIThWPrWs7tFsKZfRiUB6LVLM_r4qR&PIRXTcSdwp--z=q HTTP/1.1
Host: www.bet365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bet365.com/olpc/nn/143/0/1/open-account
Cookie: __cf_bm=CdpgWZmSuaOZP8F_dBKdAV9yglIipDJ2LPXsNdrHb_o-1675974426-0-AVqxHhkmUScKD/5O/IoLKSeRBa8BN6HB3f4hdr902XHcAqJ1Oa9B4acGxtrSZqg+mUJHLneXRsdzC4SdEbRTQ0w=
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 20:27:06 GMT
Content-Type: application/javascript; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: public, max-age=3600, immutable
x-bet-hop: 1
Content-Encoding: gzip
Last-Modified: Thu, 09 Feb 2023 20:00:00 GMT
CF-Cache-Status: HIT
Age: 1624
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796f58053f580b4d-OSL
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash fe5809f86383be4ef7cd85b1c7433bdd
f97f924005c31bb4ee148213ddc54f5f66b8415e
d63c85d89684ea96d46e7b17a59536e5d2d10d44acaba2f2a6a01913334cc0e7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6388
Cache-Control: max-age=104512
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Etag: "63e43366-117"
Expires: Sat, 11 Feb 2023 01:28:58 GMT
Last-Modified: Wed, 08 Feb 2023 23:42:30 GMT
Server: ECS (ska/F70B)
X-Cache: HIT
Content-Length: 279
content001.bet365.com/SportsContent/Global/Footer/SPORTSX1-ESSA_2.png
5.226.179.10200 OK 6.4 kB URL HTTP/1.1 content001.bet365.com/SportsContent/Global/Footer/SPORTSX1-ESSA_2.png
IP 5.226.179.10:0
ASN #209242 Cloudflare London, LLC
File type PNG image data, 162 x 35, 8-bit/color RGBA, non-interlaced\012- data
Hash 1b8c19b189cccdda7105465a474c9b4d
6ef1cecd283f484606c987259e06a22ff3aff7ae
101ca051649af6826119108f51311f70b4d58e94242c8877a2b8a9247b90f54f
GET /SportsContent/Global/Footer/SPORTSX1-ESSA_2.png HTTP/1.1
Host: content001.bet365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bet365.com/
Cookie: __cf_bm=CdpgWZmSuaOZP8F_dBKdAV9yglIipDJ2LPXsNdrHb_o-1675974426-0-AVqxHhkmUScKD/5O/IoLKSeRBa8BN6HB3f4hdr902XHcAqJ1Oa9B4acGxtrSZqg+mUJHLneXRsdzC4SdEbRTQ0w=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 20:27:06 GMT
Content-Type: image/png
Content-Length: 6386
Connection: keep-alive
Last-Modified: Tue, 04 Jun 2019 13:21:41 GMT
Timing-Allow-Origin: *
CF-Cache-Status: HIT
Expires: Tue, 14 Feb 2023 20:27:06 GMT
Cache-Control: public, max-age=432000
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796f58052ce5b4f3-OSL
content001.bet365.com/SportsContent/Global/Footer/MGALICENSED.png
5.226.179.10200 OK 2.0 kB URL HTTP/1.1 content001.bet365.com/SportsContent/Global/Footer/MGALICENSED.png
IP 5.226.179.10:0
ASN #209242 Cloudflare London, LLC
File type PNG image data, 88 x 44, 8-bit/color RGBA, non-interlaced\012- data
Hash d8cb8a91c78942815c69aaeea7c79162
0a36fd477b2c7d88bb67d95e806bf5838d1b39cd
057c251de5bc8825df293db443b8c9a99e01f856abe658c741a89c86b6bfa2e1
GET /SportsContent/Global/Footer/MGALICENSED.png HTTP/1.1
Host: content001.bet365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bet365.com/
Cookie: __cf_bm=CdpgWZmSuaOZP8F_dBKdAV9yglIipDJ2LPXsNdrHb_o-1675974426-0-AVqxHhkmUScKD/5O/IoLKSeRBa8BN6HB3f4hdr902XHcAqJ1Oa9B4acGxtrSZqg+mUJHLneXRsdzC4SdEbRTQ0w=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 20:27:06 GMT
Content-Type: image/png
Content-Length: 1979
Connection: keep-alive
Last-Modified: Wed, 10 Jul 2019 13:20:52 GMT
Timing-Allow-Origin: *
CF-Cache-Status: HIT
Expires: Tue, 14 Feb 2023 20:27:06 GMT
Cache-Control: public, max-age=432000
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796f58052e46b50b-OSL
content001.bet365.com/SportsContent/Global/Footer/GordonMoody/GordonMoody-GT-x2_Grey99.png
5.226.179.10200 OK 5.3 kB URL HTTP/1.1 content001.bet365.com/SportsContent/Global/Footer/GordonMoody/GordonMoody-GT-x2_Grey99.png
IP 5.226.179.10:0
ASN #209242 Cloudflare London, LLC
File type PNG image data, 188 x 60, 8-bit gray+alpha, non-interlaced\012- data
Hash 40ed9c8ae714b944f87008ab90bb071d
32bbf71529809e6ea3521c5636838a76c7488fae
b163877ec48382be73ffdf62c6a5dc5ded37443856dde414e591dfe85b61f070
GET /SportsContent/Global/Footer/GordonMoody/GordonMoody-GT-x2_Grey99.png HTTP/1.1
Host: content001.bet365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.bet365.com/
Cookie: __cf_bm=CdpgWZmSuaOZP8F_dBKdAV9yglIipDJ2LPXsNdrHb_o-1675974426-0-AVqxHhkmUScKD/5O/IoLKSeRBa8BN6HB3f4hdr902XHcAqJ1Oa9B4acGxtrSZqg+mUJHLneXRsdzC4SdEbRTQ0w=
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 20:27:06 GMT
Content-Type: image/png
Content-Length: 5324
Connection: keep-alive
Last-Modified: Mon, 11 Oct 2021 13:13:24 GMT
Timing-Allow-Origin: *
CF-Cache-Status: HIT
Expires: Tue, 14 Feb 2023 20:27:06 GMT
Cache-Control: public, max-age=432000
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 796f58054bf0b4ee-OSL
coffee2play.com/static/template/60/img/logo.gif
172.67.163.47200 OK 245 kB URL HTTP/2 coffee2play.com/static/template/60/img/logo.gif
IP 172.67.163.47:0
File type GIF image data, version 89a, 838 x 428\012- data
Size 245 kB (245203 bytes)
Hash 34a4d79af7e2cc77974498de81649003
eb806366fcd35726a9adcb436dd8246aabc9bc6f
e15d400e56a42cfc461cb6947f1f05bd5e49df947beb321a6813363d82f1933c
GET /static/template/60/img/logo.gif HTTP/1.1
Host: coffee2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:27:06 GMT
content-type: image/gif
content-length: 245203
last-modified: Thu, 09 Feb 2023 15:13:11 GMT
etag: "63e50d87-3bdd3"
cache-control: public, no-cache
x-xss-protection: 1; mode=block
strict-transport-security: max-age=300; includeSubDomains;
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p98vn%2BxhhZYXURPqM7epc0IwGZZ%2BRTI0%2FyJqe%2FToj6ernLIk5eGL8iM4rBFM9A%2F8wtwWXCdcLXN%2FAbATq3Ry3APVALWFgJ4mCYW%2BqjwzfTeNGmQA6yxWC4psJstQWOW9rro%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f58056a4eb521-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
coffee2play.com/js/utils.js
172.67.163.47200 OK 1.5 kB URL HTTP/2 coffee2play.com/js/utils.js
IP 172.67.163.47:0
Hash 54db8d56497cbc549c6db9fac242acc7
f3e4604ec15f2a8c0d6c892e4e09813ddbcc46cb
c83497bc98fa3d9cce2c31b554bab51ae83ce6488d412048fb4f7c6b94cd17c6
GET /js/utils.js HTTP/1.1
Host: coffee2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:27:06 GMT
content-type: application/javascript
last-modified: Thu, 09 Feb 2023 15:13:11 GMT
etag: W/"63e50d87-ced"
cache-control: public, no-cache
x-xss-protection: 1; mode=block
strict-transport-security: max-age=300; includeSubDomains;
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j5ajoryoMSBRAD324oovuo%2Fbxcu6EAFlBEjfJnYcA6O5nqhT6xme0lsCr82627CdU1hGM7e97FDYwm%2FQenciuT8RsqDmtPi5c7PrzpYH71rkrwbKJWDJBzhFR7J%2FkDM4Kcw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f58055a37b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.bet365.com/olpc/nn/143/0/1/cookieconsentajax?
5.226.179.10200 OK 1.4 kB URL HTTP/1.1 www.bet365.com/olpc/nn/143/0/1/cookieconsentajax?
IP 5.226.179.10:0
ASN #209242 Cloudflare London, LLC
File type Unicode text, UTF-8 text, with very long lines (489), with CRLF, LF line terminators
Hash 41bc7a3cb016ed2e39c03d0cc8be6b42
b18485bc2f7d8bb65434447040e3b6a7125a0509
6b68a474dc9ab3d547c5584d6a1de4360570147384669553d528ee80495e9f57
POST /olpc/nn/143/0/1/cookieconsentajax? HTTP/1.1
Host: www.bet365.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.bet365.com
Connection: keep-alive
Referer: https://www.bet365.com/olpc/nn/143/0/1/open-account
Cookie: __cf_bm=CdpgWZmSuaOZP8F_dBKdAV9yglIipDJ2LPXsNdrHb_o-1675974426-0-AVqxHhkmUScKD/5O/IoLKSeRBa8BN6HB3f4hdr902XHcAqJ1Oa9B4acGxtrSZqg+mUJHLneXRsdzC4SdEbRTQ0w=
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Content-Length: 0
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2023 20:27:06 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 1362
Connection: keep-alive
Cache-Control: private
Content-Encoding: gzip
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 796f580769d70b4d-OSL
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 007ade15e7ade9e4573a1af4538f7080
ff3475444a35b1483edc03c57dcbd36c2837a78b
015849b603c8b42d5831d18ea921549d179a1d71d0094032ef18d767ad61510b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Etag: "63e4fc9d-117"
Server: ECS (amb/6BBF)
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 69d37a02a6eee2e3376f2a0c19826493
109446a18ee4164e9fac0846f87a624c8cac6d36
50eceed5758653e061ffccd946cb92634290efdd3e1b7f841efd0fb1e14676db
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=145315
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Etag: "63e4ebbd-118"
Expires: Sat, 11 Feb 2023 12:49:01 GMT
Last-Modified: Thu, 09 Feb 2023 12:49:01 GMT
Server: nginx
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash aced9cbbae17dddc9e46310080b6ec2f
8a054144bf3ea1ee365278f08aa3a10889c45cac
cd90691d442f2670a693c2afcaa66e5ed077bbb02a9e7bb9f933f08a1103592a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3212
Cache-Control: max-age=133033
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Etag: "63e4af37-117"
Expires: Sat, 11 Feb 2023 09:24:19 GMT
Last-Modified: Thu, 09 Feb 2023 08:30:47 GMT
Server: ECS (amb/6BB9)
X-Cache: HIT
Content-Length: 279
gbett1.net/blank.gif?1675974487391
203.32.121.98200 OK 43 B URL HTTP/2 gbett1.net/blank.gif?1675974487391
IP 203.32.121.98:0
ASN #209242 Cloudflare London, LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /blank.gif?1675974487391 HTTP/1.1
Host: gbett1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:27:06 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-envoy-upstream-service-time: 1
x-frame-options: DENY
x-request-id: 9a1453a5-e41b-489c-9daf-847d3a06731e
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f58080c6ffab4-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gg.bet/blank.gif?1675974487393
203.29.52.121200 OK 43 B URL HTTP/2 gg.bet/blank.gif?1675974487393
IP 203.29.52.121:0
ASN #209242 Cloudflare London, LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /blank.gif?1675974487393 HTTP/1.1
Host: gg.bet
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:27:06 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-envoy-upstream-service-time: 1
x-frame-options: DENY
x-request-id: 2af67471-7c51-4eca-a104-ac22ab0f7dc1
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f5808199eb524-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ggbets1.net/blank.gif?1675974487392
203.30.189.19200 OK 43 B URL HTTP/2 ggbets1.net/blank.gif?1675974487392
IP 203.30.189.19:0
ASN #209242 Cloudflare London, LLC
File type GIF image data, version 89a, 1 x 1\012- data
Hash ad4b0f606e0f8465bc4c4c170b37e1a3
50b30fd5f87c85fe5cba2635cb83316ca71250d7
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
GET /blank.gif?1675974487392 HTTP/1.1
Host: ggbets1.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:27:06 GMT
content-type: image/gif
content-length: 43
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
x-envoy-upstream-service-time: 1
x-frame-options: DENY
x-request-id: b4d1c407-815e-4d87-a4c9-e90803170c45
cf-cache-status: MISS
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f58081c15b518-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash aced9cbbae17dddc9e46310080b6ec2f
8a054144bf3ea1ee365278f08aa3a10889c45cac
cd90691d442f2670a693c2afcaa66e5ed077bbb02a9e7bb9f933f08a1103592a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3212
Cache-Control: max-age=133033
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Etag: "63e4af37-117"
Expires: Sat, 11 Feb 2023 09:24:19 GMT
Last-Modified: Thu, 09 Feb 2023 08:30:47 GMT
Server: ECS (ska/F714)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash c45ebd550a7181e9a4cec6a4e99bb4dc
1465d12a22a0adf568963c3444ede93ce7755e5e
7087763f765dec50c81c790ecc3690944b4873ddae959bfba7b31744ac074813
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2192
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Etag: "63e3f710-117"
Last-Modified: Thu, 09 Feb 2023 19:50:34 GMT
Server: ECS (amb/6BBF)
X-Cache: HIT
Content-Length: 280
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 007ade15e7ade9e4573a1af4538f7080
ff3475444a35b1483edc03c57dcbd36c2837a78b
015849b603c8b42d5831d18ea921549d179a1d71d0094032ef18d767ad61510b
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4878
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:06 GMT
Last-Modified: Thu, 09 Feb 2023 19:05:48 GMT
Server: ECS (amb/6B95)
X-Cache: HIT
Content-Length: 279
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 69d37a02a6eee2e3376f2a0c19826493
109446a18ee4164e9fac0846f87a624c8cac6d36
50eceed5758653e061ffccd946cb92634290efdd3e1b7f841efd0fb1e14676db
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4661
Cache-Control: max-age=149975
Content-Type: application/ocsp-response
Date: Thu, 09 Feb 2023 20:27:07 GMT
Etag: "63e4ebbd-118"
Expires: Sat, 11 Feb 2023 14:06:42 GMT
Last-Modified: Thu, 09 Feb 2023 12:49:01 GMT
Server: ECS (amb/6BBF)
X-Cache: HIT
Content-Length: 280
sat.crwds.net/p/gnt908wk0bl6xyll5bj94zafs74gwo53/c09f89fefd515bf634ed41c29ab25729.jpg
203.30.191.209200 OK 515 B URL HTTP/2 sat.crwds.net/p/gnt908wk0bl6xyll5bj94zafs74gwo53/c09f89fefd515bf634ed41c29ab25729.jpg
IP 203.30.191.209:0
ASN #209242 Cloudflare London, LLC
File type gzip compressed data, max speed, from Unix\012- data
Hash 628e0302068ade64b5f411f39d5ce7e5
ff1a609269f34bad5ae67ed1678df3f7b905d018
c583ceaeae2e9a05e25c27b61520710f16b8b98ca7f9087a75ae90a040b8bc3f
GET /p/gnt908wk0bl6xyll5bj94zafs74gwo53/c09f89fefd515bf634ed41c29ab25729.jpg HTTP/1.1
Host: sat.crwds.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:27:07 GMT
content-type: image/jpeg
cache-control: no-cache, private
set-cookie: _7jt1oxhp4z=eyJpdiI6InEwK0JsUUFiSURlckNlL2pMWGRGMnc9PSIsInZhbHVlIjoiUFUxdmV6ako0QzVZVXZZYlUzL1IwMGFLc3NxajVKRFl2cDhrUzlNZ09JRmxKc3dzL1FmWmd6amNLaGpYemdxeWtjRVlKSWt2NDgzaTVsdVBkRlAwR09QQ0dCRHQrbDBLc21HdHZBQ0tiVjA9IiwibWFjIjoiY2YxYWMyNjNmNGUxYTlmMjQ4MjRlNzE3YWYwNjA2NWE2MDVkNTQ1NTMyY2ZkZGM0ZTcwYzI0MzZiMDk5YTE2OSIsInRhZyI6IiJ9; expires=Fri, 09-Feb-2024 20:27:07 GMT; Max-Age=31536000; path=/; domain=.crwds.net; secure; httponly; samesite=none
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 796f5808afa2b500-OSL
X-Firefox-Spdy: h2
region1.google-analytics.com/g/collect?v=2&tid=G-45M1DQFW2B>m=45je3280&_p=116924570&gcs=G1-0&cid=1776777828.1675974487&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675974487&sct=1&seg=0&dl=https%3A%2F%2Fwww.bet365.com%2Folp%2Fopen-account%3Faffiliate%3D365_01211427&dt=%C3%85pningstilbud&en=page_view&_fv=1&_nsi=1&_ss=1
216.239.34.36204 No Content 0 B URL HTTP/2 region1.google-analytics.com/g/collect?v=2&tid=G-45M1DQFW2B>m=45je3280&_p=116924570&gcs=G1-0&cid=1776777828.1675974487&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675974487&sct=1&seg=0&dl=https%3A%2F%2Fwww.bet365.com%2Folp%2Fopen-account%3Faffiliate%3D365_01211427&dt=%C3%85pningstilbud&en=page_view&_fv=1&_nsi=1&_ss=1
IP 216.239.34.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST /g/collect?v=2&tid=G-45M1DQFW2B>m=45je3280&_p=116924570&gcs=G1-0&cid=1776777828.1675974487&ul=en-us&sr=1280x1024&uaW=1&_s=1&sid=1675974487&sct=1&seg=0&dl=https%3A%2F%2Fwww.bet365.com%2Folp%2Fopen-account%3Faffiliate%3D365_01211427&dt=%C3%85pningstilbud&en=page_view&_fv=1&_nsi=1&_ss=1 HTTP/1.1
Host: region1.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.bet365.com
Connection: keep-alive
Referer: https://www.bet365.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
HTTP/2 204 No Content
access-control-allow-origin: https://www.bet365.com
date: Thu, 09 Feb 2023 20:27:07 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
sat.mengapemic.net/ie/e?m=YzA5Zjg5ZmVmZDUxNWJmNjM0ZWQ0MWMyOWFiMjU3MjkgPSBDYW52YXMgZWxlbWVudCBkb2Vzbid0IGhhdmUgYW55IG9mIHRoaXMgY29udGV4dCAtIHdlYmdsMixleHBlcmltZW50YWwtd2ViZ2wyLCB3ZWJnbCwgZXhwZXJpbWVudGFsLXdlYmdsLCBtb3otd2ViZ2wuIFdlYkdsIHN1cHBvcnQgaXMgZGlzYWJsZWQ%3D&h=aHR0cHM6Ly9jb2ZmZWUycGxheS5jb20vP3M9NjAmcmVmPWdnX3cxMzc0ODBjMTAyODc5bDgzNjRnbm9wMTIzMV8mZW5jb2RlZF91cmw9YzNCdmNuUnpJeUV2WVhWMGFDOXlaV2RwYzNSbGNqOXdiM0IxY0E9PQ%3D%3D&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjA%3D
203.30.191.209200 OK 491 B URL HTTP/2 sat.mengapemic.net/ie/e?m=YzA5Zjg5ZmVmZDUxNWJmNjM0ZWQ0MWMyOWFiMjU3MjkgPSBDYW52YXMgZWxlbWVudCBkb2Vzbid0IGhhdmUgYW55IG9mIHRoaXMgY29udGV4dCAtIHdlYmdsMixleHBlcmltZW50YWwtd2ViZ2wyLCB3ZWJnbCwgZXhwZXJpbWVudGFsLXdlYmdsLCBtb3otd2ViZ2wuIFdlYkdsIHN1cHBvcnQgaXMgZGlzYWJsZWQ%3D&h=aHR0cHM6Ly9jb2ZmZWUycGxheS5jb20vP3M9NjAmcmVmPWdnX3cxMzc0ODBjMTAyODc5bDgzNjRnbm9wMTIzMV8mZW5jb2RlZF91cmw9YzNCdmNuUnpJeUV2WVhWMGFDOXlaV2RwYzNSbGNqOXdiM0IxY0E9PQ%3D%3D&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjA%3D
IP 203.30.191.209:0
ASN #209242 Cloudflare London, LLC
Hash 289905247d9c8de777985b41c0da22ae
0fe2a83b8fbdc25e9879873d583bd13c203a71d9
293d1a73fd8f04ec94dac9836b94344babfbee12222edaa319129f41088ee798
GET /ie/e?m=YzA5Zjg5ZmVmZDUxNWJmNjM0ZWQ0MWMyOWFiMjU3MjkgPSBDYW52YXMgZWxlbWVudCBkb2Vzbid0IGhhdmUgYW55IG9mIHRoaXMgY29udGV4dCAtIHdlYmdsMixleHBlcmltZW50YWwtd2ViZ2wyLCB3ZWJnbCwgZXhwZXJpbWVudGFsLXdlYmdsLCBtb3otd2ViZ2wuIFdlYkdsIHN1cHBvcnQgaXMgZGlzYWJsZWQ%3D&h=aHR0cHM6Ly9jb2ZmZWUycGxheS5jb20vP3M9NjAmcmVmPWdnX3cxMzc0ODBjMTAyODc5bDgzNjRnbm9wMTIzMV8mZW5jb2RlZF91cmw9YzNCdmNuUnpJeUV2WVhWMGFDOXlaV2RwYzNSbGNqOXdiM0IxY0E9PQ%3D%3D&ua=TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA1LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTA1LjA%3D HTTP/1.1
Host: sat.mengapemic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:27:07 GMT
content-type: text/html; charset=UTF-8
cache-control: no-cache, private
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 796f580a8a69b512-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash b6dcf542ba6d8505160e74b4a63ead3b
ab10bb8b5e34df1bf98c80afb55096e1997aa88d
c5c0c0b0c2303e1832e1d2efc231c2daa8ce6d3adee17220b9a952358766461d
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=135249
Date: Thu, 09 Feb 2023 20:27:07 GMT
Etag: "63e4c169-1d7"
Expires: Sat, 11 Feb 2023 10:01:16 GMT
Last-Modified: Thu, 09 Feb 2023 09:48:25 GMT
Server: ECS (bsa/EB19)
X-Cache: Miss from cloudfront
Via: 1.1 c26775cc34c23943f6f5cfc9a3da9b4a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: QZ51yLvDptdD_aigB0radtmT1h1GLHzssPv-reTYNbHhVir9vlemzw==
Age: 771
www.google-analytics.com/analytics.js
142.250.74.110200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.110:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Thu, 09 Feb 2023 19:44:09 GMT
expires: Thu, 09 Feb 2023 21:44:09 GMT
cache-control: public, max-age=7200
age: 2578
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
coffee2play.com/js/base64.js
172.67.163.47200 OK 1.5 kB URL HTTP/2 coffee2play.com/js/base64.js
IP 172.67.163.47:0
Hash c0f0e6c24e414187ece89a072f7e4604
4fee092e98c7802ab517cf9b3fa7a147b97018a5
c80f46224e779734e3155c13bbdef1a4a388a4195b5e6c852100b7636cd911c9
GET /js/base64.js HTTP/1.1
Host: coffee2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:27:06 GMT
content-type: application/javascript
last-modified: Thu, 09 Feb 2023 15:13:11 GMT
etag: W/"63e50d87-eca"
cache-control: public, no-cache
x-xss-protection: 1; mode=block
strict-transport-security: max-age=300; includeSubDomains;
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w5A1fZTAIr1kAIk42aFmYb8%2FDyhbeYHdW1hRDOi6FN27Y4GGdK6kl4voNEelHrLdE66LO0afyyRb%2BxN5LkK3rJQH2IP2lx4bkC2gd73Vi47JWeC7pLUwZmgG0BhAxRkkawU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f58055a30b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10419
Expires: Thu, 09 Feb 2023 23:20:46 GMT
Date: Thu, 09 Feb 2023 20:27:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10419
Expires: Thu, 09 Feb 2023 23:20:46 GMT
Date: Thu, 09 Feb 2023 20:27:07 GMT
Connection: keep-alive
coffee2play.com/?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==
172.67.163.47200 OK 6.2 kB URL HTTP/2 coffee2play.com/?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==
IP 172.67.163.47:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (505)
Hash f95b293d2b3e17165c138c042509e4e2
0d405f009e711940b801e6a49a5ca34aad571de6
164c1a7cfe39e47d6eaa04334698669f21742874681ccd2718bfb3329d907e85
GET /?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA== HTTP/1.1
Host: coffee2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:27:06 GMT
content-type: text/html; charset=UTF-8
set-cookie: visit18702b69116a22c9b3543e7d58655920=1; expires=Sat, 11-Mar-2023 20:27:06 GMT; Max-Age=2592000
x-xss-protection: 1; mode=block
strict-transport-security: max-age=300; includeSubDomains;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HTTd2y492FdKgnX6QyZyy18tO2%2BEHXugs6RAxWOuo78oFfVqfdkUuA7RoMAO6ShkP%2BIrMebCBX0jU3VBCQobsNP26e7L8j1W%2BLAFTloJkXHcfHoblQIGBxQ5iG1Jas9Uaew%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f580488a0b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10419
Expires: Thu, 09 Feb 2023 23:20:46 GMT
Date: Thu, 09 Feb 2023 20:27:07 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1d885cfc22a04f1216c98dd64df5338a
589916a844b81fac40af88a772865b8e28dfb64e
40c0e55533794d72bbba4bc9d0f07fe0741e24ca23fd9b3e31d2830c77a51bf3
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40C0E55533794D72BBBA4BC9D0F07FE0741E24CA23FD9B3E31D2830C77A51BF3"
Last-Modified: Wed, 08 Feb 2023 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10419
Expires: Thu, 09 Feb 2023 23:20:46 GMT
Date: Thu, 09 Feb 2023 20:27:07 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b11f9f70f5e8af4de6d9fc5b9f50ccbe
753cb08c3f8c7c0750d113253790a08db01986bc
d4b77ba995ea274fd169fc9bc66919b23e72a8edb88d6184bf3d7f3ab398c645
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7e9ebfbd-8f55-4e32-8ea1-303aa280ea51.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11036
x-amzn-requestid: 4bd4976c-9500-4d6d-a447-dd2873987d13
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fswexHCYIAMFzag=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db612b-61d430202cbbf52823f38c49;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 07:07:23 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 1mDt4mKlkZG2_zBPhwB_lbzJ0Im0FlnjmJMa7gcopuv14gwqtwlA2w==
via: 1.1 86b676273517904f44af31586adb06ae.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
age: 82350
etag: "753cb08c3f8c7c0750d113253790a08db01986bc"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
coffee2play.com/static/template/60/css/style.css
172.67.163.47200 OK 9.2 kB URL HTTP/2 coffee2play.com/static/template/60/css/style.css
IP 172.67.163.47:0
Hash 9d88ee63ad4b8f272bf625be197e5f17
6b932830df5dddc6f9132d45d663273d61cd76d7
a05789a75310740fe5907e3ed9db090fb4aec64a30ea8bbe7a0bb61f964d4843
GET /static/template/60/css/style.css HTTP/1.1
Host: coffee2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:27:06 GMT
content-type: text/css
last-modified: Thu, 09 Feb 2023 15:13:11 GMT
etag: W/"63e50d87-589"
cache-control: public, no-cache
x-xss-protection: 1; mode=block
strict-transport-security: max-age=300; includeSubDomains;
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ERv7RGikOYWxu%2FQdYR4aEtlQ24mYwBkubH3dv8HYd7GaRAr4fGCQFyizspjA7lGeIBOkK4o3j8%2FVBt51ItqDF6ulPHi7WvlExeELaZR9dh23GKF3iTiwuSMl4v%2B0n1Cs48c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f58054a25b521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg
34.120.237.76200 OK 8.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 764b732e88dd1e9c1824529b24b3dffc
2ba954a51c2972b267ae0536e343e608aa9aa7f4
a1efdf03b14bb05cf8e407b92476592c35fa2d27c5e66705322abdb4c6412a06
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc03326d1-bbfd-4654-a9db-ac431757b9f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8150
x-amzn-requestid: 3834493a-4162-4cc9-b67c-541cc9be895b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fwD8IH0TIAMFWqQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63dcb380-3746ff7b0a6894366efa848e;Sampled=0
x-amzn-remapped-date: Fri, 03 Feb 2023 07:10:56 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: I3qmC4D6qdsheK8VO3oKbPDU7XV1r9_XEPMcExKnvATDkVUsJHjHbg==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Thu, 09 Feb 2023 01:59:42 GMT
age: 66445
etag: "2ba954a51c2972b267ae0536e343e608aa9aa7f4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 9203cfb9f0c1c958dd008eac55a9d3c4
6bdd1047590dd3fb54c15d5d6d38e7c86274b203
09770229be5ff3037708543e3204c66de84253b3a858a83a0e1672a04c0e9cb1
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3ab2faf0-d9a7-41a6-b5cf-bf6189f66342.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 11760
x-amzn-requestid: b2863a01-4714-4554-a478-5402467b3448
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: AChJKHc_oAMFwlw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63e4156d-1c5a3edf37bc7cc937c800d2;Sampled=0
x-amzn-remapped-date: Wed, 08 Feb 2023 21:34:37 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: y-1zzLzVegi0T-SAyTpUuFD6iVVYbuL5u71dc74BY2l7PrxVu-am5w==
via: 1.1 0c96ded7ff282d2dbcf47c918b6bb500.cloudfront.net (CloudFront), 1.1 112d82578d402a38d8d02e8b857617e0.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 21:34:37 GMT
etag: "6bdd1047590dd3fb54c15d5d6d38e7c86274b203"
content-type: image/jpeg
age: 82350
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d76b3c3-ea90-47d3-83f3-8f1550aa26fa.jpeg
34.120.237.76200 OK 9.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d76b3c3-ea90-47d3-83f3-8f1550aa26fa.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1d7814305f961caded310b6f2089219b
efcb6a067bb023865823625e67d9de60d44685e0
3c01637a052e2394774fc8f6dd37a284afaf76b423219ecd26a89c2d8b69c121
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7d76b3c3-ea90-47d3-83f3-8f1550aa26fa.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9846
x-amzn-requestid: 4e6cc2be-bc18-4d66-b338-833a05d0d998
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fsaDlGV4oAMFoZA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63db3d49-14fc32183d3c6afb3a64c27d;Sampled=0
x-amzn-remapped-date: Thu, 02 Feb 2023 04:34:17 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: BNBH60bI_wBqaKAFD_FeZHbzfIeJh9-x-JiMsF0Uh9pxKHFPdAH6Vw==
via: 1.1 2afae0d44e2540f472c0635ab62c232a.cloudfront.net (CloudFront), 1.1 324a68a6c25ee50d774953f3e15a611c.cloudfront.net (CloudFront), 1.1 google
date: Wed, 08 Feb 2023 22:02:08 GMT
age: 80699
etag: "efcb6a067bb023865823625e67d9de60d44685e0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.r2m01.amazontrust.com/
54.230.80.227200 OK 471 B URL HTTP/1.1 ocsp.r2m01.amazontrust.com/
IP 54.230.80.227:0
Hash b6dcf542ba6d8505160e74b4a63ead3b
ab10bb8b5e34df1bf98c80afb55096e1997aa88d
c5c0c0b0c2303e1832e1d2efc231c2daa8ce6d3adee17220b9a952358766461d
POST / HTTP/1.1
Host: ocsp.r2m01.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Thu, 09 Feb 2023 20:27:07 GMT
Etag: "63e4c169-1d7"
Last-Modified: Thu, 09 Feb 2023 19:11:28 GMT
Server: ECS (dcb/7F82)
X-Cache: Miss from cloudfront
Via: 1.1 5bcfe2deda0bdbc6bade0af9b61602ca.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: RQ3r-JHZ5BLrf53KMK6FjPKkwjHcS0pUIO2ufmA_bVPnhFIMUspHYA==
Age: 4539
ggbetpromo.com/l/61a8cb4aade10011a3361d82
104.21.51.166302 Found 0 B URL HTTP/2 ggbetpromo.com/l/61a8cb4aade10011a3361d82
IP 104.21.51.166:0
GET /l/61a8cb4aade10011a3361d82 HTTP/1.1
Host: ggbetpromo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Thu, 09 Feb 2023 20:27:06 GMT
content-type: text/html; charset=UTF-8
location: https://coffee2play.com/?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==
x-xss-protection: 1; mode=block
strict-transport-security: max-age=300; includeSubDomains;
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1vomfG429Ng%2B%2B2H7OBl8veaBuDeNZED4ZaFbH1T4U%2B2BEujdaN56XMaabi72A%2FZgv3IMXowTXaySgiuibyI78jH8BOrxdBJff9zDpDJKbJSnK7%2FF3FjR9BAzT7zPq7ICZg%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 796f58033b6eb4ff-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.888casino.com/
54.230.111.96200 OK 0 B IP 54.230.111.96:0
GET / HTTP/1.1
Host: www.888casino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
date: Thu, 09 Feb 2023 20:27:07 GMT
content-security-policy: frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk
x-wcs-correlation-id: drf-FxOR6b4fceyRNaCRPePz2YosRbY7_wIUgHUUjRBRPk8fdOeWaw==
srv: 44302334
p3p: CP="Read our privacy policy at http://www.888.com/security-and-privacy/privacy-policy.htm"
set-cookie: 888Cookie=isftd%3Dfalse%26isreal%3Dfalse%26lang%3Den%26OSR%3D485693%26RefType%3DNoReferrer%26TestData%3D%7B%22orig-lp%22%3A%22https%3A%2F%2Fwww.888casino.com%2F%22%2C%22referrer%22%3A%22NULL%22%7D; max-age=604800; domain=888casino.com; path=/; secure; samesite=none; httponly
apigw-requestid: AFqMVjjkDoEEM3g=
content-encoding: br
vary: Accept-Encoding,User-Agent,Cookie
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: drf-FxOR6b4fceyRNaCRPePz2YosRbY7_wIUgHUUjRBRPk8fdOeWaw==
X-Firefox-Spdy: h2
sat.mengapemic.net/ie/js/c09f89fefd515bf634ed41c29ab25729
203.30.191.209200 OK 0 B URL HTTP/2 sat.mengapemic.net/ie/js/c09f89fefd515bf634ed41c29ab25729
IP 203.30.191.209:0
ASN #209242 Cloudflare London, LLC
POST /ie/js/c09f89fefd515bf634ed41c29ab25729 HTTP/1.1
Host: sat.mengapemic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 4032
Origin: https://coffee2play.com
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:27:08 GMT
content-type: application/json
cache-control: no-cache, private
access-control-allow-origin: https://coffee2play.com
access-control-allow-methods: POST, GET, OPTIONS, DELETE, PUT, PATCH
access-control-allow-credentials: true
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 796f58123d78b512-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
sat.mengapemic.net/gnt908wk0bl6xyll5bj94zafs74gwo53/script.min.js?sub_1=gg_w137480c102879l8364gnop1231_&visitorId=63e5571abeac7ed2990a3b12
203.30.191.209200 OK 0 B URL HTTP/2 sat.mengapemic.net/gnt908wk0bl6xyll5bj94zafs74gwo53/script.min.js?sub_1=gg_w137480c102879l8364gnop1231_&visitorId=63e5571abeac7ed2990a3b12
IP 203.30.191.209:0
ASN #209242 Cloudflare London, LLC
GET /gnt908wk0bl6xyll5bj94zafs74gwo53/script.min.js?sub_1=gg_w137480c102879l8364gnop1231_&visitorId=63e5571abeac7ed2990a3b12 HTTP/1.1
Host: sat.mengapemic.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:27:06 GMT
content-type: application/javascript
cache-control: must-revalidate, no-cache, no-store, post-check=0, pre-check=0, private
last-modified: Thu, 09 Feb 2023 20:27:06 GMT
cf-cache-status: MISS
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f5806ed3ab512-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
www.888casino.com/promotions/welcome-bonus-offer/
54.230.111.96200 OK 0 B URL HTTP/2 www.888casino.com/promotions/welcome-bonus-offer/
IP 54.230.111.96:0
GET /promotions/welcome-bonus-offer/ HTTP/1.1
Host: www.888casino.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
date: Thu, 09 Feb 2023 20:27:08 GMT
x-wcs-correlation-id: TzmV7caijjM-LKG_zKNduNpxvcGRMuY5w7Sjmjaca4Mu2SW4QacKvQ==
srv: 44303334
p3p: CP="Read our privacy policy at http://www.888.com/security-and-privacy/privacy-policy.htm"
content-security-policy: frame-ancestors 'self' *.genesazrak.com *.888casinoarabic.net *.arabiccasino888.com *.casinoarabic888.com *.casinoarabic-888.com *.888-casinoarabic.com *.888casino-arabic.com http://wrapper.safe-installation.com/ https://wrapper.safe-installation.com/ http://localhost:* https://localhost:* *.bingosys.net *.secured-igaming-usa.com *.888.pt *.sisportsbook.com *.888poker.de *.888slots.de *.safe-iplay.com *.safe-installation.com *.payoutscentral.com *.triple8holdem.com *.888.com *.secured-qa.com *.secured-registration.com *.secureutils.com *.images4us.com *.onlinepersonalmessages.com *.888sport.com *.888sport.es *.888sport.it *.888sport.dk *.888sport.ro *.888sport.se *.888sport.us *.888sport.de *.777.com *.personalinfoonline.com *.888.de *.888casino.com *.888poker.com *.888casino.dk *.888poker.dk *.888.de *.888casino.ro *.888poker.ro *.888casino.se *.888poker.se *.888casino.es *.888poker.es *.888casino.it *.888poker.it *.888casino.us *.888poker.us *.888ladies.com *.888.pt cmsp *.harrahscasino.com *.wsop.com *.delawarepark.com *.doverdowns.com *.harringtongamingonline.com *.secured-igaming-services.com *.secured-igaming-usa.com *.igaming-services.com *.888.ca *.888casino.ca *.888poker.ca *.888sport.ca *.888.nl *.888casino.nl *.888poker.nl *.888sport.nl *.ar-888-casino.com *.888casino-ar.com *.ar888-casino.com *.arab888-casino.com *.casinoelarab-888.com *.alarab-888casino.com *.casinoalarab-888.com *.888casino-alarab.com *.888casino-arabian.com *.arabian-888casino.com *.888-casino-arabian.com *.888-casino-alarab.com *.ballysdover.com *.888casino-uae.com *.playat888-games.com *.888casino-game.com *.online-arabic-casino.net *.tripleeight.live *.playat888online.com *.888games-uae.com *.triple-eight-games.com *.play-casino-now.com *.888slots-uae.com *.888-uae.com *.mrgreen.de *.mrgreen.se *.mrgreen.com *.mrgreen.dk
set-cookie: 888Cookie=isftd%3Dfalse%26isreal%3Dfalse%26lang%3Den%26OSR%3D485693%26RefType%3DNoReferrer%26TestData%3D%7B%22orig-lp%22%3A%22https%3A%2F%2Fwww.888casino.com%2Fpromotions%2Fwelcome-bonus-offer%2F%22%2C%22referrer%22%3A%22NULL%22%7D; max-age=604800; domain=888casino.com; path=/; secure; samesite=none; httponly
apigw-requestid: AFqMVifLjoEEMRA=
content-encoding: br
vary: Accept-Encoding,User-Agent,Cookie
x-cache: Miss from cloudfront
via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-P1
alt-svc: h3=":443"; ma=86400
x-amz-cf-id: TzmV7caijjM-LKG_zKNduNpxvcGRMuY5w7Sjmjaca4Mu2SW4QacKvQ==
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/
116.203.124.201200 OK 0 B URL HTTP/2 laughing-lemur.com/WW/SB/
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
Analyzer Verdict Alert fortinet Malware
GET /WW/SB/ HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 20:27:05 GMT
content-type: text/html
last-modified: Thu, 29 Sep 2022 13:16:32 GMT
etag: W/"63359ab0-1717"
content-encoding: gzip
X-Firefox-Spdy: h2
laughing-lemur.com/api/site
116.203.124.201404 Not Found 0 B URL HTTP/2 laughing-lemur.com/api/site
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
POST /api/site HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://laughing-lemur.com/WW/SB/
Content-Type: application/json
Origin: https://laughing-lemur.com
Content-Length: 233
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: nginx
date: Thu, 09 Feb 2023 20:27:05 GMT
content-type: text/html
content-encoding: gzip
X-Firefox-Spdy: h2
laughing-lemur.com/WW/SB/hero-bg.jpg
116.203.124.201200 OK 0 B URL HTTP/2 laughing-lemur.com/WW/SB/hero-bg.jpg
IP 116.203.124.201:0
ASN #24940 Hetzner Online GmbH
GET /WW/SB/hero-bg.jpg HTTP/1.1
Host: laughing-lemur.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://laughing-lemur.com/WW/SB/style.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Thu, 09 Feb 2023 20:27:05 GMT
content-type: image/jpeg
content-length: 510454
last-modified: Tue, 27 Sep 2022 13:47:05 GMT
etag: "6332fed9-7c9f6"
expires: Sat, 11 Mar 2023 20:27:05 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2
coffee2play.com/js/redirector.js?1675955591
172.67.163.47200 OK 0 B URL HTTP/2 coffee2play.com/js/redirector.js?1675955591
IP 172.67.163.47:0
GET /js/redirector.js?1675955591 HTTP/1.1
Host: coffee2play.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://coffee2play.com/?s=60&ref=gg_w137480c102879l8364gnop1231_&encoded_url=c3BvcnRzIyEvYXV0aC9yZWdpc3Rlcj9wb3B1cA==
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Thu, 09 Feb 2023 20:27:06 GMT
content-type: application/javascript
last-modified: Thu, 09 Feb 2023 15:13:11 GMT
etag: W/"63e50d87-cba"
cache-control: public, no-cache
x-xss-protection: 1; mode=block
strict-transport-security: max-age=300; includeSubDomains;
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nrtZYTAalNyyVgn6fIdVW9k2%2FVFZyQ0qw5BNnIURZPSMw0kM5NbW7zZd6R2eMXEFxItxiwrPZZ9WQ7WnpVIi3HFsLka2VqZKN5ME2%2FaWBq%2FegWO0PYAgWaJebryiH7qO1h0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 796f58056a4cb521-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2