www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
142.250.74.179301 Moved Permanently 251 B URL HTTP/1.1 www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
IP 142.250.74.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash d25ff32e409a5a0dc6b8a9c102d10c61
015e2e0b5290d3a8202bc1062c60c42de0862ba9
ad95ef8231beb39e6ae7d3ee8572d87deae6022b0ab625032fa75d4e93decea8
GET /p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file HTTP/1.1
Host: www.just-short-it.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Location: https://www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
Content-Type: text/html; charset=UTF-8
Content-Encoding: gzip
Date: Sun, 22 Jan 2023 18:47:43 GMT
Expires: Sun, 22 Jan 2023 18:47:43 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: frame-ancestors 'self'
X-XSS-Protection: 1; mode=block
Content-Length: 251
Server: GSE
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8997fa58a7262e8fd559d64b40511a1b
0aa1c4365c28f45e4d7a8a234fbcf51cd009e083
1580d1145f125c765e40e5983cb4bb4e2424010d2920a25ea7da992485da0dea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1580D1145F125C765E40E5983CB4BB4E2424010D2920A25EA7DA992485DA0DEA"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8263
Expires: Sun, 22 Jan 2023 21:05:26 GMT
Date: Sun, 22 Jan 2023 18:47:43 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8a5e416451617846248067d72b675125
995b0346adefaf5f2e167d1b81e60cc9afc4f19e
c5fafb9127b71cbd4f7b1a44f755fc4aa0e2f47bbc50de4b15c870a22bf160d9
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "C5FAFB9127B71CBD4F7B1A44F755FC4AA0E2F47BBC50DE4B15C870A22BF160D9"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7487
Expires: Sun, 22 Jan 2023 20:52:30 GMT
Date: Sun, 22 Jan 2023 18:47:43 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 30db107dcf4380cef05efea409c2e6a3
96e6a306fbc07299aba64e5c14e2bfca35872fa9
b64051a4a8e346e3c72b2aef77f360a5736ab5e16711d8e0bae3876feaa15b6e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Content-Length, Alert, Backoff, Content-Type
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Sun, 22 Jan 2023 18:42:32 GMT
content-type: application/json
age: 311
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 17094b856fde02b2c8c2d3845ad325cf
26dc3f2ebf81faf5ab96eb75ffcbead6085528b8
6547376c41dcaa352cc4e747291916902bcddc0032b750bd84c5e3b2fe6f7d16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6547376C41DCAA352CC4E747291916902BCDDC0032B750BD84C5E3B2FE6F7D16"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3195
Expires: Sun, 22 Jan 2023 19:40:58 GMT
Date: Sun, 22 Jan 2023 18:47:43 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 7b922915ebf1fa3639b333f994c74f24
144a3f80b98fd0652d4614f24cf6cbbee40f8938
adbb3e06df0e870f5c7a9cb81e8979d4e92735853d75c9b779c06470d4db5d9c
GET /chains/remote-settings.content-signature.mozilla.org-2023-02-28-18-04-20.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: qooJqXKV8MtOCyifLoeiSDYT7Kaz05FzMsigHNUQpA5SodMXLa6SRnk7xLjgNQjONhLm2BH2IZo=
x-amz-request-id: B6BH09W2F6TGRDZE
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Sun, 22 Jan 2023 18:18:32 GMT
age: 1751
last-modified: Mon, 09 Jan 2023 18:04:21 GMT
etag: "7b922915ebf1fa3639b333f994c74f24"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Sun, 22 Jan 2023 18:47:43 GMT
content-type: application/json
content-length: 12
access-control-expose-headers: content-type
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/s/gts1d4/uglXWKIqh3M
216.58.211.3200 OK 471 B URL HTTP/1.1 ocsp.pki.goog/s/gts1d4/uglXWKIqh3M
IP 216.58.211.3:0
Hash 2447081ffd9e1fd7b19f44e64c946f57
68664b6839c79dbcfa484f240ea0f21982118fde
47f65b1a7e05d723965fceafb1a94d85b7f7bd67b23cb866f1f826ec93f02952
POST /s/gts1d4/uglXWKIqh3M HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:43 GMT
Cache-Control: public, max-age=14400
Server: scaffolding on HTTPServer2
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Retry-After, Expires, Last-Modified, Alert, Content-Type, Content-Length, ETag, Pragma, Cache-Control, Backoff
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Sun, 22 Jan 2023 18:17:30 GMT
age: 1814
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
142.250.74.179200 OK 55 kB URL HTTP/2 www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
IP 142.250.74.179:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, ASCII text, with very long lines (2382)
Hash 635a51fd2d833521aba04e15ecfc1e69
2b8b7eb5960c71a238ffd3a214a9e030b74f9eaa
45dfdea9f8f9c791bfbb157ff96a6d8847c29dee60c0f826efbf563c02c6ca20
GET /p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file HTTP/1.1
Host: www.just-short-it.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
content-type: text/html; charset=UTF-8
expires: Sun, 22 Jan 2023 18:47:44 GMT
date: Sun, 22 Jan 2023 18:47:44 GMT
cache-control: private, max-age=0
last-modified: Fri, 20 Jan 2023 16:31:22 GMT
etag: W/"f20eaed68c311aee383c34ac0920fdc32ed675bcdd8d2e8bb2b631fcb5c020c1"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 55146
server: GSE
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
104.17.25.14200 OK 27 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (32065)
Hash 63827323c175768ccb0e8ed54589a3e5
9760e238d6ecced66396798559f70593793d801e
196f9479a27db836a2a7454e222f0cb52d4eeb162e0a50e69401ba1a8d81b564
GET /ajax/libs/jquery/2.2.4/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:44 GMT
content-type: application/javascript; charset=utf-8
content-length: 26909
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec4-14e4a"
last-modified: Mon, 04 May 2020 16:11:48 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 138710
expires: Fri, 12 Jan 2024 18:47:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VF0GtVy19T5AQu51LlVns7aaU69YxjKvqqIBo61ShOdbRcJtSoXNLSFQxH6J%2FM02p74wyHwrcjH%2BJMOcr%2FA%2ByWyOcsC9d9NO%2FM6CaJbXskEVfcYH0cGukNQiyV3Elgqx4Hfl4OIl"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 78da75b5b8a8b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.2/css/all.min.css
104.17.25.14200 OK 9.8 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.8.2/css/all.min.css
IP 104.17.25.14:0
File type ASCII text, with very long lines (54998)
Hash 2b0f6842c4954ea1ac87e102c86b46d6
b2347b42e69fbf8a8f42f55a41e988f93047db9e
d28ca638cc83a512bd0cea5d91ff833b6109fabebecdef0a58e8226c8f21adbf
GET /ajax/libs/font-awesome/5.8.2/css/all.min.css HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:44 GMT
content-type: text/css; charset=utf-8
content-length: 9802
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03e60-d78f"
last-modified: Mon, 04 May 2020 16:10:08 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 316335
expires: Fri, 12 Jan 2024 18:47:44 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UEo%2FtKlyVg1%2BLRAt3VGGd1W1wAZ02uYAye9J%2Bx4d7joerX7oTS%2BedABETE4ZJpfKgzneMvDEiYGuJAdWuOdROKup90rWcABG0OkO7DUKu%2FyHZKogbQXgZia4o89%2BV1wJREb0zRp0"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 78da75b5b8a6b506-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 0c74880fa99032b5c3831c179d702419
0020b368309735c94d8053d3781a7efb7283cfc5
437e2d4e2bbfb33b0ff696172378ce55a0a5ed005a1b8c4005eab4a6995a3042
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4376
Cache-Control: max-age=142319
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:44 GMT
Etag: "63ccfca7-1d7"
Expires: Tue, 24 Jan 2023 10:19:43 GMT
Last-Modified: Sun, 22 Jan 2023 09:06:47 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
www.just-short-it.ml/js/cookienotice.js
142.250.74.179200 OK 2.0 kB URL HTTP/2 www.just-short-it.ml/js/cookienotice.js
IP 142.250.74.179:0
Hash c4e1ed83d89245089b8a1203be20a377
f3940e1215b89300ef97d57a25993f25243b8688
afa801a129ff6fc98533118275db8a7d4a38fc91f8ab55ed4c19b864255e68d2
GET /js/cookienotice.js HTTP/1.1
Host: www.just-short-it.ml
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 2026
date: Sun, 22 Jan 2023 18:47:44 GMT
expires: Sun, 29 Jan 2023 18:47:44 GMT
cache-control: public, max-age=604800
last-modified: Sun, 22 Jan 2023 17:49:38 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8366ebf1de787d4a9cf66d275b636349
23161ad52bb8c03d15037067b8a81a3a04662deb
d1b8111158a8d0e0bf2d030d32980275cc7684ec4c046539ffb7d8a6d921f1d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.blogger.com/static/v1/widgets/4196832948-widgets.js
142.250.74.73200 OK 56 kB URL HTTP/2 www.blogger.com/static/v1/widgets/4196832948-widgets.js
IP 142.250.74.73:0
File type ASCII text, with very long lines (2221)
Hash 24f533b2cc89b4264c224d433a37718a
fc4848c3b411e8fdc97831e20c7ebcbf735e636a
aa805bed551a6ac1fa4886b1ee634633bdec1de952fbf94cd81a805ef702a395
GET /static/v1/widgets/4196832948-widgets.js HTTP/1.1
Host: www.blogger.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="blogger-tech"
report-to: {"group":"blogger-tech","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/blogger-tech"}]}
content-length: 56454
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 02:15:20 GMT
expires: Thu, 18 Jan 2024 02:15:20 GMT
cache-control: public, max-age=31536000
last-modified: Tue, 17 Jan 2023 17:54:44 GMT
content-type: text/javascript
age: 405144
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/nunito/v16/XRXW3I6Li01BKofAjsOUYevI.woff2
216.58.207.227200 OK 19 kB URL HTTP/2 fonts.gstatic.com/s/nunito/v16/XRXW3I6Li01BKofAjsOUYevI.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 19088, version 1.0\012- data
Hash 412073df419ad5f6f8f2ea76eb4aced9
faea1978abb7221d9e05090348851b98c6e798fb
622b2acb1b2c8d4eba45b028583b297a195b839f4684fc02d6906c84779f763d
GET /s/nunito/v16/XRXW3I6Li01BKofAjsOUYevI.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.just-short-it.ml
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 19088
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sun, 22 Jan 2023 18:13:51 GMT
expires: Mon, 22 Jan 2024 18:13:51 GMT
cache-control: public, max-age=31536000
age: 2033
last-modified: Wed, 25 Nov 2020 02:44:23 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 8366ebf1de787d4a9cf66d275b636349
23161ad52bb8c03d15037067b8a81a3a04662deb
d1b8111158a8d0e0bf2d030d32980275cc7684ec4c046539ffb7d8a6d921f1d7
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 25d59e4444b16818a49fec7128c90dcd
ea263f33790881a01e317fa03d935f7109523e41
22e26ea1917d1a0fed0b2af636f1baecb59768b0f85c9ab6b1c37d45e84dfa2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15736, version 1.0\012- data
Hash 479970ffb74f2117317f9d24d9e317fe
81c796737cbe44d4a719777f0aff14b73a3efb1e
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
GET /s/roboto/v20/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.just-short-it.ml
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15736
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 14:34:48 GMT
expires: Thu, 18 Jan 2024 14:34:48 GMT
cache-control: public, max-age=31536000
age: 360776
last-modified: Wed, 24 Jul 2019 01:18:36 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 25d59e4444b16818a49fec7128c90dcd
ea263f33790881a01e317fa03d935f7109523e41
22e26ea1917d1a0fed0b2af636f1baecb59768b0f85c9ab6b1c37d45e84dfa2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:44 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
35.82.48.240101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 35.82.48.240:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 10Hnp8Pqc7QQxLa/nxiZ/w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: /MHFO+qGofzEHLxM2IINPSmWg84=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d465ff0297af5926e1e63ba1f3955600
a5ca10bc6556c56a628894bd9da8b4b7b9d0faf1
5ed09a3a5bfefabcba6e7fa03a371a933f4f987086f42031aef23b747428b01d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5ED09A3A5BFEFABCBA6E7FA03A371A933F4F987086F42031AEF23B747428B01D"
Last-Modified: Sat, 21 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2603
Expires: Sun, 22 Jan 2023 19:31:08 GMT
Date: Sun, 22 Jan 2023 18:47:45 GMT
Connection: keep-alive
paralysispluck.com/0d65cbe66c1d94805d8a016b65b4601c/invoke.js
192.243.61.227200 OK 9.8 kB URL HTTP/1.1 paralysispluck.com/0d65cbe66c1d94805d8a016b65b4601c/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26941), with no line terminators
Hash f05ecc6f42b86a30eeb1a139597ee990
639fa267617eb7a6764523bbf317301e4d97e9bf
6ff2b3a98a27510f8c525b933d157e470962a9857c3360022e1df842785a49c6
Analyzer Verdict Alert quad9 Sinkholed
GET /0d65cbe66c1d94805d8a016b65b4601c/invoke.js HTTP/1.1
Host: paralysispluck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Jan 2023 18:47:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: cdb306a0eb250255c410082c7efea81e
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
paralysispluck.com/c0615ef8a6764756b63d8c0c6b0d32b2/invoke.js
192.243.61.227200 OK 9.8 kB URL HTTP/1.1 paralysispluck.com/c0615ef8a6764756b63d8c0c6b0d32b2/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26947), with no line terminators
Hash 322ec8a5c817e3a834463811c27b5c68
201f12825633957662db02a2bd4bdf42178f08c7
2d9b0e849d92f12915c815454c62ad663ed705eb45c20975682c0beba30b7eb4
Analyzer Verdict Alert quad9 Sinkholed
GET /c0615ef8a6764756b63d8c0c6b0d32b2/invoke.js HTTP/1.1
Host: paralysispluck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Jan 2023 18:47:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 422decfc141dbbc98b8c110fcfca4212
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 4dab8a11f6f832896613d012233bf6ba
05fb1e721b40793fc921c840b2b89d732868184a
04948e2b6ac1e964c58eb5cdee1bbb5adc6d5a80edb63bf96e62426d19c2f5ab
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=155527
Date: Sun, 22 Jan 2023 18:47:45 GMT
Etag: "63cd3a95-1d7"
Expires: Tue, 24 Jan 2023 13:59:52 GMT
Last-Modified: Sun, 22 Jan 2023 13:31:01 GMT
Server: ECS (nyb/1D19)
X-Cache: Miss from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: CdKZ8GsLUY-6Yb-58ngHhqfAvJGlRXnDvryKH1udFk63jBLF4L7S0w==
Age: 1731
paralysispluck.com/f109d89f9ef31284953e3f67eb6178fc/invoke.js
192.243.61.227200 OK 9.8 kB URL HTTP/1.1 paralysispluck.com/f109d89f9ef31284953e3f67eb6178fc/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26965), with no line terminators
Hash 044d57dd768c3aa810b8c23b7172064a
4390daf238343f09321a25811cb6499c291377d7
efab88f3ac6c05d9b6273dbc3cb5311522467600aacede251cbf5d3bc2616439
Analyzer Verdict Alert quad9 Sinkholed
GET /f109d89f9ef31284953e3f67eb6178fc/invoke.js HTTP/1.1
Host: paralysispluck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Jan 2023 18:47:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 458a13f4560afa0e079f5ef0b8e378a2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
simplewebanalysis.com/stats
52.29.129.178200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.129.178:0
File type ASCII text, with no line terminators
Hash 22450976612f2df03837cc2ab1eba836
ca3be310fd19770e898da26ff04cc25866f28881
9dce8aacb365f3dff10628b37cac966d5c2d4ed42227cef5de6d569e7664c648
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.just-short-it.ml
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:45 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.just-short-it.ml
access-control-allow-credentials: true
set-cookie: uid_id2=7e810a0c-3d52-4319-af36-dbd44aa41937:3:1; expires=Wed, 19 Jan 2033 18:47:45 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.29.129.178200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.129.178:0
File type ASCII text, with no line terminators
Hash 22450976612f2df03837cc2ab1eba836
ca3be310fd19770e898da26ff04cc25866f28881
9dce8aacb365f3dff10628b37cac966d5c2d4ed42227cef5de6d569e7664c648
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.just-short-it.ml
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Cookie: uid_id2=7e810a0c-3d52-4319-af36-dbd44aa41937:3:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:45 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.just-short-it.ml
access-control-allow-credentials: true
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 4dab8a11f6f832896613d012233bf6ba
05fb1e721b40793fc921c840b2b89d732868184a
04948e2b6ac1e964c58eb5cdee1bbb5adc6d5a80edb63bf96e62426d19c2f5ab
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=154966
Date: Sun, 22 Jan 2023 18:47:45 GMT
Etag: "63cd3a95-1d7"
Expires: Tue, 24 Jan 2023 13:50:31 GMT
Last-Modified: Sun, 22 Jan 2023 13:31:01 GMT
Server: ECS (nyb/1D16)
X-Cache: Miss from cloudfront
Via: 1.1 dbfaae0db03f11cf713bbcbdb25be4a2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: dEbJVG4Vme7og3bOaBr3iK2TEYPqI8bRXq9wNM3-8ktO9H-nN2_KsA==
Age: 1170
simplewebanalysis.com/stats
52.29.129.178200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.29.129.178:0
File type ASCII text, with no line terminators
Hash 26336261cd83a0c1f7dc2aa3f4933a8a
d711c796ad4220738848e21217e0a2c986366d22
4a96fbb6ee9f2a2a954d3f5699cd2be9841f8c7e416c3fe6f5df0e9bbebed62a
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.just-short-it.ml
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:45 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://www.just-short-it.ml
access-control-allow-credentials: true
set-cookie: uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1; expires=Wed, 19 Jan 2033 18:47:45 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12799
Expires: Sun, 22 Jan 2023 22:21:04 GMT
Date: Sun, 22 Jan 2023 18:47:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12799
Expires: Sun, 22 Jan 2023 22:21:04 GMT
Date: Sun, 22 Jan 2023 18:47:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12799
Expires: Sun, 22 Jan 2023 22:21:04 GMT
Date: Sun, 22 Jan 2023 18:47:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12799
Expires: Sun, 22 Jan 2023 22:21:04 GMT
Date: Sun, 22 Jan 2023 18:47:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a618971ebc90b5698ddbabc4637e3345
f920b73a7c9b57d77194ba8ba406664d8469b6b6
f7c66c647552a10c53d758e1eedd450226c969b0001a25a616773d57f10e16bf
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F7C66C647552A10C53D758E1EEDD450226C969B0001A25A616773D57F10E16BF"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12799
Expires: Sun, 22 Jan 2023 22:21:04 GMT
Date: Sun, 22 Jan 2023 18:47:45 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg
34.120.237.76200 OK 3.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash ce9c90c64a81cfd16050966c2b5ddf57
a2929122b2d2e252f39d23857cd7a2ed4651bb27
6647be8f5be621ef9b0cfe6585cb92c868951a95acf8c9c66d9eec6dc95d34c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F7918883e-706a-42d5-b966-cd7d5fb64f78.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3084
x-amzn-requestid: 034173f8-edba-45b9-bbbc-a7d737b45e26
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fFM68EDMIAMF3Iw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cb8eac-3a22865376bbdcde3ef17088;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 07:05:16 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: lPrb0OiQtQrd0-1R9wmsMzYwRydWPW9lBTAFUu9SPchT7WZUIVzGdw==
via: 1.1 26ca01ec7377e425b59b6a08cb1ec342.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 08:08:13 GMT
age: 38372
etag: "a2929122b2d2e252f39d23857cd7a2ed4651bb27"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa0293b1-658b-40be-8f58-7c880a4f5b00.jpeg
34.120.237.76200 OK 9.2 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa0293b1-658b-40be-8f58-7c880a4f5b00.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash b6cb560c00346a6c1d1862cfd25e5d92
0df06ee873767cda7b2f109caa5f3e0aab1ddc0a
1ee5d9792f084907b8837f818b7971c97eacff3b3e0cc83586220508c8755adf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Faa0293b1-658b-40be-8f58-7c880a4f5b00.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9221
x-amzn-requestid: 4b2c7bae-5356-4681-951d-ebe451d21d6c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fG5RrGGcoAMFTrw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc3c0a-37b5ee661888b87b427d4d71;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 19:24:58 GMT
x-amz-cf-pop: SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: B4RPv-YjKoOLL_WTaJyBpsCRiA_j5Q_GzKGHKw3v1EMGznBrMbOMhA==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 5565a51537c689d1d16f6b4d41f40082.cloudfront.net (CloudFront), 1.1 google
date: Sun, 22 Jan 2023 10:59:43 GMT
age: 28082
etag: "0df06ee873767cda7b2f109caa5f3e0aab1ddc0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
paralysispluck.com/28c9bfe21f06b815998b4f3da8e16406/invoke.js
192.243.61.227200 OK 9.8 kB URL HTTP/1.1 paralysispluck.com/28c9bfe21f06b815998b4f3da8e16406/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26947), with no line terminators
Hash 322ec8a5c817e3a834463811c27b5c68
201f12825633957662db02a2bd4bdf42178f08c7
2d9b0e849d92f12915c815454c62ad663ed705eb45c20975682c0beba30b7eb4
Analyzer Verdict Alert quad9 Sinkholed
GET /28c9bfe21f06b815998b4f3da8e16406/invoke.js HTTP/1.1
Host: paralysispluck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Jan 2023 18:47:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e877d2ce7ba26ed08fc08e332a45fc06
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
34.120.237.76200 OK 8.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4e71636bb9a13ad7d52d253e16cd6a3f
401dd58e34982d3434739b9a2f7182487ea1cac5
1ac336df72b6eb569983e197f094378a26a175113249bedca0610cabd57e2e54
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd68d33e7-2d1d-4f9d-9544-28746d9156e6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8057
x-amzn-requestid: 5469b005-6740-4f3d-80ca-a45fd39cae68
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNkCFiZoAMF8oQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c80-210da08f113a3273257b7d61;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:28 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: j3SoP46ER0JjOaLh363bQ9QW4ZIW19_rbgeQ7Ey8W-zgyGMMLSLccA==
via: 1.1 41e349e25dc4bc856d0e5d2c162428a0.cloudfront.net (CloudFront), 1.1 6172bb1a5d00a3b06ae3700570ebe116.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:17 GMT
etag: "401dd58e34982d3434739b9a2f7182487ea1cac5"
content-type: image/jpeg
age: 75568
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F612dbd3f-3cd3-44bd-8729-b4d4aa118f87.jpeg
34.120.237.76200 OK 6.1 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F612dbd3f-3cd3-44bd-8729-b4d4aa118f87.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5b7dac109bc648666356225a0d21ed17
f07e82cffe064c296cb1b2c80f7b09feb7552bbe
cc8997d71cd85021addccb0f6a0f00edf95f9747333ff0a436581db4ede78f51
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F612dbd3f-3cd3-44bd-8729-b4d4aa118f87.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 6102
x-amzn-requestid: 256e7b90-3052-41f7-abcf-43c455a2ee7c
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHOFfEZtIAMFWhA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d56-3237bb0a1f86766b5eb86e82;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:47:02 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: 8pl8mAIA_RrOxBgjRkNf9IgG3b7K8R7ypfXIF_APxZr3_2lYnIB8rA==
via: 1.1 010c0731b9775a983eceaec0f5fa6a2e.cloudfront.net (CloudFront), 1.1 4f3feb5c4393987d42d1971d404d7cea.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 22:07:46 GMT
age: 74399
etag: "f07e82cffe064c296cb1b2c80f7b09feb7552bbe"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd73f3807-16ae-46ce-a9a5-84b639ea80c6.jpeg
34.120.237.76200 OK 2.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd73f3807-16ae-46ce-a9a5-84b639ea80c6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 83d96b777a2cac4cb6d577309c8d07e7
86bc900c65d14a338c1d08a0b407590940b39059
50856a41d2bbaec73e06255e06e5ee648f1e7ed1fb04049810d4c03650621bdf
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fd73f3807-16ae-46ce-a9a5-84b639ea80c6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 2555
x-amzn-requestid: d5425eec-2182-4b90-a03f-47dfa76439bb
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHOFpEoIoAMF83A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5d57-5326fe1a504805be37823571;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:47:03 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: oxNnK5wjQI8w-_5fTcDKXBdExNMJ_S6y8chMHd_woRSBfkBy3fqR8Q==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 981753271eb5b6d11bc29d52f173a5da.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:06 GMT
etag: "86bc900c65d14a338c1d08a0b407590940b39059"
content-type: image/jpeg
age: 75579
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff250419d-5512-4c6b-9460-69d68f74273d.jpeg
34.120.237.76200 OK 7.7 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff250419d-5512-4c6b-9460-69d68f74273d.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d3e5cb3e8d03fffcd307c5ebaef08167
1a813821d15afd416b82c3343a7920a0ffc909cb
84a81b6f63faa3f17a20222b8fa389761a0fb0512a1549b4848849c0425539c9
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Ff250419d-5512-4c6b-9460-69d68f74273d.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7656
x-amzn-requestid: 6e1ebd9d-6ef0-48d0-a891-51bbf914ed42
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: fHNlYHaUoAMFr-w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63cc5c88-479e8fb72b0b248d020d9e77;Sampled=0
x-amzn-remapped-date: Sat, 21 Jan 2023 21:43:36 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Miss from cloudfront
x-amz-cf-id: DaWs0RT0IupgLoLeQZYbdYdvYFd02bXrdQBFYpqLxwmKf1bKhh_wgQ==
via: 1.1 98e601970ea59f4d5f56a752787ff9fc.cloudfront.net (CloudFront), 1.1 d6b180eb367f7de26d67a9f3901b96a6.cloudfront.net (CloudFront), 1.1 google
date: Sat, 21 Jan 2023 21:48:06 GMT
etag: "1a813821d15afd416b82c3343a7920a0ffc909cb"
content-type: image/jpeg
age: 75579
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
fonts.gstatic.com/s/nunito/v16/XRXV3I6Li01BKofINeaB.woff2
216.58.207.227200 OK 19 kB URL HTTP/2 fonts.gstatic.com/s/nunito/v16/XRXV3I6Li01BKofINeaB.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 18972, version 1.0\012- data
Hash bcf84d6cb8a0ac214c8c14ba9af834f3
95cfdf6e8861ae5510f41bb8fe8f1fc21d060578
06f3af3fe52542d40ad9bc14ec03e04deaabd09ec369221cc8f536db1c72bf55
GET /s/nunito/v16/XRXV3I6Li01BKofINeaB.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.just-short-it.ml
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 18972
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 20 Jan 2023 14:39:38 GMT
expires: Sat, 20 Jan 2024 14:39:38 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 25 Nov 2020 02:44:35 GMT
content-type: font/woff2
age: 187687
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
paralysispluck.com/dce840900198070189c2beb10d96832b/invoke.js
192.243.61.227200 OK 9.8 kB URL HTTP/1.1 paralysispluck.com/dce840900198070189c2beb10d96832b/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26947), with no line terminators
Hash 322ec8a5c817e3a834463811c27b5c68
201f12825633957662db02a2bd4bdf42178f08c7
2d9b0e849d92f12915c815454c62ad663ed705eb45c20975682c0beba30b7eb4
Analyzer Verdict Alert quad9 Sinkholed
GET /dce840900198070189c2beb10d96832b/invoke.js HTTP/1.1
Host: paralysispluck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Jan 2023 18:47:45 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 368fd67816d2c7e2704f095ac105974a
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4242298d6e7e15b2fab610c1a44c7bee
f45dee568b327945007f169fc0471036f0f7a4bc
375db6cc59c2158eb8d33ee6718b958a80bfd8f3415a5ee7bd265674e28d05cd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "375DB6CC59C2158EB8D33EE6718B958A80BFD8F3415A5EE7BD265674E28D05CD"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2187
Expires: Sun, 22 Jan 2023 19:24:12 GMT
Date: Sun, 22 Jan 2023 18:47:45 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 51c33b802936a31d5ccfb260fad6c92c
764722c616b60c0dee1d7212645dbc6c90487652
2c62a2e2f1e05801cb96a590138dc7ad59b913dfb0dc681b4e8b5b820697841a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "2C62A2E2F1E05801CB96A590138DC7AD59B913DFB0DC681B4E8B5B820697841A"
Last-Modified: Sun, 22 Jan 2023 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16714
Expires: Sun, 22 Jan 2023 23:26:20 GMT
Date: Sun, 22 Jan 2023 18:47:46 GMT
Connection: keep-alive
paralysispluck.com/0f0063e228d3700c13b15bb4e77ef2ff/invoke.js
192.243.61.227200 OK 9.8 kB URL HTTP/1.1 paralysispluck.com/0f0063e228d3700c13b15bb4e77ef2ff/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26941), with no line terminators
Hash f05ecc6f42b86a30eeb1a139597ee990
639fa267617eb7a6764523bbf317301e4d97e9bf
6ff2b3a98a27510f8c525b933d157e470962a9857c3360022e1df842785a49c6
Analyzer Verdict Alert quad9 Sinkholed
GET /0f0063e228d3700c13b15bb4e77ef2ff/invoke.js HTTP/1.1
Host: paralysispluck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fc11ed5438f29e2d87379e25741db826
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d7e9e808217c9a5a6b2fac92bf3049f8
0c509f752c7f71cd2048cd25d906b2b101562faf
397c215df6ecfe33db94e50cd8c4cdd9b504637fc34ab9553c201b7b982fa524
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "397C215DF6ECFE33DB94E50CD8C4CDD9B504637FC34AB9553C201B7B982FA524"
Last-Modified: Fri, 20 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16643
Expires: Sun, 22 Jan 2023 23:25:09 GMT
Date: Sun, 22 Jan 2023 18:47:46 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash a25567cb3f63e13ec07e671356f7ad5b
f7bc53deb15fdeca18806318bf7d3267b1766c7f
09cbab3f29c812e2bc1c54b9a6600899fdc64ce0479bcb314a92553069a95f9d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4945
Cache-Control: max-age=120223
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:46 GMT
Etag: "63cca420-118"
Expires: Tue, 24 Jan 2023 04:11:29 GMT
Last-Modified: Sun, 22 Jan 2023 02:49:04 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css
104.18.11.207200 OK 6.8 kB URL HTTP/2 maxcdn.bootstrapcdn.com/font-awesome/4.6.1/css/font-awesome.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (28596)
Hash 9e7ab953623c4c43223e541880b741d9
a20a3fa71c9a636cdbd34cb4dc9f8ace191b071f
256b887bc740433f721903c5be3822832137d831e9e0abc49e5ae1f940ac5352
GET /font-awesome/4.6.1/css/font-awesome.min.css HTTP/1.1
Host: maxcdn.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:46 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: US
cdn-edgestorageid: 617, 617
last-modified: Mon, 25 Jan 2021 22:04:54 GMT
cdn-cachedat: 2021-06-03 22:46:19
cdn-requestpullsuccess: True
cdn-requestpullcode: 200
cache-control: public, max-age=31919000
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-content-type-options: nosniff
cdn-requestid: b43941af4bb8e32ed6d04a6a37617f28
cdn-cache: HIT
cf-cache-status: HIT
age: 312013
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 78da75c17f09b500-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
restartburgerremembrance.com/watch.59070807982.js?key=f109d89f9ef31284953e3f67eb6178fc&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1
173.233.137.36307 Temporary Redirect 0 B URL HTTP/1.1 restartburgerremembrance.com/watch.59070807982.js?key=f109d89f9ef31284953e3f67eb6178fc&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.59070807982.js?key=f109d89f9ef31284953e3f67eb6178fc&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1 HTTP/1.1
Host: restartburgerremembrance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.just-short-it.ml
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.19.5
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.just-short-it.ml
Access-Control-Allow-Origin: https://www.just-short-it.ml
Access-Control-Allow-Credentials: true
Location: https://restartburgerremembrance.com/watch.59070807982.js?key=f109d89f9ef31284953e3f67eb6178fc&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1&shu=1428039ac6b6caf44c12866e62f3c827f7561a9108ac438b8384577367c8da962133d925bfe83285ae62675b7bf337c31a1ae93e07c9f5141f6d1820bd3eb93b93ee875bc49805c639b681611764468ae21e877df16a28b1be6e848d9191c08f&pst=1674413326&rmtc=t
Set-Cookie: u_pl=17110507; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzExMDUwNywiayI6ImYxMDlkODlmOWVmMzEyODQ5NTNlM2Y2N2ViNjE3OGZjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNSwicHQiOjQsInBrIjoibTl6M2N0dGtjeCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5qdXN0LXNob3J0LWl0Lm1sL3AvcmVkaXJlY3QuaHRtbD8_XHUwMDI2XHUwMDI2dXJsPV9odHRwczovL3d3dy5tZWRpYWZpcmUuY29tL2ZpbGUvYmJ1dHB3NzQ1MGtxbnFvL3N1cHJlbV9EcmFnb24uemlwL2ZpbGUifX0.cCo3BVrAXW1k8kTsrEaKI-5OJlMElJH8x5vJamNaGKM; expires=Sun, 22 Jan 2023 18:48:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ad3410b31d3cd2e617c1b98adf95c161
Strict-Transport-Security: max-age=0; includeSubdomains
paralysispluck.com/c0615ef8a6764756b63d8c0c6b0d32b2/invoke.js
192.243.61.227200 OK 9.8 kB URL HTTP/1.1 paralysispluck.com/c0615ef8a6764756b63d8c0c6b0d32b2/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26949), with no line terminators
Hash 993b6e03dab55dd32edcbc3a816b88cf
31c23f75e045b33e70800b2c2289fe4457200f0d
302ec01ef19a07a1727c1521f5c16b0b00c4a30174baea22cbd31c5304ecd8f6
Analyzer Verdict Alert quad9 Sinkholed
GET /c0615ef8a6764756b63d8c0c6b0d32b2/invoke.js HTTP/1.1
Host: paralysispluck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8dfb6f638940cb9927b43430a94c3eb4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
excretekings.com/watch.328930472089.js?key=0d65cbe66c1d94805d8a016b65b4601c&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1
192.243.59.20307 Temporary Redirect 0 B URL HTTP/1.1 excretekings.com/watch.328930472089.js?key=0d65cbe66c1d94805d8a016b65b4601c&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.328930472089.js?key=0d65cbe66c1d94805d8a016b65b4601c&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1 HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.just-short-it.ml
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.9
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.just-short-it.ml
Access-Control-Allow-Origin: https://www.just-short-it.ml
Access-Control-Allow-Credentials: true
Location: https://excretekings.com/watch.328930472089.js?key=0d65cbe66c1d94805d8a016b65b4601c&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1&shu=0f280cff1ddccd014646bb737918071154474883cb6e109dd622bab13d5c7599442043275fe1b9832c3cb14705f1dd823ec000bdc3639672584f5400ad4460212321efad7b0cac66bb223a03b3364d8cf83f920b&pst=1674413326&rmtc=t
Set-Cookie: u_pl=17105234; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwNTIzNCwiayI6IjBkNjVjYmU2NmMxZDk0ODA1ZDhhMDE2YjY1YjQ2MDFjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiZDZmNGthZTEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuanVzdC1zaG9ydC1pdC5tbC9wL3JlZGlyZWN0Lmh0bWw_P1x1MDAyNlx1MDAyNnVybD1faHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2JidXRwdzc0NTBrcW5xby9zdXByZW1fRHJhZ29uLnppcC9maWxlIn19.YoipApMayn0PJRqbx_VGxJu7h9wQzCjOu4bv82ZDgsg; expires=Sun, 22 Jan 2023 18:48:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 68cc41d0dd62990da54dd7c6bff94a6a
Strict-Transport-Security: max-age=0; includeSubdomains
grubrebukevenus.com/watch.1609832916767.js?key=28c9bfe21f06b815998b4f3da8e16406&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1
192.243.59.12307 Temporary Redirect 0 B URL HTTP/1.1 grubrebukevenus.com/watch.1609832916767.js?key=28c9bfe21f06b815998b4f3da8e16406&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch.1609832916767.js?key=28c9bfe21f06b815998b4f3da8e16406&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1 HTTP/1.1
Host: grubrebukevenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.just-short-it.ml
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.just-short-it.ml
Access-Control-Allow-Origin: https://www.just-short-it.ml
Access-Control-Allow-Credentials: true
Location: https://grubrebukevenus.com/watch.1609832916767.js?key=28c9bfe21f06b815998b4f3da8e16406&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1&shu=4f704d437b1251fc6138a32cb18cab6013f2a56812e2d61e3d419e96072f4e2cb28924eda7b1753e156bcdcd98630e704f95e782b8a419a89a737dc1fc33afdb218353aa280b7e800de80be3bb7bd752fc17038d2c7ab057ba1be0a9004b17b0807704d84b&pst=1674413326&rmtc=t
Set-Cookie: u_pl=17110516; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzExMDUxNiwiayI6IjI4YzliZmUyMWYwNmI4MTU5OThiNGYzZGE4ZTE2NDA2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNiwicHQiOjQsInBrIjoiZ3pmY3l2dWMwIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3Lmp1c3Qtc2hvcnQtaXQubWwvcC9yZWRpcmVjdC5odG1sPz9cdTAwMjZcdTAwMjZ1cmw9X2h0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9iYnV0cHc3NDUwa3FucW8vc3VwcmVtX0RyYWdvbi56aXAvZmlsZSJ9fQ.D3mk3o9kUyUd4Lp9oJ-sSV1ei8nIXXuBziKsTlrK2OY; expires=Sun, 22 Jan 2023 18:48:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4186ae29236982799159685087b3dbc9
Strict-Transport-Security: max-age=0; includeSubdomains
grubrebukevenus.com/watch.651540235061.js?key=c0615ef8a6764756b63d8c0c6b0d32b2&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
192.243.59.12307 Temporary Redirect 0 B URL HTTP/1.1 grubrebukevenus.com/watch.651540235061.js?key=c0615ef8a6764756b63d8c0c6b0d32b2&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch.651540235061.js?key=c0615ef8a6764756b63d8c0c6b0d32b2&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1 HTTP/1.1
Host: grubrebukevenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.just-short-it.ml
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.just-short-it.ml
Access-Control-Allow-Origin: https://www.just-short-it.ml
Access-Control-Allow-Credentials: true
Location: https://grubrebukevenus.com/watch.651540235061.js?key=c0615ef8a6764756b63d8c0c6b0d32b2&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&shu=ffe1382ed4f1d9a04540f6637710da2b6d9fee0028d705ee72cd0e7dfe65fab770ea22a3ac70b1051ccb83a9abca799cf35999994b48459cd914eeae8e6693125c508bb3542fba738c943f3189e69386b6cfc66d62f65e631a149fdde9ec9b&pst=1674413326&rmtc=t
Set-Cookie: u_pl=17108679; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwODY3OSwiayI6ImMwNjE1ZWY4YTY3NjQ3NTZiNjNkOGMwYzZiMGQzMmIyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJ1aXI1cmdleGsiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuanVzdC1zaG9ydC1pdC5tbC9wL3JlZGlyZWN0Lmh0bWw_P1x1MDAyNlx1MDAyNnVybD1faHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2JidXRwdzc0NTBrcW5xby9zdXByZW1fRHJhZ29uLnppcC9maWxlIn19.nwT8-sc2F1dzTpZMUjsDyA5b82rAEpS8J_kZN2wFu50; expires=Sun, 22 Jan 2023 18:48:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: de467e212edc18410cc8dbe4809e0da1
Strict-Transport-Security: max-age=0; includeSubdomains
restartburgerremembrance.com/watch.59070807982.js?key=f109d89f9ef31284953e3f67eb6178fc&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1&shu=1428039ac6b6caf44c12866e62f3c827f7561a9108ac438b8384577367c8da962133d925bfe83285ae62675b7bf337c31a1ae93e07c9f5141f6d1820bd3eb93b93ee875bc49805c639b681611764468ae21e877df16a28b1be6e848d9191c08f&pst=1674413326&rmtc=t
173.233.137.36200 OK 636 B URL HTTP/1.1 restartburgerremembrance.com/watch.59070807982.js?key=f109d89f9ef31284953e3f67eb6178fc&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1&shu=1428039ac6b6caf44c12866e62f3c827f7561a9108ac438b8384577367c8da962133d925bfe83285ae62675b7bf337c31a1ae93e07c9f5141f6d1820bd3eb93b93ee875bc49805c639b681611764468ae21e877df16a28b1be6e848d9191c08f&pst=1674413326&rmtc=t
IP 173.233.137.36:0
File type HTML document text\012- HTML document, ASCII text, with very long lines (582)
Hash 22eb9027f90fe525fa4a3423848ccada
61e3ccef54bf163c48ef8be23a293fcc2252e8e9
f2ae0eb97f69cb3d46daba016cc918732ecf041b5926fd3a07a8f8f066c68ee5
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.59070807982.js?key=f109d89f9ef31284953e3f67eb6178fc&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1&shu=1428039ac6b6caf44c12866e62f3c827f7561a9108ac438b8384577367c8da962133d925bfe83285ae62675b7bf337c31a1ae93e07c9f5141f6d1820bd3eb93b93ee875bc49805c639b681611764468ae21e877df16a28b1be6e848d9191c08f&pst=1674413326&rmtc=t HTTP/1.1
Host: restartburgerremembrance.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.just-short-it.ml
Referer: https://www.just-short-it.ml/
Connection: keep-alive
Cookie: u_pl=17110507; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzExMDUwNywiayI6ImYxMDlkODlmOWVmMzEyODQ5NTNlM2Y2N2ViNjE3OGZjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNSwicHQiOjQsInBrIjoibTl6M2N0dGtjeCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5qdXN0LXNob3J0LWl0Lm1sL3AvcmVkaXJlY3QuaHRtbD8_XHUwMDI2XHUwMDI2dXJsPV9odHRwczovL3d3dy5tZWRpYWZpcmUuY29tL2ZpbGUvYmJ1dHB3NzQ1MGtxbnFvL3N1cHJlbV9EcmFnb24uemlwL2ZpbGUifX0.cCo3BVrAXW1k8kTsrEaKI-5OJlMElJH8x5vJamNaGKM
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.just-short-it.ml
Access-Control-Allow-Origin: https://www.just-short-it.ml
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=7e810a0c-3d52-4319-af36-dbd44aa41937:3:1; expires=Sun, 29 Jan 2023 18:47:46 GMT; secure; SameSite=None
iprca318f44858f9953fd3d885be56bfd8ef=2717339; expires=Mon, 23 Jan 2023 20:47:46 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
uncs=1; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
pdhtkv25=true; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
uncs25=1; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 57b087c3aa2891dfac91e67990aaa825
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
paralysispluck.com/f109d89f9ef31284953e3f67eb6178fc/invoke.js
192.243.61.227200 OK 9.8 kB URL HTTP/1.1 paralysispluck.com/f109d89f9ef31284953e3f67eb6178fc/invoke.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type exported SGML document, ASCII text, with very long lines (26943), with no line terminators
Hash c88f331e9d60daf5aeb5054070177b43
91d7ca904284dcbe2f8d4b5f12a45f9f7a6cee10
2e0d721db554a8b2b06343566771557f13ef6e758d0c34a368069df9db569313
Analyzer Verdict Alert quad9 Sinkholed
GET /f109d89f9ef31284953e3f67eb6178fc/invoke.js HTTP/1.1
Host: paralysispluck.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2e295ee1e3524d5b617a7a418ba2bcb3
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
excretekings.com/watch.328930472089.js?key=0d65cbe66c1d94805d8a016b65b4601c&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1&shu=0f280cff1ddccd014646bb737918071154474883cb6e109dd622bab13d5c7599442043275fe1b9832c3cb14705f1dd823ec000bdc3639672584f5400ad4460212321efad7b0cac66bb223a03b3364d8cf83f920b&pst=1674413326&rmtc=t
192.243.59.20200 OK 2.0 kB URL HTTP/1.1 excretekings.com/watch.328930472089.js?key=0d65cbe66c1d94805d8a016b65b4601c&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1&shu=0f280cff1ddccd014646bb737918071154474883cb6e109dd622bab13d5c7599442043275fe1b9832c3cb14705f1dd823ec000bdc3639672584f5400ad4460212321efad7b0cac66bb223a03b3364d8cf83f920b&pst=1674413326&rmtc=t
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document, ASCII text, with very long lines (2498)
Hash 9ace345e631c19f72ccaecd09fce9fb2
ddbde105daabe5aeb7e5e8cc107362dfbe08abca
9b3815be9cce2bb163c8e037d371c65a4e1b45bfb99966c79f01f037a0ec24aa
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.328930472089.js?key=0d65cbe66c1d94805d8a016b65b4601c&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=7e810a0c-3d52-4319-af36-dbd44aa41937%3A3%3A1&shu=0f280cff1ddccd014646bb737918071154474883cb6e109dd622bab13d5c7599442043275fe1b9832c3cb14705f1dd823ec000bdc3639672584f5400ad4460212321efad7b0cac66bb223a03b3364d8cf83f920b&pst=1674413326&rmtc=t HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.just-short-it.ml
Referer: https://www.just-short-it.ml/
Connection: keep-alive
Cookie: u_pl=17105234; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwNTIzNCwiayI6IjBkNjVjYmU2NmMxZDk0ODA1ZDhhMDE2YjY1YjQ2MDFjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiZDZmNGthZTEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuanVzdC1zaG9ydC1pdC5tbC9wL3JlZGlyZWN0Lmh0bWw_P1x1MDAyNlx1MDAyNnVybD1faHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2JidXRwdzc0NTBrcW5xby9zdXByZW1fRHJhZ29uLnppcC9maWxlIn19.YoipApMayn0PJRqbx_VGxJu7h9wQzCjOu4bv82ZDgsg
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.just-short-it.ml
Access-Control-Allow-Origin: https://www.just-short-it.ml
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=7e810a0c-3d52-4319-af36-dbd44aa41937:3:1; expires=Sun, 29 Jan 2023 18:47:46 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
uncs=1; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
pdhtkv23=true; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
uncs23=1; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 155e5c753f8f0fded44a1c4be2b579c6
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
grubrebukevenus.com/watch.510621048022.js?key=dce840900198070189c2beb10d96832b&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
192.243.59.12307 Temporary Redirect 0 B URL HTTP/1.1 grubrebukevenus.com/watch.510621048022.js?key=dce840900198070189c2beb10d96832b&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /watch.510621048022.js?key=dce840900198070189c2beb10d96832b&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1 HTTP/1.1
Host: grubrebukevenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.just-short-it.ml
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Temporary Redirect
Server: nginx/1.17.6
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.just-short-it.ml
Access-Control-Allow-Origin: https://www.just-short-it.ml
Access-Control-Allow-Credentials: true
Location: https://grubrebukevenus.com/watch.510621048022.js?key=dce840900198070189c2beb10d96832b&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&shu=3787e823432fba6c9dce808e18878290bc9ae0b4412aa6862b0af7084c3761d415a3e21c24b426be74a2ee1b383896c29e533e111ab2351bec44e372362d281b92740ca6d2544733a16bbf6fdacd96afd96c09e1&pst=1674413326&rmtc=t
Set-Cookie: u_pl=17108688; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwODY4OCwiayI6ImRjZTg0MDkwMDE5ODA3MDE4OWMyYmViMTBkOTY4MzJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoiaHo4aDYza2FjeCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5qdXN0LXNob3J0LWl0Lm1sL3AvcmVkaXJlY3QuaHRtbD8_XHUwMDI2XHUwMDI2dXJsPV9odHRwczovL3d3dy5tZWRpYWZpcmUuY29tL2ZpbGUvYmJ1dHB3NzQ1MGtxbnFvL3N1cHJlbV9EcmFnb24uemlwL2ZpbGUifX0.vzHkUzTC1O3kZBd6sLNOI3wCVsatHFuewbWmx7f_Nvw; expires=Sun, 22 Jan 2023 18:48:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 5831137b1f03b595b51162221671bd22
Strict-Transport-Security: max-age=0; includeSubdomains
excretekings.com/watch.954881064178?key=0f0063e228d3700c13b15bb4e77ef2ff&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
192.243.59.20200 OK 1.2 kB URL HTTP/1.1 excretekings.com/watch.954881064178?key=0f0063e228d3700c13b15bb4e77ef2ff&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (477)
Hash e37cf1a4e9040b84805fe1377ea50ef5
f4e9bbcd7afcd483a59335a2a42ed3a3bbe612cc
c620bb535b8be1773e2c630ab832a299de78549eb5c2fde8c15c0f8f65fafddc
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.954881064178?key=0f0063e228d3700c13b15bb4e77ef2ff&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1 HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Cookie: u_pl=17105234; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwNTIzNCwiayI6IjBkNjVjYmU2NmMxZDk0ODA1ZDhhMDE2YjY1YjQ2MDFjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyMywicHQiOjQsInBrIjoiZDZmNGthZTEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuanVzdC1zaG9ydC1pdC5tbC9wL3JlZGlyZWN0Lmh0bWw_P1x1MDAyNlx1MDAyNnVybD1faHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2JidXRwdzc0NTBrcW5xby9zdXByZW1fRHJhZ29uLnppcC9maWxlIn19.YoipApMayn0PJRqbx_VGxJu7h9wQzCjOu4bv82ZDgsg; uid_id2=7e810a0c-3d52-4319-af36-dbd44aa41937:3:1; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17105234,17108683; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwODY4MywiayI6IjBmMDA2M2UyMjhkMzcwMGMxM2IxNWJiNGU3N2VmMmZmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNywicHQiOjQsInBrIjoid3ZqZzB1czl5IiwidCI6MX0sInUiOnsidSI6MiwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3Lmp1c3Qtc2hvcnQtaXQubWwvcC9yZWRpcmVjdC5odG1sPz9cdTAwMjZcdTAwMjZ1cmw9X2h0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9iYnV0cHc3NDUwa3FucW8vc3VwcmVtX0RyYWdvbi56aXAvZmlsZSJ9fQ.ZdeZ91YIjKBG18rz0Xw9VhpS9ZBSbUnQO-iZPh87h6E; expires=Sun, 22 Jan 2023 18:48:46 GMT; secure; SameSite=None
uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1; expires=Sun, 29 Jan 2023 18:47:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 2b9ba264675e94e311f3bfc21471f863
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 17b5497dcca96babf4213b1b57650fab
3a526e7aba95d5b5f478981622d8fceb7a30700e
7d035ad50cf4a906b236cbd1eebf42fd3fdfa76145b627eb3de2c02a0a004c3d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7D035AD50CF4A906B236CBD1EEBF42FD3FDFA76145B627EB3DE2C02A0A004C3D"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2357
Expires: Sun, 22 Jan 2023 19:27:03 GMT
Date: Sun, 22 Jan 2023 18:47:46 GMT
Connection: keep-alive
cdn.cloudimagesb.com/bi/18/96/a2/1896a2ee23829c0577a0fa656f1b1fc9/1659457927.jpg
45.133.44.10200 OK 16 kB URL HTTP/2 cdn.cloudimagesb.com/bi/18/96/a2/1896a2ee23829c0577a0fa656f1b1fc9/1659457927.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 728x90, components 3\012- data
Hash f6f02ccb47cbdc579104c85a17191e7d
df4e1b8e0cc1fd6e07aadd6b341f6262f66791a4
173d58f6b6a37261a0dc985966e2918cfb5a761c6ea140899ade0f82a04ad768
GET /bi/18/96/a2/1896a2ee23829c0577a0fa656f1b1fc9/1659457927.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:46 GMT
content-type: image/jpeg
content-length: 16506
server: nginx/1.17.6
last-modified: Tue, 02 Aug 2022 16:32:15 GMT
etag: "62e9518f-407a"
expires: Tue, 24 Jan 2023 18:47:46 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash df22aa2b10f042e6168d4b949fbddbc5
deb447314dd8e171a083375a69460c15a7747fcb
0f3a4b14acfdc82bfad6ca2f5fa61c9248eb9eabd10a6525af90a2ce5ac28f4d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F3A4B14ACFDC82BFAD6CA2F5FA61C9248EB9EABD10A6525AF90A2CE5AC28F4D"
Last-Modified: Fri, 20 Jan 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16788
Expires: Sun, 22 Jan 2023 23:27:34 GMT
Date: Sun, 22 Jan 2023 18:47:46 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 44eaa78cd3f0e25132689c2499af76c0
432ab37ac95fdf6d36ebd49db54ccbfa05ee6cab
95ca8f54f1ca0d7dbed8b30c36324f89af7e0bf414e14e264c202a7b7eb338e2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "95CA8F54F1CA0D7DBED8B30C36324F89AF7E0BF414E14E264C202A7B7EB338E2"
Last-Modified: Sat, 21 Jan 2023 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9118
Expires: Sun, 22 Jan 2023 21:19:44 GMT
Date: Sun, 22 Jan 2023 18:47:46 GMT
Connection: keep-alive
excretekings.com/watch.954881064178?shu=2795243c4899bc26cc62e014677d0c7f490db4e71176c72588d425d390fc9cfb9593c42c307d1b063138226ed24f02de9b6d5decaab13a5037498e5240748323cb49d7ae45a77f7a2d05762e5a7df3da316db30f26c6e4b693909c818e11f1&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=0f0063e228d3700c13b15bb4e77ef2ff&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&dev=e&res=12.1055&kw=%5B%5D&tz=0
192.243.59.20200 OK 1.8 kB URL HTTP/1.1 excretekings.com/watch.954881064178?shu=2795243c4899bc26cc62e014677d0c7f490db4e71176c72588d425d390fc9cfb9593c42c307d1b063138226ed24f02de9b6d5decaab13a5037498e5240748323cb49d7ae45a77f7a2d05762e5a7df3da316db30f26c6e4b693909c818e11f1&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=0f0063e228d3700c13b15bb4e77ef2ff&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&dev=e&res=12.1055&kw=%5B%5D&tz=0
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2480)
Hash 0130b31865b2fe4ad633e69077e2ee78
50df1a6efbafbb56585096ea49c296ad7f8c5035
d3da0e1ab543d86699529507abd30df80f9a016e2994c82cd3b3520135118bf9
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.954881064178?shu=2795243c4899bc26cc62e014677d0c7f490db4e71176c72588d425d390fc9cfb9593c42c307d1b063138226ed24f02de9b6d5decaab13a5037498e5240748323cb49d7ae45a77f7a2d05762e5a7df3da316db30f26c6e4b693909c818e11f1&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=0f0063e228d3700c13b15bb4e77ef2ff&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&dev=e&res=12.1055&kw=%5B%5D&tz=0 HTTP/1.1
Host: excretekings.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://excretekings.com/watch.954881064178?key=0f0063e228d3700c13b15bb4e77ef2ff&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
Cookie: u_pl=17105234,17108683; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwODY4MywiayI6IjBmMDA2M2UyMjhkMzcwMGMxM2IxNWJiNGU3N2VmMmZmIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNywicHQiOjQsInBrIjoid3ZqZzB1czl5IiwidCI6MX0sInUiOnsidSI6MiwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3Lmp1c3Qtc2hvcnQtaXQubWwvcC9yZWRpcmVjdC5odG1sPz9cdTAwMjZcdTAwMjZ1cmw9X2h0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9iYnV0cHc3NDUwa3FucW8vc3VwcmVtX0RyYWdvbi56aXAvZmlsZSJ9fQ.ZdeZ91YIjKBG18rz0Xw9VhpS9ZBSbUnQO-iZPh87h6E; uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
Access-Control-Allow-Origin: https://www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1; expires=Sun, 29 Jan 2023 18:47:46 GMT; secure; SameSite=None
uncs=2; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
pdhtkv27=true; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
uncs27=1; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0c50fce01081663c54cb2303b2196e77
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
grubrebukevenus.com/watch.510621048022?key=dce840900198070189c2beb10d96832b&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
192.243.59.12200 OK 1.2 kB URL HTTP/1.1 grubrebukevenus.com/watch.510621048022?key=dce840900198070189c2beb10d96832b&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (477)
Hash 12e4723301735108cd2e7a2e252a56c0
691b5160e1ea040ce8aea57df6b403f45332b253
895084dd13713f30d1209cfe1c764dd9491509ee13867da3ae8cfcb241479c86
GET /watch.510621048022?key=dce840900198070189c2beb10d96832b&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1 HTTP/1.1
Host: grubrebukevenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Cookie: u_pl=17108688; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwODY4OCwiayI6ImRjZTg0MDkwMDE5ODA3MDE4OWMyYmViMTBkOTY4MzJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoiaHo4aDYza2FjeCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5qdXN0LXNob3J0LWl0Lm1sL3AvcmVkaXJlY3QuaHRtbD8_XHUwMDI2XHUwMDI2dXJsPV9odHRwczovL3d3dy5tZWRpYWZpcmUuY29tL2ZpbGUvYmJ1dHB3NzQ1MGtxbnFvL3N1cHJlbV9EcmFnb24uemlwL2ZpbGUifX0.vzHkUzTC1O3kZBd6sLNOI3wCVsatHFuewbWmx7f_Nvw
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwODY4OCwiayI6ImRjZTg0MDkwMDE5ODA3MDE4OWMyYmViMTBkOTY4MzJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoiaHo4aDYza2FjeCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOmZhbHNlLCJyIjoiaHR0cHM6Ly93d3cuanVzdC1zaG9ydC1pdC5tbC9wL3JlZGlyZWN0Lmh0bWw_P1x1MDAyNlx1MDAyNnVybD1faHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2JidXRwdzc0NTBrcW5xby9zdXByZW1fRHJhZ29uLnppcC9maWxlIn19.M73LTWIUJG7G322amTEhag5TsscknYcENtgclqbacBY; expires=Sun, 22 Jan 2023 18:48:46 GMT; secure; SameSite=None
uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1; expires=Sun, 29 Jan 2023 18:47:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 964098d3ec3f54cad34457882b8e3bc2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
grubrebukevenus.com/watch.1609832916767?key=28c9bfe21f06b815998b4f3da8e16406&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
192.243.59.12200 OK 1.2 kB URL HTTP/1.1 grubrebukevenus.com/watch.1609832916767?key=28c9bfe21f06b815998b4f3da8e16406&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (477)
Hash ff9c81146abd0d8f92ef474fdddb08f2
8857ae5a1d0a58e4f53ba997f6537e4b95bdde30
0ccb5f0c6b62ed9bfbeeac7b99beb4526b178e450294780157dbac5e988d4ef6
GET /watch.1609832916767?key=28c9bfe21f06b815998b4f3da8e16406&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1 HTTP/1.1
Host: grubrebukevenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Cookie: u_pl=17108688; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwODY4OCwiayI6ImRjZTg0MDkwMDE5ODA3MDE4OWMyYmViMTBkOTY4MzJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoiaHo4aDYza2FjeCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5qdXN0LXNob3J0LWl0Lm1sL3AvcmVkaXJlY3QuaHRtbD8_XHUwMDI2XHUwMDI2dXJsPV9odHRwczovL3d3dy5tZWRpYWZpcmUuY29tL2ZpbGUvYmJ1dHB3NzQ1MGtxbnFvL3N1cHJlbV9EcmFnb24uemlwL2ZpbGUifX0.vzHkUzTC1O3kZBd6sLNOI3wCVsatHFuewbWmx7f_Nvw
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17108688,17110516; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzExMDUxNiwiayI6IjI4YzliZmUyMWYwNmI4MTU5OThiNGYzZGE4ZTE2NDA2Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNiwicHQiOjQsInBrIjoiZ3pmY3l2dWMwIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjkwNzUzNDU3LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTIwNjI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEwNS4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8vd3d3Lmp1c3Qtc2hvcnQtaXQubWwvcC9yZWRpcmVjdC5odG1sPz9cdTAwMjZcdTAwMjZ1cmw9X2h0dHBzOi8vd3d3Lm1lZGlhZmlyZS5jb20vZmlsZS9iYnV0cHc3NDUwa3FucW8vc3VwcmVtX0RyYWdvbi56aXAvZmlsZSJ9fQ.D3mk3o9kUyUd4Lp9oJ-sSV1ei8nIXXuBziKsTlrK2OY; expires=Sun, 22 Jan 2023 18:48:46 GMT; secure; SameSite=None
uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1; expires=Sun, 29 Jan 2023 18:47:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8f9d3b4ee136355166b55248f071cd49
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
grubrebukevenus.com/watch.651540235061?key=c0615ef8a6764756b63d8c0c6b0d32b2&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
192.243.59.12200 OK 1.2 kB URL HTTP/1.1 grubrebukevenus.com/watch.651540235061?key=c0615ef8a6764756b63d8c0c6b0d32b2&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (477)
Hash 8e390b099778c86979d307b13ff15bef
b495527d657e4c4dd1c831279acb366856c641f7
3d557fd2ec54d7a27bc26cacad6ebfe037ae67cd86422377dca84d156c147e84
GET /watch.651540235061?key=c0615ef8a6764756b63d8c0c6b0d32b2&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1 HTTP/1.1
Host: grubrebukevenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Cookie: u_pl=17108688; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwODY4OCwiayI6ImRjZTg0MDkwMDE5ODA3MDE4OWMyYmViMTBkOTY4MzJiIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjozMiwicHQiOjQsInBrIjoiaHo4aDYza2FjeCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5qdXN0LXNob3J0LWl0Lm1sL3AvcmVkaXJlY3QuaHRtbD8_XHUwMDI2XHUwMDI2dXJsPV9odHRwczovL3d3dy5tZWRpYWZpcmUuY29tL2ZpbGUvYmJ1dHB3NzQ1MGtxbnFvL3N1cHJlbV9EcmFnb24uemlwL2ZpbGUifX0.vzHkUzTC1O3kZBd6sLNOI3wCVsatHFuewbWmx7f_Nvw
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17108688,17108679; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwODY3OSwiayI6ImMwNjE1ZWY4YTY3NjQ3NTZiNjNkOGMwYzZiMGQzMmIyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJ1aXI1cmdleGsiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuanVzdC1zaG9ydC1pdC5tbC9wL3JlZGlyZWN0Lmh0bWw_P1x1MDAyNlx1MDAyNnVybD1faHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2JidXRwdzc0NTBrcW5xby9zdXByZW1fRHJhZ29uLnppcC9maWxlIn19.nwT8-sc2F1dzTpZMUjsDyA5b82rAEpS8J_kZN2wFu50; expires=Sun, 22 Jan 2023 18:48:46 GMT; secure; SameSite=None
uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1; expires=Sun, 29 Jan 2023 18:47:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c5c63b2dc0cebec74d0ceacc54f5f7f2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/99/35/d4/9935d4c8e01b802a5ca2501050ec07df/1663166290.png
45.133.44.10200 OK 18 kB URL HTTP/2 cdn.cloudimagesb.com/cti/99/35/d4/9935d4c8e01b802a5ca2501050ec07df/1663166290.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 468 x 60, 8-bit/color RGBA, non-interlaced\012- data
Hash 032097920221f2f3dfd1d90330c150af
38d7e2e3cc6487b8693c05718c9e3f5c69c8cbd1
335c9ff6bc0e02aa39aa3fea96e3eefa7977cb4fa841b7ae97093224253cb5f3
GET /cti/99/35/d4/9935d4c8e01b802a5ca2501050ec07df/1663166290.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://excretekings.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:46 GMT
content-type: image/png
content-length: 18018
server: nginx/1.17.6
last-modified: Wed, 14 Sep 2022 14:38:18 GMT
etag: "6321e75a-4662"
expires: Tue, 24 Jan 2023 18:47:46 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
squatdisloyal.com/watch.1293189002688?key=f109d89f9ef31284953e3f67eb6178fc&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
173.233.137.36200 OK 1.2 kB URL HTTP/1.1 squatdisloyal.com/watch.1293189002688?key=f109d89f9ef31284953e3f67eb6178fc&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (477)
Hash 79cf8c0a19e4b02c6a75381f2c1ab287
990e5f09d1efde212191babaf451600ccb748e9b
7186314df05d812fe12018c43bf039b595ba7f7fd400f6e8bb4e2d05ef9ee7d0
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1293189002688?key=f109d89f9ef31284953e3f67eb6178fc&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1 HTTP/1.1
Host: squatdisloyal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17110507; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzExMDUwNywiayI6ImYxMDlkODlmOWVmMzEyODQ5NTNlM2Y2N2ViNjE3OGZjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNSwicHQiOjQsInBrIjoibTl6M2N0dGtjeCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5qdXN0LXNob3J0LWl0Lm1sL3AvcmVkaXJlY3QuaHRtbD8_XHUwMDI2XHUwMDI2dXJsPV9odHRwczovL3d3dy5tZWRpYWZpcmUuY29tL2ZpbGUvYmJ1dHB3NzQ1MGtxbnFvL3N1cHJlbV9EcmFnb24uemlwL2ZpbGUifX0.cCo3BVrAXW1k8kTsrEaKI-5OJlMElJH8x5vJamNaGKM; expires=Sun, 22 Jan 2023 18:48:46 GMT; secure; SameSite=None
uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1; expires=Sun, 29 Jan 2023 18:47:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a5f8485acef01879a4e15e40ddaac3e8
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
dimreproofjumped.com/watch.1111400596781?key=c0615ef8a6764756b63d8c0c6b0d32b2&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
192.243.59.13200 OK 1.2 kB URL HTTP/1.1 dimreproofjumped.com/watch.1111400596781?key=c0615ef8a6764756b63d8c0c6b0d32b2&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (477)
Hash 1833fbc126d651a99efcbf16e0411015
b15cddaf608a05b53716707fc38ad37eecfb14be
31ee21129477e45ad9818cfc441b5372d5865361613d8058c478808083cdd3ab
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1111400596781?key=c0615ef8a6764756b63d8c0c6b0d32b2&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1 HTTP/1.1
Host: dimreproofjumped.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=17108679; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwODY3OSwiayI6ImMwNjE1ZWY4YTY3NjQ3NTZiNjNkOGMwYzZiMGQzMmIyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJ1aXI1cmdleGsiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuanVzdC1zaG9ydC1pdC5tbC9wL3JlZGlyZWN0Lmh0bWw_P1x1MDAyNlx1MDAyNnVybD1faHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2JidXRwdzc0NTBrcW5xby9zdXByZW1fRHJhZ29uLnppcC9maWxlIn19.nwT8-sc2F1dzTpZMUjsDyA5b82rAEpS8J_kZN2wFu50; expires=Sun, 22 Jan 2023 18:48:46 GMT; secure; SameSite=None
uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1; expires=Sun, 29 Jan 2023 18:47:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: a26ce04ae6cf0d36a537fcc3a9e22ddf
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
grubrebukevenus.com/watch.510621048022?shu=0dd872b0ca549dfb22224530c08df9a9fbf2595c565d2994333614ab3c1d08d4d21dc7de47e9c7d51a990efcab056c4cc0d20ae530ba4eee03bdc97f56f03b9ad705420b96d42305a37460fad5d56af493703023&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=dce840900198070189c2beb10d96832b&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&res=12.1055&kw=%5B%5D&tz=0&dev=e
192.243.59.12200 OK 1.8 kB URL HTTP/1.1 grubrebukevenus.com/watch.510621048022?shu=0dd872b0ca549dfb22224530c08df9a9fbf2595c565d2994333614ab3c1d08d4d21dc7de47e9c7d51a990efcab056c4cc0d20ae530ba4eee03bdc97f56f03b9ad705420b96d42305a37460fad5d56af493703023&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=dce840900198070189c2beb10d96832b&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&res=12.1055&kw=%5B%5D&tz=0&dev=e
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2476)
Hash ab2281f609450aeb66a04a449edd27bf
994e4dd84a3f04d555c6790a40dc20a9e482acda
ab72212af4439607ef35560a154a1d1b651b9eb0e3b855825d7564051a51eec4
GET /watch.510621048022?shu=0dd872b0ca549dfb22224530c08df9a9fbf2595c565d2994333614ab3c1d08d4d21dc7de47e9c7d51a990efcab056c4cc0d20ae530ba4eee03bdc97f56f03b9ad705420b96d42305a37460fad5d56af493703023&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=dce840900198070189c2beb10d96832b&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&res=12.1055&kw=%5B%5D&tz=0&dev=e HTTP/1.1
Host: grubrebukevenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grubrebukevenus.com/watch.510621048022?key=dce840900198070189c2beb10d96832b&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
Cookie: u_pl=17108688,17108679; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwODY3OSwiayI6ImMwNjE1ZWY4YTY3NjQ3NTZiNjNkOGMwYzZiMGQzMmIyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJ1aXI1cmdleGsiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuanVzdC1zaG9ydC1pdC5tbC9wL3JlZGlyZWN0Lmh0bWw_P1x1MDAyNlx1MDAyNnVybD1faHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2JidXRwdzc0NTBrcW5xby9zdXByZW1fRHJhZ29uLnppcC9maWxlIn19.nwT8-sc2F1dzTpZMUjsDyA5b82rAEpS8J_kZN2wFu50; uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
Access-Control-Allow-Origin: https://www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1; expires=Sun, 29 Jan 2023 18:47:46 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
uncs=1; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
pdhtkv32=true; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
uncs32=1; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e2ab9ec1bffaf4a889122afe15900f22
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
grubrebukevenus.com/watch.1609832916767?shu=2010676eb3982cff151cab22bf2695fcf618dd5058b3e19830e64411451ac294178931c67c404dd60c369a18f95b1d09d4edc0b9453fc1aa6c0b11db62533922426cd26fe827b689e152e35a1955d818e1265b66&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=28c9bfe21f06b815998b4f3da8e16406&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&res=12.1055&kw=%5B%5D&tz=0&dev=e
192.243.59.12200 OK 1.8 kB URL HTTP/1.1 grubrebukevenus.com/watch.1609832916767?shu=2010676eb3982cff151cab22bf2695fcf618dd5058b3e19830e64411451ac294178931c67c404dd60c369a18f95b1d09d4edc0b9453fc1aa6c0b11db62533922426cd26fe827b689e152e35a1955d818e1265b66&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=28c9bfe21f06b815998b4f3da8e16406&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&res=12.1055&kw=%5B%5D&tz=0&dev=e
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2464)
Hash 82d3d85c25761334b3d5ed530f5564ca
8617e12f9b31d00ecc773d72b5b75cab942b2f82
a7eda5f0a472754d3b73f78877f0574d38eac3b44faa44f39dde04298bad7218
GET /watch.1609832916767?shu=2010676eb3982cff151cab22bf2695fcf618dd5058b3e19830e64411451ac294178931c67c404dd60c369a18f95b1d09d4edc0b9453fc1aa6c0b11db62533922426cd26fe827b689e152e35a1955d818e1265b66&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=28c9bfe21f06b815998b4f3da8e16406&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&res=12.1055&kw=%5B%5D&tz=0&dev=e HTTP/1.1
Host: grubrebukevenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grubrebukevenus.com/watch.1609832916767?key=28c9bfe21f06b815998b4f3da8e16406&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
Cookie: u_pl=17108688,17108679; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwODY3OSwiayI6ImMwNjE1ZWY4YTY3NjQ3NTZiNjNkOGMwYzZiMGQzMmIyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJ1aXI1cmdleGsiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuanVzdC1zaG9ydC1pdC5tbC9wL3JlZGlyZWN0Lmh0bWw_P1x1MDAyNlx1MDAyNnVybD1faHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2JidXRwdzc0NTBrcW5xby9zdXByZW1fRHJhZ29uLnppcC9maWxlIn19.nwT8-sc2F1dzTpZMUjsDyA5b82rAEpS8J_kZN2wFu50; uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
Access-Control-Allow-Origin: https://www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=17108688,17108679,17110516; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1; expires=Sun, 29 Jan 2023 18:47:46 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
uncs=1; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
pdhtkv26=true; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
uncs26=1; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 9b00a81f0751ba31bcece41a554d5de7
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
grubrebukevenus.com/watch.651540235061?shu=159a6964d73ebccc0732cdbfa960d13959bf7446bb9720a3bc63f703d77518e18fe9ca2fa776d2507aa156b15e1b21bdc9eb3a5aedc5b823cdb7d974204dd5a2e33fc7c22c84b48f6d580c58b17ec6d43b26fd42&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=c0615ef8a6764756b63d8c0c6b0d32b2&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&kw=%5B%5D&tz=0&dev=e&res=12.1055
192.243.59.12200 OK 1.8 kB URL HTTP/1.1 grubrebukevenus.com/watch.651540235061?shu=159a6964d73ebccc0732cdbfa960d13959bf7446bb9720a3bc63f703d77518e18fe9ca2fa776d2507aa156b15e1b21bdc9eb3a5aedc5b823cdb7d974204dd5a2e33fc7c22c84b48f6d580c58b17ec6d43b26fd42&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=c0615ef8a6764756b63d8c0c6b0d32b2&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&kw=%5B%5D&tz=0&dev=e&res=12.1055
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2494)
Hash 524368290c91d137e2374b973d04b52b
c1295d814cad7033f9c36e11096ed380920ac910
05b5f9886ba285f98891600e91cfe09d351c7668c4a9994789271cdd5d06e713
GET /watch.651540235061?shu=159a6964d73ebccc0732cdbfa960d13959bf7446bb9720a3bc63f703d77518e18fe9ca2fa776d2507aa156b15e1b21bdc9eb3a5aedc5b823cdb7d974204dd5a2e33fc7c22c84b48f6d580c58b17ec6d43b26fd42&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=c0615ef8a6764756b63d8c0c6b0d32b2&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&kw=%5B%5D&tz=0&dev=e&res=12.1055 HTTP/1.1
Host: grubrebukevenus.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grubrebukevenus.com/watch.651540235061?key=c0615ef8a6764756b63d8c0c6b0d32b2&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
Cookie: u_pl=17108688,17108679; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwODY3OSwiayI6ImMwNjE1ZWY4YTY3NjQ3NTZiNjNkOGMwYzZiMGQzMmIyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJ1aXI1cmdleGsiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuanVzdC1zaG9ydC1pdC5tbC9wL3JlZGlyZWN0Lmh0bWw_P1x1MDAyNlx1MDAyNnVybD1faHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2JidXRwdzc0NTBrcW5xby9zdXByZW1fRHJhZ29uLnppcC9maWxlIn19.nwT8-sc2F1dzTpZMUjsDyA5b82rAEpS8J_kZN2wFu50; uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 22 Jan 2023 18:47:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
Access-Control-Allow-Origin: https://www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1; expires=Sun, 29 Jan 2023 18:47:46 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
uncs=1; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
pdhtkv5=true; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
uncs5=1; expires=Mon, 23 Jan 2023 18:47:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 65d803c0f60120818f9771c4a9d730cb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/bi/d1/28/a7/d128a71af5b268c0cf57d9f6af4dac68/1665058547.jpg
45.133.44.10200 OK 8.4 kB URL HTTP/2 cdn.cloudimagesb.com/bi/d1/28/a7/d128a71af5b268c0cf57d9f6af4dac68/1665058547.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 320x50, components 3\012- data
Hash 2351cfa0181352342ad4795dca335402
6f43eb3f6c82f98d6a44b6c3f1bbe71d1b4cefeb
4cd495dcb2ae9264f1d8161ca1d488d1e79af4f8ac7c0d52f937747b7c9778ae
GET /bi/d1/28/a7/d128a71af5b268c0cf57d9f6af4dac68/1665058547.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grubrebukevenus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:46 GMT
content-type: image/jpeg
content-length: 8412
server: nginx/1.17.6
last-modified: Thu, 06 Oct 2022 12:15:55 GMT
etag: "633ec6fb-20dc"
expires: Tue, 24 Jan 2023 18:47:46 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 583638cafd239eb68a9ab28f5e67bd5b
95a8d45d07b3d6844ceba5dafd42f79cf13d5c67
83dbdaeb13cae8340e5831e6d5d1aa21d9be387dae97119a4e0ae4dea9a57a83
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "83DBDAEB13CAE8340E5831E6D5D1AA21D9BE387DAE97119A4E0AE4DEA9A57A83"
Last-Modified: Fri, 20 Jan 2023 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11195
Expires: Sun, 22 Jan 2023 21:54:22 GMT
Date: Sun, 22 Jan 2023 18:47:47 GMT
Connection: keep-alive
cdn.cloudimagesb.com/bi/b2/c2/b5/b2c2b54558108e25ce2afb7b8a1c85e5/1659457790.gif
45.133.44.10200 OK 45 kB URL HTTP/2 cdn.cloudimagesb.com/bi/b2/c2/b5/b2c2b54558108e25ce2afb7b8a1c85e5/1659457790.gif
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type GIF image data, version 89a, 160 x 300\012- data
Hash 7ddf31c9c0165935dfb477ea83d5e1af
f1f601423b619169780b4d8c03a699237663a559
8a1efc683e08465e213b91e7b3130b9b780656861aec3f4452e2d7512cc9d866
GET /bi/b2/c2/b5/b2c2b54558108e25ce2afb7b8a1c85e5/1659457790.gif HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grubrebukevenus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:46 GMT
content-type: image/gif
content-length: 44889
server: nginx/1.17.6
last-modified: Tue, 02 Aug 2022 16:29:58 GMT
etag: "62e95106-af59"
expires: Tue, 24 Jan 2023 18:47:46 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/bi/84/19/f8/8419f83c398b050e8cbf4eb33676c4d8/1644703417.jpg
45.133.44.10200 OK 109 kB URL HTTP/2 cdn.cloudimagesb.com/bi/84/19/f8/8419f83c398b050e8cbf4eb33676c4d8/1644703417.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2022:02:08 14:56:47], progressive, precision 8, 300x250, components 3\012- data
Size 109 kB (109138 bytes)
Hash e6dd23760f5e1f19e9a073831340f71d
1a93f10265ff0c0e366365e103cea78d91b5fc8c
b7f30adbe1cd196f6846775f486a9fd13e67e1c05e5994d9e442a78c1130c6da
GET /bi/84/19/f8/8419f83c398b050e8cbf4eb33676c4d8/1644703417.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://grubrebukevenus.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:47 GMT
content-type: image/jpeg
content-length: 109138
server: nginx/1.17.6
last-modified: Sat, 12 Feb 2022 22:03:43 GMT
etag: "62082ebf-1aa52"
expires: Tue, 24 Jan 2023 18:47:47 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
squatdisloyal.com/watch.1293189002688?shu=fbb7b3868d646bf9d23d6a5a6ea06a94a0af8dfe17ecd94f716b992269bb52d981b74553f280c5294302e14929685b076ef3df2d04dba14777375807d5a8f87c8d322127c2692f506c7c96533ce69c4811af8503e153f11086e38c0b2f2d036e&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=f109d89f9ef31284953e3f67eb6178fc&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&kw=%5B%5D
173.233.137.36200 OK 1.7 kB URL HTTP/1.1 squatdisloyal.com/watch.1293189002688?shu=fbb7b3868d646bf9d23d6a5a6ea06a94a0af8dfe17ecd94f716b992269bb52d981b74553f280c5294302e14929685b076ef3df2d04dba14777375807d5a8f87c8d322127c2692f506c7c96533ce69c4811af8503e153f11086e38c0b2f2d036e&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=f109d89f9ef31284953e3f67eb6178fc&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&kw=%5B%5D
IP 173.233.137.36:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2419)
Hash 1e185a346924f7055648c71450d684fa
ae49c3b50917b7cbb26d1f081a1b2b6120cb23b5
63545b25879ca535869edd7c4580807bd0383c94f1db7d0215309125ad3779e8
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1293189002688?shu=fbb7b3868d646bf9d23d6a5a6ea06a94a0af8dfe17ecd94f716b992269bb52d981b74553f280c5294302e14929685b076ef3df2d04dba14777375807d5a8f87c8d322127c2692f506c7c96533ce69c4811af8503e153f11086e38c0b2f2d036e&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=f109d89f9ef31284953e3f67eb6178fc&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&kw=%5B%5D HTTP/1.1
Host: squatdisloyal.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://squatdisloyal.com/watch.1293189002688?key=f109d89f9ef31284953e3f67eb6178fc&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
Cookie: u_pl=17110507; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzExMDUwNywiayI6ImYxMDlkODlmOWVmMzEyODQ5NTNlM2Y2N2ViNjE3OGZjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjoyNSwicHQiOjQsInBrIjoibTl6M2N0dGtjeCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL3d3dy5qdXN0LXNob3J0LWl0Lm1sL3AvcmVkaXJlY3QuaHRtbD8_XHUwMDI2XHUwMDI2dXJsPV9odHRwczovL3d3dy5tZWRpYWZpcmUuY29tL2ZpbGUvYmJ1dHB3NzQ1MGtxbnFvL3N1cHJlbV9EcmFnb24uemlwL2ZpbGUifX0.cCo3BVrAXW1k8kTsrEaKI-5OJlMElJH8x5vJamNaGKM; uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Sun, 22 Jan 2023 18:47:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
Access-Control-Allow-Origin: https://www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1; expires=Sun, 29 Jan 2023 18:47:46 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 23 Jan 2023 18:47:47 GMT; secure; SameSite=None
uncs=1; expires=Mon, 23 Jan 2023 18:47:47 GMT; secure; SameSite=None
pdhtkv25=true; expires=Mon, 23 Jan 2023 18:47:47 GMT; secure; SameSite=None
uncs25=1; expires=Mon, 23 Jan 2023 18:47:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 06d3698d0019cc18e73c7d3cadc4cbf4
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
dimreproofjumped.com/watch.1111400596781?shu=6c944ffae8ba8441f951d71506f3859db2314b57260a9ef6abcbd62afbeb2b6115bf0152c27db0881fe096d83ca23d0412e80c992a18dba6a7f985d211756e58e4481bc279712620806e51db0b41121c4cb36be8&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=c0615ef8a6764756b63d8c0c6b0d32b2&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&kw=%5B%5D&tz=0&dev=e&res=12.1055
192.243.59.13200 OK 1.8 kB URL HTTP/1.1 dimreproofjumped.com/watch.1111400596781?shu=6c944ffae8ba8441f951d71506f3859db2314b57260a9ef6abcbd62afbeb2b6115bf0152c27db0881fe096d83ca23d0412e80c992a18dba6a7f985d211756e58e4481bc279712620806e51db0b41121c4cb36be8&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=c0615ef8a6764756b63d8c0c6b0d32b2&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&kw=%5B%5D&tz=0&dev=e&res=12.1055
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (2520)
Hash 1783d1a2c1178aebb745ef67dee9b357
9db1a50454c9d06909c9fc3d5be2d8390ee31b6d
dab571d8bb39bfae9d6af966f7a5891e75d4010440a4235228c50bd07c85db85
Analyzer Verdict Alert quad9 Sinkholed
GET /watch.1111400596781?shu=6c944ffae8ba8441f951d71506f3859db2314b57260a9ef6abcbd62afbeb2b6115bf0152c27db0881fe096d83ca23d0412e80c992a18dba6a7f985d211756e58e4481bc279712620806e51db0b41121c4cb36be8&pst=1674413326&rmtc=t&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1&pii=&in=false&key=c0615ef8a6764756b63d8c0c6b0d32b2&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&kw=%5B%5D&tz=0&dev=e&res=12.1055 HTTP/1.1
Host: dimreproofjumped.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dimreproofjumped.com/watch.1111400596781?key=c0615ef8a6764756b63d8c0c6b0d32b2&kw=%5B%5D&refer=https%3A%2F%2Fwww.just-short-it.ml%2Fp%2Fredirect.html%3F%3F%26%26url%3D_https%3A%2F%2Fwww.mediafire.com%2Ffile%2Fbbutpw7450kqnqo%2Fsuprem_Dragon.zip%2Ffile&tz=0&dev=e&res=12.1055&uuid=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b%3A1%3A1
Cookie: u_pl=17108679; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNzEwODY3OSwiayI6ImMwNjE1ZWY4YTY3NjQ3NTZiNjNkOGMwYzZiMGQzMmIyIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjoxODE4MjkxLCJwaWQiOjMyODQzMCwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjoyMSwiYWlkIjo1LCJwdCI6NCwicGsiOiJ1aXI1cmdleGsiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6OTA3NTM0NTcsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMjA2MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTA1LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuanVzdC1zaG9ydC1pdC5tbC9wL3JlZGlyZWN0Lmh0bWw_P1x1MDAyNlx1MDAyNnVybD1faHR0cHM6Ly93d3cubWVkaWFmaXJlLmNvbS9maWxlL2JidXRwdzc0NTBrcW5xby9zdXByZW1fRHJhZ29uLnppcC9maWxlIn19.nwT8-sc2F1dzTpZMUjsDyA5b82rAEpS8J_kZN2wFu50; uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 22 Jan 2023 18:47:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
Access-Control-Allow-Origin: https://www.just-short-it.ml/p/redirect.html??&&url=_https://www.mediafire.com/file/bbutpw7450kqnqo/suprem_Dragon.zip/file
Access-Control-Allow-Credentials: true
Set-Cookie: uid_id2=ac7da1ca-dea8-47a6-a184-b7ea3ccbcf0b:1:1; expires=Sun, 29 Jan 2023 18:47:46 GMT; secure; SameSite=None
pdhtkv=true; expires=Mon, 23 Jan 2023 18:47:47 GMT; secure; SameSite=None
uncs=1; expires=Mon, 23 Jan 2023 18:47:47 GMT; secure; SameSite=None
pdhtkv5=true; expires=Mon, 23 Jan 2023 18:47:47 GMT; secure; SameSite=None
uncs5=1; expires=Mon, 23 Jan 2023 18:47:47 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 0e9a7f26416d252508c8c33e3aed71cd
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
cdn.cloudimagesb.com/cti/9a/6f/92/9a6f9261ec41c3a451590efde3e13c3f/1627915766.png
45.133.44.10200 OK 72 kB URL HTTP/2 cdn.cloudimagesb.com/cti/9a/6f/92/9a6f9261ec41c3a451590efde3e13c3f/1627915766.png
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type PNG image data, 160 x 600, 8-bit/color RGB, non-interlaced\012- data
Hash 93b0c2cf87f6d5f10a1d1d5eab310238
80f7b4b36eb50e502b139bbabcb73e6716d01c61
e21eebd241c6388a1c1851d27f4a9aaae903b657e6a7874fb07d5a8aff5cda5d
GET /cti/9a/6f/92/9a6f9261ec41c3a451590efde3e13c3f/1627915766.png HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://squatdisloyal.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:47 GMT
content-type: image/png
content-length: 72281
server: nginx/1.17.6
last-modified: Mon, 02 Aug 2021 14:49:34 GMT
etag: "610805fe-11a59"
expires: Tue, 24 Jan 2023 18:47:47 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
cdn.cloudimagesb.com/bi/65/6d/7c/656d7cbe6cf9f9422f64de0947593264/1631633409.jpg
45.133.44.10200 OK 122 kB URL HTTP/2 cdn.cloudimagesb.com/bi/65/6d/7c/656d7cbe6cf9f9422f64de0947593264/1631633409.jpg
IP 45.133.44.10:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC 2019 (Windows), datetime=2021:07:26 15:07:46], progressive, precision 8, 300x250, components 3\012- data
Size 122 kB (121969 bytes)
Hash e5cd4df8a39bd3ad0238e83c98d6282a
db2f72227e183710fdbcd24865830373c24a82c3
a7d0dd1af746a0ae468ac96213c6ba8e61a6cbc132b6b24cf9ad12454e3a544c
GET /bi/65/6d/7c/656d7cbe6cf9f9422f64de0947593264/1631633409.jpg HTTP/1.1
Host: cdn.cloudimagesb.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dimreproofjumped.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:47 GMT
content-type: image/jpeg
content-length: 121969
server: nginx/1.17.6
last-modified: Tue, 14 Sep 2021 15:30:27 GMT
etag: "6140c013-1dc71"
expires: Tue, 24 Jan 2023 18:47:47 GMT
cache-control: max-age=172800
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17110507
192.243.59.13200 OK 1.3 kB URL HTTP/1.1 jennyvisits.com/dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17110507
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text
Hash 107f68512f5d6b90ac3add3d04e26380
eb0325cafbad9305002238fee2112a04d5974fe8
0e72c680de2e436ec27b360730d661e0010223f80a08031e8435cd2f65cc138d
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?key=863705bcbb4b6a554ddb359665395a6f&psid=17110507 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.just-short-it.ml/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Sun, 22 Jan 2023 18:47:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: u_pl=16122660; expires=Mon, 23 Jan 2023 18:47:47 GMT
ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTcxMTA1MDciLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuanVzdC1zaG9ydC1pdC5tbC8ifX0.PSQaHkDw9Ik_18aCs4f7EGsVLLYpmeLc6FYvGmnDp0w; expires=Sun, 22 Jan 2023 18:48:47 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: aee7fff8270a34c4e5632f6d00f04d32
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
jennyvisits.com/dyfc1k09?shu=e2f83e261dfb2e1cfadfe701ac13be4c00055efdba72930079ec5fc0cb2b6e394da409a27c3ebf389b84b6dbebbb93d1947db1123ec53ba5ec4c31f43a17024feb93f31658226625ca70dadb9780eab091d4bffd&pst=1674413327&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=https%3A%2F%2Fwww.just-short-it.ml%2F&psid=17110507
192.243.59.13302 Found 0 B URL HTTP/1.1 jennyvisits.com/dyfc1k09?shu=e2f83e261dfb2e1cfadfe701ac13be4c00055efdba72930079ec5fc0cb2b6e394da409a27c3ebf389b84b6dbebbb93d1947db1123ec53ba5ec4c31f43a17024feb93f31658226625ca70dadb9780eab091d4bffd&pst=1674413327&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=https%3A%2F%2Fwww.just-short-it.ml%2F&psid=17110507
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /dyfc1k09?shu=e2f83e261dfb2e1cfadfe701ac13be4c00055efdba72930079ec5fc0cb2b6e394da409a27c3ebf389b84b6dbebbb93d1947db1123ec53ba5ec4c31f43a17024feb93f31658226625ca70dadb9780eab091d4bffd&pst=1674413327&rmtc=t&uuid=&pii=&in=false&key=863705bcbb4b6a554ddb359665395a6f&refer=https%3A%2F%2Fwww.just-short-it.ml%2F&psid=17110507 HTTP/1.1
Host: jennyvisits.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://jennyvisits.com/dyfc1k09?key=0f22c1fd609f13cb7947c8cabfe1a90d&submetric=16122660
Cookie: u_pl=16122660; ain=eyJhbGciOiJIUzI1NiJ9.eyJwIjp7ImlkIjoxNjEyMjY2MCwiayI6Ijg2MzcwNWJjYmI0YjZhNTU0ZGRiMzU5NjY1Mzk1YTZmIiwic2lkIjoiMTcxMTA1MDciLCJpc2lkIjoyLCJhc2lkIjoxLCJ6aWQiOjE0NjQxNSwicGlkIjo5NzI5OSwiYW4iOnRydWUsImxhbiI6dHJ1ZSwiY2lkIjozLCJhaWQiOjI4LCJwdCI6NCwicGsiOiJkeWZjMWswOSIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjo5MDc1MzQ1NywiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEyMDYyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMDUuMCIsInd2IjpmYWxzZSwiZSI6ZmFsc2UsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly93d3cuanVzdC1zaG9ydC1pdC5tbC8ifX0.PSQaHkDw9Ik_18aCs4f7EGsVLLYpmeLc6FYvGmnDp0w; cjs=t
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
HTTP/1.1 302 Found
Server: nginx/1.17.6
Date: Sun, 22 Jan 2023 18:47:47 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Location: http://xml-v4.trafficmoose.com/click?seat=2281921&i=hJGFvorBs0M_0
Set-Cookie: pdhtkv=true; expires=Mon, 23 Jan 2023 18:47:47 GMT
uncs=1; expires=Mon, 23 Jan 2023 18:47:47 GMT
pdhtkv28=true; expires=Mon, 23 Jan 2023 18:47:47 GMT
uncs28=1; expires=Mon, 23 Jan 2023 18:47:47 GMT
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: b7309917f1962f5cd63bb025716a7b95
Strict-Transport-Security: max-age=0; includeSubdomains
xml-v4.trafficmoose.com/click?seat=2281921&i=hJGFvorBs0M_0
198.134.116.17302 Found 0 B URL HTTP/1.1 xml-v4.trafficmoose.com/click?seat=2281921&i=hJGFvorBs0M_0
IP 198.134.116.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /click?seat=2281921&i=hJGFvorBs0M_0 HTTP/1.1
Host: xml-v4.trafficmoose.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 302 Found
Cache-Control: no-store
Content-Length: 0
Age: 0
Connection: keep-alive
Location: https://adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=dL_114896.16122660
Pragma: no-cache
adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=dL_114896.16122660
23.36.79.11307 Temporary Redirect 0 B URL HTTP/2 adserving.unibet.com/redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=dL_114896.16122660
IP 23.36.79.11:0
ASN #20940 Akamai International B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect.aspx?bid=37950&pid=29326169&sref=TRM&TRM=dL_114896.16122660 HTTP/1.1
Host: adserving.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
content-type: text/html
content-length: 0
location: https://www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_15B95626E93C4317901884A913AE24D1&sref=TRM&TRM=dL_114896.16122660&affiliateId=1&pid=74028648&bid=37950
p3p: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies"
x-aspnet-version: 4.0.30319
request-context: appId=cid-v1:83ffbda4-9458-475e-90ec-4427cfb5c3b0
access-control-expose-headers: Request-Context
expires: Sun, 22 Jan 2023 18:47:48 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Sun, 22 Jan 2023 18:47:48 GMT
set-cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; SameSite=None;; domain=.unibet.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/; secure
NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; domain=.unibet.com; expires=Tue, 22-Jan-3022 18:47:48 GMT; path=/; secure; SameSite=Strict
server-timing: cdn-cache; desc=MISS, edge; dur=177, origin; dur=122
X-Firefox-Spdy: h2
www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_15B95626E93C4317901884A913AE24D1&sref=TRM&TRM=dL_114896.16122660&affiliateId=1&pid=74028648&bid=37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_15B95626E93C4317901884A913AE24D1&sref=TRM&TRM=dL_114896.16122660&affiliateId=1&pid=74028648&bid=37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/campaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_15B95626E93C4317901884A913AE24D1&sref=TRM&TRM=dL_114896.16122660&affiliateId=1&pid=74028648&bid=37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Sun, 22 Jan 2023 18:47:48 GMT
content-length: 0
location: https://www.unibet.nu:443/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_15B95626E93C4317901884A913AE24D1&sref=TRM&TRM=dL_114896.16122660&affiliateId=1&pid=74028648&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A74028648-37950
set-cookie: JSESSIONID=node0kqgxj1ivhscwc6d3b7609fqv2257251.node0; Path=/stan; Secure; HttpOnly; SameSite=Strict
__ucbt=node0kqgxj1ivhscwc6d3b7609fqv2; Path=/; Domain=.unibet.nu; Expires=Tue, 21-Jan-2025 18:47:48 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr=ST.0.T; Path=/; Domain=.unibet.nu; Expires=Tue, 21-Jan-2025 18:47:48 GMT; Max-Age=63072000; Secure; SameSite=None
uniattr_ref=; Path=/; Domain=.unibet.nu; Expires=Tue, 21-Jan-2025 18:47:48 GMT; Max-Age=63072000; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
netwid=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
CLAIM_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
affiliateId=1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
B-TAG=320665405_15B95626E93C4317901884A913AE24D1; Path=/; Domain=.unibet.nu; Secure; SameSite=None
REGISTRATION_CODE=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BID=37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
PID=74028648; Path=/; Domain=.unibet.nu; Secure; SameSite=None
CHID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
REFERER=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_INTERNAL_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
UNIBET_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_ACCEPTED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AMS_INVITE_CHAT_DECLINED=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
BOCAID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
PRODUCT_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320665405_15B95626E93C4317901884A913AE24D1%26sref%3DTRM%26TRM%3DdL_114896.16122660%26affiliateId%3D1%26pid%3D74028648%26bid%3D37950; Path=/; Domain=.unibet.nu; Secure; SameSite=None
AFFILIATE_CAMPAIGN_ID=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
campaignId=; Path=/; Domain=.unibet.nu; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Max-Age=0; Secure; SameSite=None
clientId=polopoly_desktop; Domain=www.unibet.nu; Path=/; SameSite=None; Secure
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Thu, 01 Jan 1970 00:00:00 GMT, Sun, 22 Jan 2023 18:47:48 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_15B95626E93C4317901884A913AE24D1&sref=TRM&TRM=dL_114896.16122660&affiliateId=1&pid=74028648&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A74028648-37950
85.184.96.0301 Moved Permanently 0 B URL HTTP/2 www.unibet.nu/stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_15B95626E93C4317901884A913AE24D1&sref=TRM&TRM=dL_114896.16122660&affiliateId=1&pid=74028648&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A74028648-37950
IP 85.184.96.0:0
ASN #47171 Unibet Services Limited
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /stan/redirecttocampaign.do?cmpId=2799402&affiliateId=1&unibetTarget=/nu/pop/sportsbook/multisports/index.html&targetDomain=https://welcome.unibet.com&btag=320665405_15B95626E93C4317901884A913AE24D1&sref=TRM&TRM=dL_114896.16122660&affiliateId=1&pid=74028648&bid=37950&landingPageUrl=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A74028648-37950 HTTP/1.1
Host: www.unibet.nu
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: __ucbt=node0kqgxj1ivhscwc6d3b7609fqv2; uniattr=ST.0.T; uniattr_ref=; affiliateId=1; B-TAG=320665405_15B95626E93C4317901884A913AE24D1; BID=37950; PID=74028648; AFFILIATE_REQUEST_URL=https%3A%2F%2Fwww.unibet.nu%2Fstan%2Fcampaign.do%3FcmpId%3D2799402%26affiliateId%3D1%26unibetTarget%3D%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%26targetDomain%3Dhttps%3A%2F%2Fwelcome.unibet.com%26btag%3D320665405_15B95626E93C4317901884A913AE24D1%26sref%3DTRM%26TRM%3DdL_114896.16122660%26affiliateId%3D1%26pid%3D74028648%26bid%3D37950; clientId=polopoly_desktop
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 301 Moved Permanently
date: Sun, 22 Jan 2023 18:47:48 GMT
content-length: 0
location: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
cache-control: max-age=0, no-cache, no-store, must-revalidate, proxy-revalidate
expires: Sun, 22 Jan 2023 18:47:48 GMT
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
x-ooops-debug: /500-pages/www.unibet.nu/index.html
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1dd975299ae867c7c0bb08f61cdc8b95
6ae8a2f0f26f200041947d1532bd3aab24c1ef86
40fad19eeb9c64c13c6253f97c7d3fa99c7491ba9e9c0054321ad40a8d8c85fc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "40FAD19EEB9C64C13C6253F97C7D3FA99C7491BA9E9C0054321AD40A8D8C85FC"
Last-Modified: Sat, 21 Jan 2023 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1240
Expires: Sun, 22 Jan 2023 19:08:28 GMT
Date: Sun, 22 Jan 2023 18:47:48 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 032ea16a79a95a9f16a60674c5f3ad5c
daea213df10fabce0cd857bcd4f3e64dd1293fad
4637cdfefc8df89f6f6cc042daa30247921cbd001bd16484b18c384f1e7b9781
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
216.58.211.10200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js
IP 216.58.211.10:0
File type ASCII text, with very long lines (65451)
Hash 0f83cadc148d2ad7e53c91f6c4ee05bb
90035c5fffedf4b0f099465f6b929a030b46c92b
3f59aa77bbbed7760a9968af27d3c19ffddda021c948edf0bf0c0f828dd308ae
GET /ajax/libs/jquery/3.3.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 30399
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 21 Jan 2023 10:27:15 GMT
expires: Sun, 21 Jan 2024 10:27:15 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 116433
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
104.18.24.188200 OK 5.2 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
IP 104.18.24.188:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (2468)
Hash 9cbea59d9ccbf845d15b695d407060b3
9fc2a554c898b9cbfc0fed4bda71044a8c96f1d3
49b2c10b789760e0bfb68806d92adfc9fafa021c3dc2ae9ccfe8ca4c61c3072b
GET /nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: text/html; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: 3j1KK5ReHy/6ckOVwt+Uag==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
x-ms-request-id: bb115e77-901e-003c-3692-2e3bc5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: MISS
vary: Accept-Encoding
set-cookie: btag=320665405_15B95626E93C4317901884A913AE24D1;max-age=2592000; domain=.unibet.com;path=/;secure;samesite=none;httponly
server: cloudflare
cf-ray: 78da75d0892b0b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.24.188404 Not Found 450 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.24.188:0
File type XML 1.0 document text\012- XML document, Unicode text, UTF-8 (with BOM) text
Hash 41434a8dd91157f4741b0c5ad8b72c72
d5bfde7e573a30a3cd464f9306618fe6abf2c62b
e0eeab0b4eef4be536964635a8d019107588a3be7449e99e7baf6ced9952e5db
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: application/xml
x-ms-request-id: e89104e2-d01e-004f-1e91-2e6356000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 29
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d2abb30b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 472 B IP 216.58.211.3:0
Hash 032ea16a79a95a9f16a60674c5f3ad5c
daea213df10fabce0cd857bcd4f3e64dd1293fad
4637cdfefc8df89f6f6cc042daa30247921cbd001bd16484b18c384f1e7b9781
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:48 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
104.18.24.188200 OK 10 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/com-payments.svg
IP 104.18.24.188:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash ca5f0affddce9c4cdfae375f6239adac
149f26637e8b02f025a9d183e688b9f9e945c3ac
73508e407ec5d8dc55b3997394c90d0190ad17c373d77c21e5ca8efba76299d6
GET /nu/pop/sportsbook/multisports/com-payments.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: vwb7ospRft2xzGDtJvR3WA==
last-modified: Mon, 21 Nov 2022 12:34:13 GMT
etag: W/"0x8DACBBCB22FE05F"
x-ms-request-id: bf5a1d34-901e-003c-5a03-033bc5000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555320
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d2abb40b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash 45fbffd137fc15f1dc4ebc05c3193fce
f043f1dfb8e49d8bcf4434b97c2171e47387b528
b7e49038a3a1b2dc8bd528e327dfbb551361982723d311ecbe8eb9f2b5cc6ec2
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 1530
Cache-Control: max-age=150274
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:49 GMT
Etag: "63cd26dd-117"
Expires: Tue, 24 Jan 2023 12:32:23 GMT
Last-Modified: Sun, 22 Jan 2023 12:06:53 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 279
welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
104.18.24.188200 OK 98 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-background-black.jpg
IP 104.18.24.188:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1800x936, components 3\012- data
Hash 8e6d9af5ef1badfe9295b8fc96793c28
e37cdf4093dc0a47246be7360e7945f91991f073
de89de8196b23a00db8e35bca40fdb4253d970492a31396d5861c2e99d691407
GET /nu/pop/sportsbook/multisports/1-background-black.jpg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:49 GMT
content-type: image/jpeg
content-length: 98453
access-control-allow-origin: *
cache-control: public, max-age=900, immutable
cf-bgj: h2pri
content-md5: jm2a9e8brf6Slbj8lnk8KA==
etag: "0x8DACBBCB1BBD29B"
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 0b1c71c4-b01e-0049-7003-0350e9000000
x-ms-version: 2014-02-14
cf-cache-status: HIT
age: 555281
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d38ca40b61-OSL
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
104.18.24.188200 OK 11 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2
IP 104.18.24.188:0
File type Web Open Font Format (Version 2), TrueType, length 10924, version 1.0\012- data
Hash 0ea5bcff84ae44840b6e9c9d12c8b963
6c827e1adb18775d2fdfbbbfef63cc9b66243ed2
b4e210ac58fe8fb176e24c58ffdbd0e7b40dded1314769dbcebdc413998b882b
GET /nu/pop/sportsbook/multisports/Unibet_Pro_2020.woff2 HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:49 GMT
content-type: font/woff2
content-length: 10924
cache-control: public, max-age=900, immutable
content-md5: DqW8/4SuRIQLbpydEsi5Yw==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: "0x8DACBBCB4A3B989"
x-ms-request-id: b6f7cb18-201e-0029-1a03-032c76000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555311
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d39caa0b61-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash c0f67edfa92ff11474d17ad3160ed43e
a43cc627d3c9258bdbe14ff3ceeed1c98496ff50
309dea4b94ceda4ec43c2f944cdfad61434c96eaafd172bc55c39545f3bf5a1e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
104.18.24.188200 OK 1.2 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-sports.svg
IP 104.18.24.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (1481), with no line terminators
Hash 8ec02a69d2490aa246686a44f5c3c3aa
3f485adca9a958f22639286a834f6a12770ace93
2edb9734df4d63deaa4ec456a7819184805e70f4ce7f7bae6a4b272263ba1eed
GET /nu/pop/sportsbook/multisports/icon-sports.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Kch+tYuo05USS5JaESq1rA==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3E60357"
x-ms-request-id: 16b99321-701e-000b-6a03-03e969000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555321
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d29ba50b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 25d59e4444b16818a49fec7128c90dcd
ea263f33790881a01e317fa03d935f7109523e41
22e26ea1917d1a0fed0b2af636f1baecb59768b0f85c9ab6b1c37d45e84dfa2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
216.58.207.227200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
IP 216.58.207.227:0
File type Web Open Font Format (Version 2), TrueType, length 15920, version 1.0\012- data
Hash 3a44e06eb954b96aa043227f3534189d
23cef6993ddb2b2979e8e7647fc3763694e2ba7d
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
GET /s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15920
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 18 Jan 2023 07:51:59 GMT
expires: Thu, 18 Jan 2024 07:51:59 GMT
cache-control: public, max-age=31536000
age: 384950
last-modified: Wed, 11 May 2022 19:24:45 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash 25d59e4444b16818a49fec7128c90dcd
ea263f33790881a01e317fa03d935f7109523e41
22e26ea1917d1a0fed0b2af636f1baecb59768b0f85c9ab6b1c37d45e84dfa2d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
104.18.24.188404 Not Found 16 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/gambling-commission.png
IP 104.18.24.188:0
File type XML 1.0 document text\012- XML document, Unicode text, UTF-8 (with BOM) text
Hash df16b8e7c1bc63fa7df377affa02df1b
cf1887ef9a10a7cbf4168acc35be0e4990254499
555a857dc53e34d6237d882ddedd78ac4b80e597b98b64612771432242319691
GET /nu/pop/sportsbook/multisports/gambling-commission.png HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
date: Sun, 22 Jan 2023 18:47:49 GMT
content-type: application/xml
x-ms-request-id: e89104e2-d01e-004f-1e91-2e6356000000
x-ms-version: 2014-02-14
access-control-allow-origin: *
cf-cache-status: HIT
age: 30
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d38c970b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
172.64.132.15200 OK 74 kB URL HTTP/2 use.fontawesome.com/releases/v5.7.1/webfonts/fa-solid-900.woff2
IP 172.64.132.15:0
File type Web Open Font Format (Version 2), TrueType, length 74320, version 329.30998\012- data
Hash 3638e62ea50e6f5859b6a15276c25c87
f5aa1a463e223a294a42b314e1c63a614d594ec0
9e6bd5b2d75bba485d2337d020750744983a3521ec697adfe21b29ee4f14f6a9
GET /releases/v5.7.1/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:49 GMT
content-type: font/woff2
content-length: 74320
x-amz-id-2: 4ZsRjMmDPjRMooDgmchiwENcteCKgPXvccY2NlrGASEiKfJ5RYrzpfCSdJ8K6Y1YDdi5bDsfnGk=
x-amz-request-id: QEVRCHNESH8P615C
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:57 GMT
etag: "3638e62ea50e6f5859b6a15276c25c87"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1517143
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LLxO3tY5K6rIzQRxgK11ZKce1mlF%2B4xTKYS4Mv00DJlcYc9HdPeH8AQERg20Q7DtSA7BFlRMN1ySHnw4Pf3n1bcEz2hnwqYGm1oDGKk1uWhCPA5WjLnoyWM0j5cGqcjoP88RQfeG"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78da75d3bf6b24da-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
142.250.74.40200 OK 81 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PF2RVHC
IP 142.250.74.40:0
File type ASCII text, with very long lines (62112)
Hash 76e1eb926096121345f4d94deb1c25fe
26fc8f250f1ee4faf36fb7f03cc0e831c8ac5deb
7f910222405547373fdcf211802329d97a89e6e0e8ad113513d43bc7262ee1dc
GET /gtm.js?id=GTM-PF2RVHC HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Sun, 22 Jan 2023 18:47:49 GMT
expires: Sun, 22 Jan 2023 18:47:49 GMT
cache-control: private, max-age=900
last-modified: Sun, 22 Jan 2023 18:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 81176
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 280 B IP 93.184.220.29:0
Hash 3d6f31cd4579a8341446a003f1b7f9d0
fd4da2d768f2c5b2a95d2c66200c420a5e97eaa1
63f86c16b609d6c6219233b288e7c0bac34dc0348ec6830153cc1fbdd5b6df7d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4553
Cache-Control: max-age=146073
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:49 GMT
Etag: "63cd0aa5-118"
Expires: Tue, 24 Jan 2023 11:22:22 GMT
Last-Modified: Sun, 22 Jan 2023 10:06:29 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 280
welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
104.18.24.188200 OK 706 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/favicon.ico
IP 104.18.24.188:0
File type PNG image data, 33 x 33, 8-bit/color RGBA, non-interlaced\012- data
Hash 2ced3fa6cacb27a6d95634c03f8dc765
ac7433f601a93c7840f2a92be44a2bb848372850
663a86504e412522a02399bf38f544161f2795d3982c2abb1699a7c2946cf961
GET /nu/pop/sportsbook/multisports/favicon.ico HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:49 GMT
content-type: image/x-icon
cache-control: public, max-age=900, immutable
content-md5: rS2fRBxmkqgGx7Qnuz5TbQ==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB155306D"
x-ms-request-id: ef96856b-501e-0041-3303-034ae6000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555281
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d45d940b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
216.58.211.3200 OK 471 B IP 216.58.211.3:0
Hash b6a7b076a30a5406b12344e01ba2d7ea
17e8497f4041b0c7e6fe4a13cfc5fe634c622fc5
5c82bf44b7ea0d2399d52df26b0ebc574cea4c4ff5d34423d07a1fc20e2e3587
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:49 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
secure.adnxs.com/seg?add=9755599
37.252.171.149307 Redirection 0 B URL HTTP/1.1 secure.adnxs.com/seg?add=9755599
IP 37.252.171.149:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /seg?add=9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 307 Redirection
Server: nginx/1.21.3
Date: Sun, 22 Jan 2023 18:47:49 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
Location: https://secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
AN-X-Request-Uuid: f0bfcb8e-6e72-4ec4-9f24-a66ab87dc43d
Set-Cookie: uuid2=5014747636984243291; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 22-Apr-2023 18:47:49 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
welcome.unibet.com/widget/betslip/betslip.js
104.18.24.188200 OK 6.4 kB URL HTTP/2 welcome.unibet.com/widget/betslip/betslip.js
IP 104.18.24.188:0
File type ASCII text, with very long lines (693)
Hash 83052f994d75aa50927426af99c48911
ed9e27c1c1b4b25df6c69991a0adfdd4a0667fcb
cd5836f1e16b4c7daa60ae202fd2777f9d87acb07870c8134539e30164ac20b5
GET /widget/betslip/betslip.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:49 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: V3DcYDl/+4NNEoCqe8670A==
last-modified: Tue, 15 Jan 2019 09:54:22 GMT
etag: W/"0x8D67ACF6D112CB5"
x-ms-request-id: 556a432d-701e-0079-3f03-03ee26000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555320
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d36c730b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
104.18.24.188200 OK 1.5 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/unibet-logo.svg
IP 104.18.24.188:0
File type SVG Scalable Vector Graphics image\012- HTML document text\012- HTML document, ASCII text, with very long lines (3207), with no line terminators
Hash 9bb63c59564b77cdc70984107fcf8659
9494118eec8c4f8d7a4ff7563ac7e3e32bd8faf5
5e4335ad53c9470d26991dce9c49d68b1f6d7b4af3455f065fd6e835780358e3
GET /nu/pop/sportsbook/multisports/unibet-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: cw5jdwcrd9gLyjDZb7Y7Jw==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB2079DB0"
x-ms-request-id: 24a2aae3-d01e-004f-0203-036356000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555319
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d29b940b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
37.252.171.149200 OK 43 B URL HTTP/1.1 secure.adnxs.com/bounce?%2Fseg%3Fadd%3D9755599
IP 37.252.171.149:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 592ebefc7104d681d57852665e9ad514
15cdf8df32aa251dd6dd590a60bf9cf74474e7c5
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
GET /bounce?%2Fseg%3Fadd%3D9755599 HTTP/1.1
Host: secure.adnxs.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.21.3
Date: Sun, 22 Jan 2023 18:47:49 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Accept-CH: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
AN-X-Request-Uuid: ef9946c8-1943-4bcf-93e8-8732e7769daf
Set-Cookie: anj=dTM7k!M4/8CxrEQF']wIg2GU#sxdi+!]tbP6j2F-XstGt!@DT+$f/2k; SameSite=None; Path=/; Max-Age=7776000; Expires=Sat, 22-Apr-2023 18:47:49 GMT; Domain=.adnxs.com; Secure; HttpOnly
X-Proxy-Origin: 91.90.42.154; 91.90.42.154; 984.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1674413268025
54.217.237.24200 OK 502 B URL HTTP/1.1 dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1674413268025
IP 54.217.237.24:0
File type JSON data\012- , ASCII text, with very long lines (791), with no line terminators
Hash 2b2a0aac441051049a07394037a1f21e
653583733dbab761eb9248be85e6cea2c211983d
4873f33a6b5d6aa5c78719f0c17e51f3495bc0e2ef1a71fce991f65ab3c0870a
GET /id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=F431E3BC5593E3887F000101%40AdobeOrg&d_nsid=0&ts=1674413268025 HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://welcome.unibet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: application/json;charset=utf-8
DCS: dcs-prod-irl1-1-v045-0449b668e.edge-irl1.demdex.com 2 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=76892370757210138902609578715869078972; Max-Age=15552000; Expires=Fri, 21 Jul 2023 18:47:49 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Origin
X-TID: U2CW+jmjRS8=
Content-Length: 502
Connection: keep-alive
welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
104.18.24.188200 OK 2.4 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/google-play-ro.svg
IP 104.18.24.188:0
File type SVG Scalable Vector Graphics image\012- HTML document, ASCII text, with very long lines (5740), with no line terminators
Hash 4e047d2fb481d942835179f00f183a45
1d25d4bf10c06689217f39bdc8cc22bac95836e9
eabd633c82b07b7ce5e981e03817fdff9abcc56c97ca5121df33e34e8aeb529c
GET /nu/pop/sportsbook/multisports/google-play-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 2fR27yW0b9kBp/ebW9u59A==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4CC7156"
x-ms-request-id: 4fc06b4d-901e-004e-1803-033c8a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555319
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d29b9f0b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,500
142.250.74.106200 OK 923 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,500
IP 142.250.74.106:0
Hash fef8bfd82ceb4c994a41818a313ad26e
781e11e34b36258b6bd527c91b9dda66dbb74b9a
3363b162c671a746cca53faf5fe3c20f45fa9533856b8a27c52a4454c97b541f
GET /css?family=Roboto:300,400,500 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Sun, 22 Jan 2023 18:47:48 GMT
date: Sun, 22 Jan 2023 18:47:48 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
104.18.24.188200 OK 741 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/utv-logo.svg
IP 104.18.24.188:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document text\012- HTML document, ASCII text, with very long lines (807), with no line terminators
Hash 7c2f5d571d66658d5028b646d85b4350
7553fc387a5a529e7fa7ba7a4e31a7ce5bd5129b
30af83ab6bbcb90dc4cb1bb9d82e9b94121fcfab26f0a935fa9c865c852b4951
GET /nu/pop/sportsbook/multisports/utv-logo.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: QazcDvviTF55mXL/M8kCWQ==
last-modified: Mon, 21 Nov 2022 12:34:12 GMT
etag: W/"0x8DACBBCB1D5BF7A"
x-ms-request-id: 5d879bd0-f01e-002a-0703-03cd12000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555319
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d29b950b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 9f70c7fc0f0758cb573b0f11ec821673
29f6a298434cad54de4c348ff5180dc99c0691e2
69b8d2844872e50e433a58d0a753a4eb7e97b31c615fccfe4e7311f7f3f18ef4
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3822
Cache-Control: max-age=136367
Content-Type: application/ocsp-response
Date: Sun, 22 Jan 2023 18:47:49 GMT
Etag: "63cce796-1d7"
Expires: Tue, 24 Jan 2023 08:40:36 GMT
Last-Modified: Sun, 22 Jan 2023 07:36:54 GMT
Server: ECS (ska/F6FE)
X-Cache: HIT
Content-Length: 471
unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=76908524916995663612610359293537982503&ts=1674413268274
13.37.25.97200 OK 2 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=76908524916995663612610359293537982503&ts=1674413268274
IP 13.37.25.97:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&mid=76908524916995663612610359293537982503&ts=1674413268274 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://welcome.unibet.com
access-control-allow-credentials: true
date: Sun, 22 Jan 2023 18:47:49 GMT
p3p: CP="This is not a P3P policy"
server: jag
vary: Origin
content-type: application/x-javascript;charset=utf-8
content-length: 2
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s88628847304647?AQB=1&ndh=1&pf=1&t=22%2F0%2F2023%2018%3A47%3A48%200%200&mid=76908524916995663612610359293537982503&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A74028648-37950%26btag%3D320665405_15B95626E93C4317901884A913AE24D1%26bid%3D37950%26campaignId%3D2799402%26pid%3D74028648&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A74028648-37950%26btag%3D320665405_15B95626E93C4317901884A913AE24D1%26bid%3D37950%26campaignId%3D2799402%26pid%3D74028648&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=6%3A47%20PM%7CSunday&v6=6%3A47%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1674413268&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A320665405%3A74028648-37950&v122=NONE&v124=2799402&v125=320665405_15B95626E93C4317901884A913AE24D1&v126=74028648&v127=37950&v134=1674413268&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
13.37.25.97200 OK 43 B URL HTTP/2 unibetlondonltd.d3.sc.omtrdc.net/b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s88628847304647?AQB=1&ndh=1&pf=1&t=22%2F0%2F2023%2018%3A47%3A48%200%200&mid=76908524916995663612610359293537982503&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A74028648-37950%26btag%3D320665405_15B95626E93C4317901884A913AE24D1%26bid%3D37950%26campaignId%3D2799402%26pid%3D74028648&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A74028648-37950%26btag%3D320665405_15B95626E93C4317901884A913AE24D1%26bid%3D37950%26campaignId%3D2799402%26pid%3D74028648&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=6%3A47%20PM%7CSunday&v6=6%3A47%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1674413268&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A320665405%3A74028648-37950&v122=NONE&v124=2799402&v125=320665405_15B95626E93C4317901884A913AE24D1&v126=74028648&v127=37950&v134=1674413268&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1
IP 13.37.25.97:0
File type GIF image data, version 89a, 2 x 2\012- data
Hash ad480fd0732d0f6f1a8b06359e3a42bb
a544538683a2dfe574eeb2e358ac8fcc78289d50
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
GET /b/ss/unibetlondonunibetwebprod/1/JS-2.22.4/s88628847304647?AQB=1&ndh=1&pf=1&t=22%2F0%2F2023%2018%3A47%3A48%200%200&mid=76908524916995663612610359293537982503&aamlh=6&ce=UTF-8&pageName=LP%3A2022%20-%20Multi%20Sports%20-%20popunders&g=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A74028648-37950%26btag%3D320665405_15B95626E93C4317901884A913AE24D1%26bid%3D37950%26campaignId%3D2799402%26pid%3D74028648&cc=GBP&ch=bf_landingpage&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&c1=https%3A%2F%2Fwelcome.unibet.com%2Fnu%2Fpop%2Fsportsbook%2Fmultisports%2Findex.html%3Fmktid%3D1%3A320665405%3A74028648-37950%26btag%3D320665405_15B95626E93C4317901884A913AE24D1%26bid%3D37950%26campaignId%3D2799402%26pid%3D74028648&v1=welcome.unibet.com%3A%3A%3Adesktop%3Anu%3Apop%3Asportsbook%3Amultisports%3Aindex.html&c2=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&v2=bf_landingpage&v3=welcome.unibet.com&v4=No%20CMS%5ENo%20ClientID%5ENo%20Locale%5ENo%20Juristiction&c6=6%3A47%20PM%7CSunday&v6=6%3A47%20PM%7CSunday&v11=GBP&c14=New&v14=New&c16=1674413268&v21=Not%20Logged-In&c73=unibet&v120=popunder&v121=1%3A320665405%3A74028648-37950&v122=NONE&v124=2799402&v125=320665405_15B95626E93C4317901884A913AE24D1&v126=74028648&v127=37950&v134=1674413268&s=1280x1024&c=24&j=1.6&v=N&k=Y&bw=1280&bh=939&mcorgid=F431E3BC5593E3887F000101%40AdobeOrg&AQE=1 HTTP/1.1
Host: unibetlondonltd.d3.sc.omtrdc.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: *
date: Sun, 22 Jan 2023 18:47:49 GMT
expires: Sat, 21 Jan 2023 18:47:49 GMT
last-modified: Mon, 23 Jan 2023 18:47:49 GMT
pragma: no-cache
p3p: CP="This is not a P3P policy"
server: jag
etag: 3595775116979044352-4619602887775852117
vary: *
content-type: image/gif;charset=utf-8
content-length: 43
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
104.18.24.188200 OK 4.4 kB URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/read_json.js
IP 104.18.24.188:0
File type HTML document, ASCII text
Hash 5f9ecc28bd8a410bed70a39c680dec2c
fb282833db9e57e9f22c8800cc2f0e20f5e921a0
3da2d96c4aab45460bbf8387ae6d7f178f7852e92a2600e36438f1fb6ad2beaf
GET /nu/pop/sportsbook/multisports/read_json.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: rGS1nJi75Qz2m2yY+jlYXA==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB5157DAD"
x-ms-request-id: 88d0ed66-201e-0074-2503-0326f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555320
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d28b750b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
ocsp.sca1b.amazontrust.com/
143.204.42.156200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.156:0
Hash 8f48bcf677e15cbcce55c549f010dc40
b217f179e4ccfb8aa6cce257712220f9f12b25dc
e6227fc2a80c27659235ff4707fa552b2ca9245d948b373bbdbefbe53e12e057
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Sun, 22 Jan 2023 18:47:49 GMT
Last-Modified: Sun, 22 Jan 2023 16:59:55 GMT
Server: ECS (bsa/EB1A)
X-Cache: Miss from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: p-brgGgLYTmzX8aFIxKhrWhYL1SO_ba1Ixtf6AX6Nos9un0ElOoiqg==
Age: 6474
cm.everesttech.net/cm/dd?d_uuid=76892370757210138902609578715869078972
18.201.4.185302 0 B URL HTTP/1.1 cm.everesttech.net/cm/dd?d_uuid=76892370757210138902609578715869078972
IP 18.201.4.185:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cm/dd?d_uuid=76892370757210138902609578715869078972 HTTP/1.1
Host: cm.everesttech.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302
Date: Sun, 22 Jan 2023 18:47:49 GMT
Content-Length: 0
Connection: keep-alive
Set-Cookie: everest_g_v2=g_surferid~Y82E1QAAAIUthwOV; Domain=.everesttech.net; Expires=Mon, 22-Jan-2024 18:47:49 GMT; Path=/
everest_session_v2=Y82E1QAAAIUtiAOV; Domain=.everesttech.net; Path=/
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=Y82E1QAAAIUthwOV
Server: AMO-cookiemap/1.1
dpm.demdex.net/ibs:dpid=411&dpuuid=Y82E1QAAAIUthwOV
54.217.237.24302 Found 0 B URL HTTP/1.1 dpm.demdex.net/ibs:dpid=411&dpuuid=Y82E1QAAAIUthwOV
IP 54.217.237.24:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ibs:dpid=411&dpuuid=Y82E1QAAAIUthwOV HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
DCS: dcs-prod-irl1-2-v045-02b96ccc8.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y82E1QAAAIUthwOV
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
set-cookie: demdex=66600067532633724951246426142549065026; Max-Age=15552000; Expires=Fri, 21 Jul 2023 18:47:49 GMT; Path=/; Domain=.demdex.net; Secure; SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: Bh/3+Jh0R1A=
Content-Length: 0
Connection: keep-alive
dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y82E1QAAAIUthwOV
54.217.237.24200 OK 59 B URL HTTP/1.1 dpm.demdex.net/demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y82E1QAAAIUthwOV
IP 54.217.237.24:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash 1251cd5e5c2def4c046309375f87c1c1
e02d6b0c6a5c495c15985e2832e335eda8528c80
4e7010cc46fa361c88e57e3346d27421cf3b8a8bf5f39b43fc45997c60cb1c13
GET /demconf.jpg?et:ibs%7cdata:dpid=411&dpuuid=Y82E1QAAAIUthwOV HTTP/1.1
Host: dpm.demdex.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://welcome.unibet.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
Content-Type: image/gif
DCS: dcs-prod-irl1-1-v045-09e3db1c5.edge-irl1.demdex.com 0 ms
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: P4zPPoDUTuk=
Content-Length: 59
Connection: keep-alive
welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-store-ro.svg
IP 104.18.24.188:0
GET /nu/pop/sportsbook/multisports/app-store-ro.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: epgiRapjJpA7DniTiF5C+w==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4C5466A"
x-ms-request-id: 0b580569-d01e-0060-1f03-036e9d000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555319
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d29b9b0b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
script.crazyegg.com/pages/scripts/0012/9242.js
104.19.148.8200 OK 0 B URL HTTP/2 script.crazyegg.com/pages/scripts/0012/9242.js
IP 104.19.148.8:0
GET /pages/scripts/0012/9242.js HTTP/1.1
Host: script.crazyegg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:49 GMT
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
ce-version: 11.5.19
cache-control: public, max-age=300, s-maxage=1209600
cf-bgj: minify
cf-polished: origSize=6088
last-modified: Fri, 20 Jan 2023 17:09:06 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 178723
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d48e0b0b02-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v5.7.1/css/all.css
172.64.132.15200 OK 0 B URL HTTP/2 use.fontawesome.com/releases/v5.7.1/css/all.css
IP 172.64.132.15:0
GET /releases/v5.7.1/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://welcome.unibet.com
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: text/css
x-amz-id-2: kBpjnAujkCQOW3Zr0P8Ew6IrWjg48N7+8LpZ64VVWljlBbzpY3QoGqj3PKT7OmPBh8WXfTwfBYk=
x-amz-request-id: F3FX4D4WZDEMXQ23
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Wed, 30 Jun 2021 15:45:37 GMT
etag: W/"7b1d7f457d056ace7b230b587b9f3753"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1517136
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MEilzQEgFoXQ4MSZ02%2BPQv1G4WAom6M3WhC1BmQQl3ne8cpQRVf4WOhwQewvS7mgTuuT0gJPQqEboUfpmPWXHpyVqcUccdWhiZK4NVUlOYfOxa8lrtxbM9CBSQxruLYb40cVSy7J"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 78da75d30e4d24da-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-main.js
IP 104.18.24.188:0
GET /nu/pop/sportsbook/multisports/1-main.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: BPxI3njL/F0VV+nfOZx3Mw==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB50B45F5"
x-ms-request-id: 10dfb792-f01e-0077-0703-03c796000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555320
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d26b540b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-expert.svg
IP 104.18.24.188:0
GET /nu/pop/sportsbook/multisports/icon-expert.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Z4302O+bSqlX5UM92U+35A==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB3A5CF50"
x-ms-request-id: cd88faad-301e-0047-5503-037959000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555321
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d29ba30b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
a1s.unibet.com/orval/tracking/lastclick.min.js
85.184.96.5200 OK 0 B URL HTTP/2 a1s.unibet.com/orval/tracking/lastclick.min.js
IP 85.184.96.5:0
ASN #47171 Unibet Services Limited
GET /orval/tracking/lastclick.min.js HTTP/1.1
Host: a1s.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: application/javascript
vary: Accept-Encoding
last-modified: Fri, 05 Aug 2022 12:55:42 GMT
etag: W/"705-5e57dfbd5830d"
cache-control: max-age=1800, public, must-revalidate
content-encoding: gzip
server: kindred-loadbalancer
strict-transport-security: max-age=63072000; preload
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
content-security-policy: default-src 'unsafe-inline' 'unsafe-eval' http: https: data: wss: blob: jockey: unibetpro: *;
x-browser-class: A
x-os-class: M
set-cookie: clientId=polopoly_desktop; Domain=a1s.unibet.com; Path=/; SameSite=None; Secure
X-Firefox-Spdy: h2
welcome.unibet.com/custom.js
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/custom.js
IP 104.18.24.188:0
GET /custom.js HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: application/javascript
content-md5: e/Aekt1V1fopj1X7y5r9MA==
last-modified: Tue, 29 Mar 2022 08:25:09 GMT
etag: W/"0x8DA115DA300B0C1"
x-ms-request-id: d013a120-f01e-003a-7703-03087a000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555320
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d29b910b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
104.16.172.188200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg
IP 104.16.172.188:0
GET /resources/no-payments-44051ae6-a41f-42c3-8d89-751be3d4a42c.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:49 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: eFf1+jVlHZeVusUSI4yq9A==
last-modified: Mon, 07 Dec 2020 10:23:00 GMT
etag: W/"0x8D89A9A12E2A33B"
x-ms-request-id: aecbdf5c-c01e-0126-115e-a51c52000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 255
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d6bc1f1c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/app-sports-icon.svg
IP 104.18.24.188:0
GET /nu/pop/sportsbook/multisports/app-sports-icon.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: Lm+dv7pV36kTdto2PoEyYQ==
last-modified: Mon, 21 Nov 2022 12:34:17 GMT
etag: W/"0x8DACBBCB4BDF480"
x-ms-request-id: 88d0ed69-201e-0074-2803-0326f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555319
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d29b9a0b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/1-styles.css
IP 104.18.24.188:0
GET /nu/pop/sportsbook/multisports/1-styles.css HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: text/css; charset=utf-8
cache-control: public, max-age=900, immutable
content-md5: zXkBqwBMviPPaK5rBIapmA==
last-modified: Mon, 21 Nov 2022 12:34:11 GMT
etag: W/"0x8DACBBCB117460B"
x-ms-request-id: dbafa778-701e-0034-4703-0321ca000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555320
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d26b520b61-OSL
content-encoding: br
X-Firefox-Spdy: h2
cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
104.16.172.188200 OK 0 B URL HTTP/2 cdn.bannerflow.com/resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg
IP 104.16.172.188:0
GET /resources/mga-logo-16e5f569-f45f-4c4f-a7ab-0a1f83c58415.svg HTTP/1.1
Host: cdn.bannerflow.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:49 GMT
content-type: image/svg+xml
cache-control: public,max-age=604800
content-md5: FAAw5O0EvruykoHDQoRDMA==
last-modified: Fri, 27 Nov 2020 14:00:02 GMT
etag: W/"0x8D892DCBC6EB927"
x-ms-request-id: 0c05a17a-201e-0074-2dff-f626f2000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 150
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d6ac151c06-OSL
content-encoding: br
X-Firefox-Spdy: h2
welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
104.18.24.188200 OK 0 B URL HTTP/2 welcome.unibet.com/nu/pop/sportsbook/multisports/icon-trust.svg
IP 104.18.24.188:0
GET /nu/pop/sportsbook/multisports/icon-trust.svg HTTP/1.1
Host: welcome.unibet.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://welcome.unibet.com/nu/pop/sportsbook/multisports/index.html?mktid=1:320665405:74028648-37950&btag=320665405_15B95626E93C4317901884A913AE24D1&bid=37950&campaignId=2799402&pid=74028648
Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a74028648%2c%22BID%22%3a37950%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1674413268210)%5c%2f%22%2c%22CookieTag%22%3a%223795074028648451240919C20231221847%22%7d%5d; NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%228724973869%7c1%22%7d%5d; btag=320665405_15B95626E93C4317901884A913AE24D1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Sun, 22 Jan 2023 18:47:48 GMT
content-type: image/svg+xml
cache-control: public, max-age=900, immutable
content-md5: 9k4H3E55HXB5I94VinrUOQ==
last-modified: Mon, 21 Nov 2022 12:34:15 GMT
etag: W/"0x8DACBBCB39EA46F"
x-ms-request-id: a11628c9-801e-0042-7503-03ab82000000
x-ms-version: 2014-02-14
x-ms-lease-status: unlocked
x-ms-lease-state: available
x-ms-blob-type: BlockBlob
access-control-allow-origin: *
cf-cache-status: HIT
age: 555319
vary: Accept-Encoding
server: cloudflare
cf-ray: 78da75d29ba10b61-OSL
content-encoding: br
X-Firefox-Spdy: h2