1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

172.217.168.237:443

POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/2.0
host: accounts.google.com
content-length: 1
origin: https://www.google.com
content-type: application/x-www-form-urlencoded
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

172.217.23.195:443

POST /service/update2 HTTP/1.1
Content-Length: 673
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: update.googleapis.com
Connection: Keep-Alive
Accept-Encoding: gzip

HTTP/1.1 200 OK
Content-Security-Policy: script-src 'report-sample' 'nonce-34Xrzvhwt48ld3E40D82sQ' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Fri, 17 Nov 2023 10:42:42 GMT
Content-Type: text/xml; charset=UTF-8
X-Daynum: 6164
X-Daystart: 9762
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked

172.217.23.195:443

POST /service/update2 HTTP/1.1
Content-Length: 687
Content-Type: application/x-www-form-urlencoded
User-Agent: Dalvik/2.1.0 (Linux; U; Android 11; Pixel 2 Build/RSR1.210722.013)
Host: update.googleapis.com
Connection: Keep-Alive
Accept-Encoding: gzip

HTTP/1.1 200 OK
Content-Security-Policy: script-src 'report-sample' 'nonce-eWxjTnkodehVX2jzd1CCGg' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Fri, 17 Nov 2023 10:42:42 GMT
Content-Type: text/xml; charset=UTF-8
X-Daynum: 6164
X-Daystart: 9762
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Transfer-Encoding: chunked

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

8.8.8.8:53

1.1.1.1:53

1.1.1.1:53

8.8.4.4:53

1.1.1.1:53

104.248.128.180:443

GET /file_7078-dw.html HTTP/2.0
host: an1.com
cache-control: max-age=0
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
x-proxy-cache: HIT
strict-transport-security: max-age=31536000

104.248.128.180:443

GET /templates/an1/fonts/montserrat-700.woff2 HTTP/2.0
host: an1.com
origin: https://an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: font/woff2
content-length: 27140
last-modified: Sun, 09 May 2021 15:42:32 GMT
etag: "609802e8-6a04"
expires: Sat, 16 Nov 2024 10:25:33 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /templates/an1/fonts/montserrat-400.woff2 HTTP/2.0
host: an1.com
origin: https://an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: font
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: font/woff2
content-length: 26928
last-modified: Sun, 09 May 2021 15:42:32 GMT
etag: "609802e8-6930"
expires: Sat, 16 Nov 2024 10:14:52 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /templates/an1/css/styles.css?v=6.0 HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: text/css
last-modified: Wed, 17 May 2023 19:40:06 GMT
etag: W/"64652d96-13450"
expires: Sat, 16 Nov 2024 10:37:19 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cache-control: max-age=31536000, public
content-encoding: gzip
x-proxy-cache: HIT
strict-transport-security: max-age=31536000

104.248.128.180:443

GET /templates/an1/css/download.css?v=2 HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/css,*/*;q=0.1
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: text/css
last-modified: Sun, 09 May 2021 15:42:32 GMT
etag: W/"609802e8-1733"
expires: Sat, 16 Nov 2024 10:27:41 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
cache-control: max-age=31536000, public
content-encoding: gzip
x-proxy-cache: HIT
strict-transport-security: max-age=31536000

104.248.128.180:443

GET /engine/classes/min/index.php?charset=utf-8&g=general&v=22 HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: application/x-javascript; charset=utf-8
content-length: 62377
expires: Sat, 16 Nov 2024 10:31:47 GMT
vary: Accept-Encoding
last-modified: Thu, 18 Jul 2019 19:52:11 GMT
etag: "pub1563479531;gz"
cache-control: max-age=31536000
content-encoding: gzip
x-proxy-cache: HIT
strict-transport-security: max-age=31536000

104.248.128.180:443

GET /uploads/posts/2022-02/1644847647_security-breach.png HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: image/png
content-length: 21499
last-modified: Mon, 14 Feb 2022 14:06:27 GMT
etag: "620a61e3-53fb"
expires: Sat, 16 Nov 2024 10:22:14 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /uploads/fveiujrtuth.png HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: image/png
content-length: 20886
last-modified: Fri, 18 Jun 2021 14:19:01 GMT
etag: "60ccab55-5196"
expires: Sat, 16 Nov 2024 10:18:31 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /uploads/posts/2016-02/1455720396_converted_file_f7e949b5.jpg HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: image/jpeg
content-length: 13286
last-modified: Fri, 18 Jun 2021 14:13:56 GMT
etag: "60ccaa24-33e6"
expires: Sat, 16 Nov 2024 10:17:33 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /uploads/posts/2022-03/1647557059_plagueinc.jpg HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: image/jpeg
content-length: 30304
last-modified: Thu, 17 Mar 2022 22:44:13 GMT
etag: "6233b9bd-7660"
expires: Sat, 16 Nov 2024 10:29:46 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /uploads/posts/1438939727_bridge-builder-crane-operator.jpg HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: image/jpeg
content-length: 14227
last-modified: Fri, 18 Jun 2021 14:11:14 GMT
etag: "60cca982-3793"
expires: Sat, 16 Nov 2024 10:25:31 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /uploads/posts/2022-04/1650871697_xtreme-motorbikes.jpg HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: image/jpeg
content-length: 12061
last-modified: Mon, 25 Apr 2022 07:28:10 GMT
etag: "62664d8a-2f1d"
expires: Sat, 16 Nov 2024 10:25:59 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /uploads/posts/2021-12/1640526374_cyberika.jpg HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: image/jpeg
content-length: 32419
last-modified: Sun, 26 Dec 2021 13:44:45 GMT
etag: "61c871cd-7ea3"
expires: Sat, 16 Nov 2024 10:26:38 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /uploads/sticajfewustrwer.png HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: image/png
content-length: 10656
last-modified: Fri, 18 Jun 2021 14:17:37 GMT
etag: "60ccab01-29a0"
expires: Sat, 16 Nov 2024 10:28:11 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /uploads/skoireghuwrohwerfewr.png HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: image/png
content-length: 16273
last-modified: Fri, 18 Jun 2021 14:17:41 GMT
etag: "60ccab05-3f91"
expires: Sat, 16 Nov 2024 10:17:22 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /uploads/tvempitrhjutyih.png HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: image/png
content-length: 17477
last-modified: Fri, 18 Jun 2021 14:19:18 GMT
etag: "60ccab66-4445"
expires: Sat, 16 Nov 2024 10:38:26 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /uploads/posts/2022-05/1651489268_walkmaster.jpg HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: image/jpeg
content-length: 19377
last-modified: Mon, 02 May 2022 11:00:30 GMT
etag: "626fb9ce-4bb1"
expires: Sat, 16 Nov 2024 10:15:18 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /uploads/rgtorhiytjuyj.jpg HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: image/jpeg
content-length: 15177
last-modified: Fri, 18 Jun 2021 14:18:43 GMT
etag: "60ccab43-3b49"
expires: Sat, 16 Nov 2024 10:37:50 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /uploads/posts/2023-07/1689071818_left-to-survive.png HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:42:51 GMT
content-type: image/png
content-length: 22174
last-modified: Tue, 11 Jul 2023 10:35:41 GMT
etag: "64ad307d-569e"
expires: Sat, 16 Nov 2024 10:31:50 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /templates/an1/images/favicon/f32.png HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:04 GMT
content-type: image/png
content-length: 546
last-modified: Sun, 09 May 2021 15:42:32 GMT
etag: "609802e8-222"
expires: Sat, 16 Nov 2024 10:25:44 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /templates/an1/images/favicon/apple-touch-icon.png HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:04 GMT
content-type: image/png
content-length: 1691
last-modified: Mon, 10 May 2021 19:53:20 GMT
etag: "60998f30-69b"
expires: Sat, 16 Nov 2024 10:34:54 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

104.248.128.180:443

GET /templates/an1/images/favicon/96.png HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:04 GMT
content-type: image/png
content-length: 3547
last-modified: Sun, 12 Mar 2023 19:33:32 GMT
etag: "640e290c-ddb"
expires: Sat, 16 Nov 2024 10:27:11 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

104.248.128.180:443

GET /templates/an1/images/favicon/manifest.json HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:04 GMT
content-type: application/json
last-modified: Thu, 23 Mar 2023 11:36:23 GMT
etag: W/"641c39b7-4d9"
content-encoding: gzip
x-proxy-cache: HIT
strict-transport-security: max-age=31536000

1.1.1.1:53

2.18.121.72:443

GET /4/5299899 HTTP/2.0
host: ak.uncleffaan.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
content-type: text/html; charset=utf8
x-trace-id: 556a8d85e62cabd4bbf2e68b4c7d6b22
link: <https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://my.rtmark.net>; rel="preconnect dns-prefetch"
link: <https://shainsie.com>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
timing-allow-origin: *
access-control-allow-origin: *
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, favicon
x-akamai-transformed: 9 - 0 pmb=mRUM,1
content-encoding: gzip
expires: Fri, 17 Nov 2023 10:43:09 GMT
cache-control: max-age=0, no-cache, no-store
pragma: no-cache
date: Fri, 17 Nov 2023 10:43:09 GMT
content-length: 2667
vary: Accept-Encoding
set-cookie: OAID=dc71e55908574dfd8ce82a4bbe025e6e; expires=Sat, 16 Nov 2024 10:43:09 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1700217789; expires=Sat, 16 Nov 2024 10:43:09 GMT; path=/; secure; SameSite=None
set-cookie: syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
server-timing: edge; dur=1
server-timing: origin; dur=104
server-timing: cdn-cache; desc=MISS
server-timing: ak_p; desc="1700217789333_34764872_575644236_10421_545_1_38_255";dur=1

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

104.80.228.132:443

GET /boomerang/2ZJU6-8B4L2-HQ548-68HPC-ZZTG5 HTTP/2.0
host: s.go-mpulse.net
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
content-type: application/javascript; charset=utf-8
cache-control: max-age=604800
content-encoding: br
customappheader: mpulse-ab-boomr__git__2226cf4__git__2226cf4__p19.alsi10-lite
last-modified: Mon, 30 Oct 2023 04:16:29 GMT
timing-allow-origin: *
vary: Accept-Encoding
content-length: 50393
date: Fri, 17 Nov 2023 10:43:09 GMT

1.1.1.1:53

1.1.1.1:53

104.126.120.132:443

GET /api/config.json?key=2ZJU6-8B4L2-HQ548-68HPC-ZZTG5&d=ak.uncleffaan.com&t=5667393&v=1.720.0&sl=0&si=95e82863-1a7e-4377-9880-4f4788dddf8d-s49kft&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,History,Angular,Backbone,Ember,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,EventTiming,LOGN&acao=&ak.ai=812016 HTTP/1.1
Host: c.go-mpulse.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
Accept: */*
Origin: https://ak.uncleffaan.com
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=120, stale-while-revalidate=60, stale-if-error=120
Timing-Allow-Origin: *
Content-Length: 51
Date: Fri, 17 Nov 2023 10:43:10 GMT
Connection: keep-alive
Content-Type: application/json

172.217.168.202:80

GET /generate_204 HTTP/1.1
Connection: close
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36
Host: play.googleapis.com
Accept-Encoding: gzip

HTTP/1.1 204 No Content
Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Nov 2023 10:43:10 GMT
Connection: close

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

139.45.197.151:443

GET /?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN HTTP/2.0
host: shainsie.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:12 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=l1JQsZ2skBKhlImRV58Ix4gwnEKWQF2-xMln8SRirxM; expires=Fri, 17-Nov-2023 11:43:12 GMT; Max-Age=3600; path=/
set-cookie: OAID=99361569a4b5ae728c172091f8608911; expires=Mon, 03-Oct-2078 21:26:24 GMT; Max-Age=1731840192; path=/
set-cookie: oaidts=1700217792; expires=Mon, 03-Oct-2078 21:26:24 GMT; Max-Age=1731840192; path=/
set-cookie: syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br

139.45.197.151:443

GET /pfe/current/micro.tag.min.js?z=5190812&ymid=749330321903988970&var=5299899&sw=/sw-check-permissions/5190812&uhd=1&os_version=11 HTTP/2.0
host: shainsie.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=l1JQsZ2skBKhlImRV58Ix4gwnEKWQF2-xMln8SRirxM
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:12 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2023 11:01:09 GMT
vary: Accept-Encoding
etag: W/"654e0d75-697f"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: br

139.45.197.151:443

GET /19/5190814/?abt_opts=1&var=5299899&var3=749330321903988970&ymid=&rhd=1 HTTP/2.0
host: shainsie.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=l1JQsZ2skBKhlImRV58Ix4gwnEKWQF2-xMln8SRirxM
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:12 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: f25d7cc8a06d647eca8150c74e6ce49c
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=99361569a4b5ae728c172091f8608911; expires=Sat, 16 Nov 2024 10:43:12 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1700217792; expires=Sat, 16 Nov 2024 10:43:12 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br

139.45.197.151:443

POST /?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN&mprtr=1&os_version=11 HTTP/2.0
host: shainsie.com
content-length: 0
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://shainsie.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=l1JQsZ2skBKhlImRV58Ix4gwnEKWQF2-xMln8SRirxM
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:12 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: br

139.45.197.151:443

GET /sw-check-permissions/5190812?var=5299899&ymid=749330321903988970&uhd=1 HTTP/2.0
host: shainsie.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
purpose: prefetch
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=l1JQsZ2skBKhlImRV58Ix4gwnEKWQF2-xMln8SRirxM
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:13 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br

139.45.197.151:443

POST /zone?&pub=0&zone_id=5190812&is_mobile=true&domain=shainsie.com&var=5299899&ymid=749330321903988970&var_3=&var_4=&dsig=&tg=1&sw=3.1.471&action=prerequest HTTP/2.0
host: shainsie.com
content-length: 0
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://shainsie.com
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=l1JQsZ2skBKhlImRV58Ix4gwnEKWQF2-xMln8SRirxM
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:13 GMT
content-length: 0
x-trace-id: 49af45d6a16b1ac7bdb779532ada81ea
access-control-allow-origin: https://shainsie.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff

139.45.197.151:443

GET /rhd?rb=ZOEFyjSm2fNa_QB-l-88_lmxj6DFSH0z-ryO_ErbelDj9-87-i2h4s-N1LHvDt3YtD3WVxIBhse97EtqfG_8HIhNcZ62hzirDCQtIeQttWMZUyUci5-JzGCIkUuK5YhKKhJh2IgnxXdr4PW8kUjGkWGalV9EtPDL_DVzzbtsyNIwcICDuFiRhxauFkv36kwbr5GJF1gsAm8gazBNV_YdBKuzUrGjqxG_kFfp3L5b1F_jX2wMF_fiGKN7r24X_O9fTdAGnBNVIUbnvRvyCja5hhk2oSZqtE00fUVmCU5OJMw41iK0aUOqOn9cR4Zr6SkS73jO0MaDsU4PV8pz0JoVhuHsTr97lNCRLnerAf6yrhROfFXDxYoRT9CwOUbubAw6wRrgX9HRxkkX3EXfero6fhOUjEKarW7Qo9ZFkdtBtcqdHx0BC6u3oY6nIHxuXKnqnWsk0CCXTyuIRTSJSq89cboiLXBEGtX5h2WnDnd0mjFfhXZnjOlMhYd0DW_G5pVw&request_ab2=0&zoneid=5190814&fs=0&cf=0&sw=320&sh=640&sah=640&wx=0&wy=0&ww=320&wh=512&cw=320&wih=512&wiw=320&wfc=0&pl=https%3A%2F%2Fshainsie.com%2F%3Fs%3D749330321903988970%26ssk%3D2a80383cd9f1af1ea4424fadb8f60781%26svar%3D1700217789%26z%3D5299899%26pz%3D5190812%26tb%3D5190814%26l%3DUz2PDhlrh0vK8eN&drf=&np=0&pt=0&nb=1&ng=1&ix=0&nw=0&tb=true&js_build=iclick-unknown&var=5299899&var3=749330321903988970&ymid=&rhd=1&m=link HTTP/2.0
host: shainsie.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=l1JQsZ2skBKhlImRV58Ix4gwnEKWQF2-xMln8SRirxM
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792
cookie: prefetchAd_5190814=true

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:13 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: e5135e9f571b82d219039291b9c9f862
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=99361569a4b5ae728c172091f8608911; expires=Sat, 16 Nov 2024 10:43:13 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1700217792; expires=Sat, 16 Nov 2024 10:43:13 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br

139.45.197.151:443

GET /favicon.ico HTTP/2.0
host: shainsie.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=l1JQsZ2skBKhlImRV58Ix4gwnEKWQF2-xMln8SRirxM
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792
cookie: prefetchAd_5190814=true

HTTP/2.0 204
server: nginx
date: Fri, 17 Nov 2023 10:43:13 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff

139.45.197.151:443

GET /zone?&pub=0&zone_id=5190812&is_mobile=true&domain=shainsie.com&var=5299899&ymid=749330321903988970&var_3=&var_4=&dsig=&tg=1&sw=3.1.471&action=settings HTTP/2.0
host: shainsie.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=l1JQsZ2skBKhlImRV58Ix4gwnEKWQF2-xMln8SRirxM
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792
cookie: prefetchAd_5190814=true

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:13 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: 2d34a741b7110d182db0c97e23dfce3c
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br

1.1.1.1:53

104.22.25.116:443

GET /apps/templates/subscriptions/universal/css/style.css?v=2 HTTP/2.0
host: littlecdn.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/css,*/*;q=0.1
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: style
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
date: Fri, 17 Nov 2023 10:43:12 GMT
content-type: text/css
last-modified: Thu, 16 Nov 2023 12:21:45 GMT
vary: Accept-Encoding
etag: W/"65560959-1bb3"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 2600
server: cloudflare
cf-ray: 82775f158b49671c-AMS
content-encoding: br

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

8.8.8.8:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

139.45.195.8:443

GET /gid.js?userId=99361569a4b5ae728c172091f8608911 HTTP/2.0
host: my.rtmark.net
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://shainsie.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN&rdc=2
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:31 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://shainsie.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=99361569a4b5ae728c172091f8608911; expires=Sat, 16 Nov 2024 10:43:31 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *

139.45.195.8:443

GET /gid.js?pub=0&userId=&zoneId=5190812&checkDuplicate=true&ymid=749330321903988970&var=5299899 HTTP/2.0
host: my.rtmark.net
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://shainsie.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN&rdc=2
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ID=99361569a4b5ae728c172091f8608911

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:31 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://shainsie.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=99361569a4b5ae728c172091f8608911; expires=Sat, 16 Nov 2024 10:43:31 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *

139.45.195.8:443

GET /gid.js?pub=0&userId=&zoneId=4789793&checkDuplicate=true&ymid=&var= HTTP/2.0
host: my.rtmark.net
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://kasozar.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://kasozar.com/l/PA/nocache/nano-sw-check-permissions-local-AT-2761-4789793.js?z=4789793&var=41_NL&ymid=17002178136547674gc1js
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ID=99361569a4b5ae728c172091f8608911

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:34 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://kasozar.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *
set-cookie: ID=99361569a4b5ae728c172091f8608911; expires=Sat, 16 Nov 2024 10:43:34 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *

139.45.197.151:443

GET /?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN&rdc=2 HTTP/2.0
host: shainsie.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: same-origin
sec-fetch-mode: navigate
sec-fetch-dest: document
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: reverse=l1JQsZ2skBKhlImRV58Ix4gwnEKWQF2-xMln8SRirxM
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792
cookie: prefetchAd_5190814=true

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:31 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
set-cookie: reverse=W62i0G1jdwBdrmC_rt4GIIF8W70Y6lTlqKejuRSOH5s; expires=Fri, 17-Nov-2023 11:43:30 GMT; Max-Age=3600; path=/
set-cookie: OAID=99361569a4b5ae728c172091f8608911; expires=Mon, 03-Oct-2078 21:27:00 GMT; Max-Age=1731840210; path=/
set-cookie: oaidts=1700217792; expires=Mon, 03-Oct-2078 21:27:00 GMT; Max-Age=1731840210; path=/
set-cookie: syncedCookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br

139.45.197.151:443

GET /pfe/current/micro.tag.min.js?z=5190812&ymid=749330321903988970&var=5299899&sw=/sw-check-permissions/5190812&uhd=1&os_version=11 HTTP/2.0
host: shainsie.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN&rdc=2
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792
cookie: prefetchAd_5190814=true
cookie: reverse=W62i0G1jdwBdrmC_rt4GIIF8W70Y6lTlqKejuRSOH5s
if-none-match: W/"654e0d75-697f"
if-modified-since: Fri, 10 Nov 2023 11:01:09 GMT

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:31 GMT
content-type: application/javascript
last-modified: Fri, 10 Nov 2023 11:01:08 GMT
vary: Accept-Encoding
etag: W/"654e0d74-697f"
access-control-allow-credentials: true
cache-control: no-cache
pragma: no-cache
content-encoding: br

139.45.197.151:443

GET /19/5190814/?abt_opts=1&var=5299899&var3=749330321903988970&ymid=&rhd=1 HTTP/2.0
host: shainsie.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN&rdc=2
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792
cookie: prefetchAd_5190814=true
cookie: reverse=W62i0G1jdwBdrmC_rt4GIIF8W70Y6lTlqKejuRSOH5s

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:31 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: 82ceabfbaaf5d377b4d4466850064880
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://sr7pv7n5x.com>; rel="preconnect dns-prefetch"
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=99361569a4b5ae728c172091f8608911; expires=Sat, 16 Nov 2024 10:43:31 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1700217792; expires=Sat, 16 Nov 2024 10:43:31 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br

139.45.197.151:443

POST /?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN&rdc=2&mprtr=1&os_version=11 HTTP/2.0
host: shainsie.com
content-length: 0
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://shainsie.com
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN&rdc=2
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792
cookie: prefetchAd_5190814=true
cookie: reverse=W62i0G1jdwBdrmC_rt4GIIF8W70Y6lTlqKejuRSOH5s

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:31 GMT
content-type: application/json
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-encoding: br

139.45.197.151:443

POST /zone?&pub=0&zone_id=5190812&is_mobile=true&domain=shainsie.com&var=5299899&ymid=749330321903988970&var_3=&var_4=&dsig=&tg=1&sw=3.1.471&action=prerequest HTTP/2.0
host: shainsie.com
content-length: 0
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://shainsie.com
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN&rdc=2
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792
cookie: prefetchAd_5190814=true
cookie: reverse=W62i0G1jdwBdrmC_rt4GIIF8W70Y6lTlqKejuRSOH5s
cookie: syncedCookie=true

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:31 GMT
content-length: 0
x-trace-id: 0e0203ace6df955989bc74585f30930f
access-control-allow-origin: https://shainsie.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff

139.45.197.151:443

GET /sw-check-permissions/5190812?var=5299899&ymid=749330321903988970&uhd=1 HTTP/2.0
host: shainsie.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8
purpose: prefetch
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN&rdc=2
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792
cookie: prefetchAd_5190814=true
cookie: reverse=W62i0G1jdwBdrmC_rt4GIIF8W70Y6lTlqKejuRSOH5s
cookie: syncedCookie=true

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:31 GMT
content-type: application/javascript
vary: Accept-Encoding
x-powered-by: PHP/7.4.33
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: br

139.45.197.151:443

GET /rhd?rb=VOzFPPinXD3x5jTPIapmAo5SNz4adOab7EkuU8p7ZWL0RilCYo9zq9KoOl2IwEynUMGA0czQjHnotJI674i1NKdrWnBUJ026amZtIkqjBsaMNuhy28n0o9PsUbGoM9u9Ku1r90848VXtqfKwEyqOseXizTEg8bijXcSDpvLDcMuHTRUhSDCYkOTRbWg6NZoeDUTk_jeqMppyLl5XfkNjhiUEtNM2_spBXinmiITMQxToTVZTQSebzCESNg09c6igRTqGVbHTd8OeuRQwpiwvsmhepyWIL9fnAxFMWftV4jueUAoQe5rszJTMXJBaSdTPg0227tHanWwsTwd_hVvbOSz-s_AK8gc2JrCHUQhExH21IV7rf_gDZa-sVei9nNf5_alpFe-oyJT-NgmD6HR7QY7XSbm8IphyP8MoX35YUnb6IswtHKd3U68rHqYbCwEPt723-pXkGzO1TMacp5u1PRqHZVQ4MMANXlK6d0Ls3-xvJWKJjlpdK-yajTQJ9ZBVF2KDsA%3D%3D&request_ab2=0&zoneid=5190814&fs=0&cf=0&sw=320&sh=640&sah=640&wx=0&wy=0&ww=320&wh=512&cw=320&wih=512&wiw=320&wfc=0&pl=https%3A%2F%2Fshainsie.com%2F%3Fs%3D749330321903988970%26ssk%3D2a80383cd9f1af1ea4424fadb8f60781%26svar%3D1700217789%26z%3D5299899%26pz%3D5190812%26tb%3D5190814%26l%3DUz2PDhlrh0vK8eN%26rdc%3D2&drf=https%3A%2F%2Fshainsie.com%2F%3Fs%3D749330321903988970%26ssk%3D2a80383cd9f1af1ea4424fadb8f60781%26svar%3D1700217789%26z%3D5299899%26pz%3D5190812%26tb%3D5190814%26l%3DUz2PDhlrh0vK8eN&np=0&pt=0&nb=1&ng=1&ix=0&nw=0&tb=true&js_build=iclick-unknown&var=5299899&var3=749330321903988970&ymid=&rhd=1&m=link HTTP/2.0
host: shainsie.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN&rdc=2
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792
cookie: prefetchAd_5190814=true
cookie: reverse=W62i0G1jdwBdrmC_rt4GIIF8W70Y6lTlqKejuRSOH5s
cookie: syncedCookie=true

HTTP/2.0 204
server: nginx
date: Fri, 17 Nov 2023 10:43:31 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff

139.45.197.151:443

GET /favicon.ico HTTP/2.0
host: shainsie.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN&rdc=2
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792
cookie: prefetchAd_5190814=true
cookie: reverse=W62i0G1jdwBdrmC_rt4GIIF8W70Y6lTlqKejuRSOH5s
cookie: syncedCookie=true

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:31 GMT
content-type: application/json
vary: Accept-Encoding
x-trace-id: bc16a9a68b7fcab034dba74b743a72fa
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
set-cookie: OAID=99361569a4b5ae728c172091f8608911; expires=Sat, 16 Nov 2024 10:43:31 GMT; path=/; secure; SameSite=None
set-cookie: oaidts=1700217792; expires=Sat, 16 Nov 2024 10:43:31 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br

139.45.197.151:443

GET /zone?&pub=0&zone_id=5190812&is_mobile=true&domain=shainsie.com&var=5299899&ymid=749330321903988970&var_3=&var_4=&dsig=&tg=1&sw=3.1.471&action=settings HTTP/2.0
host: shainsie.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN&rdc=2
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792
cookie: prefetchAd_5190814=true
cookie: reverse=W62i0G1jdwBdrmC_rt4GIIF8W70Y6lTlqKejuRSOH5s
cookie: syncedCookie=true

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:31 GMT
content-type: application/json; charset=utf-8
vary: Accept-Encoding
x-trace-id: ea36e0175df003f495f6d93505b7ac85
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: br

139.45.197.151:443

POST /cat.php?userId=99361569a4b5ae728c172091f8608911&zoneid=5190814&rb=VOzFPPinXD3x5jTPIapmAo5SNz4adOab7EkuU8p7ZWL0RilCYo9zq9KoOl2IwEynUMGA0czQjHnotJI674i1NKdrWnBUJ026amZtIkqjBsaMNuhy28n0o9PsUbGoM9u9Ku1r90848VXtqfKwEyqOseXizTEg8bijXcSDpvLDcMuHTRUhSDCYkOTRbWg6NZoeDUTk_jeqMppyLl5XfkNjhiUEtNM2_spBXinmiITMQxToTVZTQSebzCESNg09c6igRTqGVbHTd8OeuRQwpiwvsmhepyWIL9fnAxFMWftV4jueUAoQe5rszJTMXJBaSdTPg0227tHanWwsTwd_hVvbOSz-s_AK8gc2JrCHUQhExH21IV7rf_gDZa-sVei9nNf5_alpFe-oyJT-NgmD6HR7QY7XSbm8IphyP8MoX35YUnb6IswtHKd3U68rHqYbCwEPt723-pXkGzO1TMacp5u1PRqHZVQ4MMANXlK6d0Ls3-xvJWKJjlpdK-yajTQJ9ZBVF2KDsA==&var=5299899&var3=749330321903988970&ymid=&rhd=1 HTTP/2.0
host: shainsie.com
content-length: 1949
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
content-type: text/plain;charset=UTF-8
accept: */*
origin: https://shainsie.com
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: empty
referer: https://shainsie.com/?s=749330321903988970&ssk=2a80383cd9f1af1ea4424fadb8f60781&svar=1700217789&z=5299899&pz=5190812&tb=5190814&l=Uz2PDhlrh0vK8eN&rdc=2
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: OAID=99361569a4b5ae728c172091f8608911
cookie: oaidts=1700217792
cookie: prefetchAd_5190814=true
cookie: reverse=W62i0G1jdwBdrmC_rt4GIIF8W70Y6lTlqKejuRSOH5s
cookie: syncedCookie=true

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:33 GMT
content-length: 0
x-trace-id: be986d3eb9cf6900935bbb6eb39d720b
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Wow64
access-control-allow-origin: https://shainsie.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
timing-allow-origin: *
strict-transport-security: max-age=1
x-content-type-options: nosniff

1.1.1.1:53

104.18.30.102:443

GET /camp5?bundle=3002709&cost=0.002000&source_id=41&stage=34&country=NL&difficulty=1&campaignid=6089512&site_id=5190814&os_version=11&oaid=99361569a4b5ae728c172091f8608911 HTTP/2.0
host: kasozar.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
date: Fri, 17 Nov 2023 10:43:33 GMT
content-type: text/html;charset=UTF-8
content-language: en-US
set-cookie: visit=17002178136547674gc1js;Max-age=86400; path=/
vary: Accept-Encoding
server: cloudflare
cf-ray: 82775f9758270e5c-AMS
content-encoding: br

104.18.30.102:443

GET /l/PA/nocache/nano-sw-check-permissions-local-AT-2761-4789793.js?z=4789793&var=41_NL&ymid=17002178136547674gc1js HTTP/2.0
host: kasozar.com
cache-control: max-age=0
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
service-worker: script
sec-fetch-site: same-origin
sec-fetch-mode: same-origin
sec-fetch-dest: serviceworker
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: visit=17002178136547674gc1js

HTTP/2.0 200
date: Fri, 17 Nov 2023 10:43:33 GMT
content-type: application/javascript; charset=utf-8
cf-cache-status: MISS
etag: W/"l/PA/nocache/nano-sw-check-permissions-local-AT-2761-4789793.a26b1f3ae6.js"
vary: Accept-Encoding
server: cloudflare
cf-ray: 82775f98492b0e5c-AMS
content-encoding: br

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

188.114.97.0:80

GET /impression/tb?impression_id=17002178136547674gc1js HTTP/1.1
Host: hub.at-systems.biz
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9

HTTP/1.1 301 Moved Permanently
Date: Fri, 17 Nov 2023 10:43:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 17 Nov 2023 11:43:35 GMT
Location: https://hub.at-systems.biz/impression/tb?impression_id=17002178136547674gc1js
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qJIKSV5f0jEfPekh%2BYI%2F3sdO2WafH3WRRSUnAfKmaYR%2FxWwoBLrVetSdUJu990oOZhEDkPGzTuqHIup67Cu%2B1d28qdccpftl%2B7un1A4DdMmcW92ibuaDg57qocKvd841PYGrmu0%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 82775fa32b1eb95a-AMS
alt-svc: h3=":443"; ma=86400

188.114.97.0:443

GET /impression/tb?impression_id=17002178136547674gc1js HTTP/2.0
host: hub.at-systems.biz
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
date: Fri, 17 Nov 2023 10:43:35 GMT
content-type: application/json; charset=utf-8
content-length: 2
x-powered-by: Express
access-control-allow-origin: *
etag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
strict-transport-security: max-age=15724800; includeSubDomains
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GTtvQwFwvqO8ENCCBgA30VEZ1iY0Va78FeRJz80tgy7adihUWoi7QQCW9z8elUKeKcVXmesFaz7SyQbKL8lZVnrHDgcoo1bK1VHXeTQ8j9vTl8kiV0BYVlpauTpaom%2FdYMMHFUc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82775fa3aefcb93e-AMS
alt-svc: h3=":443"; ma=86400

1.1.1.1:53

142.251.36.35:443

POST /service/update2/json?cup2key=10:770292208&cup2hreq=34f31a0558c74b8a7884a03d944b37c7b6c609cfbfd9e7c912ac50b82bf02796 HTTP/2.0
host: update.googleapis.com
content-length: 1314
x-goog-update-appid: hfnkpimlhhgieaddgfemjhofmfblmnib,llkgjffcdpffmhiakmfcdcblohccpfmo,gcmjkmgdlgnkkcocmoeiminaijmmjnii,khaoiebndkojlmppeemjhbpbandiljpe,giekcmmlnklenlaomppkphknjmnnpneh,jflookgnkcckhobaglndicnbbgbonegd,bklopemakmnopmghhmccadeonafabnal,ggkkehgbnfjpeggfpleeakpidbkibbmn
x-goog-update-interactivity: bg
x-goog-update-updater: chrome-83.0.4103.106
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br

142.251.36.35:443

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 975
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br

142.251.36.35:443

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 979
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br

142.251.36.35:443

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 985
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br

142.251.36.35:443

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 967
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br

142.251.36.35:443

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 906
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br

142.251.36.35:443

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 977
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br

142.251.36.35:443

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 904
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br

142.251.36.35:443

POST /service/update2/json HTTP/2.0
host: update.googleapis.com
content-length: 1032
content-type: application/json
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

139.45.197.251:443

OPTIONS /event HTTP/2.0
host: bigrourg.net
accept: */*
access-control-request-method: POST
access-control-request-headers: content-type
origin: https://kasozar.com
sec-fetch-mode: cors
sec-fetch-site: cross-site
sec-fetch-dest: empty
referer: https://kasozar.com/l/PA/nocache/nano-sw-check-permissions-local-AT-2761-4789793.js?z=4789793&var=41_NL&ymid=17002178136547674gc1js
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:37 GMT
content-type: text/plain; charset=utf-8
content-length: 0
access-control-allow-origin: https://kasozar.com
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization-Token,X-Oaid
access-control-max-age: 86400

139.45.197.251:443

GET /zone?&pub=0&zone_id=4789793&is_mobile=true&domain=kasozar.com&var=41_NL&ymid=17002178136547674gc1js&var_3=&dsig=&tg=2&action=prerequest HTTP/2.0
host: bigrourg.net
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://kasozar.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://kasozar.com/l/PA/nocache/nano-sw-check-permissions-local-AT-2761-4789793.js?z=4789793&var=41_NL&ymid=17002178136547674gc1js
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:37 GMT
content-length: 0
x-trace-id: 8945dee898f0e626b81ebeaf3c64f742
access-control-allow-origin: https://kasozar.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff

139.45.197.251:443

GET /zone?&pub=0&zone_id=4789793&is_mobile=true&domain=kasozar.com&var=41_NL&ymid=17002178136547674gc1js&var_3=&dsig=&tg=2&action=settings HTTP/2.0
host: bigrourg.net
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://kasozar.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://kasozar.com/l/PA/nocache/nano-sw-check-permissions-local-AT-2761-4789793.js?z=4789793&var=41_NL&ymid=17002178136547674gc1js
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:37 GMT
content-type: application/json; charset=utf-8
content-length: 801
x-trace-id: 92e29a40b1f8abfbe79204f0fbdbc75c
access-control-allow-origin: https://kasozar.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff

139.45.197.251:443

POST /event HTTP/2.0
host: bigrourg.net
content-length: 399
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
content-type: application/json
accept: */*
origin: https://kasozar.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://kasozar.com/l/PA/nocache/nano-sw-check-permissions-local-AT-2761-4789793.js?z=4789793&var=41_NL&ymid=17002178136547674gc1js
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 10:43:37 GMT
content-type: application/json; charset=utf-8
content-length: 94
access-control-allow-origin: https://kasozar.com
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, X-Oaid, Content-Type, Accept
strict-transport-security: max-age=1
x-content-type-options: nosniff

1.1.1.1:53

1.1.1.1:53

34.104.35.123:80

GET /edgedl/release2/chrome_component/pfrqmh4jgnd4bphqhzr6pd3uoe_8366/hfnkpimlhhgieaddgfemjhofmfblmnib_8366_all_eax7ldh2myundrsmwwezriqage.crx3 HTTP/1.1
Host: edgedl.me.gvt1.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
Accept-Encoding: gzip, deflate

HTTP/1.1 200 OK
accept-ranges: bytes
content-disposition: attachment
content-length: 26887
content-security-policy: default-src 'none'
server: Google-Edge-Cache
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 0
x-request-id: dd825db1-9f5f-4596-83b5-1246c7d3db0b
date: Fri, 17 Nov 2023 06:19:18 GMT
age: 15859
last-modified: Fri, 17 Nov 2023 06:17:37 GMT
etag: "1fbd7ff"
content-type: application/octet-stream
alt-svc: clear
cache-control: public,max-age=86400

1.1.1.1:53

188.114.97.0:443

GET /fnaf-9_1.6.3.3-an1.com.apk HTTP/1.1
Host: files.an1.co
Connection: keep-alive
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Referer: https://an1.com/file_7078-dw.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Date: Fri, 17 Nov 2023 10:43:38 GMT
Content-Type: application/vnd.android.package-archive
Content-Length: 1988325159
Connection: keep-alive
ETag: "22f114faf19b6f67222d9862937ef48b"
Last-Modified: Sun, 13 Aug 2023 20:09:58 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bp7DLGaGw40buOqkhl2g3dX7oGuI8f%2F2%2BE9O%2FKJymyrWK0jm%2BPuti5VM1EefKd2Bv5j9ZsFPFf2M%2BfZ3XSt97KofagvruTGgKNn%2B5NSXWos2Qa%2Bmk2D0LjGstkO7bPc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 82775fb54d256708-AMS
alt-svc: h3=":443"; ma=86400

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

216.58.214.10:80

GET /generate_204 HTTP/1.1
Connection: close
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.32 Safari/537.36
Host: play.googleapis.com
Accept-Encoding: gzip

HTTP/1.1 204 No Content
Content-Length: 0
Cross-Origin-Resource-Policy: cross-origin
Date: Fri, 17 Nov 2023 11:10:08 GMT
Connection: close

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

188.114.96.0:443

GET /fnaf-9_1.6.3.3-an1.com.apk HTTP/1.1
Host: files.an1.co
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://an1.com/file_7078-dw.html
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9

HTTP/1.1 200 OK
Date: Fri, 17 Nov 2023 11:10:43 GMT
Content-Type: application/vnd.android.package-archive
Content-Length: 1988325159
Connection: keep-alive
ETag: "22f114faf19b6f67222d9862937ef48b"
Last-Modified: Sun, 13 Aug 2023 20:09:58 GMT
Vary: Accept-Encoding
CF-Cache-Status: MISS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Y3y%2BWb7KB3o4M1YvFs6oOaFF8Dsw%2BWe%2BF1I4dYCHew1sgBG3x3DSUx4WRlFfC7vnZnKgEQoIwMyIKU4oSJQUBU2GRl0%2BHgXt5FzKHacKSXtFIsmp4I8LNFxlNT2Zz9g%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 827787619e27d0c9-AMS
alt-svc: h3=":443"; ma=86400

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

1.1.1.1:53

172.105.64.19:443

GET /file_7078-dw.html HTTP/2.0
host: an1.com
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 11:10:44 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
content-encoding: gzip
x-proxy-cache: HIT
strict-transport-security: max-age=31536000

172.105.64.19:443

GET /uploads/bighunter3453465dft.png HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 11:10:45 GMT
content-type: image/png
content-length: 11384
last-modified: Fri, 18 Jun 2021 14:17:16 GMT
etag: "60ccaaec-2c78"
expires: Sat, 16 Nov 2024 11:01:33 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

172.105.64.19:443

GET /uploads/posts/2023-05/1683461919_bouncemasters.png HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 11:10:45 GMT
content-type: image/png
content-length: 11731
last-modified: Sun, 07 May 2023 12:18:38 GMT
etag: "6457971e-2dd3"
expires: Sat, 16 Nov 2024 10:48:21 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

172.105.64.19:443

GET /uploads/posts/2023-08/1692713770_ninja-arashi-2.jpg HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 11:10:45 GMT
content-type: image/jpeg
content-length: 24274
last-modified: Tue, 22 Aug 2023 14:16:07 GMT
etag: "64e4c327-5ed2"
expires: Sat, 16 Nov 2024 11:02:26 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

172.105.64.19:443

GET /uploads/riseballonuv49h.jpg HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 11:10:45 GMT
content-type: image/jpeg
content-length: 2975
last-modified: Sun, 20 Jun 2021 21:45:46 GMT
etag: "60cfb70a-b9f"
expires: Sat, 16 Nov 2024 10:52:01 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

172.105.64.19:443

GET /uploads/posts/2023-02/1676717415_sky-fighters-3d.png HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 11:10:45 GMT
content-type: image/png
content-length: 18387
last-modified: Sat, 18 Feb 2023 10:49:58 GMT
etag: "63f0ad56-47d3"
expires: Sat, 16 Nov 2024 10:59:35 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

172.105.64.19:443

GET /uploads/posts/2022-02/1644573935_vector.png HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 11:10:45 GMT
content-type: image/png
content-length: 11555
last-modified: Fri, 11 Feb 2022 10:05:23 GMT
etag: "620634e3-2d23"
expires: Sat, 16 Nov 2024 10:44:17 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

172.105.64.19:443

GET /uploads/posts/2023-05/1683530682_car-driving-online.png HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 11:10:45 GMT
content-type: image/png
content-length: 16763
last-modified: Mon, 08 May 2023 07:24:30 GMT
etag: "6458a3ae-417b"
expires: Sat, 16 Nov 2024 11:00:12 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

172.105.64.19:443

GET /uploads/posts/2023-06/1687263273_bakso-simulator.png HTTP/2.0
host: an1.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: same-origin
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
server: nginx
date: Fri, 17 Nov 2023 11:10:45 GMT
content-type: image/png
content-length: 18078
last-modified: Tue, 20 Jun 2023 12:14:18 GMT
etag: "6491981a-469e"
expires: Sat, 16 Nov 2024 10:59:24 GMT
cache-control: max-age=31536000
cache-control: max-age=31536000, public
x-proxy-cache: HIT
strict-transport-security: max-age=31536000
accept-ranges: bytes

1.1.1.1:53

151.101.193.229:443

GET /npm/yandex-metrica-watch/tag.js HTTP/2.0
host: cdn.jsdelivr.net
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: script
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

HTTP/2.0 200
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=604800, s-maxage=43200
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.300.0
x-jsd-version-type: version
etag: W/"35bff-x4V9ylDcLBiActKrmu66f3tAlMw"
content-encoding: br
accept-ranges: bytes
date: Fri, 17 Nov 2023 11:10:46 GMT
age: 27873
x-served-by: cache-fra-eddf8230100-FRA, cache-ams21082-AMS
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 90005

1.1.1.1:53

216.58.208.109:443

POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/2.0
host: accounts.google.com
content-length: 1
origin: https://www.google.com
content-type: application/x-www-form-urlencoded
sec-fetch-site: none
sec-fetch-mode: no-cors
sec-fetch-dest: empty
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

1.1.1.1:53

1.1.1.1:53

87.250.250.119:443

GET /watch/3?wmode=7&page-url=https%3A%2F%2Fan1.com%2Ffile_7078-dw.html&page-ref=&charset=utf-8&browser-info=pv%3A1%3Avf%3A3akmpckruryr72ly1stmj07z%3Ant%3A6%3Afp%3A3232%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1161%3Acn%3A2%3Adp%3A0%3Als%3A1047356945207%3Ahid%3A65500642%3Az%3A0%3Ai%3A20231117111042%3Aet%3A1700219442%3Ac%3A1%3Arn%3A1001497157%3Arqn%3A1%3Au%3A1700219442543875891%3Aw%3A0x0%3As%3A320x640x24%3Ask%3A1%3Awv%3A2%3Ads%3A1062%2C119%2C12%2C10%2C52%2C0%2C%2C1455%2C6%2C%2C%2C%2C3237%3Aco%3A0%3Ans%3A1700219438306%3Ast%3A1700219442&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(1) HTTP/2.0
host: mc.yandex.ru
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://an1.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

87.250.250.119:443

GET /watch/31319133?wmode=7&page-url=https%3A%2F%2Fan1.com%2Ffile_7078-dw.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A3akmpckruryr72ly1stmj07z%3Ant%3A6%3Afp%3A3232%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1161%3Acn%3A1%3Adp%3A0%3Als%3A1309408897619%3Ahid%3A65500642%3Az%3A0%3Ai%3A20231117111042%3Aet%3A1700219442%3Ac%3A1%3Arn%3A918185224%3Arqn%3A1%3Au%3A1700219442543875891%3Aw%3A0x0%3As%3A320x640x24%3Ask%3A1%3Awv%3A2%3Ads%3A1062%2C119%2C12%2C10%2C52%2C0%2C%2C1455%2C6%2C%2C%2C%2C3237%3Aco%3A0%3Ans%3A1700219438306%3Arqnl%3A1%3Ast%3A1700219442%3At%3AFive%20Nights%20at%20Freddy%27s%209%3A%20Security%20Breach%201.6.3.3.apk%20download%20page&t=gdpr(14)clc(0-0-0)rqnt(1)aw(1)ti(1) HTTP/2.0
host: mc.yandex.ru
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://an1.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

87.250.250.119:443

GET /metrika/advert.gif HTTP/2.0
host: mc.yandex.ru
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

87.250.250.119:443

GET /watch/3/1?wmode=7&page-url=https%3A%2F%2Fan1.com%2Ffile_7078-dw.html&page-ref&charset=utf-8&browser-info=pv%3A1%3Avf%3A3akmpckruryr72ly1stmj07z%3Ant%3A6%3Afp%3A3232%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1161%3Acn%3A2%3Adp%3A0%3Als%3A1047356945207%3Ahid%3A65500642%3Az%3A0%3Ai%3A20231117111042%3Aet%3A1700219442%3Ac%3A1%3Arn%3A1001497157%3Arqn%3A1%3Au%3A1700219442543875891%3Aw%3A0x0%3As%3A320x640x24%3Ask%3A1%3Awv%3A2%3Ads%3A1062%2C119%2C12%2C10%2C52%2C0%2C%2C1455%2C6%2C%2C%2C%2C3237%3Aco%3A0%3Ans%3A1700219438306%3Ast%3A1700219442&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29&redirnss=1 HTTP/2.0
host: mc.yandex.ru
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://an1.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ymex=1731755447.yrts.1700219447#1731755447.yrtsi.1700219447
cookie: _yasc=CDKcBhjNHueYRm80iZESu5BC+9NsHsvYaKtQG17knwL5Q0hG4kJrl44NxpYGZvbuoA==
cookie: yabs-sid=1394707181700219447
cookie: i=gWmdS7LbcYAm7KgUZOnkgSi8C0iC9kzMKbLxzUXBBmOH99yumhQPm5CAnF1OAkpt5b3XurNkk9COH+WrNHtKXKYRHuo=
cookie: yandexuid=8588224361700219447
cookie: yuidss=8588224361700219447

87.250.250.119:443

GET /watch/31319133/1?wmode=7&page-url=https%3A%2F%2Fan1.com%2Ffile_7078-dw.html&charset=utf-8&uah=che%0A0&browser-info=pv%3A1%3Avf%3A3akmpckruryr72ly1stmj07z%3Ant%3A6%3Afp%3A3232%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A1161%3Acn%3A1%3Adp%3A0%3Als%3A1309408897619%3Ahid%3A65500642%3Az%3A0%3Ai%3A20231117111042%3Aet%3A1700219442%3Ac%3A1%3Arn%3A918185224%3Arqn%3A1%3Au%3A1700219442543875891%3Aw%3A0x0%3As%3A320x640x24%3Ask%3A1%3Awv%3A2%3Ads%3A1062%2C119%2C12%2C10%2C52%2C0%2C%2C1455%2C6%2C%2C%2C%2C3237%3Aco%3A0%3Ans%3A1700219438306%3Arqnl%3A1%3Ast%3A1700219442%3At%3AFive%20Nights%20at%20Freddy%27s%209%3A%20Security%20Breach%201.6.3.3.apk%20download%20page&t=gdpr%2814%29clc%280-0-0%29rqnt%281%29aw%281%29ti%281%29&redirnss=1 HTTP/2.0
host: mc.yandex.ru
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: */*
origin: https://an1.com
sec-fetch-site: cross-site
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ymex=1731755447.yrts.1700219447#1731755447.yrtsi.1700219447
cookie: _yasc=CDKcBhjNHueYRm80iZESu5BC+9NsHsvYaKtQG17knwL5Q0hG4kJrl44NxpYGZvbuoA==
cookie: yabs-sid=1394707181700219447
cookie: i=gWmdS7LbcYAm7KgUZOnkgSi8C0iC9kzMKbLxzUXBBmOH99yumhQPm5CAnF1OAkpt5b3XurNkk9COH+WrNHtKXKYRHuo=
cookie: yandexuid=8588224361700219447
cookie: yuidss=8588224361700219447

87.250.250.119:443

GET /sync_cookie_image_check HTTP/2.0
host: mc.yandex.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9

87.250.250.119:443

GET /sync_cookie_image_start?redirect_domain=mc.yandex.com&token=10190.1OKJwbjxnL_9BJDq8Junyl1_ghgcB_GHbDmOpRHIPEHIxpCqrwhZxiE4TFm5UMHu.nmEApaJKsoLlLBrgpa3WxVGqyP4%2C HTTP/2.0
host: mc.yandex.ru
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: ymex=1731755447.yrts.1700219447#1731755447.yrtsi.1700219447
cookie: _yasc=CDKcBhjNHueYRm80iZESu5BC+9NsHsvYaKtQG17knwL5Q0hG4kJrl44NxpYGZvbuoA==
cookie: yabs-sid=1394707181700219447
cookie: i=gWmdS7LbcYAm7KgUZOnkgSi8C0iC9kzMKbLxzUXBBmOH99yumhQPm5CAnF1OAkpt5b3XurNkk9COH+WrNHtKXKYRHuo=
cookie: yandexuid=8588224361700219447
cookie: yuidss=8588224361700219447

87.250.250.119:443

GET /sync_cookie_image_decide?token=10190.JZ9tMIx6Jkl-NecQ399GR5fku2x_ShHxco1dQ-ZeIyGsiQwKBpV0I6PQVBnhuOe3tm0y7SYRxmH6bpT4pvl41pLS6qC_h0JnJZNse8uI72QxF-JZVqlyY0d0lcovB-M1590grkoXyBv0zKFEoqFfUmcYioPPYD1zQfpSouw1PviuJVVzmaqfIIsuoGJr1IKQE_2DwVnDBf7JfUVhh-SeGJhQZEZGCgn6YkAX2D1IolE%2C.8Bh-5MvTrBMjByTO52gJKG-Fj0Q%2C HTTP/2.0
host: mc.yandex.com
user-agent: Mozilla/5.0 (Linux; Android 11; sdk_gphone_x86_64_arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Mobile Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
sec-fetch-site: cross-site
sec-fetch-mode: no-cors
sec-fetch-dest: image
referer: https://an1.com/file_7078-dw.html
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: sync_cookie_csrf=1788014541fake