nowlive.pro Open in urlscan Pro
45.141.156.196 Public Scan

Go To Rescan
Add Verdict Report

URL:
http://nowlive.pro/1/101.html?id=109
Submission: On April 13 via manual (April 13th 2022, 1:05:43 pm UTC) from CL — Scanned from DE

Summary HTTP 72 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 34 IPs in 8 countries across 27 domains to perform 72 HTTP transactions. The main IP is 45.141.156.196, located in Bulgaria and belongs to YURTEH-AS, UA. The main domain is nowlive.pro. The Cisco Umbrella rank of the primary domain is 787608.

This is the only time nowlive.pro was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3	45.141.156.196 45.141.156.196	30860 (YURTEH-AS) (YURTEH-AS)
3	99.86.4.125 99.86.4.125	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:190e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	192.243.59.12 192.243.59.12	39572 (ADVANCEDH...) (ADVANCEDHOSTERS-AS)
2	2606:4700::68... 2606:4700::6810:a610	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82b::2001	15169 (GOOGLE) (GOOGLE)
1	2606:4700:10:... 2606:4700:10::6816:4bab	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:6ea0:c70... 2a02:6ea0:c700::4	60068 (CDN77 ^_^) (CDN77 ^_^)
1	2606:4700:20:... 2606:4700:20::681a:d76	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a06:98c1:312... 2a06:98c1:3121::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	167.114.209.61 167.114.209.61	16276 (OVH) (OVH)
2 4	108.157.4.96 108.157.4.96	16509 (AMAZON-02) (AMAZON-02)
2 4	95.211.229.248 95.211.229.248	60781 (LEASEWEB-...) (LEASEWEB-NL-AMS-01 Netherlands)
1	67.202.94.86 67.202.94.86	32748 (STEADFAST) (STEADFAST)
1	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
1	35.190.41.116 35.190.41.116	15169 (GOOGLE) (GOOGLE)
1	139.45.197.234 139.45.197.234	9002 (RETN-AS) (RETN-AS)
3	35.201.126.110 35.201.126.110	15169 (GOOGLE) (GOOGLE)
1	139.45.195.8 139.45.195.8	9002 (RETN-AS) (RETN-AS)
3	2606:4700::68... 2606:4700::6811:a7ba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.28.199 104.18.28.199	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2606:4700::68... 2606:4700::6811:a6ba	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	162.252.214.5 162.252.214.5	53334 (TUT-AS) (TUT-AS)
1	185.200.118.90 185.200.118.90	9009 (M247) (M247)
1	38.132.109.186 38.132.109.186	9009 (M247) (M247)
1	185.200.116.90 185.200.116.90	9009 (M247) (M247)
7	67.202.105.31 67.202.105.31	32748 (STEADFAST) (STEADFAST)
2 2	2a06:98c1:312... 2a06:98c1:3120::7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2 4	2606:4700::68... 2606:4700::6813:a860	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	116.203.132.93 116.203.132.93	24940 (HETZNER-AS) (HETZNER-AS)
1	67.202.105.33 67.202.105.33	32748 (STEADFAST) (STEADFAST)
1	208.95.113.2 208.95.113.2	53334 (TUT-AS) (TUT-AS)
3 5	2a02:cb40:200... 2a02:cb40:200::242	20546 (SOPRADO-ANY) (SOPRADO-ANY)
2 3	188.34.158.95 188.34.158.95	24940 (HETZNER-AS) (HETZNER-AS)
72	34

3 45.141.156.196 (Bulgaria)

ASN30860 (YURTEH-AS, UA)

nowlive.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.nowlive.pro	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.86.4.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-125.fra6.r.cloudfront.net

releases.flowplayer.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.243.59.12 (Ashburn, United States)

ASN39572 (ADVANCEDHOSTERS-AS, NL)

5vpbnbkiey24.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:a610 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnondemand.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

1.bp.blogspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:10::6816:4bab (United States)

ASN13335 (CLOUDFLARENET, US)

widgets.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:6ea0:c700::4 (Frankfurt am Main, Germany)

ASN60068 (CDN77 ^_^, GB)

www.antiadblocksystems.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:20::681a:d76 (United States)

ASN13335 (CLOUDFLARENET, US)

iclickcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3121::7 (United States)

ASN13335 (CLOUDFLARENET, US)

www.soccerjumbotv1.me	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.dailydeports.pw	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 167.114.209.61 (Montreal, Canada)

ASN16276 (OVH, FR)
PTR: ns515688.ip-167-114-209.net

t.dtscout.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 108.157.4.96 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: server-108-157-4-96.dus51.r.cloudfront.net

witalfieldt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 95.211.229.248 (Netherlands) 2 redirects

ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL)
PTR: ds03.evo.0x3e.net

s.optnx.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.94.86 (Chicago, United States)

ASN32748 (STEADFAST, US)
PTR: amung.us

whos.amung.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.41.116 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 116.41.190.35.bc.googleusercontent.com

youradexchange.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.197.234 (United Kingdom)

ASN9002 (RETN-AS, GB)

bedrapiona.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.201.126.110 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 110.126.201.35.bc.googleusercontent.com

www.adexchangeguru.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 139.45.195.8 (United Kingdom)

ASN9002 (RETN-AS, GB)

my.rtmark.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:a7ba (United States)

ASN13335 (CLOUDFLARENET, US)

c.adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.28.199 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:a6ba (United States)

ASN13335 (CLOUDFLARENET, US)

6.adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 162.252.214.5 (United States)

ASN53334 (TUT-AS, US)

4.adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.200.118.90 (London, United Kingdom)

ASN9009 (M247, GB)
PTR: adscore.com

mbpofnohmaof.l4.adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 38.132.109.186 (New York, United States)

ASN9009 (M247, GB)

mbpofnohmaof.n4.adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.200.116.90 (Romania)

ASN9009 (M247, GB)
PTR: no-mans-land.m247.com

mbpofnohmaof.s4.adsco.re	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 67.202.105.31 (United States)

ASN32748 (STEADFAST, US)
PTR: ip31.67-202-105.static.steadfastdns.net

ic.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a06:98c1:3120::7 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

abc.wwija.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700::6813:a860 (United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

r.srvtrck.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 116.203.132.93 (Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.93.132.203.116.clients.your-server.de

ad.dazeadsrv1.media	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 67.202.105.33 (United States)

ASN32748 (STEADFAST, US)
PTR: ip33.67-202-105.static.steadfastdns.net

de.tynt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 208.95.113.2 (United States)

ASN53334 (TUT-AS, US)

antiadblocksystems.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a02:cb40:200::242 (Germany) 3 redirects

ASN20546 (SOPRADO-ANY, DE)

t.adcell.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 188.34.158.95 (Germany) 2 redirects

ASN24940 (HETZNER-AS, DE)
PTR: static.95.158.34.188.clients.your-server.de

www.plissee-flix24.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
plissee-flix24.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	adsco.re c.adsco.re — Cisco Umbrella Rank: 17959 6.adsco.re — Cisco Umbrella Rank: 18482 4.adsco.re — Cisco Umbrella Rank: 20507 adsco.re — Cisco Umbrella Rank: 15639 mbpofnohmaof.l4.adsco.re mbpofnohmaof.n4.adsco.re mbpofnohmaof.s4.adsco.re	78 KB
9	tynt.com cdn.tynt.com — Cisco Umbrella Rank: 7684 ic.tynt.com — Cisco Umbrella Rank: 4493 de.tynt.com — Cisco Umbrella Rank: 1348	8 KB
5	adcell.com 3 redirects t.adcell.com — Cisco Umbrella Rank: 38383	9 KB
4	srvtrck.com 2 redirects r.srvtrck.com — Cisco Umbrella Rank: 36562	2 KB
4	optnx.com 2 redirects s.optnx.com — Cisco Umbrella Rank: 22197	6 KB
4	witalfieldt.com 2 redirects witalfieldt.com — Cisco Umbrella Rank: 632860	3 KB
3	plissee-flix24.de 2 redirects www.plissee-flix24.de plissee-flix24.de	399 B
3	dazeadsrv1.media ad.dazeadsrv1.media — Cisco Umbrella Rank: 757078	26 KB
3	adexchangeguru.com www.adexchangeguru.com — Cisco Umbrella Rank: 972013	5 KB
3	flowplayer.org releases.flowplayer.org — Cisco Umbrella Rank: 42742	213 KB
3	nowlive.pro nowlive.pro — Cisco Umbrella Rank: 787608 www.nowlive.pro	5 KB
2	wwija.com 2 redirects abc.wwija.com — Cisco Umbrella Rank: 136925	1 KB
2	dtscout.com t.dtscout.com — Cisco Umbrella Rank: 12980	3 KB
2	antiadblocksystems.com www.antiadblocksystems.com — Cisco Umbrella Rank: 208159 antiadblocksystems.com — Cisco Umbrella Rank: 159142	10 KB
2	amung.us widgets.amung.us — Cisco Umbrella Rank: 13495 whos.amung.us — Cisco Umbrella Rank: 12875	7 KB
2	blogspot.com 1.bp.blogspot.com — Cisco Umbrella Rank: 8645	6 KB
2	cdnondemand.org cdnondemand.org — Cisco Umbrella Rank: 319871	87 KB
2	5vpbnbkiey24.com 5vpbnbkiey24.com — Cisco Umbrella Rank: 900279
1	dailydeports.pw www.dailydeports.pw — Cisco Umbrella Rank: 934234	1 KB
1	rtmark.net my.rtmark.net — Cisco Umbrella Rank: 9763	542 B
1	bedrapiona.com bedrapiona.com — Cisco Umbrella Rank: 33020	2 KB
1	youradexchange.com youradexchange.com — Cisco Umbrella Rank: 32679	966 B
1	gstatic.com www.gstatic.com	3 KB
1	soccerjumbotv1.me www.soccerjumbotv1.me — Cisco Umbrella Rank: 972781	1 KB
1	iclickcdn.com iclickcdn.com — Cisco Umbrella Rank: 40320	24 KB
1	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 238	43 KB
0	cheches.info Failed init.cheches.info Failed
72	27

	Domain	Requested by
7	ic.tynt.com	nowlive.pro
5	t.adcell.com	3 redirects r.srvtrck.com t.adcell.com
4	r.srvtrck.com	2 redirects s.optnx.com
4	s.optnx.com	2 redirects nowlive.pro www.dailydeports.pw
4	witalfieldt.com	2 redirects nowlive.pro www.dailydeports.pw
3	ad.dazeadsrv1.media	www.adexchangeguru.com ad.dazeadsrv1.media
3	4.adsco.re	nowlive.pro c.adsco.re
3	6.adsco.re	nowlive.pro c.adsco.re
3	c.adsco.re	www.antiadblocksystems.com c.adsco.re
3	www.adexchangeguru.com	www.soccerjumbotv1.me www.adexchangeguru.com nowlive.pro
3	releases.flowplayer.org	nowlive.pro releases.flowplayer.org
2	www.plissee-flix24.de	2 redirects
2	abc.wwija.com	2 redirects
2	adsco.re	c.adsco.re
2	t.dtscout.com	widgets.amung.us t.dtscout.com
2	1.bp.blogspot.com	nowlive.pro
2	cdnondemand.org	nowlive.pro cdnondemand.org
2	5vpbnbkiey24.com	nowlive.pro www.nowlive.pro
2	nowlive.pro	nowlive.pro
1	plissee-flix24.de	t.adcell.com
1	antiadblocksystems.com	www.antiadblocksystems.com
1	de.tynt.com	cdn.tynt.com
1	mbpofnohmaof.s4.adsco.re	c.adsco.re
1	mbpofnohmaof.n4.adsco.re	c.adsco.re
1	mbpofnohmaof.l4.adsco.re	c.adsco.re
1	cdn.tynt.com	widgets.amung.us
1	www.dailydeports.pw	www.soccerjumbotv1.me
1	my.rtmark.net	iclickcdn.com
1	bedrapiona.com	iclickcdn.com
1	www.nowlive.pro	nowlive.pro
1	youradexchange.com	cdnondemand.org
1	www.gstatic.com	releases.flowplayer.org
1	whos.amung.us	widgets.amung.us
1	www.soccerjumbotv1.me	nowlive.pro
1	iclickcdn.com	nowlive.pro
1	www.antiadblocksystems.com	nowlive.pro
1	widgets.amung.us	nowlive.pro
1	cdnjs.cloudflare.com	nowlive.pro
0	init.cheches.info Failed	cdnjs.cloudflare.com
72	39

This site contains links to these domains. Also see Links.

Domain
adsco.re
flowplayer.com
youradexchange.com

Subject Issuer	Validity	Valid
*.flowplayer.org Amazon	`2021-08-02` - `2022-08-31`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-09-21` - `2022-09-20`	a year	crt.sh
misc-sni.blogspot.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
1431218181.rsc.cdn77.org R3	`2022-03-20` - `2022-06-18`	3 months	crt.sh
*.dtscout.com Sectigo RSA Domain Validation Secure Server CA	`2021-10-28` - `2022-11-27`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2022-03-21` - `2022-06-13`	3 months	crt.sh
bedrapiona.com R3	`2022-03-30` - `2022-06-28`	3 months	crt.sh
*.rtmark.net Sectigo RSA Domain Validation Secure Server CA	`2021-11-20` - `2022-11-26`	a year	crt.sh
*.adsco.re Sectigo RSA Organization Validation Secure Server CA	`2021-09-06` - `2022-09-28`	a year	crt.sh
*.tynt.com Sectigo RSA Domain Validation Secure Server CA	`2021-09-23` - `2022-09-30`	a year	crt.sh
*.l4.adsco.re R3	`2022-03-19` - `2022-06-17`	3 months	crt.sh
*.n4.adsco.re R3	`2022-03-19` - `2022-06-17`	3 months	crt.sh
*.s4.adsco.re R3	`2022-03-19` - `2022-06-17`	3 months	crt.sh
*.srvtrck.com Go Daddy Secure Certificate Authority - G2	`2021-12-23` - `2023-01-24`	a year	crt.sh
optnx.com R3	`2022-03-07` - `2022-06-05`	3 months	crt.sh
witalfieldt.com Amazon	`2021-07-09` - `2022-08-07`	a year	crt.sh
adcell.com Certum Domain Validation CA SHA2	`2021-09-20` - `2022-09-20`	a year	crt.sh
plissee-flix24.de R3	`2022-02-16` - `2022-05-17`	3 months	crt.sh

This page contains 11 frames:

Primary Page: http://nowlive.pro/1/101.html?id=109
Frame ID: 0533AB6B015C6777DF7E8137BC21618E
Requests: 42 HTTP requests in this frame

Frame: http://www.soccerjumbotv1.me/ads1.htm
Frame ID: 29E1CA7C2FE5B4DDB935BA826D86DE08
Requests: 2 HTTP requests in this frame

Frame: http://nowlive.pro/1/ads.htm
Frame ID: E39CBF5599486BD32A7FAE8B1F6030B4
Requests: 2 HTTP requests in this frame

Frame: https://plissee-flix24.de/?bid=239881-47322-v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&adcref=
Frame ID: EFF919AAAE3408A2AC03AA69DE4DA8A7
Requests: 4 HTTP requests in this frame

Frame: http://witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER]
Frame ID: 07B7794E4C11107E55390A8148DC45F9
Requests: 1 HTTP requests in this frame

Frame: http://www.nowlive.pro/300x250.html
Frame ID: 00EA9DFC10BF1CADEEA7005C92DD92EC
Requests: 2 HTTP requests in this frame

Frame: http://www.adexchangeguru.com/ad/display.php?stamat=m%257CO2YherYiaQdH8AH0dEdHP3xP.b16%252CZMkKdRAQlkuDbgTABrav5E3KUkbQB17j8ZsXTsm1KP2tKUUlsMpV9XyouF_Ivdu5Hz7WN0MVT4qmQAB5FXeUuYxDHFkIJwigOFgCpA-IxNcq_LZdZlmvgxVYv-89on5e&cbpage=http://www.soccerjumbotv1.me/ads1.htm&cbur=0.36608830317422547&cbtitle=&cbiframe=1&cbWidth=1&cbHeight=1&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fnowlive.pro%2F
Frame ID: EF45C07DB5461A270A94D37FB63FF1C4
Requests: 5 HTTP requests in this frame

Frame: https://www.dailydeports.pw/sj.html
Frame ID: 30FFB2B0A04A024FA1A832C3BC0A42AD
Requests: 1 HTTP requests in this frame

Frame: http://c.adsco.re/
Frame ID: 877181ED52D070CBE010846DA7C7A579
Requests: 6 HTTP requests in this frame

Frame: https://t.adcell.com/p/click?promoId=171392&slotId=47322&param0=http%3A%2F%2Fwww.shaktimat.de&subId=v030400011684a0a568d324ad4663a0eaeed0b9648399&referer=&fp=2099bf41acc92cbfb5d45da8128ef1ea
Frame ID: 3E8260186C1F525964B44F627F93F4B1
Requests: 4 HTTP requests in this frame

Frame: https://witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER]
Frame ID: 4C478DF269CAF3E3FDEE7C180DE10C9C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

play-rounded-fillplay-rounded-outlineplay-sharp-fillplay-sharp-outlinepause-sharp-outlinepause-sharp-fillpause-rounded-outlinepause-rounded-fill

Page Statistics

72
Requests

49 %
HTTPS

38 %
IPv6

27
Domains

39
Subdomains

34
IPs

8
Countries

536 kB
Transfer

1078 kB
Size

16
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: http://adsco.re/v

Search URL Search Domain Scan URL

URL: https://flowplayer.com/hello/?from=player

Search URL Search Domain Scan URL

URL: https://flowplayer.com/license
Title: GPL based license

Search URL Search Domain Scan URL

URL: http://youradexchange.com/ad/visit.php?al=1

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 15

http://witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER] HTTP 302
http://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1vb2RQTlpIWFRITlZOSFhhN2JjN3FLNjU3YXFIVXp6VTJWV1R1bGM2cWFaMVU3cDNVeXVsZEs2VjFsTXpwWFN1bGRLNmQwN3BYU3VtZEs2VjBycTlOSnRicXVOcDg5dEx1S2E3TTlKYko2NmJacHJMZHEzVjFTN1VYVjV6MTFiYloyeTEyVjBjYTV6YVQwejNVenl1cnV0cXRsY0FLZnUwYnhpSUZ6blN1bGRLNlYwcnBYU3VsZEs0UHNBLSZjb3N0PTAuMDAwNTY1JnNvdXJjZT1hZG1hdmVuLmNvbSZ2YXJpZD00MjE0NzU3MiZjYW1waWQ9Mzk0NTg1NiZzaXRlaWQ9ODI4OTYzJnpvbmVpZD0zNjYyODUzJmNhdGlkPTUxMSZjb3VudHJ5PURFVSZmb3JtYXQ9fGh0dHB8MjE3LjY0LjE1MS42OHxERVV8NTJ8YWRtYXZlbi5jb218NTk4MTg2fDQzMDY3NXw4Mjg5NjN8MzY2Mjg1M3w1MTF8Mzk0NTg1Nnw0MjE0NzU3Mnw0MHwyfDB8MHw3NDF8Njk4NTgwfDU2LjV8NzV8VVNEfFVTRHwxfDF8MjJ8fDF8REVVfHw3NHwyfDB8fDZiYjFjOTVmZDJhZGI5ZjQ2N2FiMDcyNjQ4MTE3OGQ2fDY1MGQzOTZhMjY1ZGRhODA2NzYzZmNhMWIyNDI5NDIwfDB8Mnxub3dsaXZlLnByb3wwfDB8MHwwLjAxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDB8MHxob3N0aW5nfHZwbnwwfDB8fDJ8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8T0t8YTRmZDQ2ODU0ZjEwNzI0MTFlM2VmMTM2YWI2OThlNDE-

Request Chain 44

http://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1vb2RQTlpIWFRITlZOSFhhN2JjN3FLNjU3YXFIVXp6VTJWV1R1bGM2cWFaMVU3cDNVeXVsZEs2VjFsTXpwWFN1bGRLNmQwN3BYU3VtZEs2VjBycTlOSnRicXVOcDg5dEx1S2E3TTlKYko2NmJacHJMZHEzVjFTN1VYVjV6MTFiYloyeTEyVjBjYTV6YVQwejNVenl1cnV0cXRsY0FLZnUwYnhpSUZ6blN1bGRLNlYwcnBYU3VsZEs0UHNBLSZjb3N0PTAuMDAwNTY1JnNvdXJjZT1hZG1hdmVuLmNvbSZ2YXJpZD00MjE0NzU3MiZjYW1waWQ9Mzk0NTg1NiZzaXRlaWQ9ODI4OTYzJnpvbmVpZD0zNjYyODUzJmNhdGlkPTUxMSZjb3VudHJ5PURFVSZmb3JtYXQ9fGh0dHB8MjE3LjY0LjE1MS42OHxERVV8NTJ8YWRtYXZlbi5jb218NTk4MTg2fDQzMDY3NXw4Mjg5NjN8MzY2Mjg1M3w1MTF8Mzk0NTg1Nnw0MjE0NzU3Mnw0MHwyfDB8MHw3NDF8Njk4NTgwfDU2LjV8NzV8VVNEfFVTRHwxfDF8MjJ8fDF8REVVfHw3NHwyfDB8fDZiYjFjOTVmZDJhZGI5ZjQ2N2FiMDcyNjQ4MTE3OGQ2fDY1MGQzOTZhMjY1ZGRhODA2NzYzZmNhMWIyNDI5NDIwfDB8Mnxub3dsaXZlLnByb3wwfDB8MHwwLjAxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDB8MHxob3N0aW5nfHZwbnwwfDB8fDJ8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8T0t8YTRmZDQ2ODU0ZjEwNzI0MTFlM2VmMTM2YWI2OThlNDE-&p=http%3A%2F%2Fnowlive.pro%2F&tested=1&check=e8d1b15356a220b650808b879dd46075&screen_resolution=1600x1200&container_resolution=1x8&iframe=1 HTTP 302
https://abc.wwija.com/click.php?key=9tz2gymnylbpc4gs2a74&tag=oodPNZHXTHNVNHXa7bc7qK657aqHUzzU2VWTulc6qaZ1U7p3UyuldK6V1lMzpXSuldK6d07pXSumdK6V0rq9NJtbquNp89tLuKa7M9JbJ66bZprLdq3V1S7UXV5z11bbZ2y12V0ca5zaT0z3UzyurutqtlcAKfu0bxiIFznSuldK6V0rpXSuldK4PsA-&cost=0.000565&source=admaven.com&varid=42147572&campid=3945856&siteid=828963&zoneid=3662853&catid=511&country=DEU&format=&exffir=eyJjIjoiZThkMWIxNTM1NmEyMjBiNjUwODA4Yjg3OWRkNDYwNzUiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxeDgiLCJpIjoiMSJ9 HTTP 302
https://r.srvtrck.com/v1/redirect?type=linkId&id=61992972b9924446bac78249ae573bbe&api_key=2fe47058ccdf28a42879b9ff7dfa613c&site_id=d3fc80ebd40d4fa186aedd0299d0074c&dch=feed&ad_t=advertiser&yk_tag=d75193vwfqqusvrc99 HTTP 302
https://r.srvtrck.com/v2/go?t=dtep7%3Ae%2F1.3dfedl5c2m1pacciak8p1o4o8d1209483%26vldtbds4e3.22pirfme%3Dstipp3w%25wF2%25F2wA.%25ltshe0-alax%2642d7%26%3DuIIo%3Ds0108030%3D1I8merb%3Fac4l2%2F5%2F4oa.alfcfa3tc%2F4sft1h&e=1&ai=a50bb149d0b4470e9cafd0f7878064d9&sct=0&ct=1649855137400&cu=e1b8aa4c2a5142a5adfff331ce47fe1d&ykuid=c3d9a16ccf9949698077dcce12fd2205&sc=1&cs=eae7467ca833c48d05089387001fbb1c

Request Chain 47

https://witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER] HTTP 302
https://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1vb2RQTlpIWFRITlZOSFhhN2JjN3FLNjU3YXFIVXp6VTJWV1R1bGM2cWFaMVU3cDNVeXVsZEs2VjFsTXpwWFN1bGRLNmQwN3BYU3VtZEs2VjB6cVpycmJxTHFOdDdlTTdicC5OYWFLSnJxSnFkOTlKdU5uVTJ6VFM3N2FiVDNjYTEzUzJaMFRWUzc3emJaenoxeTFPcnV0cXRsZHRuMzh2YmNRU0dMR0pMbk9sZEs2VjBycFhTdWxkSzZWd2ZZQS0mY29zdD0wLjAwMDU2NSZzb3VyY2U9YWRtYXZlbi5jb20mdmFyaWQ9NDIxNDc1NzImY2FtcGlkPTM5NDU4NTYmc2l0ZWlkPTgyODk2MyZ6b25laWQ9MzY2Mjg1MyZjYXRpZD01MTEmY291bnRyeT1ERVUmZm9ybWF0PXxodHRwc3wyMTcuNjQuMTUxLjY4fERFVXw1MnxhZG1hdmVuLmNvbXw1OTgxODZ8NDMwNjc1fDgyODk2M3wzNjYyODUzfDUxMXwzOTQ1ODU2fDQyMTQ3NTcyfDQwfDJ8MHwwfDc0MXw2OTg1ODB8NTYuNXw3NXxVU0R8VVNEfDF8MXwyMnx8MXxERVV8fDc0fDJ8MXx8NDE5ODkzOTNkZThmYTg5MmZjNDMzMTkzMTRlZWIxZmR8NDgxMTBlZGJkMjlmYzY5MDdhMzE1MGVlMWRhMjI2MDV8MHwyfGRhaWx5ZGVwb3J0cy5wd3wwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDB8MHxob3N0aW5nfHZwbnwwfDB8fDJ8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8T0t8MDRjNTM4NjMyY2I2ZmM3NWI0M2E0OGY4ZmU5ZTU5YWU-

Request Chain 62

https://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1vb2RQTlpIWFRITlZOSFhhN2JjN3FLNjU3YXFIVXp6VTJWV1R1bGM2cWFaMVU3cDNVeXVsZEs2VjFsTXpwWFN1bGRLNmQwN3BYU3VtZEs2VjB6cVpycmJxTHFOdDdlTTdicC5OYWFLSnJxSnFkOTlKdU5uVTJ6VFM3N2FiVDNjYTEzUzJaMFRWUzc3emJaenoxeTFPcnV0cXRsZHRuMzh2YmNRU0dMR0pMbk9sZEs2VjBycFhTdWxkSzZWd2ZZQS0mY29zdD0wLjAwMDU2NSZzb3VyY2U9YWRtYXZlbi5jb20mdmFyaWQ9NDIxNDc1NzImY2FtcGlkPTM5NDU4NTYmc2l0ZWlkPTgyODk2MyZ6b25laWQ9MzY2Mjg1MyZjYXRpZD01MTEmY291bnRyeT1ERVUmZm9ybWF0PXxodHRwc3wyMTcuNjQuMTUxLjY4fERFVXw1MnxhZG1hdmVuLmNvbXw1OTgxODZ8NDMwNjc1fDgyODk2M3wzNjYyODUzfDUxMXwzOTQ1ODU2fDQyMTQ3NTcyfDQwfDJ8MHwwfDc0MXw2OTg1ODB8NTYuNXw3NXxVU0R8VVNEfDF8MXwyMnx8MXxERVV8fDc0fDJ8MXx8NDE5ODkzOTNkZThmYTg5MmZjNDMzMTkzMTRlZWIxZmR8NDgxMTBlZGJkMjlmYzY5MDdhMzE1MGVlMWRhMjI2MDV8MHwyfGRhaWx5ZGVwb3J0cy5wd3wwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDB8MHxob3N0aW5nfHZwbnwwfDB8fDJ8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8T0t8MDRjNTM4NjMyY2I2ZmM3NWI0M2E0OGY4ZmU5ZTU5YWU-&p=https%3A%2F%2Fwww.dailydeports.pw%2F&tested=1&check=e8d1b15356a220b650808b879dd46075&screen_resolution=1600x1200&container_resolution=1x8&iframe=1 HTTP 302
https://abc.wwija.com/click.php?key=9tz2gymnylbpc4gs2a74&tag=oodPNZHXTHNVNHXa7bc7qK657aqHUzzU2VWTulc6qaZ1U7p3UyuldK6V1lMzpXSuldK6d07pXSumdK6V0zqZrrbqLqNt7eM7bp.NaaKJrqJqd99JuNnU2zTS77abT3ca13S2Z0TVS77zbZzz1y1Orutqtldtn38vbcQSGLGJLnOldK6V0rpXSuldK6VwfYA-&cost=0.000565&source=admaven.com&varid=42147572&campid=3945856&siteid=828963&zoneid=3662853&catid=511&country=DEU&format=&exffir=eyJjIjoiZThkMWIxNTM1NmEyMjBiNjUwODA4Yjg3OWRkNDYwNzUiLCJ0IjoiMSIsInNyIjoiMTYwMHgxMjAwIiwiY3IiOiIxeDgiLCJpIjoiMSJ9 HTTP 302
https://r.srvtrck.com/v1/redirect?type=linkId&id=4dd57bc196784dc18e7f6d732e0ea973&api_key=9f389a84fd636114184e76a631ea9d8b&site_id=7add72c8711b449ea56ff14a1578bbe2&dch=feed&ad_t=advertiser&yk_tag=4a41c3vwfqqxs8n10d HTTP 302
https://r.srvtrck.com/v2/go?t=9t3p4%3A9%2F0.edae0l3c6mdp4c3i8k5p0o4o6d1101493%26vldtbds4e3.2apirkmh%3D.twpF3%25%252FA2%25wtwhs0aatam%26t2d7%26%3DuIIo%3Ds0203070%3D1I8mara%3F6cdl2%2Fa%2F4o6.aleceadtb%2F6s8t9h&e=1&ai=aecae0da294d4e109fd2487eee5ce4fd&sct=0&ct=1649855137597&cu=a0a568d324ad4663a0eaeed0b9648399&ykuid=14624eec61b74c97b84fb20b932c3219&sc=1&cs=3eb4b56e6b1e08cce7051e72857f88dd

Request Chain 64

https://t.adcell.com/p/click?promoId=239881&slotId=47322&param0=http%3A%2F%2Fwww.plissee-flix24.de&subId=v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d HTTP 302
https://t.adcell.com/forward?promoId=239881&slotId=47322&param0=http%3A%2F%2Fwww.plissee-flix24.de&subId=v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&referer=

Request Chain 65

https://t.adcell.com/p/click?promoId=171392&slotId=47322&param0=http%3A%2F%2Fwww.shaktimat.de&subId=v030400011684a0a568d324ad4663a0eaeed0b9648399 HTTP 302
https://t.adcell.com/forward?promoId=171392&slotId=47322&param0=http%3A%2F%2Fwww.shaktimat.de&subId=v030400011684a0a568d324ad4663a0eaeed0b9648399&referer=

Request Chain 66

https://t.adcell.com/p/click?promoId=239881&slotId=47322&param0=http%3A%2F%2Fwww.plissee-flix24.de&subId=v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&referer=&fp=2099bf41acc92cbfb5d45da8128ef1ea HTTP 302
http://www.plissee-flix24.de/?bid=239881-47322-v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&adcref= HTTP 301
https://www.plissee-flix24.de/?bid=239881-47322-v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&adcref= HTTP 301
https://plissee-flix24.de/?bid=239881-47322-v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&adcref=

72 HTTP transactions
-2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 101.html Show response
nowlive.pro/1/ 8 KB
4 KB 138ms
99ms Document
text/html 45.141.156.196
YURTEH-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://nowlive.pro/1/101.html?id=109
Protocol: HTTP/1.1
Server: 45.141.156.196 , Bulgaria, ASN30860 (YURTEH-AS, UA),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 71babba1068e8080c6f125db5eef4085c1576b34f66a289e4508225e0fb3db27

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 13 Apr 2022 13:05:35 GMT
ETag: W/"625227b1-1ea9"
Last-Modified: Sun, 10 Apr 2022 00:41:21 GMT
Server: nginx/1.14.2
Transfer-Encoding: chunked

GET
H2 200 skin.css
releases.flowplayer.org/7.2.6/skin/ 40 KB
40 KB 24ms
6ms Stylesheet
text/css 99.86.4.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://releases.flowplayer.org/7.2.6/skin/skin.css
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-125.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: ce7e9cc6858aeb30a23bc3bf5fee9fd57a339b273ab8b1681bf0dd7a2429505f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 07:07:19 GMT
via: 1.1 8cdf0467c0468ddfe8e9873c6bb8304c.cloudfront.net (CloudFront)
last-modified: Tue, 17 Apr 2018 11:12:25 GMT
server: AmazonS3
age: 21497
etag: "977323326d3b4ab22afa6fe64e5a93cc"
vary: Origin
x-cache: Hit from cloudfront
content-type: text/css
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 40582
x-amz-cf-id: -uxAQb5t56MsLQTkfwF8w07HK3Xh4rgjrUj8Pw6Af8uR3Gu5EeUGlA==

GET
H2 200 hls.light.min.js Show response
cdnjs.cloudflare.com/ajax/libs/hls.js/0.9.1/ 172 KB
43 KB 88ms
47ms Script
application/javascript 2606:4700::6811:190e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/hls.js/0.9.1/hls.light.min.js

Requested by

Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c4ba8d0db29ad1fe8732590c52af262afbcdb592c346934fd2bb25ff1ce8a1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:35 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 1709754
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 43486
timing-allow-origin: *
last-modified: Mon, 04 May 2020 16:10:37 GMT
server: cloudflare
cf-cdnjs-via: cfworker/kv
etag: "5eb03e7d-2afb7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mT2YRg0GrT09VNBtWi94ZGGcBsYuRPrZvT9Tjnv8IToxjmtd%2B%2B8f3ydTyKgLsLVFs9hLl4JU9vG8ZAMKIZOo46abw3hghF35EuInCMDx1cugvZWqaDP9KGxpgrze5ot2HCVbnPG2J6Fp9iqpWm4bfhE0"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=30672000
accept-ranges: bytes
cf-ray: 6fb46a06dc44f927-MXP
expires: Mon, 03 Apr 2023 13:05:35 GMT

GET
H2 200 flowplayer.min.js Show response
releases.flowplayer.org/7.2.6/ 164 KB
164 KB 24ms
7ms Script
application/javascript 99.86.4.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://releases.flowplayer.org/7.2.6/flowplayer.min.js
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-125.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d195f295d9bbb630527f6a457a9d74895f8b647f19218bf0477f3511a1a12d04

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 02:49:28 GMT
via: 1.1 8cdf0467c0468ddfe8e9873c6bb8304c.cloudfront.net (CloudFront)
last-modified: Tue, 17 Apr 2018 11:12:23 GMT
server: AmazonS3
age: 36968
etag: "753e989f05e4af4dc76909ea9b464f05"
vary: Origin
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
content-length: 167872
x-amz-cf-id: lx7i6PUYp1EQw8b3BQ1THAYtdaNH8F2x5kKa_VdADolYQtWh8JOCNg==

GET
H/1.1 403
Forbidden 21510760b6d533922bc4866e828f0d11.js
5vpbnbkiey24.com/21/51/07/ 0
0 188ms
96ms Script
application/javascript 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://5vpbnbkiey24.com/21/51/07/21510760b6d533922bc4866e828f0d11.js
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: HTTP/1.1
Server: 192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.17.6 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 13:05:35 GMT
Server: nginx/1.17.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA,x-Device-User-Agent
Content-Type: application/javascript
Content-Length: 0

GET
H/1.1 200
OK suv4.js Show response
cdnondemand.org/script/ 168 KB
53 KB 68ms
51ms Script
application/javascript 2606:4700::6810:a610
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdnondemand.org/script/suv4.js
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: HTTP/1.1
Server: 2606:4700::6810:a610 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da0475bb6ca8a6dba448307f8ef0b9910a7ca133dd86135d6c9b4ec4c4f16f83

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 13:05:35 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 18
X-GUploader-UploadID: ADPycds3PdxupT-8JUz5OkGOr3Ut6AZKbP8-0jOimMPQbIWqHMjbSY334Y-mNeDh_76xWoWZGM8VmzL7kRG4Pv8aDNMy53UxJ0GR
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
Connection: keep-alive
Content-Type: application/javascript
Last-Modified: Tue, 12 Apr 2022 06:47:25 GMT
Server: cloudflare
ETag: W/"a5b89801ba7fa3b278b00418dbac69be"
Vary: Accept-Encoding
x-goog-hash: crc32c=uH7tNQ==, md5=pbiYAbp/o7J4sAQY26xpvg==
x-goog-generation: 1649746045093811
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Transfer-Encoding: chunked
x-goog-stored-content-length: 171665
CF-RAY: 6fb46a06ce1d83a3-MXP
Expires: Wed, 13 Apr 2022 17:05:35 GMT

GET
H2 200 close.gif
1.bp.blogspot.com/-gJqX30AFyLM/U5cHTg-BYLI/AAAAAAAAADc/1YwTwtrsgGU/s1600/ 2 KB
2 KB 32ms
8ms Image
image/gif 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://1.bp.blogspot.com/-gJqX30AFyLM/U5cHTg-BYLI/AAAAAAAAADc/1YwTwtrsgGU/s1600/close.gif

Requested by

Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

3dddff067978d36c4fe4a9de9b4334d20ecd5cfb1be75367a48cdd4f19b7c257

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 11:24:52 GMT
x-content-type-options: nosniff
age: 6043
content-disposition: inline;filename="close.gif"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1889
x-xss-protection: 0
server: fife
etag: "v38"
vary: Origin
content-type: image/gif
access-control-allow-origin: *
access-control-expose-headers: Content-Length
cache-control: public, max-age=86400, no-transform
timing-allow-origin: *
expires: Tue, 05 Oct 2021 18:16:12 GMT

GET
H/1.1 200
OK classic.js Show response
widgets.amung.us/ 12 KB
7 KB 67ms
41ms Script
application/x-javascript 2606:4700:10::6816:4bab
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://widgets.amung.us/classic.js
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: HTTP/1.1
Server: 2606:4700:10::6816:4bab , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9b7469d8fba6e9d71beec83d90b3a7658aa4b61a2d4e6cdb36fa0b89f8de11af

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 13:05:35 GMT
content-encoding: gzip
CF-Cache-Status: HIT
last-modified: Thu, 10 Mar 2022 23:24:53 GMT
Server: cloudflare
Age: 2936
etag: W/"622a88c5-2f93"
Vary: Accept-Encoding
Content-Type: application/x-javascript
access-control-allow-origin: *
cache-control: max-age=86400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6fb46a0769250e0e-MXP
expires: Thu, 14 Apr 2022 12:16:39 GMT

GET
H2 200 intro.min.js Show response
www.antiadblocksystems.com/ 30 KB
9 KB 49ms
14ms Script
application/x-javascript 2a02:6ea0:c700::4
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://www.antiadblocksystems.com/intro.min.js
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c700::4 Frankfurt am Main, Germany, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
Software: CDN77-Turbo /
Resource Hash: 58191e2d40f8b78e8c3c6d58c42612dcdf110a86055b662d54f0739dab1e0c9b

Request headers

Referer: http://nowlive.pro/
Origin: http://nowlive.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-77-pop: frankfurtDE
date: Wed, 13 Apr 2022 13:05:36 GMT
content-encoding: br
x-77-cache: HIT
x-cache: HIT
x-age: 315174
alt-svc: quic="195.181.175.53:443"; ma=2592000; v="44,43,39"
x-77-nzt: AcO1rzWxwur/Js8EAA
x-accel-expires: @1650144762
server: CDN77-Turbo
x-77-nzt-ray: JqcejNg8oTE
content-type: application/x-javascript
access-control-allow-origin: *
cache-control: public, max-age=604800
link: <https://antiadblocksystems.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
expires: Sat, 16 Apr 2022 21:32:42 GMT

GET
H/1.1 200
OK ut.js Show response
cdnondemand.org/script/ 106 KB
34 KB 48ms
48ms Script
application/javascript 2606:4700::6810:a610
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://cdnondemand.org/script/ut.js?cb=1649855137492
Requested by: Host: cdnondemand.org
URL: http://cdnondemand.org/script/suv4.js
Protocol: HTTP/1.1
Server: 2606:4700::6810:a610 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d51fe9c168cee56ca7545f3c2a4cd0e5ebab7b1b042cb14543861f233027e04

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 13:05:36 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Age: 1219
X-GUploader-UploadID: ADPycdsPyqFswbU_WmcT2YkCX0WZ0bg_ABU710UW8-Le9ldyb3IKY0IrS3GkoBNJtLcy9u85xDm35TyYcnB8AfCX6txwLfGSibjR
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
Connection: keep-alive
Content-Type: application/javascript
Last-Modified: Tue, 12 Apr 2022 06:47:43 GMT
Server: cloudflare
ETag: W/"a3d826866ca0efc0cd8c09eec5ad9341"
Vary: Accept-Encoding
x-goog-hash: crc32c=0Z+KXg==, md5=o9gmhmyg78DNjAnuxa2TQQ==
x-goog-generation: 1649746063762665
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=14400
Transfer-Encoding: chunked
x-goog-stored-content-length: 108930
CF-RAY: 6fb46a08291d83a3-MXP
Expires: Wed, 13 Apr 2022 17:05:36 GMT

GET
H2 200 tag.min.js Show response
iclickcdn.com/ 68 KB
24 KB 102ms
59ms Script
text/javascript 2606:4700:20::681a:d76
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://iclickcdn.com/tag.min.js
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:d76 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2a3d1aa5f7d6eeae6725637392ba28c6323d9248d67570af32e2f4b6e3d0e4ed

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:36 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: *
age: 79895
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
x-trace-id: 7caf9560c6fb3fe4bfc54b5da18f9a3e
pragma: no-cache
last-modified: Mon, 28 Mar 2022 15:10:55 GMT
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PAiaoNG5O5xFbZpbhxZl7cVuWC7IwOqESOuQaGXKN3sRxyA7Gt58jUXXdic2ZXsjnDoFZxCty%2B0mtFu2kn9UO9e8UrvPDHqsdbyXZFQbegCVNHt58bvycYnwlwfCQ14oKgl20Z1EjDBh%2B5E%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
access-control-allow-credentials: true
cf-ray: 6fb46a086fe13751-MXP
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Wed, 13 Apr 2022 14:54:01 GMT

GET
H2 200 flowplayer.woff2
releases.flowplayer.org/7.2.6/skin/icons/ 8 KB
8 KB 25ms
7ms Font
font/woff2 99.86.4.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://releases.flowplayer.org/7.2.6/skin/icons/flowplayer.woff2
Requested by: Host: releases.flowplayer.org
URL: https://releases.flowplayer.org/7.2.6/skin/skin.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.4.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-4-125.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 676b7fcb662822833ca633f1e26c68236067f30530dea79dab00be4cd8f9ef9a

Request headers

Referer: https://releases.flowplayer.org/7.2.6/skin/skin.css
Origin: http://nowlive.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 06:01:29 GMT
via: 1.1 e0bc02299b03254b2a35b8c930f005c6.cloudfront.net (CloudFront)
age: 26352
x-cache: Hit from cloudfront
content-length: 7908
last-modified: Tue, 17 Apr 2018 11:12:27 GMT
server: AmazonS3
etag: "73ccb97fd8df0703038a40b00dc8ae5f"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: font/woff2
access-control-allow-origin: *
access-control-expose-headers: ETag
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
x-amz-cf-id: QxHHyzzItUpdCCVouyIOwTF72ESHfhy_mURrlUhtJ2i2-NpkOmOv2w==

GET 101.m3u8
init.cheches.info/hls/ 0
0

GET
H/1.1 200
OK ads1.htm Show response
www.soccerjumbotv1.me/ Frame 29E1 808 B
1 KB 124ms
108ms Document
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://www.soccerjumbotv1.me/ads1.htm
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: HTTP/1.1
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 20e7bcc54a94149e59e497c1847b1ca931a218b573cb415f1503d0b30916e167

Request headers

Referer: http://nowlive.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

CF-Cache-Status: DYNAMIC
CF-RAY: 6fb46a088e34374a-MXP
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 13 Apr 2022 13:05:36 GMT
Last-Modified: Sat, 16 Mar 2019 23:03:00 GMT
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YiaCG%2BlqPzxS7eZHV5DFiH4%2BxfCeDovrNDcvmjWjyVw7ybczqsIbWQaET0F5RpoDNXzA0sjBZGKGUnxVBPf02WmBaRhcv9BsfiZmhi88HtdmVy0HS%2Fbf2j1MMMfTWeM%2BX85EVXkk0EF1ggp1zLPwbFvU9So%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked

GET
H/1.1 200
OK ads.htm Show response
nowlive.pro/1/ Frame E39C 364 B
556 B 40ms
39ms Document
text/html 45.141.156.196
YURTEH-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://nowlive.pro/1/ads.htm
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: HTTP/1.1
Server: 45.141.156.196 , Bulgaria, ASN30860 (YURTEH-AS, UA),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: a55b32c353f6dee85e5444bfff5edfd08b0be9c3d1c90728e43b9e69b8261fa4

Request headers

Referer: http://nowlive.pro/1/101.html?id=109
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 13 Apr 2022 13:05:36 GMT
ETag: W/"6172c130-16c"
Last-Modified: Fri, 22 Oct 2021 13:48:32 GMT
Server: nginx/1.14.2
Transfer-Encoding: chunked

GET
H/1.1 200
OK / Show response
t.dtscout.com/i/ 2 KB
3 KB 303ms
103ms Script
application/javascript 167.114.209.61
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://t.dtscout.com/i/?l=http%3A%2F%2Fnowlive.pro%2F1%2F101.html%3Fid%3D109&j=
Requested by: Host: widgets.amung.us
URL: http://widgets.amung.us/classic.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.114.209.61 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns515688.ip-167-114-209.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 867e8c0f65910529d214a22ff58f5ad38158e1c104cc1706c94d5f4d3780944c

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 13:05:36 GMT
X-T: 0.682
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
Content-Type: application/javascript
Cache-Control: no-cache
Connection: close
X-S: mtl1
Expires: Wed, 13 Apr 2022 13:05:35 GMT

GET
H/1.1

200
OK

cimp.php Show response
s.optnx.com/ Frame EFF9
Redirect Chain

http://witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER]
http://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1v...

5 KB
2 KB

37ms
14ms

Document
text/html

95.211.229.248
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: http://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1vb2RQTlpIWFRITlZOSFhhN2JjN3FLNjU3YXFIVXp6VTJWV1R1bGM2cWFaMVU3cDNVeXVsZEs2VjFsTXpwWFN1bGRLNmQwN3BYU3VtZEs2VjBycTlOSnRicXVOcDg5dEx1S2E3TTlKYko2NmJacHJMZHEzVjFTN1VYVjV6MTFiYloyeTEyVjBjYTV6YVQwejNVenl1cnV0cXRsY0FLZnUwYnhpSUZ6blN1bGRLNlYwcnBYU3VsZEs0UHNBLSZjb3N0PTAuMDAwNTY1JnNvdXJjZT1hZG1hdmVuLmNvbSZ2YXJpZD00MjE0NzU3MiZjYW1waWQ9Mzk0NTg1NiZzaXRlaWQ9ODI4OTYzJnpvbmVpZD0zNjYyODUzJmNhdGlkPTUxMSZjb3VudHJ5PURFVSZmb3JtYXQ9fGh0dHB8MjE3LjY0LjE1MS42OHxERVV8NTJ8YWRtYXZlbi5jb218NTk4MTg2fDQzMDY3NXw4Mjg5NjN8MzY2Mjg1M3w1MTF8Mzk0NTg1Nnw0MjE0NzU3Mnw0MHwyfDB8MHw3NDF8Njk4NTgwfDU2LjV8NzV8VVNEfFVTRHwxfDF8MjJ8fDF8REVVfHw3NHwyfDB8fDZiYjFjOTVmZDJhZGI5ZjQ2N2FiMDcyNjQ4MTE3OGQ2fDY1MGQzOTZhMjY1ZGRhODA2NzYzZmNhMWIyNDI5NDIwfDB8Mnxub3dsaXZlLnByb3wwfDB8MHwwLjAxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDB8MHxob3N0aW5nfHZwbnwwfDB8fDJ8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8T0t8YTRmZDQ2ODU0ZjEwNzI0MTFlM2VmMTM2YWI2OThlNDE-
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: HTTP/1.1
Server: 95.211.229.248 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: ds03.evo.0x3e.net
Software: nginx /
Resource Hash: b0fbf4d9121dea827b80aad667f1a3d929792d861ee963df90b68592331d202e

Request headers

Referer: http://nowlive.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Apr 2022 13:05:36 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Connection: keep-alive
Content-Length: 0
Content-Type: text/plain
Date: Wed, 13 Apr 2022 13:05:36 GMT
Location: http://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1vb2RQTlpIWFRITlZOSFhhN2JjN3FLNjU3YXFIVXp6VTJWV1R1bGM2cWFaMVU3cDNVeXVsZEs2VjFsTXpwWFN1bGRLNmQwN3BYU3VtZEs2VjBycTlOSnRicXVOcDg5dEx1S2E3TTlKYko2NmJacHJMZHEzVjFTN1VYVjV6MTFiYloyeTEyVjBjYTV6YVQwejNVenl1cnV0cXRsY0FLZnUwYnhpSUZ6blN1bGRLNlYwcnBYU3VsZEs0UHNBLSZjb3N0PTAuMDAwNTY1JnNvdXJjZT1hZG1hdmVuLmNvbSZ2YXJpZD00MjE0NzU3MiZjYW1waWQ9Mzk0NTg1NiZzaXRlaWQ9ODI4OTYzJnpvbmVpZD0zNjYyODUzJmNhdGlkPTUxMSZjb3VudHJ5PURFVSZmb3JtYXQ9fGh0dHB8MjE3LjY0LjE1MS42OHxERVV8NTJ8YWRtYXZlbi5jb218NTk4MTg2fDQzMDY3NXw4Mjg5NjN8MzY2Mjg1M3w1MTF8Mzk0NTg1Nnw0MjE0NzU3Mnw0MHwyfDB8MHw3NDF8Njk4NTgwfDU2LjV8NzV8VVNEfFVTRHwxfDF8MjJ8fDF8REVVfHw3NHwyfDB8fDZiYjFjOTVmZDJhZGI5ZjQ2N2FiMDcyNjQ4MTE3OGQ2fDY1MGQzOTZhMjY1ZGRhODA2NzYzZmNhMWIyNDI5NDIwfDB8Mnxub3dsaXZlLnByb3wwfDB8MHwwLjAxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDB8MHxob3N0aW5nfHZwbnwwfDB8fDJ8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8T0t8YTRmZDQ2ODU0ZjEwNzI0MTFlM2VmMTM2YWI2OThlNDE-
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Server: openresty/1.17.8.2
Via: 1.1 e4aaaf9d55a242f83ddc793442b0ebe2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: I7-508FM9ZFwmuSvyW0144ZOU71ZaIk_CMU-TXX4Hey-dwkicjvmIw==
X-Amz-Cf-Pop: DUS51-P2
X-Cache: Miss from cloudfront
cache-control: no-store, no-cache, must-revalidate, no-transform

GET
H/1.1 204
No Content redirect
witalfieldt.com/ Frame 07B7 0
0 292ms
282ms Document
text/plain 108.157.4.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: http://witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER]
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: HTTP/1.1
Server: 108.157.4.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-96.dus51.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash

Request headers

Referer: http://nowlive.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Accept-CH: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
Connection: keep-alive
Content-Type: text/plain
Date: Wed, 13 Apr 2022 13:05:36 GMT
P3P: CP="NID DSP ALL COR"
Pragma: no-cache
Server: openresty/1.17.8.2
Via: 1.1 fa544a973edca8926f95609301f23b66.cloudfront.net (CloudFront)
X-Amz-Cf-Id: JFqIUtxJN4uymyzDMg7e2POGw56qQFWPrNtj7PU3pPoukkf4l7Oldw==
X-Amz-Cf-Pop: DUS51-P2
X-Cache: Miss from cloudfront
cache-control: no-store, no-cache, must-revalidate, no-transform

GET
H/1.1 200
OK / Show response
whos.amung.us/pingjs/ 30 B
214 B 223ms
109ms Script
text/javascript 67.202.94.86
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: http://whos.amung.us/pingjs/?k=nowlivepro&t=&c=c&x=http%3A%2F%2Fnowlive.pro%2F1%2F101.html%3Fid%3D109&y=&a=-1&d=0.502&v=29&r=3994
Requested by: Host: widgets.amung.us
URL: http://widgets.amung.us/classic.js
Protocol: HTTP/1.1
Server: 67.202.94.86 Chicago, United States, ASN32748 (STEADFAST, US),
Reverse DNS: amung.us
Software: /
Resource Hash: 7a519555fe4e9b4c127d8b7ec03c4d0e40f38f23f3797e5e62a7bd310a0bcae0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:36 GMT
content-encoding: gzip
transfer-encoding: chunked
content-type: text/javascript;charset=UTF-8

GET
H2 200 cast_sender.js Show response
www.gstatic.com/cv/js/sender/v1/ 4 KB
3 KB 54ms
26ms Script
text/javascript 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/cv/js/sender/v1/cast_sender.js

Requested by

Host: releases.flowplayer.org
URL: https://releases.flowplayer.org/7.2.6/flowplayer.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cloudview
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2007
x-xss-protection: 0
last-modified: Tue, 16 Feb 2021 23:57:06 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="cloudview"
vary: Accept-Encoding
report-to: {"group":"cloudview","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cloudview"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Wed, 13 Apr 2022 13:05:36 GMT

GET
H/1.1 200
OK suurl4.php Show response
youradexchange.com/script/ 910 B
966 B 215ms
205ms Fetch
application/json 35.190.41.116
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://youradexchange.com/script/suurl4.php?r=2333351&cbur=0.1190908608481045&cbiframe=0&cbWidth=1600&cbHeight=1200&cbtitle=&cbpage=http%3A%2F%2Fnowlive.pro%2F1%2F101.html%3Fid%3D109&cbref=&cbdescription=&cbkeywords=&cbcdn=cdnondemand.org&aggr=0
Requested by: Host: cdnondemand.org
URL: http://cdnondemand.org/script/suv4.js
Protocol: HTTP/1.1
Server: 35.190.41.116 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 116.41.190.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: 1197ec39e73a79ec196e1095b6d7c37f0260995e28e1ce17da3d1e1cfdea9aca

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 13 Apr 2022 13:05:36 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: openresty
Via: 1.1 google
Content-Type: application/json; charset=utf-8

GET
H/1.1 200
OK Clic.jpg
1.bp.blogspot.com/-fYa0saa2BPY/XRi8chzYcYI/AAAAAAAA64A/jUg4y4SpDvcd6PCsoZGlNOwwtTCIKLmkgCK4BGAYYCw/s1600/ Frame E39C 3 KB
4 KB 12ms
7ms Image
image/jpeg 2a00:1450:4001:82b::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://1.bp.blogspot.com/-fYa0saa2BPY/XRi8chzYcYI/AAAAAAAA64A/jUg4y4SpDvcd6PCsoZGlNOwwtTCIKLmkgCK4BGAYYCw/s1600/Clic.jpg

Requested by

Host: nowlive.pro
URL: http://nowlive.pro/1/ads.htm

Protocol

HTTP/1.1

Server

2a00:1450:4001:82b::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

fife /

Resource Hash

ef57ad760fcb7229f18b02969f7c5467da749d7328c2b0334c6d7452524a61ad

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 12:35:26 GMT
X-Content-Type-Options: nosniff
Server: fife
Age: 1810
ETag: "veb81"
Vary: Origin
Content-Type: image/jpeg
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length
Cache-Control: public, max-age=86400, no-transform
Content-Disposition: inline;filename="Clic.jpg"
Timing-Allow-Origin: *
Content-Length: 3472
X-XSS-Protection: 0
Expires: Wed, 09 Mar 2022 14:32:50 GMT

GET
H/1.1 200
OK 300x250.html Show response
www.nowlive.pro/ Frame 00EA 517 B
617 B 114ms
52ms Document
text/html 45.141.156.196
YURTEH-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://www.nowlive.pro/300x250.html
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/ads.htm
Protocol: HTTP/1.1
Server: 45.141.156.196 , Bulgaria, ASN30860 (YURTEH-AS, UA),
Reverse DNS
Software: nginx/1.14.2 /
Resource Hash: 3494eaf7f5511a3550dbdcee7811159175090ba7b6d9edb453919af0a891b350

Request headers

Referer: http://nowlive.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 13 Apr 2022 13:05:36 GMT
ETag: W/"5ffde9e3-205"
Last-Modified: Tue, 12 Jan 2021 18:26:43 GMT
Server: nginx/1.14.2
Transfer-Encoding: chunked

GET
H2 200 / Show response
bedrapiona.com/5/4862348/ 3 KB
2 KB 47ms
15ms XHR
application/json 139.45.197.234
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://bedrapiona.com/5/4862348/?oo=1&js_build=iclick-v1.377.2
Requested by: Host: iclickcdn.com
URL: https://iclickcdn.com/tag.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 139.45.197.234 , United Kingdom, ASN9002 (RETN-AS, GB),
Reverse DNS
Software: nginx /
Resource Hash: 2c878cc621426b99894afddff5c5a4309117ce1f9c290df8f7f1a1d1789b6abf

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

x-trace-id: 6869436a9bc3cdacaaa64af0f578c1c7
pragma: no-cache, no-cache
date: Wed, 13 Apr 2022 13:05:36 GMT
content-encoding: gzip
server: nginx
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-max-age: 86400
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/json
access-control-allow-origin: http://nowlive.pro
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
timing-allow-origin: *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK display.php Show response
www.adexchangeguru.com/a/ Frame 29E1 6 KB
3 KB 128ms
122ms Script
application/javascript 35.201.126.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://www.adexchangeguru.com/a/display.php?r=1848595
Requested by: Host: www.soccerjumbotv1.me
URL: http://www.soccerjumbotv1.me/ads1.htm
Protocol: HTTP/1.1
Server: 35.201.126.110 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 110.126.201.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: f0f4ce00edc8f134d9cd366f5ba1557d83c3fc4cf6d12cacf894144db5ba59d5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.soccerjumbotv1.me/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 13 Apr 2022 13:05:36 GMT
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: openresty
Via: 1.1 google
Content-Type: application/javascript; charset=utf-8

GET
H2 200 gid.js Show response
my.rtmark.net/ 65 B
542 B 54ms
17ms XHR
application/json 139.45.195.8
RETN-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://my.rtmark.net/gid.js?userId=f264935851c749cfbca83811db54bc61

Requested by

Host: iclickcdn.com
URL: https://iclickcdn.com/tag.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

139.45.195.8 , United Kingdom, ASN9002 (RETN-AS, GB),

Reverse DNS

Software

nginx /

Resource Hash

e84126052fd62bea431a7f52ab23ff28ab9ce640769011f844fec759fa42a785

Security Headers

Name	Value
Strict-Transport-Security	max-age=1
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:36 GMT
x-content-type-options: nosniff
server: nginx
strict-transport-security: max-age=1
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
content-type: application/json; charset=utf-8
access-control-allow-origin: http://nowlive.pro
access-control-expose-headers: Authorization
access-control-allow-credentials: true
timing-allow-origin: *, *
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
content-length: 65

GET
H2 200 / Show response
c.adsco.re/ 63 KB
23 KB 108ms
62ms Script
text/html 2606:4700::6811:a7ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://c.adsco.re/
Requested by: Host: www.antiadblocksystems.com
URL: https://www.antiadblocksystems.com/intro.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:a7ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da1bc24aeafec2701dbdeed0d9f37421252a140e3307a71e4bc5fec4cec377e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:36 GMT
content-encoding: br
cf-cache-status: HIT
server: cloudflare
age: 1265116
etag: W/"WtfcKMteYs2dCZjgNMzUmw=="
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/html
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=dns-prefetch
cache-control: public, max-age=2678400
cf-ray: 6fb46a09ea520f7a-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
expires: Sat, 14 May 2022 13:05:36 GMT

GET
H/1.1 403
Forbidden invoke.js
5vpbnbkiey24.com/c49d093f9cdd880dc59bd41a83919bf5/ Frame 00EA 0
0 104ms
104ms Script
application/javascript 192.243.59.12
ADVANCEDHOSTERS-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://5vpbnbkiey24.com/c49d093f9cdd880dc59bd41a83919bf5/invoke.js
Requested by: Host: www.nowlive.pro
URL: http://www.nowlive.pro/300x250.html
Protocol: HTTP/1.1
Server: 192.243.59.12 Ashburn, United States, ASN39572 (ADVANCEDHOSTERS-AS, NL),
Reverse DNS
Software: nginx/1.17.6 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 13:05:36 GMT
Server: nginx/1.17.6
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Connection: keep-alive
Accept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA,x-Device-User-Agent
Content-Type: application/javascript
Content-Length: 0

GET
H/1.1 200
OK display.php Show response
www.adexchangeguru.com/ad/ Frame EF45 4 KB
2 KB 147ms
147ms Document
text/html 35.201.126.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: http://www.adexchangeguru.com/ad/display.php?stamat=m%257CO2YherYiaQdH8AH0dEdHP3xP.b16%252CZMkKdRAQlkuDbgTABrav5E3KUkbQB17j8ZsXTsm1KP2tKUUlsMpV9XyouF_Ivdu5Hz7WN0MVT4qmQAB5FXeUuYxDHFkIJwigOFgCpA-IxNcq_LZdZlmvgxVYv-89on5e&cbpage=http://www.soccerjumbotv1.me/ads1.htm&cbur=0.36608830317422547&cbtitle=&cbiframe=1&cbWidth=1&cbHeight=1&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fnowlive.pro%2F
Requested by: Host: www.adexchangeguru.com
URL: http://www.adexchangeguru.com/a/display.php?r=1848595
Protocol: HTTP/1.1
Server: 35.201.126.110 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 110.126.201.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: 43a833759ab9c026eac51b957b3379342092f5e67283c24ae6abee1621199d49

Request headers

Referer: http://www.soccerjumbotv1.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
Date: Wed, 13 Apr 2022 13:05:36 GMT
Link: <//www.adexchangeguru.com>; rel=dns-prefetch,<//www.adexchangeguru.com>; rel=preconnect
Server: openresty
Transfer-Encoding: chunked
Via: 1.1 google

GET
H2 200 sj.html Show response
www.dailydeports.pw/ Frame 30FF 2 KB
1 KB 198ms
159ms Document
text/html 2a06:98c1:3121::7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.dailydeports.pw/sj.html
Requested by: Host: www.soccerjumbotv1.me
URL: http://www.soccerjumbotv1.me/ads1.htm
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a06:98c1:3121::7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7897e6c5ef53a79624d29204b978a03bb150f6141518643d09f7ac9c7665a08a

Request headers

Referer: http://www.soccerjumbotv1.me/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 6fb46a0a5e1d3748-MXP
content-encoding: br
content-type: text/html
date: Wed, 13 Apr 2022 13:05:36 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
last-modified: Fri, 22 Oct 2021 21:04:05 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HBW657xVASs6BmhPEjQwKFrRm9wfrLSB%2Bclh3s6EV8BEvcrZdHjO6R8ycTAITqHqRUXg3J%2BepOSiKfqoxrj8YBSV1X%2B0DiNbxXWog5W%2F5ugD81v6uXSAZAHguExSXOpzvrIrw4Dziqop81Inyi4Cs2UN"}],"group":"cf-nel","max_age":604800}
server: cloudflare

GET
H2 200 tc.js Show response
cdn.tynt.com/ 17 KB
7 KB 51ms
24ms Script
application/javascript 104.18.28.199
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.tynt.com/tc.js
Requested by: Host: widgets.amung.us
URL: http://widgets.amung.us/classic.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.28.199 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2347066080fea31af55c7112dca5245ea3eea67df5f24f1daae09f0870fbce62

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:36 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 27 Aug 2021 20:58:51 GMT
server: cloudflare
age: 161398
etag: W/"6129520b-431d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=259200
cf-ray: 6fb46a0a49c39bfb-FRA
expires: Sat, 16 Apr 2022 13:05:36 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3a682ad13e1535e4077c573179247c072d7891ad507c73b7466163562f6c2fa8

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 /
6.adsco.re/ 0
420 B 76ms
27ms Other
text/plain 2606:4700::6811:a6ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://6.adsco.re/
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:a6ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://nowlive.pro/
Origin: http://nowlive.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:36 GMT
content-encoding: br
server: cloudflare
access-control-allow-headers: Content-Type
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD, OPTIONS
content-type: text/plain;charset=UTF-8
access-control-allow-origin: http://nowlive.pro
access-control-max-age: 2592000
cache-control: private, max-age=10
cf-ray: 6fb46a0a9a2e3750-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK /
4.adsco.re/ 0
457 B 84ms
22ms Other
text/html 162.252.214.5
TUT-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://4.adsco.re/
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_CBC
Server: 162.252.214.5 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://nowlive.pro/
Origin: http://nowlive.pro
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 13:05:36 GMT
Content-Encoding: gzip
Access-Control-Max-Age: 2592000
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: http://nowlive.pro
Cache-Control: private, max-age=5
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type

POST
H/1.1 200
OK p Show response
adsco.re/ 0
419 B 48ms
22ms XHR
text/html 162.252.214.5
TUT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://adsco.re/p
Requested by: Host: c.adsco.re
URL: https://c.adsco.re/
Protocol: HTTP/1.1
Server: 162.252.214.5 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://nowlive.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 13 Apr 2022 13:05:36 GMT
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
AS-P-4: OK
Transfer-Encoding: chunked
AS-P-1: OK lon123
Access-Control-Allow-Origin: http://nowlive.pro
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Access-Control-Allow-Credentials: true
Connection: keep-alive
AS-E: ND
AS-P-2: OK
AS-P-3: OK

GET
H/1.1 200
OK / Show response
4.adsco.re/ 46 B
457 B 44ms
22ms XHR
text/html 162.252.214.5
TUT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://4.adsco.re/
Requested by: Host: c.adsco.re
URL: https://c.adsco.re/
Protocol: HTTP/1.1
Server: 162.252.214.5 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
Software: /
Resource Hash: 6b331bab7fa4a31812f231aba4a0600a348a515e8f2f36a8ff89b29ef93b62dc

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 13:05:36 GMT
Content-Encoding: gzip
Access-Control-Max-Age: 2592000
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: http://nowlive.pro
Cache-Control: private, max-age=5
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type

GET
H/1.1 200
OK / Show response
6.adsco.re/ 69 B
597 B 52ms
29ms XHR
text/plain 2606:4700::6811:a6ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://6.adsco.re/
Requested by: Host: c.adsco.re
URL: https://c.adsco.re/
Protocol: HTTP/1.1
Server: 2606:4700::6811:a6ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b121cb7d50b9a315d2c70a60be8a41afc37870295449b03ab0de5ae5d7862d81

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 13:05:36 GMT
Content-Encoding: gzip
Server: cloudflare
Access-Control-Allow-Headers: Content-Type
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Content-Type: text/plain;charset=UTF-8
Access-Control-Allow-Origin: http://nowlive.pro
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=10
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6fb46a0a8e50e8ff-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

POST
H/1.1 200
OK /
mbpofnohmaof.l4.adsco.re/ 0
464 B 78ms
19ms Ping
text/html 185.200.118.90
M247

General

Check archive.org

Show headers Download Go to

Full URL: https://mbpofnohmaof.l4.adsco.re/
Requested by: Host: c.adsco.re
URL: https://c.adsco.re/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.200.118.90 London, United Kingdom, ASN9009 (M247, GB),
Reverse DNS: adscore.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://nowlive.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 13 Apr 2022 13:05:36 GMT
Last-Modified: Tue, 31 Jul 2018 22:16:15 GMT
ETag: "5b60dfaf-0"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Connection: close
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Content-Length: 0

POST
H/1.1 200
OK /
mbpofnohmaof.n4.adsco.re/ 0
464 B 450ms
85ms Ping
text/html 38.132.109.186
M247

General

Check archive.org

Show headers Download Go to

Full URL: https://mbpofnohmaof.n4.adsco.re/
Requested by: Host: c.adsco.re
URL: https://c.adsco.re/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 38.132.109.186 New York, United States, ASN9009 (M247, GB),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://nowlive.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 13 Apr 2022 13:05:36 GMT
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
ETag: "5b5f2f9a-0"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Connection: close
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Content-Length: 0

POST
H/1.1 200
OK /
mbpofnohmaof.s4.adsco.re/ 0
464 B 1308ms
174ms Ping
text/html 185.200.116.90
M247

General

Check archive.org

Show headers Download Go to

Full URL: https://mbpofnohmaof.s4.adsco.re/
Requested by: Host: c.adsco.re
URL: https://c.adsco.re/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 185.200.116.90 , Romania, ASN9009 (M247, GB),
Reverse DNS: no-mans-land.m247.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://nowlive.pro/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 13 Apr 2022 13:05:37 GMT
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
ETag: "5b5f30d9-0"
Access-Control-Allow-Methods: GET, POST, OPTIONS
Content-Type: text/html
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length,Content-Range
Connection: close
Accept-Ranges: bytes
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Content-Length: 0

GET
H/1.1 200
OK / Show response
c.adsco.re/ Frame 8771 63 KB
25 KB 51ms
29ms Document
text/html 2606:4700::6811:a7ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://c.adsco.re/
Requested by: Host: c.adsco.re
URL: https://c.adsco.re/
Protocol: HTTP/1.1
Server: 2606:4700::6811:a7ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da1bc24aeafec2701dbdeed0d9f37421252a140e3307a71e4bc5fec4cec377e5

Request headers

Referer: http://nowlive.pro/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 1265109
CF-Cache-Status: HIT
CF-RAY: 6fb46a0a99e783be-MXP
Cache-Control: public, max-age=2678400
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html
Date: Wed, 13 Apr 2022 13:05:36 GMT
ETag: W/"WtfcKMteYs2dCZjgNMzUmw=="
Expires: Sat, 14 May 2022 13:05:36 GMT
Link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=dns-prefetch
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK /
6.adsco.re/ Frame 8771 0
596 B 44ms
43ms Other
text/plain 2606:4700::6811:a6ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://6.adsco.re/
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: HTTP/1.1
Server: 2606:4700::6811:a6ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://c.adsco.re/
Origin: http://c.adsco.re
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 13:05:36 GMT
Content-Encoding: gzip
Server: cloudflare
Access-Control-Allow-Headers: Content-Type
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Content-Type: text/plain;charset=UTF-8
Access-Control-Allow-Origin: http://c.adsco.re
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=10
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6fb46a0be890e8ff-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H/1.1 200
OK /
4.adsco.re/ Frame 8771 0
456 B 22ms
21ms Other
text/html 162.252.214.5
TUT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://4.adsco.re/
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: HTTP/1.1
Server: 162.252.214.5 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: http://c.adsco.re/
Origin: http://c.adsco.re
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 13:05:36 GMT
Content-Encoding: gzip
Access-Control-Max-Age: 2592000
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Content-Type: text/html; charset=UTF-8
Access-Control-Allow-Origin: http://c.adsco.re
Cache-Control: private, max-age=5
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: Content-Type

GET
H/1.1 200
OK / Show response
t.dtscout.com/pv/ 51 B
319 B 290ms
97ms Script
application/javascript 167.114.209.61
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://t.dtscout.com/pv/?_a=v&_h=nowlive.pro&_ss=2wsszw2y2l&_pv=1&_ls=0&_u1=1&_u3=1&_cc=de&_pl=d&_cbid=2fc2&_cb=_dtspv.c
Requested by: Host: t.dtscout.com
URL: https://t.dtscout.com/i/?l=http%3A%2F%2Fnowlive.pro%2F1%2F101.html%3Fid%3D109&j=
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 167.114.209.61 Montreal, Canada, ASN16276 (OVH, FR),
Reverse DNS: ns515688.ip-167-114-209.net
Software: nginx/1.10.3 (Ubuntu) /
Resource Hash: 3b4535204ed1873a7f3a7b619752d83520d96552ca1e69ad1b254a4a2f906942

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 13:05:36 GMT
X-T: 0.204
Server: nginx/1.10.3 (Ubuntu)
Transfer-Encoding: chunked
X-C: 0
Content-Type: application/javascript
Cache-Control: no-cache
Connection: close
Expires: Wed, 13 Apr 2022 13:05:35 GMT

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 321ms
106ms Image
text/plain 67.202.105.31
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!nowlivepro&lm=0&ts=1649855138110&dn=TC&iso=0&t=nowlive.pro
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.31 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip31.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/1/101.html?id=109
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:36 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2

200

go Show response
r.srvtrck.com/v2/ Frame EFF9
Redirect Chain

http://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1v...
https://abc.wwija.com/click.php?key=9tz2gymnylbpc4gs2a74&tag=oodPNZHXTHNVNHXa7bc7qK657aqHUzzU2VWTulc6qaZ1U7p3UyuldK6V1lMzpXSuldK6d07pXSumdK6V0rq9NJtbquNp89tLuKa7M9JbJ66bZprLdq3V1S7UXV5z11bbZ2y12V0c...
https://r.srvtrck.com/v1/redirect?type=linkId&id=61992972b9924446bac78249ae573bbe&api_key=2fe47058ccdf28a42879b9ff7dfa613c&site_id=d3fc80ebd40d4fa186aedd0299d0074c&dch=feed&ad_t=advertiser&yk_tag=d...
https://r.srvtrck.com/v2/go?t=dtep7%3Ae%2F1.3dfedl5c2m1pacciak8p1o4o8d1209483%26vldtbds4e3.22pirfme%3Dstipp3w%25wF2%25F2wA.%25ltshe0-alax%2642d7%26%3DuIIo%3Ds0108030%3D1I8merb%3Fac4l2%2F5%2F4oa.alf...

1 KB
611 B

108ms
108ms

Document
text/html

2606:4700::6813:a860
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r.srvtrck.com/v2/go?t=dtep7%3Ae%2F1.3dfedl5c2m1pacciak8p1o4o8d1209483%26vldtbds4e3.22pirfme%3Dstipp3w%25wF2%25F2wA.%25ltshe0-alax%2642d7%26%3DuIIo%3Ds0108030%3D1I8merb%3Fac4l2%2F5%2F4oa.alfcfa3tc%2F4sft1h&e=1&ai=a50bb149d0b4470e9cafd0f7878064d9&sct=0&ct=1649855137400&cu=e1b8aa4c2a5142a5adfff331ce47fe1d&ykuid=c3d9a16ccf9949698077dcce12fd2205&sc=1&cs=eae7467ca833c48d05089387001fbb1c
Requested by: Host: s.optnx.com
URL: http://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1vb2RQTlpIWFRITlZOSFhhN2JjN3FLNjU3YXFIVXp6VTJWV1R1bGM2cWFaMVU3cDNVeXVsZEs2VjFsTXpwWFN1bGRLNmQwN3BYU3VtZEs2VjBycTlOSnRicXVOcDg5dEx1S2E3TTlKYko2NmJacHJMZHEzVjFTN1VYVjV6MTFiYloyeTEyVjBjYTV6YVQwejNVenl1cnV0cXRsY0FLZnUwYnhpSUZ6blN1bGRLNlYwcnBYU3VsZEs0UHNBLSZjb3N0PTAuMDAwNTY1JnNvdXJjZT1hZG1hdmVuLmNvbSZ2YXJpZD00MjE0NzU3MiZjYW1waWQ9Mzk0NTg1NiZzaXRlaWQ9ODI4OTYzJnpvbmVpZD0zNjYyODUzJmNhdGlkPTUxMSZjb3VudHJ5PURFVSZmb3JtYXQ9fGh0dHB8MjE3LjY0LjE1MS42OHxERVV8NTJ8YWRtYXZlbi5jb218NTk4MTg2fDQzMDY3NXw4Mjg5NjN8MzY2Mjg1M3w1MTF8Mzk0NTg1Nnw0MjE0NzU3Mnw0MHwyfDB8MHw3NDF8Njk4NTgwfDU2LjV8NzV8VVNEfFVTRHwxfDF8MjJ8fDF8REVVfHw3NHwyfDB8fDZiYjFjOTVmZDJhZGI5ZjQ2N2FiMDcyNjQ4MTE3OGQ2fDY1MGQzOTZhMjY1ZGRhODA2NzYzZmNhMWIyNDI5NDIwfDB8Mnxub3dsaXZlLnByb3wwfDB8MHwwLjAxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDB8MHxob3N0aW5nfHZwbnwwfDB8fDJ8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8T0t8YTRmZDQ2ODU0ZjEwNzI0MTFlM2VmMTM2YWI2OThlNDE-
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:a860 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: df55cc536c2ba951669c0f57f90a3d84e3c0365dd7cf7a0df67c9e1983e0618c

Request headers

Referer: http://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1vb2RQTlpIWFRITlZOSFhhN2JjN3FLNjU3YXFIVXp6VTJWV1R1bGM2cWFaMVU3cDNVeXVsZEs2VjFsTXpwWFN1bGRLNmQwN3BYU3VtZEs2VjBycTlOSnRicXVOcDg5dEx1S2E3TTlKYko2NmJacHJMZHEzVjFTN1VYVjV6MTFiYloyeTEyVjBjYTV6YVQwejNVenl1cnV0cXRsY0FLZnUwYnhpSUZ6blN1bGRLNlYwcnBYU3VsZEs0UHNBLSZjb3N0PTAuMDAwNTY1JnNvdXJjZT1hZG1hdmVuLmNvbSZ2YXJpZD00MjE0NzU3MiZjYW1waWQ9Mzk0NTg1NiZzaXRlaWQ9ODI4OTYzJnpvbmVpZD0zNjYyODUzJmNhdGlkPTUxMSZjb3VudHJ5PURFVSZmb3JtYXQ9fGh0dHB8MjE3LjY0LjE1MS42OHxERVV8NTJ8YWRtYXZlbi5jb218NTk4MTg2fDQzMDY3NXw4Mjg5NjN8MzY2Mjg1M3w1MTF8Mzk0NTg1Nnw0MjE0NzU3Mnw0MHwyfDB8MHw3NDF8Njk4NTgwfDU2LjV8NzV8VVNEfFVTRHwxfDF8MjJ8fDF8REVVfHw3NHwyfDB8fDZiYjFjOTVmZDJhZGI5ZjQ2N2FiMDcyNjQ4MTE3OGQ2fDY1MGQzOTZhMjY1ZGRhODA2NzYzZmNhMWIyNDI5NDIwfDB8Mnxub3dsaXZlLnByb3wwfDB8MHwwLjAxfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDB8MHxob3N0aW5nfHZwbnwwfDB8fDJ8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8T0t8YTRmZDQ2ODU0ZjEwNzI0MTFlM2VmMTM2YWI2OThlNDE-
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 6fb46a10fa875a1f-MXP
content-encoding: br
content-type: text/html;charset=UTF-8
date: Wed, 13 Apr 2022 13:05:37 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 6fb46a0e5b535a1f-MXP
content-length: 0
date: Wed, 13 Apr 2022 13:05:37 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: /v2/go?t=dtep7%3Ae%2F1.3dfedl5c2m1pacciak8p1o4o8d1209483%26vldtbds4e3.22pirfme%3Dstipp3w%25wF2%25F2wA.%25ltshe0-alax%2642d7%26%3DuIIo%3Ds0108030%3D1I8merb%3Fac4l2%2F5%2F4oa.alfcfa3tc%2F4sft1h&e=1&ai=a50bb149d0b4470e9cafd0f7878064d9&sct=0&ct=1649855137400&cu=e1b8aa4c2a5142a5adfff331ce47fe1d&ykuid=c3d9a16ccf9949698077dcce12fd2205&sc=1&cs=eae7467ca833c48d05089387001fbb1c
p3p: CP="CAO PSA OUR"
server: cloudflare

GET
H/1.1 200
OK / Show response
c.adsco.re/ Frame 8771 63 KB
25 KB 25ms
25ms XHR
text/html 2606:4700::6811:a7ba
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: http://c.adsco.re/
Requested by: Host: c.adsco.re
URL: http://c.adsco.re/
Protocol: HTTP/1.1
Server: 2606:4700::6811:a7ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: da1bc24aeafec2701dbdeed0d9f37421252a140e3307a71e4bc5fec4cec377e5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://c.adsco.re/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 13:05:36 GMT
Content-Encoding: gzip
CF-Cache-Status: HIT
Server: cloudflare
Age: 1265109
ETag: W/"WtfcKMteYs2dCZjgNMzUmw=="
Vary: Accept-Encoding
Content-Type: text/html
Link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=dns-prefetch
Cache-Control: public, max-age=2678400
Transfer-Encoding: chunked
Connection: keep-alive
CF-RAY: 6fb46a0c0d7f83be-MXP
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Expires: Sat, 14 May 2022 13:05:36 GMT

GET
H/1.1 200
OK 8c87edbd5cd98e5 Show response
ad.dazeadsrv1.media/deliver/js/ Frame EF45 3 KB
2 KB 79ms
51ms Script
text/javascript 116.203.132.93
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://ad.dazeadsrv1.media/deliver/js/8c87edbd5cd98e5?source_id=1848595
Requested by: Host: www.adexchangeguru.com
URL: http://www.adexchangeguru.com/ad/display.php?stamat=m%257CO2YherYiaQdH8AH0dEdHP3xP.b16%252CZMkKdRAQlkuDbgTABrav5E3KUkbQB17j8ZsXTsm1KP2tKUUlsMpV9XyouF_Ivdu5Hz7WN0MVT4qmQAB5FXeUuYxDHFkIJwigOFgCpA-IxNcq_LZdZlmvgxVYv-89on5e&cbpage=http://www.soccerjumbotv1.me/ads1.htm&cbur=0.36608830317422547&cbtitle=&cbiframe=1&cbWidth=1&cbHeight=1&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fnowlive.pro%2F
Protocol: HTTP/1.1
Server: 116.203.132.93 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.93.132.203.116.clients.your-server.de
Software: nginx /
Resource Hash: 4a8331170d091b7c9cd788693229cd66c7c0f2dc92bab350ed21b911791e50eb

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.adexchangeguru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 13:05:36 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Cache-Control: public, s-maxage=3551
Transfer-Encoding: chunked
Connection: keep-alive

GET
H/1.1

200
OK

cimp.php Show response
s.optnx.com/ Frame 3E82
Redirect Chain

https://witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER]
https://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1...

5 KB
2 KB

44ms
14ms

Document
text/html

95.211.229.248
LEASEWEB-NL-AMS-0...

General

Check archive.org

Show headers Download Go to

Full URL: https://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1vb2RQTlpIWFRITlZOSFhhN2JjN3FLNjU3YXFIVXp6VTJWV1R1bGM2cWFaMVU3cDNVeXVsZEs2VjFsTXpwWFN1bGRLNmQwN3BYU3VtZEs2VjB6cVpycmJxTHFOdDdlTTdicC5OYWFLSnJxSnFkOTlKdU5uVTJ6VFM3N2FiVDNjYTEzUzJaMFRWUzc3emJaenoxeTFPcnV0cXRsZHRuMzh2YmNRU0dMR0pMbk9sZEs2VjBycFhTdWxkSzZWd2ZZQS0mY29zdD0wLjAwMDU2NSZzb3VyY2U9YWRtYXZlbi5jb20mdmFyaWQ9NDIxNDc1NzImY2FtcGlkPTM5NDU4NTYmc2l0ZWlkPTgyODk2MyZ6b25laWQ9MzY2Mjg1MyZjYXRpZD01MTEmY291bnRyeT1ERVUmZm9ybWF0PXxodHRwc3wyMTcuNjQuMTUxLjY4fERFVXw1MnxhZG1hdmVuLmNvbXw1OTgxODZ8NDMwNjc1fDgyODk2M3wzNjYyODUzfDUxMXwzOTQ1ODU2fDQyMTQ3NTcyfDQwfDJ8MHwwfDc0MXw2OTg1ODB8NTYuNXw3NXxVU0R8VVNEfDF8MXwyMnx8MXxERVV8fDc0fDJ8MXx8NDE5ODkzOTNkZThmYTg5MmZjNDMzMTkzMTRlZWIxZmR8NDgxMTBlZGJkMjlmYzY5MDdhMzE1MGVlMWRhMjI2MDV8MHwyfGRhaWx5ZGVwb3J0cy5wd3wwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDB8MHxob3N0aW5nfHZwbnwwfDB8fDJ8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8T0t8MDRjNTM4NjMyY2I2ZmM3NWI0M2E0OGY4ZmU5ZTU5YWU-
Requested by: Host: www.dailydeports.pw
URL: https://www.dailydeports.pw/sj.html
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 95.211.229.248 , Netherlands, ASN60781 (LEASEWEB-NL-AMS-01 Netherlands, NL),
Reverse DNS: ds03.evo.0x3e.net
Software: nginx /
Resource Hash: edb3b3400c09201d7f89b5cf44959d8fd41f6f20eb25ec27c3ba9a56bd6dfc37

Request headers

Referer: https://www.dailydeports.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Apr 2022 13:05:37 GMT
Server: nginx
Transfer-Encoding: chunked

Redirect headers

accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cache-control: no-store, no-cache, must-revalidate, no-transform
content-length: 0
content-type: text/plain
date: Wed, 13 Apr 2022 13:05:37 GMT
location: https://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1vb2RQTlpIWFRITlZOSFhhN2JjN3FLNjU3YXFIVXp6VTJWV1R1bGM2cWFaMVU3cDNVeXVsZEs2VjFsTXpwWFN1bGRLNmQwN3BYU3VtZEs2VjB6cVpycmJxTHFOdDdlTTdicC5OYWFLSnJxSnFkOTlKdU5uVTJ6VFM3N2FiVDNjYTEzUzJaMFRWUzc3emJaenoxeTFPcnV0cXRsZHRuMzh2YmNRU0dMR0pMbk9sZEs2VjBycFhTdWxkSzZWd2ZZQS0mY29zdD0wLjAwMDU2NSZzb3VyY2U9YWRtYXZlbi5jb20mdmFyaWQ9NDIxNDc1NzImY2FtcGlkPTM5NDU4NTYmc2l0ZWlkPTgyODk2MyZ6b25laWQ9MzY2Mjg1MyZjYXRpZD01MTEmY291bnRyeT1ERVUmZm9ybWF0PXxodHRwc3wyMTcuNjQuMTUxLjY4fERFVXw1MnxhZG1hdmVuLmNvbXw1OTgxODZ8NDMwNjc1fDgyODk2M3wzNjYyODUzfDUxMXwzOTQ1ODU2fDQyMTQ3NTcyfDQwfDJ8MHwwfDc0MXw2OTg1ODB8NTYuNXw3NXxVU0R8VVNEfDF8MXwyMnx8MXxERVV8fDc0fDJ8MXx8NDE5ODkzOTNkZThmYTg5MmZjNDMzMTkzMTRlZWIxZmR8NDgxMTBlZGJkMjlmYzY5MDdhMzE1MGVlMWRhMjI2MDV8MHwyfGRhaWx5ZGVwb3J0cy5wd3wwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDB8MHxob3N0aW5nfHZwbnwwfDB8fDJ8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8T0t8MDRjNTM4NjMyY2I2ZmM3NWI0M2E0OGY4ZmU5ZTU5YWU-
p3p: CP="NID DSP ALL COR"
pragma: no-cache
server: openresty/1.17.8.2
via: 1.1 b17dca9c320b96e12b996848d121ffe4.cloudfront.net (CloudFront)
x-amz-cf-id: 5JqqizhOzmgCREvH0s8bPljV1uhzFI1O3sOwlJl5xxAS8UycNUU0VQ==
x-amz-cf-pop: DUS51-P2
x-cache: Miss from cloudfront

GET
H2 204 redirect
witalfieldt.com/ Frame 4C47 0
0 448ms
421ms Document
text/plain 108.157.4.96
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER]
Requested by: Host: www.dailydeports.pw
URL: https://www.dailydeports.pw/sj.html
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.157.4.96 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-157-4-96.dus51.r.cloudfront.net
Software: openresty/1.17.8.2 /
Resource Hash

Request headers

Referer: https://www.dailydeports.pw/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version
cache-control: no-store, no-cache, must-revalidate, no-transform
date: Wed, 13 Apr 2022 13:05:37 GMT
p3p: CP="NID DSP ALL COR"
pragma: no-cache
server: openresty/1.17.8.2
via: 1.1 b17dca9c320b96e12b996848d121ffe4.cloudfront.net (CloudFront)
x-amz-cf-id: c2UiIGRFHOq-Mw1NKkar8QYdMhcwok-RXRccaNWhkEdhv6nudpErng==
x-amz-cf-pop: DUS51-P2
x-cache: Miss from cloudfront

GET /
6.adsco.re/ Frame 8771 0
0

GET /
4.adsco.re/ Frame 8771 0
0

GET
H/1.1 200
OK 8c87edbd5cd98e5 Show response
ad.dazeadsrv1.media/deliver/token/ Frame EF45 1 KB
1 KB 43ms
43ms Script
text/javascript 116.203.132.93
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://ad.dazeadsrv1.media/deliver/token/8c87edbd5cd98e5?loc=http%3A%2F%2Fwww.adexchangeguru.com%2Fad%2Fdisplay.php%3Fstamat%3Dm%25257CO2YherYiaQdH8AH0dEdHP3xP.b16%25252CZMkKdRAQlkuDbgTABrav5E3KUkbQB17j8ZsXTsm1KP2tKUUlsMpV9XyouF_Ivdu5Hz7WN0MVT4qmQAB5FXeUuYxDHFkIJwigOFgCpA-IxNcq_LZdZlmvgxVYv-89on5e%26cbpage%3Dhttp%3A%2F%2Fwww.soccerjumbotv1.me%2Fads1.htm%26cbur%3D0.36608830317422547%26cbtitle%3D%26cbiframe%3D1%26cbWidth%3D1%26cbHeight%3D1%26cbdescription%3D%26cbkeywords%3D%26cbref%3Dhttp%253A%252F%252Fnowlive.pro%252F&vid=b81251fd-9356-0bef-c441-56aae41050c5&ref=http%3A%2F%2Fwww.soccerjumbotv1.me%2F&source_id=1848595
Requested by: Host: ad.dazeadsrv1.media
URL: http://ad.dazeadsrv1.media/deliver/js/8c87edbd5cd98e5?source_id=1848595
Protocol: HTTP/1.1
Server: 116.203.132.93 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.93.132.203.116.clients.your-server.de
Software: nginx /
Resource Hash: 9fed7f771c6455be6e39b39e4a9f53ee901b9ecba5242850eeca47042805a6af

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.adexchangeguru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date: Wed, 13 Apr 2022 13:05:36 GMT
Content-Encoding: gzip
Server: nginx
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Cache-Control: max-age=0, must-revalidate, private
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Wed, 13 Apr 2022 13:05:36 GMT

GET
H/1.1 200
OK 3913931a87e945874b91.gif
ad.dazeadsrv1.media/images/delivery/ Frame EF45 23 KB
23 KB 10ms
9ms Image
image/gif 116.203.132.93
HETZNER-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://ad.dazeadsrv1.media/images/delivery/3913931a87e945874b91.gif
Requested by: Host: www.adexchangeguru.com
URL: http://www.adexchangeguru.com/ad/display.php?stamat=m%257CO2YherYiaQdH8AH0dEdHP3xP.b16%252CZMkKdRAQlkuDbgTABrav5E3KUkbQB17j8ZsXTsm1KP2tKUUlsMpV9XyouF_Ivdu5Hz7WN0MVT4qmQAB5FXeUuYxDHFkIJwigOFgCpA-IxNcq_LZdZlmvgxVYv-89on5e&cbpage=http://www.soccerjumbotv1.me/ads1.htm&cbur=0.36608830317422547&cbtitle=&cbiframe=1&cbWidth=1&cbHeight=1&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fnowlive.pro%2F
Protocol: HTTP/1.1
Server: 116.203.132.93 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS: static.93.132.203.116.clients.your-server.de
Software: nginx /
Resource Hash: 81686e0aa37dfd7734f9b3a043fe5fc872dc3bf9b1dbf1acb30500e91db6a7b7

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.adexchangeguru.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Pragma: public
Date: Wed, 13 Apr 2022 13:05:36 GMT
Last-Modified: Tue, 27 Apr 2021 09:11:38 GMT
Server: nginx
ETag: "6087d54a-5ac5"
Content-Type: image/gif
Cache-Control: max-age=172800, public, must-revalidate, proxy-revalidate
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 23237
Expires: Fri, 15 Apr 2022 13:05:36 GMT

POST
H/1.1 200
OK p Show response
adsco.re/ 363 B
864 B 38ms
38ms XHR
text/html 162.252.214.5
TUT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://adsco.re/p
Requested by: Host: c.adsco.re
URL: https://c.adsco.re/
Protocol: HTTP/1.1
Server: 162.252.214.5 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
Software: /
Resource Hash: 6bac9bc4b18e460bbb104a8dc22868a6345255fee90ddff2e97b72bb22f1896f

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

AS-P-G: OK
Date: Wed, 13 Apr 2022 13:05:36 GMT
AS-P-7: OK
AS-P-9: OK
AS-P-C: OK
Transfer-Encoding: chunked
AS-P-5: OK
AS-P-F: OK
Connection: keep-alive
Content-Encoding: gzip
AS-P-2: OK
AS-P-D: OK
AS-P-6: OK
AS-P-B: OK
AS-P-H: OK
AS-P-4: OK
AS-P-A: OK
Access-Control-Max-Age: 2592000
AS-P-1: OK lon123
Access-Control-Allow-Origin: http://nowlive.pro
Cache-Control: no-transform
Access-Control-Allow-Credentials: true
AS-P-8: OK
Content-Type: text/html; charset=UTF-8
AS-P-E: OK
AS-P-3: OK

GET
H2 200 v2 Show response
de.tynt.com/deb/ 4 B
202 B 512ms
106ms Script
application/javascript 67.202.105.33
STEADFAST

General

Check archive.org

Show headers Download Go to

Full URL: https://de.tynt.com/deb/v2?id=w!nowlivepro&dn=TC&cc=1&r=
Requested by: Host: cdn.tynt.com
URL: https://cdn.tynt.com/tc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.33 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip33.67-202-105.static.steadfastdns.net
Software: /
Resource Hash: d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/1/101.html?id=109
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:36 GMT
cache-control: max-age=86400
content-type: application/javascript
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
content-length: 4
expires: Thu, 14 Apr 2022 13:05:37 GMT

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 106ms
106ms Image
text/plain 67.202.105.31
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!nowlivepro&lm=0&ts=1649855138110&dn=TC&iso=0&t=nowlive.pro
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.31 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip31.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/1/101.html?id=109
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:37 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H/1.1 200
OK rGCLow.html Show response
antiadblocksystems.com/ 44 B
277 B 229ms
215ms Script
text/javascript 208.95.113.2
TUT-AS

General

Check archive.org

Show headers Download Go to

Full URL: http://antiadblocksystems.com/rGCLow.html?_=BAoAYlbKoAFiVsqggAGBAsAAINE99X-1Fd0c2MtclQHQA7aES-eUPo-_CkFFjc8s5RoawQBIMEYCIQCHnZlgCSfGSGW2JoWL54UKhuK-fjY-Mf0_0OEKJm2p3AIhAIplRXOKRKtuPUwe5-t0OcW-tWq61Z-zrTI0lzOtvq6uwgAgo3Oh4P3XKdnWzqHxD4D8g614JPqUIMyCZauz-uFshdvEABAgAQrIACA9ABARa9c8yDRExQAQkeMS8vc0-EAT60T-w_JuxcMARjBEAiByhpYxzpmssiquQtKL3KUzv3NK-JhH_bLLRxFYKmjXawIgGzGaTcrL-KROs-HzeMhj7BthNlTogStgkdbiGhaAhY0&v=4&oNGAERXS=2383201&minBid=&YplHiuvS=0,0&bkPIpmiy=&scTitPKE=&s=1600,1200,1,1600,1200,0
Requested by: Host: www.antiadblocksystems.com
URL: https://www.antiadblocksystems.com/intro.min.js
Protocol: HTTP/1.1
Server: 208.95.113.2 , United States, ASN53334 (TUT-AS, US),
Reverse DNS
Software: /
Resource Hash: 9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:37 GMT
asf: 9
access-control-allow-origin: *
content-type: text/javascript;charset=UTF-8
popads-ec: ASB
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
content-length: 44

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 106ms
106ms Image
text/plain 67.202.105.31
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!nowlivepro&lm=0&ts=1649855138110&dn=TC&iso=0&t=nowlive.pro
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.31 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip31.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/1/101.html?id=109
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:37 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 106ms
106ms Image
text/plain 67.202.105.31
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!nowlivepro&lm=0&ts=1649855138110&dn=TC&iso=0
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.31 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip31.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/1/101.html?id=109
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:37 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET 101.m3u8
init.cheches.info/hls/ 0
0

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 108ms
107ms Image
text/plain 67.202.105.31
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!nowlivepro&lm=0&ts=1649855138110&dn=TC&iso=0
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.31 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip31.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/1/101.html?id=109
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:37 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 106ms
106ms Image
text/plain 67.202.105.31
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!nowlivepro&lm=0&ts=1649855138110&dn=TC&iso=0
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.31 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip31.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/1/101.html?id=109
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:37 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H3

200

go Show response
r.srvtrck.com/v2/ Frame 3E82
Redirect Chain

https://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1...
https://abc.wwija.com/click.php?key=9tz2gymnylbpc4gs2a74&tag=oodPNZHXTHNVNHXa7bc7qK657aqHUzzU2VWTulc6qaZ1U7p3UyuldK6V1lMzpXSuldK6d07pXSumdK6V0zqZrrbqLqNt7eM7bp.NaaKJrqJqd99JuNnU2zTS77abT3ca13S2Z0TV...
https://r.srvtrck.com/v1/redirect?type=linkId&id=4dd57bc196784dc18e7f6d732e0ea973&api_key=9f389a84fd636114184e76a631ea9d8b&site_id=7add72c8711b449ea56ff14a1578bbe2&dch=feed&ad_t=advertiser&yk_tag=4...
https://r.srvtrck.com/v2/go?t=9t3p4%3A9%2F0.edae0l3c6mdp4c3i8k5p0o4o6d1101493%26vldtbds4e3.2apirkmh%3D.twpF3%25%252FA2%25wtwhs0aatam%26t2d7%26%3DuIIo%3Ds0203070%3D1I8mara%3F6cdl2%2Fa%2F4o6.aleceadt...

1 KB
745 B

46ms
46ms

Document
text/html

2606:4700::6813:a860
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://r.srvtrck.com/v2/go?t=9t3p4%3A9%2F0.edae0l3c6mdp4c3i8k5p0o4o6d1101493%26vldtbds4e3.2apirkmh%3D.twpF3%25%252FA2%25wtwhs0aatam%26t2d7%26%3DuIIo%3Ds0203070%3D1I8mara%3F6cdl2%2Fa%2F4o6.aleceadtb%2F6s8t9h&e=1&ai=aecae0da294d4e109fd2487eee5ce4fd&sct=0&ct=1649855137597&cu=a0a568d324ad4663a0eaeed0b9648399&ykuid=14624eec61b74c97b84fb20b932c3219&sc=1&cs=3eb4b56e6b1e08cce7051e72857f88dd
Requested by: Host: s.optnx.com
URL: https://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1vb2RQTlpIWFRITlZOSFhhN2JjN3FLNjU3YXFIVXp6VTJWV1R1bGM2cWFaMVU3cDNVeXVsZEs2VjFsTXpwWFN1bGRLNmQwN3BYU3VtZEs2VjB6cVpycmJxTHFOdDdlTTdicC5OYWFLSnJxSnFkOTlKdU5uVTJ6VFM3N2FiVDNjYTEzUzJaMFRWUzc3emJaenoxeTFPcnV0cXRsZHRuMzh2YmNRU0dMR0pMbk9sZEs2VjBycFhTdWxkSzZWd2ZZQS0mY29zdD0wLjAwMDU2NSZzb3VyY2U9YWRtYXZlbi5jb20mdmFyaWQ9NDIxNDc1NzImY2FtcGlkPTM5NDU4NTYmc2l0ZWlkPTgyODk2MyZ6b25laWQ9MzY2Mjg1MyZjYXRpZD01MTEmY291bnRyeT1ERVUmZm9ybWF0PXxodHRwc3wyMTcuNjQuMTUxLjY4fERFVXw1MnxhZG1hdmVuLmNvbXw1OTgxODZ8NDMwNjc1fDgyODk2M3wzNjYyODUzfDUxMXwzOTQ1ODU2fDQyMTQ3NTcyfDQwfDJ8MHwwfDc0MXw2OTg1ODB8NTYuNXw3NXxVU0R8VVNEfDF8MXwyMnx8MXxERVV8fDc0fDJ8MXx8NDE5ODkzOTNkZThmYTg5MmZjNDMzMTkzMTRlZWIxZmR8NDgxMTBlZGJkMjlmYzY5MDdhMzE1MGVlMWRhMjI2MDV8MHwyfGRhaWx5ZGVwb3J0cy5wd3wwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDB8MHxob3N0aW5nfHZwbnwwfDB8fDJ8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8T0t8MDRjNTM4NjMyY2I2ZmM3NWI0M2E0OGY4ZmU5ZTU5YWU-
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6813:a860 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d20c5b9a4ceeab02c5b21d4b33c1375e48ffff975081d160401e15e621dfebb5

Request headers

Referer: https://s.optnx.com/cimp.php?data=TVRZME9UZzFOVEV6Tm54bVpETmtaVE5sWXpaa01tUXhNV1pqWWpkbFlUUTVZV1JsTW1SbVpEUTRZUS0tfGh0dHBzOi8vYWJjLnd3aWphLmNvbS9jbGljay5waHA_a2V5PTl0ejJneW1ueWxicGM0Z3MyYTc0JnRhZz1vb2RQTlpIWFRITlZOSFhhN2JjN3FLNjU3YXFIVXp6VTJWV1R1bGM2cWFaMVU3cDNVeXVsZEs2VjFsTXpwWFN1bGRLNmQwN3BYU3VtZEs2VjB6cVpycmJxTHFOdDdlTTdicC5OYWFLSnJxSnFkOTlKdU5uVTJ6VFM3N2FiVDNjYTEzUzJaMFRWUzc3emJaenoxeTFPcnV0cXRsZHRuMzh2YmNRU0dMR0pMbk9sZEs2VjBycFhTdWxkSzZWd2ZZQS0mY29zdD0wLjAwMDU2NSZzb3VyY2U9YWRtYXZlbi5jb20mdmFyaWQ9NDIxNDc1NzImY2FtcGlkPTM5NDU4NTYmc2l0ZWlkPTgyODk2MyZ6b25laWQ9MzY2Mjg1MyZjYXRpZD01MTEmY291bnRyeT1ERVUmZm9ybWF0PXxodHRwc3wyMTcuNjQuMTUxLjY4fERFVXw1MnxhZG1hdmVuLmNvbXw1OTgxODZ8NDMwNjc1fDgyODk2M3wzNjYyODUzfDUxMXwzOTQ1ODU2fDQyMTQ3NTcyfDQwfDJ8MHwwfDc0MXw2OTg1ODB8NTYuNXw3NXxVU0R8VVNEfDF8MXwyMnx8MXxERVV8fDc0fDJ8MXx8NDE5ODkzOTNkZThmYTg5MmZjNDMzMTkzMTRlZWIxZmR8NDgxMTBlZGJkMjlmYzY5MDdhMzE1MGVlMWRhMjI2MDV8MHwyfGRhaWx5ZGVwb3J0cy5wd3wwfDB8MHwwfDF8MHxleGNoYW5nZV9saW5rfDB8MHwwfC0xfDB8MHxob3N0aW5nfHZwbnwwfDB8fDJ8MHwwfDB8MHwwfDF8MHx8OHwxfE1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMDAuMC40ODk2Ljc1IFNhZmFyaS81MzcuMzZ8T0t8MDRjNTM4NjMyY2I2ZmM3NWI0M2E0OGY4ZmU5ZTU5YWU-
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 6fb46a123a490e1e-MXP
content-encoding: br
content-type: text/html;charset=UTF-8
date: Wed, 13 Apr 2022 13:05:37 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare

Redirect headers

alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 6fb46a11a9250e1e-MXP
content-length: 0
date: Wed, 13 Apr 2022 13:05:37 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
location: /v2/go?t=9t3p4%3A9%2F0.edae0l3c6mdp4c3i8k5p0o4o6d1101493%26vldtbds4e3.2apirkmh%3D.twpF3%25%252FA2%25wtwhs0aatam%26t2d7%26%3DuIIo%3Ds0203070%3D1I8mara%3F6cdl2%2Fa%2F4o6.aleceadtb%2F6s8t9h&e=1&ai=aecae0da294d4e109fd2487eee5ce4fd&sct=0&ct=1649855137597&cu=a0a568d324ad4663a0eaeed0b9648399&ykuid=14624eec61b74c97b84fb20b932c3219&sc=1&cs=3eb4b56e6b1e08cce7051e72857f88dd
p3p: CP="CAO PSA OUR"
server: cloudflare

GET
H2 204 p
ic.tynt.com/b/ 0
227 B 106ms
106ms Image
text/plain 67.202.105.31
STEADFAST

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ic.tynt.com/b/p?id=w!nowlivepro&lm=0&ts=1649855138110&dn=TC&iso=0
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 67.202.105.31 , United States, ASN32748 (STEADFAST, US),
Reverse DNS: ip31.67-202-105.static.steadfastdns.net
Software: nginx/1.16.1 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://nowlive.pro/1/101.html?id=109
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date: Wed, 13 Apr 2022 13:05:37 GMT
cache-control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
expires: "Sat, 26 Jul 1997 05:00:00 GMT"
server: nginx/1.16.1
p3p: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"

GET
H2

200

forward Show response
t.adcell.com/ Frame EFF9
Redirect Chain

https://t.adcell.com/p/click?promoId=239881&slotId=47322&param0=http%3A%2F%2Fwww.plissee-flix24.de&subId=v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d
https://t.adcell.com/forward?promoId=239881&slotId=47322&param0=http%3A%2F%2Fwww.plissee-flix24.de&subId=v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&referer=

12 KB
4 KB

73ms
72ms

Document
text/html

2a02:cb40:200::242
SOPRADO-ANY

General

Check archive.org

Show headers Download Go to

Full URL

https://t.adcell.com/forward?promoId=239881&slotId=47322&param0=http%3A%2F%2Fwww.plissee-flix24.de&subId=v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&referer=

Requested by

Host: r.srvtrck.com
URL: https://r.srvtrck.com/v2/go?t=dtep7%3Ae%2F1.3dfedl5c2m1pacciak8p1o4o8d1209483%26vldtbds4e3.22pirfme%3Dstipp3w%25wF2%25F2wA.%25ltshe0-alax%2642d7%26%3DuIIo%3Ds0108030%3D1I8merb%3Fac4l2%2F5%2F4oa.alfcfa3tc%2F4sft1h&e=1&ai=a50bb149d0b4470e9cafd0f7878064d9&sct=0&ct=1649855137400&cu=e1b8aa4c2a5142a5adfff331ce47fe1d&ykuid=c3d9a16ccf9949698077dcce12fd2205&sc=1&cs=eae7467ca833c48d05089387001fbb1c

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a02:cb40:200::242 , Germany, ASN20546 (SOPRADO-ANY, DE),

Reverse DNS

Software

myracloud /

Resource Hash

25da9d4fa6256b9283d0fb50c0d160f3cb619c5132812a0db43c377ca3e16d0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://r.srvtrck.com/v2/go?t=dtep7%3Ae%2F1.3dfedl5c2m1pacciak8p1o4o8d1209483%26vldtbds4e3.22pirfme%3Dstipp3w%25wF2%25F2wA.%25ltshe0-alax%2642d7%26%3DuIIo%3Ds0108030%3D1I8merb%3Fac4l2%2F5%2F4oa.alfcfa3tc%2F4sft1h&e=1&ai=a50bb149d0b4470e9cafd0f7878064d9&sct=0&ct=1649855137400&cu=e1b8aa4c2a5142a5adfff331ce47fe1d&ykuid=c3d9a16ccf9949698077dcce12fd2205&sc=1&cs=eae7467ca833c48d05089387001fbb1c
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0
content-encoding: gzip
content-length: 3805
content-type: text/html; charset=utf-8
date: Wed, 13 Apr 2022 13:05:37 GMT
etag: "myra-4f83cfea"
expires: Wed, 13 Apr 2022 13:05:37 GMT
server: myracloud
strict-transport-security: max-age=15768000
vary: accept-encoding

Redirect headers

cache-control: max-age=0
content-length: 0
content-type: text/html
date: Wed, 13 Apr 2022 13:05:37 GMT
expires: Wed, 13 Apr 2022 13:05:37 GMT
location: https://t.adcell.com/forward?promoId=239881&slotId=47322&param0=http%3A%2F%2Fwww.plissee-flix24.de&subId=v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&referer=
server: myracloud
strict-transport-security: max-age=15768000

GET
H2

200

forward Show response
t.adcell.com/ Frame 3E82
Redirect Chain

https://t.adcell.com/p/click?promoId=171392&slotId=47322&param0=http%3A%2F%2Fwww.shaktimat.de&subId=v030400011684a0a568d324ad4663a0eaeed0b9648399
https://t.adcell.com/forward?promoId=171392&slotId=47322&param0=http%3A%2F%2Fwww.shaktimat.de&subId=v030400011684a0a568d324ad4663a0eaeed0b9648399&referer=

12 KB
4 KB

267ms
267ms

Document
text/html

2a02:cb40:200::242
SOPRADO-ANY

General

Check archive.org

Show headers Download Go to

Full URL

https://t.adcell.com/forward?promoId=171392&slotId=47322&param0=http%3A%2F%2Fwww.shaktimat.de&subId=v030400011684a0a568d324ad4663a0eaeed0b9648399&referer=

Requested by

Host: r.srvtrck.com
URL: https://r.srvtrck.com/v2/go?t=9t3p4%3A9%2F0.edae0l3c6mdp4c3i8k5p0o4o6d1101493%26vldtbds4e3.2apirkmh%3D.twpF3%25%252FA2%25wtwhs0aatam%26t2d7%26%3DuIIo%3Ds0203070%3D1I8mara%3F6cdl2%2Fa%2F4o6.aleceadtb%2F6s8t9h&e=1&ai=aecae0da294d4e109fd2487eee5ce4fd&sct=0&ct=1649855137597&cu=a0a568d324ad4663a0eaeed0b9648399&ykuid=14624eec61b74c97b84fb20b932c3219&sc=1&cs=3eb4b56e6b1e08cce7051e72857f88dd

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a02:cb40:200::242 , Germany, ASN20546 (SOPRADO-ANY, DE),

Reverse DNS

Software

myracloud /

Resource Hash

d0a22d5f2ee82f60bf7fb299f8d4975105698dbc05ba9f6615b0bc4fe1439cbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000

Request headers

Referer: https://r.srvtrck.com/v2/go?t=9t3p4%3A9%2F0.edae0l3c6mdp4c3i8k5p0o4o6d1101493%26vldtbds4e3.2apirkmh%3D.twpF3%25%252FA2%25wtwhs0aatam%26t2d7%26%3DuIIo%3Ds0203070%3D1I8mara%3F6cdl2%2Fa%2F4o6.aleceadtb%2F6s8t9h&e=1&ai=aecae0da294d4e109fd2487eee5ce4fd&sct=0&ct=1649855137597&cu=a0a568d324ad4663a0eaeed0b9648399&ykuid=14624eec61b74c97b84fb20b932c3219&sc=1&cs=3eb4b56e6b1e08cce7051e72857f88dd
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0
content-encoding: gzip
content-length: 3798
content-type: text/html; charset=utf-8
date: Wed, 13 Apr 2022 13:05:38 GMT
etag: "myra-4f83ccd5"
expires: Wed, 13 Apr 2022 13:05:37 GMT
server: myracloud
strict-transport-security: max-age=15768000
vary: accept-encoding

Redirect headers

cache-control: max-age=0
content-length: 0
content-type: text/html
date: Wed, 13 Apr 2022 13:05:37 GMT
expires: Wed, 13 Apr 2022 13:05:37 GMT
location: https://t.adcell.com/forward?promoId=171392&slotId=47322&param0=http%3A%2F%2Fwww.shaktimat.de&subId=v030400011684a0a568d324ad4663a0eaeed0b9648399&referer=
server: myracloud
strict-transport-security: max-age=15768000

GET
H2

200

/
plissee-flix24.de/ Frame EFF9
Redirect Chain

https://t.adcell.com/p/click?promoId=239881&slotId=47322&param0=http%3A%2F%2Fwww.plissee-flix24.de&subId=v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&referer=&fp=2099bf41acc92cbfb5d45da8128ef1ea
http://www.plissee-flix24.de/?bid=239881-47322-v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&adcref=
https://www.plissee-flix24.de/?bid=239881-47322-v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&adcref=
https://plissee-flix24.de/?bid=239881-47322-v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&adcref=

0
0

857ms
847ms

Document
text/html

188.34.158.95
HETZNER-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://plissee-flix24.de/?bid=239881-47322-v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&adcref=

Requested by

Host: t.adcell.com
URL: https://t.adcell.com/forward?promoId=239881&slotId=47322&param0=http%3A%2F%2Fwww.plissee-flix24.de&subId=v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&referer=

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

188.34.158.95 , Germany, ASN24940 (HETZNER-AS, DE),

Reverse DNS

static.95.158.34.188.clients.your-server.de

Software

nginx /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://t.adcell.com/forward?promoId=239881&slotId=47322&param0=http%3A%2F%2Fwww.plissee-flix24.de&subId=v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&referer=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 1496
cache-control: no-cache, private
content-encoding: gzip
content-type: text/html; charset=UTF-8
date: Wed, 13 Apr 2022 13:05:37 GMT
link: </web/cache/1649230019_86d52d47a85ddbda4b75e0aca7511169.js>; rel="preload"; as="script"
server: nginx
vary: Accept-Encoding
x-content-digest: en4dfacb65e104f0bda656e2dae878a6f6f61cd1a2462119cb8c13b4c44a31ded5
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

content-length: 162
content-type: text/html
date: Wed, 13 Apr 2022 13:05:37 GMT
location: https://plissee-flix24.de/?bid=239881-47322-v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d&adcref=
server: nginx

GET click
t.adcell.com/p/ Frame 3E82 0
0

GET
H/1.1 204
No Content i.php
www.adexchangeguru.com/script/ Frame EF45 0
162 B 129ms
129ms Image
text/plain 35.201.126.110
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: http://www.adexchangeguru.com/script/i.php?stamat=m%257C%252C%252Cg2JuIhZ7oGU3Bp-GH0dEdHP3xP.15b%252CA5M1_8zza_j9_NFxtxEd3ptS0hWuULQ4VzGr628LwpiACK1VnMZLK44ZSmhdKuBQNWsP3H-6HheJLWapKQUaLTfAtP6TCbROz_0hVU5Q1VL8Xi9DqXoZjVeOD04u0_ZwFCBzcIrnGbY7zb8FeRBrcc1kI0atcjWwyZJ9obeZxKzhv-dGc4rlHXDUJ5eE99dzhf0ov4Lw7nHEnPmcJtE_faX-GLx4VlN_mpf6F0gqLQv50qZezuO4-iKlXpZ8NBsMCK7EXVA4OUiY3DydmbGaxrWrU3id5ckziOHpd-TdP0Vq0vdGnWGx1FsKH8-LyoVGEHY4u9pdGZcSbn3z40jyn2eDz0M5viod7PLo0yONXFUn8VNATrqtTILZCWDxoxxU8SUJj8_x7-zihKzCmT40pIAs_Gd1B20iZECp7Grz1yR2o9ANgTQJo40VEwvrbEXS-2eS96sYhb-G4QyN8Fa31Yyoxnq_zSMaaQSYTurfFs0NjhcYcjUccXoILqO_SBbDc_yg0I1TwXwwCrhNsaG_zw%252C%252C
Requested by: Host: nowlive.pro
URL: http://nowlive.pro/1/101.html?id=109
Protocol: HTTP/1.1
Server: 35.201.126.110 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 110.126.201.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: http://www.adexchangeguru.com/ad/display.php?stamat=m%257CO2YherYiaQdH8AH0dEdHP3xP.b16%252CZMkKdRAQlkuDbgTABrav5E3KUkbQB17j8ZsXTsm1KP2tKUUlsMpV9XyouF_Ivdu5Hz7WN0MVT4qmQAB5FXeUuYxDHFkIJwigOFgCpA-IxNcq_LZdZlmvgxVYv-89on5e&cbpage=http://www.soccerjumbotv1.me/ads1.htm&cbur=0.36608830317422547&cbtitle=&cbiframe=1&cbWidth=1&cbHeight=1&cbdescription=&cbkeywords=&cbref=http%3A%2F%2Fnowlive.pro%2F
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 13 Apr 2022 13:05:38 GMT
Via: 1.1 google
Referrer-Policy: no-referrer
Server: openresty

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: init.cheches.info
URL: http://init.cheches.info/hls/101.m3u8

Domain: 6.adsco.re
URL: http://6.adsco.re/

Domain: 4.adsco.re
URL: http://4.adsco.re/

Domain: init.cheches.info
URL: http://init.cheches.info/hls/101.m3u8

Domain: t.adcell.com
URL: https://t.adcell.com/p/click?promoId=171392&slotId=47322&param0=http%3A%2F%2Fwww.shaktimat.de&subId=v030400011684a0a568d324ad4663a0eaeed0b9648399&referer=&fp=2099bf41acc92cbfb5d45da8128ef1ea

Verdicts & Comments Add Verdict or Comment

64 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
bedrapiona.com/	1970-01-20 11:03:11	Name: OAID Value: f264935851c749cfbca83811db54bc61
bedrapiona.com/	1970-01-20 11:03:11	Name: oaidts Value: 1649855136
my.rtmark.net/	1970-01-20 11:03:11	Name: ID Value: f264935851c749cfbca83811db54bc61
.dtscout.com/	1970-01-20 02:17:40	Name: m Value: 1
.dtscout.com/	1970-01-20 02:17:53	Name: b Value: 1
.dtscout.com/	1970-01-20 02:17:49	Name: oa Value: 1
.dtscout.com/	1970-01-20 04:41:35	Name: df Value: 1649855136
nowlive.pro/	1970-01-20 02:18:00	Name: a Value: EQIpWQNvWoxCf5TOJWBH8KTVAoqJwKJm
abc.wwija.com/	1970-01-20 02:19:01	Name: uclick Value: 3vwfqqusvr
nowlive.pro/	1970-01-20 02:17:56	Name: token_QpUJAAAAAAAAGu98Hdz1l_lcSZ2rY60Ajjk9U1c Value: BAoAYlbKoAFiVsqggAGBAsAAINE99X-1Fd0c2MtclQHQA7aES-eUPo-_CkFFjc8s5RoawQBIMEYCIQCHnZlgCSfGSGW2JoWL54UKhuK-fjY-Mf0_0OEKJm2p3AIhAIplRXOKRKtuPUwe5-t0OcW-tWq61Z-zrTI0lzOtvq6uwgAgo3Oh4P3XKdnWzqHxD4D8g614JPqUIMyCZauz-uFshdvEABAgAQrIACA9ABARa9c8yDRExQAQkeMS8vc0-EAT60T-w_JuxcMARjBEAiByhpYxzpmssiquQtKL3KUzv3NK-JhH_bLLRxFYKmjXawIgGzGaTcrL-KROs-HzeMhj7BthNlTogStgkdbiGhaAhY0
nowlive.pro/	1970-01-20 02:17:56	Name: _popprepop Value: 1
.optnx.com/	1970-01-20 19:48:47	Name: __uvt Value: a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226256caa15aab46.457101093870378055%22%3B%7D
.optnx.com/	1970-01-20 02:19:01	Name: c-tag Value: %7B%22tag-link%22%3A%22v3%7C%7CDEU%7C3662853%7C42147572%7C0%7C%7C511%7C52%7C2%7C40%7C0%7C0%7C0%7C741%7C0%7C0%7C0%7C0%7C5%7C4242%7C0%7C0%7C1%7C0%7C0%7C1%7C6256caa15aab46.457101093870378055%7C48110edbd29fc6907a3150ee1da22605%7C698580%7Cdailydeports.pw%7C1600x1200%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
abc.wwija.com/	1970-01-20 02:19:01	Name: uclickhash Value: 3vwfqqusvr-3vwfqqxs8n-oj-0-15-eja3-dvh9-3adcb9
t.adcell.com/	1970-01-20 02:24:47	Name: ADCELLpid8838 Value: 239881-47322-v030400011884e1b8aa4c2a5142a5adfff331ce47fe1d%23%23%23%23%40%40%40%401649855137
t.adcell.com/	1970-01-20 04:27:11	Name: ADCELLpid6474 Value: 171392-47322-v030400011684a0a568d324ad4663a0eaeed0b9648399%23%23%23%23%40%40%40%401649855138

10 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: http://5vpbnbkiey24.com/21/51/07/21510760b6d533922bc4866e828f0d11.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
javascript	error	URL: http://nowlive.pro/1/101.html?id=109 Message: Access to XMLHttpRequest at 'http://init.cheches.info/hls/101.m3u8' from origin 'http://nowlive.pro' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: http://init.cheches.info/hls/101.m3u8 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: http://5vpbnbkiey24.com/c49d093f9cdd880dc59bd41a83919bf5/invoke.js Message: Failed to load resource: the server responded with a status of 403 (Forbidden)
security	error	URL: https://www.dailydeports.pw/sj.html(Line 60) Message: Mixed Content: The page at 'https://www.dailydeports.pw/sj.html' was loaded over HTTPS, but requested an insecure frame 'http://witalfieldt.com/redirect?tid=698580&&ref=[URI_ENCODED_REFERER]'. This request has been blocked; the content must be served over HTTPS.
security	error	URL: https://www.dailydeports.pw/sj.html(Line 61) Message: Mixed Content: The page at 'https://www.dailydeports.pw/sj.html' was loaded over HTTPS, but requested an insecure frame 'http://witalfieldt.com/redirect?tid=698678&&ref=[URI_ENCODED_REFERER]'. This request has been blocked; the content must be served over HTTPS.
javascript	error	URL: http://nowlive.pro/1/101.html?id=109 Message: Access to XMLHttpRequest at 'http://init.cheches.info/hls/101.m3u8' from origin 'http://nowlive.pro' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: http://init.cheches.info/hls/101.m3u8 Message: Failed to load resource: net::ERR_FAILED
security	error	URL: https://t.adcell.com/forward?promoId=171392&slotId=47322&param0=http%3A%2F%2Fwww.shaktimat.de&subId=v030400011684a0a568d324ad4663a0eaeed0b9648399&referer=(Line 312) Message: Mixed Content: The page at 'https://www.dailydeports.pw/sj.html' was loaded over HTTPS, but requested an insecure frame 'http://www.shaktimat.de/?utm_source=adcell&utm_medium=affiliate&utm_term=deeplink&utm_campaign=104526&bid=171392-47322-v030400011684a0a568d324ad4663a0eaeed0b9648399&adcref='. This request has been blocked; the content must be served over HTTPS.
other	error	URL: chrome-error://chromewebdata/ Message: Refused to display 'https://plissee-flix24.de/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1.bp.blogspot.com
4.adsco.re
5vpbnbkiey24.com
6.adsco.re
abc.wwija.com
ad.dazeadsrv1.media
adsco.re
antiadblocksystems.com
bedrapiona.com
c.adsco.re
cdn.tynt.com
cdnjs.cloudflare.com
cdnondemand.org
de.tynt.com
ic.tynt.com
iclickcdn.com
init.cheches.info
mbpofnohmaof.l4.adsco.re
mbpofnohmaof.n4.adsco.re
mbpofnohmaof.s4.adsco.re
my.rtmark.net
nowlive.pro
plissee-flix24.de
r.srvtrck.com
releases.flowplayer.org
s.optnx.com
t.adcell.com
t.dtscout.com
whos.amung.us
widgets.amung.us
witalfieldt.com
www.adexchangeguru.com
www.antiadblocksystems.com
www.dailydeports.pw
www.gstatic.com
www.nowlive.pro
www.plissee-flix24.de
www.soccerjumbotv1.me
youradexchange.com
4.adsco.re
6.adsco.re
init.cheches.info
t.adcell.com
104.18.28.199
108.157.4.96
116.203.132.93
139.45.195.8
139.45.197.234
162.252.214.5
167.114.209.61
185.200.116.90
185.200.118.90
188.34.158.95
192.243.59.12
208.95.113.2
2606:4700:10::6816:4bab
2606:4700:20::681a:d76
2606:4700::6810:a610
2606:4700::6811:190e
2606:4700::6811:a6ba
2606:4700::6811:a7ba
2606:4700::6813:a860
2a00:1450:4001:813::2003
2a00:1450:4001:82b::2001
2a02:6ea0:c700::4
2a02:cb40:200::242
2a06:98c1:3120::7
2a06:98c1:3121::7
35.190.41.116
35.201.126.110
38.132.109.186
45.141.156.196
67.202.105.31
67.202.105.33
67.202.94.86
95.211.229.248
99.86.4.125
1197ec39e73a79ec196e1095b6d7c37f0260995e28e1ce17da3d1e1cfdea9aca
20e7bcc54a94149e59e497c1847b1ca931a218b573cb415f1503d0b30916e167
2347066080fea31af55c7112dca5245ea3eea67df5f24f1daae09f0870fbce62
25da9d4fa6256b9283d0fb50c0d160f3cb619c5132812a0db43c377ca3e16d0e
2a3d1aa5f7d6eeae6725637392ba28c6323d9248d67570af32e2f4b6e3d0e4ed
2c878cc621426b99894afddff5c5a4309117ce1f9c290df8f7f1a1d1789b6abf
3494eaf7f5511a3550dbdcee7811159175090ba7b6d9edb453919af0a891b350
3a682ad13e1535e4077c573179247c072d7891ad507c73b7466163562f6c2fa8
3b4535204ed1873a7f3a7b619752d83520d96552ca1e69ad1b254a4a2f906942
3dddff067978d36c4fe4a9de9b4334d20ecd5cfb1be75367a48cdd4f19b7c257
43a833759ab9c026eac51b957b3379342092f5e67283c24ae6abee1621199d49
4a8331170d091b7c9cd788693229cd66c7c0f2dc92bab350ed21b911791e50eb
58191e2d40f8b78e8c3c6d58c42612dcdf110a86055b662d54f0739dab1e0c9b
676b7fcb662822833ca633f1e26c68236067f30530dea79dab00be4cd8f9ef9a
6b331bab7fa4a31812f231aba4a0600a348a515e8f2f36a8ff89b29ef93b62dc
6bac9bc4b18e460bbb104a8dc22868a6345255fee90ddff2e97b72bb22f1896f
6c4ba8d0db29ad1fe8732590c52af262afbcdb592c346934fd2bb25ff1ce8a1b
71babba1068e8080c6f125db5eef4085c1576b34f66a289e4508225e0fb3db27
7897e6c5ef53a79624d29204b978a03bb150f6141518643d09f7ac9c7665a08a
7a519555fe4e9b4c127d8b7ec03c4d0e40f38f23f3797e5e62a7bd310a0bcae0
81686e0aa37dfd7734f9b3a043fe5fc872dc3bf9b1dbf1acb30500e91db6a7b7
867e8c0f65910529d214a22ff58f5ad38158e1c104cc1706c94d5f4d3780944c
8d51fe9c168cee56ca7545f3c2a4cd0e5ebab7b1b042cb14543861f233027e04
9b7469d8fba6e9d71beec83d90b3a7658aa4b61a2d4e6cdb36fa0b89f8de11af
9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5
9fed7f771c6455be6e39b39e4a9f53ee901b9ecba5242850eeca47042805a6af
a55b32c353f6dee85e5444bfff5edfd08b0be9c3d1c90728e43b9e69b8261fa4
b0fbf4d9121dea827b80aad667f1a3d929792d861ee963df90b68592331d202e
b121cb7d50b9a315d2c70a60be8a41afc37870295449b03ab0de5ae5d7862d81
ce7e9cc6858aeb30a23bc3bf5fee9fd57a339b273ab8b1681bf0dd7a2429505f
d0a22d5f2ee82f60bf7fb299f8d4975105698dbc05ba9f6615b0bc4fe1439cbe
d195f295d9bbb630527f6a457a9d74895f8b647f19218bf0477f3511a1a12d04
d20c5b9a4ceeab02c5b21d4b33c1375e48ffff975081d160401e15e621dfebb5
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
da0475bb6ca8a6dba448307f8ef0b9910a7ca133dd86135d6c9b4ec4c4f16f83
da1bc24aeafec2701dbdeed0d9f37421252a140e3307a71e4bc5fec4cec377e5
df55cc536c2ba951669c0f57f90a3d84e3c0365dd7cf7a0df67c9e1983e0618c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e84126052fd62bea431a7f52ab23ff28ab9ce640769011f844fec759fa42a785
edb3b3400c09201d7f89b5cf44959d8fd41f6f20eb25ec27c3ba9a56bd6dfc37
ee147e859ad0f09aa50367974e38ab53e7c7054c4a51d400a7f45b0eb251454f
ef57ad760fcb7229f18b02969f7c5467da749d7328c2b0334c6d7452524a61ad
f0f4ce00edc8f134d9cd366f5ba1557d83c3fc4cf6d12cacf894144db5ba59d5

nowlive.pro Open in urlscan Pro 45.141.156.196 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

72 Requests

49 %HTTPS

38 %IPv6

27 Domains

39 Subdomains

34 IPs

8 Countries

536 kBTransfer

1078 kBSize

16 Cookies

4 Outgoing links

Redirected requests

72 HTTP transactions Everything HTML Script AJAX CSS Image Expand all -2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

nowlive.pro Open in urlscan Pro
45.141.156.196 Public Scan

Screenshot
Live screenshot

Full Image

72
Requests

49 %
HTTPS

38 %
IPv6

27
Domains

39
Subdomains

34
IPs

8
Countries

536 kB
Transfer

1078 kB
Size

16
Cookies

72 HTTP transactions
-2 data transactions