zerossl.ocsp.sectigo.com/
104.18.14.101 727 B URL zerossl.ocsp.sectigo.com/
IP 104.18.14.101:0
Hash be474af4d6ad325ae28ef22f0dd4f336
e6aee62d9596ec87967c0abe6005ac11aa0ffba6
0ad339646b3dd91d9a9093c742c7ea85b87114a0cf4d8cc8e0d44185238c2efe
POST / HTTP/1.1
Host: zerossl.ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 05 Jun 2023 21:17:19 GMT
Content-Type: application/ocsp-response
Content-Length: 727
Connection: keep-alive
Last-Modified: Sat, 03 Jun 2023 20:45:23 GMT
Expires: Sat, 10 Jun 2023 20:45:22 GMT
Etag: "e6aee62d9596ec87967c0abe6005ac11aa0ffba6"
Cache-Control: max-age=429627,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7d2b7115ee10b4f7-OSL
212.32.226.234301 Moved Permanently 162 B URL User Request GET HTTP/1.1 IP 212.32.226.234:80
ASN #60781 LeaseWeb Netherlands B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
Analyzer Verdict Alert quad9 Sinkholed
GET /404/ HTTP/1.1
Host: 212.32.226.234
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=dgikg96vdmnann1cduben2iofj
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 05 Jun 2023 21:17:20 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://212.32.226.234/404/
Strict-Transport-Security: max-age=31536000
212.32.226.234/themes/front/doujindesu/js/doudesu.js
212.32.226.234200 OK 992 B URL GET HTTP/2 212.32.226.234/themes/front/doujindesu/js/doudesu.js
IP 212.32.226.234:443
ASN #60781 LeaseWeb Netherlands B.V.
Requested by https://212.32.226.234/404/
Certificate IssuerZeroSSL
Subject212.32.226.234
FingerprintCB:63:B6:A6:E1:B2:1B:CD:D9:69:FE:47:B5:07:76:A1:11:1A:16:3A
ValidityMon, 17 Apr 2023 00:00:00 GMT - Sun, 16 Jul 2023 23:59:59 GMT
Hash a774102fc38499bf83fc9ca873334645
ad12c471d26a758599848c7ad603adcf1d0c0e64
126461ce8e30a6ade77e4936109be804aba3fba0f16e0c87116d84043728bf08
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/front/doujindesu/js/doudesu.js HTTP/1.1
Host: 212.32.226.234
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/404/
Cookie: PHPSESSID=dgikg96vdmnann1cduben2iofj
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 21:17:20 GMT
content-type: application/javascript
content-length: 992
last-modified: Mon, 12 Sep 2022 09:40:12 GMT
etag: "631efe7c-3e0"
expires: Wed, 05 Jul 2023 21:17:20 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
212.32.226.234/uploads/logo-doujindesuXXX.png
212.32.226.234200 OK 42 kB URL GET HTTP/2 212.32.226.234/uploads/logo-doujindesuXXX.png
IP 212.32.226.234:443
ASN #60781 LeaseWeb Netherlands B.V.
Requested by https://212.32.226.234/404/
Certificate IssuerZeroSSL
Subject212.32.226.234
FingerprintCB:63:B6:A6:E1:B2:1B:CD:D9:69:FE:47:B5:07:76:A1:11:1A:16:3A
ValidityMon, 17 Apr 2023 00:00:00 GMT - Sun, 16 Jul 2023 23:59:59 GMT
File type PNG image data, 323 x 82, 8-bit/color RGBA, non-interlaced\012- data
Hash cdee7398823d5f39ec96d427d4bb2d01
9270233d3282724ad41c2a9e0c65af930425aaab
c06d94a1f8c63bd0bae39e5b61963246227fdd8a6e15087242b01de4fbf2b853
Analyzer Verdict Alert quad9 Sinkholed
GET /uploads/logo-doujindesuXXX.png HTTP/1.1
Host: 212.32.226.234
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/404/
Cookie: PHPSESSID=dgikg96vdmnann1cduben2iofj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 21:17:20 GMT
content-type: image/png
content-length: 42419
last-modified: Sun, 01 Jan 2023 04:04:37 GMT
etag: "63b10655-a5b3"
expires: Wed, 05 Jul 2023 21:17:20 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
212.32.226.234/uploads/404.jpg
212.32.226.234200 OK 60 kB URL GET HTTP/2 212.32.226.234/uploads/404.jpg
IP 212.32.226.234:443
ASN #60781 LeaseWeb Netherlands B.V.
Requested by https://212.32.226.234/404/
Certificate IssuerZeroSSL
Subject212.32.226.234
FingerprintCB:63:B6:A6:E1:B2:1B:CD:D9:69:FE:47:B5:07:76:A1:11:1A:16:3A
ValidityMon, 17 Apr 2023 00:00:00 GMT - Sun, 16 Jul 2023 23:59:59 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 820x345, components 3\012- data
Hash 11294e8312128b4bc1740295ff94753a
947c3582a07f9361bf48e64a68b572d8d1e6f494
4853bbe28f3b1b18d51cfdf38230de293f73cb90ac7e330cb5736be8a817ae7b
Analyzer Verdict Alert quad9 Sinkholed
GET /uploads/404.jpg HTTP/1.1
Host: 212.32.226.234
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/404/
Cookie: PHPSESSID=dgikg96vdmnann1cduben2iofj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 21:17:20 GMT
content-type: image/jpeg
content-length: 59784
last-modified: Tue, 31 May 2022 13:03:34 GMT
etag: "62961226-e988"
expires: Wed, 05 Jul 2023 21:17:20 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash f6e0fad54cb828605d258b3a3fc3494d
1998f119ae42787f25cac22435e05b7d8a7ecbcc
fdde19b20684979988b4db7567fdb883ef8cd0438f4c4ef053bdd058011f1dbc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 21:17:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
142.250.74.10200 OK 31 kB URL GET HTTP/2 ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 142.250.74.10:443
Requested by https://212.32.226.234/404/
Certificate IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
Fingerprint3F:94:23:08:F7:DB:8B:36:93:90:93:F4:9E:46:A6:6A:93:75:15:C0
ValidityFri, 19 May 2023 12:57:42 GMT - Fri, 11 Aug 2023 12:57:41 GMT
File type ASCII text, with very long lines (65451)
Hash dc5e7f18c8d36ac1d3d4753a87c98d0a
c8e1c8b386dc5b7a9184c763c88d19a346eb3342
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31021
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 02 Jun 2023 04:57:14 GMT
expires: Sat, 01 Jun 2024 04:57:14 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
last-modified: Fri, 08 May 2020 07:05:03 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
age: 318006
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash f6e0fad54cb828605d258b3a3fc3494d
1998f119ae42787f25cac22435e05b7d8a7ecbcc
fdde19b20684979988b4db7567fdb883ef8cd0438f4c4ef053bdd058011f1dbc
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 21:17:20 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
use.fontawesome.com/releases/v6.1.0/webfonts/fa-regular-400.woff2
172.64.133.15200 OK 24 kB URL GET HTTP/3 use.fontawesome.com/releases/v6.1.0/webfonts/fa-regular-400.woff2
IP 172.64.133.15:443
Requested by https://212.32.226.234/404/
Certificate IssuerGoogle Trust Services LLC
Subjectuse.fontawesome.com
FingerprintC8:38:F5:E2:7C:CE:53:71:EB:92:1D:71:F5:78:FE:7C:C4:4D:65:BC
ValiditySat, 06 May 2023 03:15:52 GMT - Fri, 04 Aug 2023 03:15:51 GMT
File type Web Open Font Format (Version 2), TrueType, length 23948, version 769.256\012- data
Hash 6f7812f28b96233e3e6d4101a1ed505c
be22b700cc80c242da898ef8b7bb96adc4e0899f
4521f7e2c1f81325688dd8e6ef5bacd1fe4fd686a7ffc87ec5a13df0c6da2b93
GET /releases/v6.1.0/webfonts/fa-regular-400.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://212.32.226.234
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 05 Jun 2023 21:17:20 GMT
content-type: font/woff2
content-length: 23948
x-amz-id-2: eiK5l5MjEHCKt7yw8m3UYnVxJ+7gqwcayvG6PsmOTw6i3e06ZLSk8xxCExtLT6HHrztQ0BTKC7s=
x-amz-request-id: SX69HAV615HMR14Z
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 15 Mar 2022 17:49:20 GMT
etag: "6f7812f28b96233e3e6d4101a1ed505c"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1447169
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UUUeEr0uCXLyz%2Fic8x0wt%2FwVKK7NtYVLoRZOMlnsA%2Bf8mevu7%2Fxr%2B10Q1WCz2xdJZYJLHEOrEHWeEZ9JbRjDA5rium5mB5YdqNWbxRB9jkvtNr38HldfWOs7Pg2UfOkDxWmNMcLX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2b711bf83f418e-LHR
alt-svc: h3=":443"; ma=86400
use.fontawesome.com/releases/v6.1.0/webfonts/fa-solid-900.woff2
172.64.133.15200 OK 154 kB URL GET HTTP/3 use.fontawesome.com/releases/v6.1.0/webfonts/fa-solid-900.woff2
IP 172.64.133.15:443
Requested by https://212.32.226.234/404/
Certificate IssuerGoogle Trust Services LLC
Subjectuse.fontawesome.com
FingerprintC8:38:F5:E2:7C:CE:53:71:EB:92:1D:71:F5:78:FE:7C:C4:4D:65:BC
ValiditySat, 06 May 2023 03:15:52 GMT - Fri, 04 Aug 2023 03:15:51 GMT
File type Web Open Font Format (Version 2), TrueType, length 153660, version 769.256\012- data
Size 154 kB (153660 bytes)
Hash 9846fbe1b295f269341a76fafb45c2f9
09a731f80844483614ff12f86ccbe41db6736cb5
2a53c73968c7f453d7984fd410073ceba3402fe5b7c5e84b4e769f41e275e9f1
GET /releases/v6.1.0/webfonts/fa-solid-900.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://212.32.226.234
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 05 Jun 2023 21:17:20 GMT
content-type: font/woff2
content-length: 153660
x-amz-id-2: Ms3EHTWV0JxG0x1HaYu/Dj3qio/JwV7sOR6SeJLrxjsfxrNPtxtBhs5ulPZmVd3OTqb2a4uWw+M=
x-amz-request-id: 46VVSM0Z9RC4AX3C
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 15 Mar 2022 17:49:19 GMT
etag: "9846fbe1b295f269341a76fafb45c2f9"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 539054
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RJJAd6HR5IT1cZk5mi5bqPtb7kvU0jcKAkhiu%2FTsfIntU%2FEh2hruF4rfb3gBIjNPehPELDLi8SmjJXBuC7LZLx9K%2FuG%2BhMsmbCp2y7tFCJxzM%2FqtK1pd31mpXwU69O0RsDEO%2B%2BSO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2b711bf841418e-LHR
alt-svc: h3=":443"; ma=86400
use.fontawesome.com/releases/v6.1.0/webfonts/fa-brands-400.woff2
172.64.133.15200 OK 106 kB URL GET HTTP/3 use.fontawesome.com/releases/v6.1.0/webfonts/fa-brands-400.woff2
IP 172.64.133.15:443
Requested by https://212.32.226.234/404/
Certificate IssuerGoogle Trust Services LLC
Subjectuse.fontawesome.com
FingerprintC8:38:F5:E2:7C:CE:53:71:EB:92:1D:71:F5:78:FE:7C:C4:4D:65:BC
ValiditySat, 06 May 2023 03:15:52 GMT - Fri, 04 Aug 2023 03:15:51 GMT
File type Web Open Font Format (Version 2), TrueType, length 105484, version 769.256\012- data
Size 106 kB (105484 bytes)
Hash b520d7f9436abf3709579c16fe6c0a9c
98564e5517b7b455e80b2cd503e7bb3b52beb930
ccc1105e71111cb52260797ad788c46436ea6ebfce27f85526c66f2118033518
GET /releases/v6.1.0/webfonts/fa-brands-400.woff2 HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://212.32.226.234
DNT: 1
Connection: keep-alive
Referer: https://use.fontawesome.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Mon, 05 Jun 2023 21:17:20 GMT
content-type: font/woff2
content-length: 105484
x-amz-id-2: 99Tk8G2ynt6NDQ5SEhA59zHoOeW2zIIkZhxQo0Np2NB1BvNaMjExB2LhQuk5kE3AZPPIR+VTx+c=
x-amz-request-id: VDJB0HCJV4FXFP44
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
last-modified: Tue, 15 Mar 2022 17:49:19 GMT
etag: "b520d7f9436abf3709579c16fe6c0a9c"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1308316
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ee1ywu527JdiZSR7pMx2lArGuZoyHGM29Vhpi9NglzNyohY7bbJpUf%2Bkg84Xkrrfq2mkq5LA7avcAvRfuqkxNKXGTS%2FGVIOi%2Be4Z1ClOQf1RIXTRXnMyhl%2BSrVdQ%2FtbuRm1R%2FNur"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2b711be838418e-LHR
alt-svc: h3=":443"; ma=86400
212.32.226.234/uploads/favicon.png
212.32.226.234200 OK 28 kB URL GET HTTP/2 212.32.226.234/uploads/favicon.png
IP 212.32.226.234:443
ASN #60781 LeaseWeb Netherlands B.V.
Requested by https://212.32.226.234/404/
Certificate IssuerZeroSSL
Subject212.32.226.234
FingerprintCB:63:B6:A6:E1:B2:1B:CD:D9:69:FE:47:B5:07:76:A1:11:1A:16:3A
ValidityMon, 17 Apr 2023 00:00:00 GMT - Sun, 16 Jul 2023 23:59:59 GMT
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash dbdc2c9a3ab044d0533595c0b2d1ab00
c3181dfa9d5913e5eafbe45fa0c9b248347622c1
218626173ae614ad4cfac1b767fa8f63fc48b619b4fc204379a7b281e13583e3
Analyzer Verdict Alert quad9 Sinkholed
GET /uploads/favicon.png HTTP/1.1
Host: 212.32.226.234
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/404/
Cookie: PHPSESSID=dgikg96vdmnann1cduben2iofj
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 21:17:20 GMT
content-type: image/png
content-length: 28433
last-modified: Fri, 14 Oct 2022 04:21:08 GMT
etag: "6348e3b4-6f11"
expires: Wed, 05 Jul 2023 21:17:20 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
accept-ranges: bytes
X-Firefox-Spdy: h2
54d007fc74.a26b30497d.com/f379d3909c46b5f90d4e962dd6a9701b.js
45.133.44.52200 OK 86 kB URL GET HTTP/2 54d007fc74.a26b30497d.com/f379d3909c46b5f90d4e962dd6a9701b.js
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subject54d007fc74.a26b30497d.com
FingerprintA2:09:B5:6B:8F:7C:AB:A5:5A:BB:3C:7C:C8:6B:8C:0C:05:35:00:EF
ValidityFri, 02 Jun 2023 02:20:47 GMT - Thu, 31 Aug 2023 02:20:46 GMT
File type gzip compressed data, from Unix\012- data
Hash ecee00a3d4af5b83406a80bb2eced9e8
aeff8955d17ac6e96b9d2cf31e60608227eabc28
96688ccf2ac2ce37813fc0942a133c6271932b687172069974bcf92582bfebb2
GET /f379d3909c46b5f90d4e962dd6a9701b.js HTTP/1.1
Host: 54d007fc74.a26b30497d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://212.32.226.234
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 05 Jun 2023 21:17:20 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 05 Jun 2023 11:42:09 GMT
etag: W/"647dca11-26b16"
content-encoding: gzip
expires: Mon, 05 Jun 2023 21:22:20 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
54d007fc74.a26b30497d.com/8e96f0d061595cdaeef1902ed20a3a28/50933?version_name=b
45.133.44.52200 OK 2.0 kB URL GET HTTP/2 54d007fc74.a26b30497d.com/8e96f0d061595cdaeef1902ed20a3a28/50933?version_name=b
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subject54d007fc74.a26b30497d.com
FingerprintA2:09:B5:6B:8F:7C:AB:A5:5A:BB:3C:7C:C8:6B:8C:0C:05:35:00:EF
ValidityFri, 02 Jun 2023 02:20:47 GMT - Thu, 31 Aug 2023 02:20:46 GMT
File type JSON data\012- , ASCII text, with very long lines (2037), with no line terminators
Hash d337226001564341a48115797eba7785
766c514c40c8f39bedc94af094e5504607ee6b6b
5cab884211287172ab5deb1f73da351aedb29e53414c3fd883007e2482b3392e
GET /8e96f0d061595cdaeef1902ed20a3a28/50933?version_name=b HTTP/1.1
Host: 54d007fc74.a26b30497d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://212.32.226.234
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Jun 2023 21:17:20 GMT
content-type: application/json
content-length: 2037
server: nginx/1.18.0
cache-control: max-age=300
expires: Mon, 05 Jun 2023 21:22:20 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/wp-banners.js
45.133.44.53200 OK 0 B URL GET HTTP/2 js.wpshsdk.com/npc/sdk/wp-banners.js
IP 45.133.44.53:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subjectjs.wpshsdk.com
FingerprintC6:79:B3:47:76:9F:50:8D:16:89:5C:EF:0E:BB:24:99:45:66:B6:C2
ValidityFri, 26 May 2023 02:01:30 GMT - Thu, 24 Aug 2023 02:01:29 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 05 Jun 2023 21:17:20 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Mon, 05 Jun 2023 21:22:20 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
212.32.226.234/themes/front/doujindesu/css/doujindesu.css
212.32.226.234200 OK 10 kB URL GET HTTP/2 212.32.226.234/themes/front/doujindesu/css/doujindesu.css
IP 212.32.226.234:443
ASN #60781 LeaseWeb Netherlands B.V.
Requested by https://212.32.226.234/404/
Certificate IssuerZeroSSL
Subject212.32.226.234
FingerprintCB:63:B6:A6:E1:B2:1B:CD:D9:69:FE:47:B5:07:76:A1:11:1A:16:3A
ValidityMon, 17 Apr 2023 00:00:00 GMT - Sun, 16 Jul 2023 23:59:59 GMT
File type gzip compressed data, from Unix\012- data
Hash d014434d787eb63cf2a07ead9225b3e1
fec3008c8c50a1b14960bbf1047d560cfecbb2cd
3a84c1675b54ded905fc52c55e3954361768d7e37dfb704778b7c507db466b8e
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/front/doujindesu/css/doujindesu.css HTTP/1.1
Host: 212.32.226.234
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/404/
Cookie: PHPSESSID=dgikg96vdmnann1cduben2iofj
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 21:17:20 GMT
content-type: text/css
last-modified: Mon, 12 Sep 2022 09:09:57 GMT
vary: Accept-Encoding
etag: W/"631ef765-9518"
expires: Wed, 05 Jul 2023 21:17:20 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
notification.tubecup.net/tags?tag_id=50933&timezone_olson=UTC&version_name=b
168.119.25.62200 OK 2.0 kB URL GET HTTP/2 notification.tubecup.net/tags?tag_id=50933&timezone_olson=UTC&version_name=b
IP 168.119.25.62:443
ASN #24940 Hetzner Online GmbH
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
File type JSON data\012- , ASCII text, with very long lines (2027), with no line terminators
Hash 09821b20df7ee1f0adbaf827c7123928
8a7c4fe6e14ab626be909c277ae3b63fbb962b44
3223cfbbf485981a954651318ca49b5ce4476be17208076c0a62680bbcdb0d2c
GET /tags?tag_id=50933&timezone_olson=UTC&version_name=b HTTP/1.1
Host: notification.tubecup.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://212.32.226.234
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 05 Jun 2023 21:17:21 GMT
content-type: application/json
content-length: 2027
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v6.1.0/css/all.css
172.64.133.15200 OK 21 kB URL GET HTTP/2 use.fontawesome.com/releases/v6.1.0/css/all.css
IP 172.64.133.15:443
Requested by https://212.32.226.234/404/
Certificate IssuerGoogle Trust Services LLC
Subjectuse.fontawesome.com
FingerprintC8:38:F5:E2:7C:CE:53:71:EB:92:1D:71:F5:78:FE:7C:C4:4D:65:BC
ValiditySat, 06 May 2023 03:15:52 GMT - Fri, 04 Aug 2023 03:15:51 GMT
File type ASCII text, with very long lines (65317)
Hash c45ee5c1a156bca3532e502945de9211
d3cafed4c6596253c1050ee63897aa0f440e4f65
659dceb233e6e352b3a088498fa6e1f8c3cd2e44cda18e0126aefb965e17f8c7
GET /releases/v6.1.0/css/all.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 05 Jun 2023 21:17:20 GMT
content-type: text/css
x-amz-id-2: D40/JROkTYfwaZajM6CE/hxFNo5nGrKHhA0+JwTfwi+OI1IUj+kOzacVGqgJW7BlU5NWzwcG6bo=
x-amz-request-id: JF8NTV5DWYZQME3V
last-modified: Tue, 15 Mar 2022 17:48:57 GMT
etag: W/"c45ee5c1a156bca3532e502945de9211"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1580380
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LLpS%2FlkPnFBQSatJ4UTy%2BHimNseZFl0w6vDzAbe7J2%2FIvh9pE7IHyQxXHpKpkW5G4UNgJ1qHpeLxipVfHzcXPZAFiNwLdixBjI6ILfjvw06VNucZsW%2FLcAJYVdoD%2F3nrekGSmqhB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d2b711a4f9d75c0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
aa3fdd96d1.0ca20b3e8f.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTkxMjY0NDEwNzcwNjA4NzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjUzLjAiLCJ0YWdfaWQiOjUwOTMzLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNSwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjpudWxsLCJ1c2VyX2tleXdvcmRzIjoiJTNBJTJDUGFnZSUyQ25vdCUyQ2ZvdW5kJTJDJTNBJTJDJTJDRG91amluZGVzdS5YWFgifQ==
45.133.44.53200 OK 0 B URL GET HTTP/2 aa3fdd96d1.0ca20b3e8f.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTkxMjY0NDEwNzcwNjA4NzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjUzLjAiLCJ0YWdfaWQiOjUwOTMzLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNSwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjpudWxsLCJ1c2VyX2tleXdvcmRzIjoiJTNBJTJDUGFnZSUyQ25vdCUyQ2ZvdW5kJTJDJTNBJTJDJTJDRG91amluZGVzdS5YWFgifQ==
IP 45.133.44.53:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subjectaa3fdd96d1.0ca20b3e8f.com
Fingerprint9B:E3:7F:47:10:88:20:97:64:14:7D:68:90:14:D5:78:36:D2:1A:72
ValidityFri, 02 Jun 2023 02:50:16 GMT - Thu, 31 Aug 2023 02:50:15 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxMTkxMjY0NDEwNzcwNjA4NzAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjUzLjAiLCJ0YWdfaWQiOjUwOTMzLCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNSwiaXNfdjIiOjEsImlzX3YyX2VtcHR5IjpudWxsLCJ1c2VyX2tleXdvcmRzIjoiJTNBJTJDUGFnZSUyQ25vdCUyQ2ZvdW5kJTJDJTNBJTJDJTJDRG91amluZGVzdS5YWFgifQ== HTTP/1.1
Host: aa3fdd96d1.0ca20b3e8f.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://212.32.226.234
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 05 Jun 2023 21:17:21 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=50933
157.90.84.242204 No Content 27 B URL OPTIONS HTTP/1.1 fp.metricswpsh.com/fp?tag_id=50933
IP 157.90.84.242:443
ASN #24940 Hetzner Online GmbH
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
File type JSON data\012- , ASCII text
Hash c4bea7951aaa542768f63f72d171ff83
7f57b3ce5d3a9bb0a15c32b34745b0214710e185
d4fbb24457a99cbf28127e8a416979ca0f2ab97c64a59b8d38760c40d4934756
POST /fp?tag_id=50933 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 23165
Origin: https://212.32.226.234
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Mon, 05 Jun 2023 21:17:21 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 27
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://212.32.226.234
Set-Cookie: id=17280086445234998629; Expires=Tue, 04 Jun 2024 21:17:21 GMT; Secure; SameSite=None
Vary: Origin
54d007fc74.a26b30497d.com/f99fed6b5510fc2e07f2eaea4e927bf9.js
45.133.44.52200 OK 126 kB URL GET HTTP/2 54d007fc74.a26b30497d.com/f99fed6b5510fc2e07f2eaea4e927bf9.js
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subject54d007fc74.a26b30497d.com
FingerprintA2:09:B5:6B:8F:7C:AB:A5:5A:BB:3C:7C:C8:6B:8C:0C:05:35:00:EF
ValidityFri, 02 Jun 2023 02:20:47 GMT - Thu, 31 Aug 2023 02:20:46 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 126 kB (126025 bytes)
Hash 76c4e979ca4b3741ef7d54c80f95c4b8
a29fdf7a830ec88567b537a3af9a287ef97e93e7
0fdc9cfbddf99963ed81833f793502abb8b2f8da017a9accbbcb92d370621cfe
GET /f99fed6b5510fc2e07f2eaea4e927bf9.js HTTP/1.1
Host: 54d007fc74.a26b30497d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Jun 2023 21:17:21 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 01 Jun 2023 13:26:31 GMT
etag: W/"64789c87-7ddec"
content-encoding: gzip
expires: Mon, 05 Jun 2023 21:22:21 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131 471 B IP 142.250.74.131:0
Hash 95c90c30e3a5ae6ab746adb45db6d537
ecef3c29c6afea970739c2df5fbd17a42de87920
9f98bce749d3c7e4aa65d4c1cf7b221a83d0c5d4663091ca49ffdb6efecff217
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 05 Jun 2023 21:17:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
54d007fc74.a26b30497d.com/fb90f3817d60dda2782f2a620bc3aaf5.js
45.133.44.52200 OK 19 kB URL GET HTTP/2 54d007fc74.a26b30497d.com/fb90f3817d60dda2782f2a620bc3aaf5.js
IP 45.133.44.52:443
ASN #39572 DataWeb Global Group B.V.
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subject54d007fc74.a26b30497d.com
FingerprintA2:09:B5:6B:8F:7C:AB:A5:5A:BB:3C:7C:C8:6B:8C:0C:05:35:00:EF
ValidityFri, 02 Jun 2023 02:20:47 GMT - Thu, 31 Aug 2023 02:20:46 GMT
File type ASCII text, with very long lines (51635)
Hash 8a030ba9a656fc490f73e0f4ee3b002c
faa84b1c3a699e7a3c332fc92c3094c88aae925d
aa6a40ef911131f02ab4d79fd95902629e0484e76a4155871cf10404b3e7fc1c
GET /fb90f3817d60dda2782f2a620bc3aaf5.js HTTP/1.1
Host: 54d007fc74.a26b30497d.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Mon, 05 Jun 2023 21:17:21 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Mon, 05 Jun 2023 16:29:27 GMT
etag: W/"647e0d67-c9f4"
content-encoding: gzip
expires: Mon, 05 Jun 2023 21:22:21 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
216.58.207.237302 Found 471 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP 216.58.207.237:443
Requested by https://212.32.226.234/404/
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint7A:FE:A8:C4:0F:E7:3E:DE:00:43:83:43:39:F5:0A:1A:CC:D5:74:0E
ValidityFri, 19 May 2023 12:58:14 GMT - Fri, 11 Aug 2023 12:58:13 GMT
Hash df2c4343cb60d7b80a236621d9420bcf
d3469e9e2c43c94b12975da73fdfd44d75b53505
34dd045a98470df1fd958512c63d10a8d346b3201c8fad27b3dc391e30e93943
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
set-cookie: __Host-GAPS=1:OilA6a3QOEVJKd-94j6c5tvJf0Gd2Q:UWCsXg-FgmOwGvxr; Expires=Wed, 04-Jun-2025 21:17:21 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Jun 2023 21:17:21 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&ffgf=1&hl=en&passive=true&service=youtube&uilel=3&ifkv=Af_xneG9FZqDUqGAK9WGLjCzHErVO_u68kVpe3JlOyOd7ZntdqVUea9yO5sQSU_27kD0ru_7dW58sQ
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-gRDqao_nE4hpS8EXLxkhjg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, require-trusted-types-for 'script';report-uri /cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-opener-policy: unsafe-none
cross-origin-resource-policy: cross-origin
content-type: application/binary
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&ffgf=1&hl=en&passive=true&service=youtube&uilel=3&ifkv=Af_xneG9FZqDUqGAK9WGLjCzHErVO_u68kVpe3JlOyOd7ZntdqVUea9yO5sQSU_27kD0ru_7dW58sQ
216.58.207.237302 Found 401 B URL GET HTTP/3 accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&ffgf=1&hl=en&passive=true&service=youtube&uilel=3&ifkv=Af_xneG9FZqDUqGAK9WGLjCzHErVO_u68kVpe3JlOyOd7ZntdqVUea9yO5sQSU_27kD0ru_7dW58sQ
IP 216.58.207.237:443
Requested by https://212.32.226.234/404/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint55:5E:E6:33:AF:71:86:C2:88:4A:36:5F:68:1D:97:9D:9B:9D:2A:1D
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (390)
Hash b40ba42988fc94f90a4aecfc0e407fa0
e796d9b6abbb91573ef60b8a604f5fe076f0cd9b
41995ceb92045b833d28909d7607009ba276d357edd812a1a975eef69e141f5c
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&ffgf=1&hl=en&passive=true&service=youtube&uilel=3&ifkv=Af_xneG9FZqDUqGAK9WGLjCzHErVO_u68kVpe3JlOyOd7ZntdqVUea9yO5sQSU_27kD0ru_7dW58sQ HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:SYYPb5TXfc6jWW87wLZ2_MjhAad0HA:VZ8_i6v7ZLSvj2eu;Path=/;Expires=Wed, 04-Jun-2025 21:17:22 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Jun 2023 21:17:22 GMT
location: https://accounts.google.com/v3/signin/identifier?dsh=S252656885%3A1685999842103495&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&ffgf=1&hl=en&ifkv=Af_xneGb-12GGNg2JNXFsw4JypfZ4UQ2AyqoKPfvQJwkFTG8G7fzLV07i7dDgg1HnFqkXhJ7nN0X&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
content-security-policy: script-src 'nonce-5hUj6jLJQQ7A05uN31-y3A' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 401
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
accounts.google.com/v3/signin/identifier?dsh=S252656885%3A1685999842103495&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&ffgf=1&hl=en&ifkv=Af_xneGb-12GGNg2JNXFsw4JypfZ4UQ2AyqoKPfvQJwkFTG8G7fzLV07i7dDgg1HnFqkXhJ7nN0X&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
216.58.207.237403 Forbidden 1.3 kB URL GET HTTP/3 accounts.google.com/v3/signin/identifier?dsh=S252656885%3A1685999842103495&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&ffgf=1&hl=en&ifkv=Af_xneGb-12GGNg2JNXFsw4JypfZ4UQ2AyqoKPfvQJwkFTG8G7fzLV07i7dDgg1HnFqkXhJ7nN0X&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin
IP 216.58.207.237:443
Requested by https://212.32.226.234/404/
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint55:5E:E6:33:AF:71:86:C2:88:4A:36:5F:68:1D:97:9D:9B:9D:2A:1D
ValidityFri, 19 May 2023 12:53:06 GMT - Fri, 11 Aug 2023 12:53:05 GMT
File type gzip compressed data, max compression\012- data
Hash 4e2346224095ae1afec0406985adf17c
7b0c96cab14fe6f5b2a968f540e0c4cec7353b7c
e7e8f81ab45de2fb46edecf21dd921a1b26fc7e7efce421b3f67011c126122e7
GET /v3/signin/identifier?dsh=S252656885%3A1685999842103495&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&ffgf=1&hl=en&ifkv=Af_xneGb-12GGNg2JNXFsw4JypfZ4UQ2AyqoKPfvQJwkFTG8G7fzLV07i7dDgg1HnFqkXhJ7nN0X&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 05 Jun 2023 21:17:22 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
content-security-policy: script-src 'nonce-iRqX_3GyD1XrB2Sj7qxY8g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
mcpuwpsh.com/get
94.130.197.134200 OK 294 B IP 94.130.197.134:443
ASN #24940 Hetzner Online GmbH
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subjectpuwpush.com
Fingerprint58:3E:09:D9:0E:6D:8D:35:C9:7B:AC:10:81:CC:F2:2F:8E:B6:6A:67
ValidityThu, 04 May 2023 02:03:56 GMT - Wed, 02 Aug 2023 02:03:55 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 4619c4c52d0bf6a876abe79a35263e6a
bca233de58b22009e346854485298ace7d78573d
dd15cc24b47fb185dafa47a54382a7767f778c7d5d3789c125ccf5085d7ee970
Analyzer Verdict Alert quad9 Sinkholed
POST /get HTTP/1.1
Host: mcpuwpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://212.32.226.234/
Content-Type: text/plain;charset=UTF-8
Content-Length: 621
Origin: https://212.32.226.234
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.16.0
date: Mon, 05 Jun 2023 21:17:22 GMT
content-type: application/json
content-length: 294
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
52b517df93.d26b092649.com/in/multy
157.90.84.246200 OK 16 kB URL POST HTTP/2 52b517df93.d26b092649.com/in/multy
IP 157.90.84.246:443
ASN #24940 Hetzner Online GmbH
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subjectd26b092649.com
FingerprintE1:B6:AE:E7:84:87:4F:58:9C:43:0F:A1:D3:AE:7F:57:D7:4D:B5:2F
ValidityFri, 02 Jun 2023 03:01:50 GMT - Thu, 31 Aug 2023 03:01:49 GMT
File type JSON data\012- , ASCII text, with very long lines (16277), with no line terminators
Hash d675d8c950f8ebdbf5d19113348cc896
68cbc6b1f4c1471b659241fda99d47d4e3d51883
a1f73da1290f4e63fdc1b58643855f328eb4e864d7c641c1c73108f1babf078f
POST /in/multy HTTP/1.1
Host: 52b517df93.d26b092649.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1503
Origin: https://212.32.226.234
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Mon, 05 Jun 2023 21:17:22 GMT
content-type: application/json
content-length: 16277
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
52b517df93.d26b092649.com/in/show/?mid=1248405525874159199&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1408440205&sid=3208208635&cid=14885&price=0.0011&is_cpm=0&cpm=0&ecpm=0.022903653227332958&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=1&ver=8.66.0&ver_c=&refdom=212.32.226.234&hostname=auc-inpage-hz-2-b&site_id=3129609&spot_id=29609&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-06-05&is_native=2&burl=YwjAY4S0qV6Jj4k-Y_NdgFWuN1gGcZoJaG5Z0mtJlmd1sWLNE2AfFA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5329609&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=86e9e35fcfab5560dcc1a51b25bebdc135249e9c598fba59ebe44ef61a19b202&exp=1440&resp_type=&iabcat=IAB25-3&min_cpm=0.011776706189664964&placement_type_id=0&skin_test=0&verify_hash=061c057adff0c9fb2d79e3d4bb71c4a0&score=53.1201213063431&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1408440205%26spot_id%3D29609%26is_adult%3D1%26p%3Dhttps%253A%252F%252F212.32.226.234%252F404%252F%26idzone%3D0%26sid%3D1546&ml=&tag_ab=b&original_bid=0.0011&user_fp=11202870139882239719&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=dmY9VJCAL2GrDmDJ8B0mQy74WUu9zbtkpoN0KbQVFSWcIj3RekwJ386ngPi_gD9P52C8SLuQlXwIvYtox6TrIu0vWzvwBzp-sUAQ0qadtpo2GwZ7C8WhWOnf9OBeZthf1psHVYjcnnwcPMNBgqDTF-AkoqqDFO8WKAMsCNjhfn0Mzb202w&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.0011&pr=&user_keywords=&auc_type=1&aid=3481&ext_cid=0&device_theme=light&keywords=adult&label_ids=89,108,0&conditions=dch_ip,tz_offset&need_redirect_show=0&page=https%3A%2F%2F212.32.226.234%2F404%2F&auction_time=1685999841&show_count=1&from_cache=0&original_bid_usd=0.0011&mlf=1&cpa=d302d5f0-a9f6-4386-b6e0-2b4a39f8d4bd&mlc=1&format=default-slide-b_r-body
157.90.84.246200 OK 0 B URL GET HTTP/2 52b517df93.d26b092649.com/in/show/?mid=1248405525874159199&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1408440205&sid=3208208635&cid=14885&price=0.0011&is_cpm=0&cpm=0&ecpm=0.022903653227332958&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=1&ver=8.66.0&ver_c=&refdom=212.32.226.234&hostname=auc-inpage-hz-2-b&site_id=3129609&spot_id=29609&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-06-05&is_native=2&burl=YwjAY4S0qV6Jj4k-Y_NdgFWuN1gGcZoJaG5Z0mtJlmd1sWLNE2AfFA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5329609&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=86e9e35fcfab5560dcc1a51b25bebdc135249e9c598fba59ebe44ef61a19b202&exp=1440&resp_type=&iabcat=IAB25-3&min_cpm=0.011776706189664964&placement_type_id=0&skin_test=0&verify_hash=061c057adff0c9fb2d79e3d4bb71c4a0&score=53.1201213063431&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1408440205%26spot_id%3D29609%26is_adult%3D1%26p%3Dhttps%253A%252F%252F212.32.226.234%252F404%252F%26idzone%3D0%26sid%3D1546&ml=&tag_ab=b&original_bid=0.0011&user_fp=11202870139882239719&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=dmY9VJCAL2GrDmDJ8B0mQy74WUu9zbtkpoN0KbQVFSWcIj3RekwJ386ngPi_gD9P52C8SLuQlXwIvYtox6TrIu0vWzvwBzp-sUAQ0qadtpo2GwZ7C8WhWOnf9OBeZthf1psHVYjcnnwcPMNBgqDTF-AkoqqDFO8WKAMsCNjhfn0Mzb202w&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.0011&pr=&user_keywords=&auc_type=1&aid=3481&ext_cid=0&device_theme=light&keywords=adult&label_ids=89,108,0&conditions=dch_ip,tz_offset&need_redirect_show=0&page=https%3A%2F%2F212.32.226.234%2F404%2F&auction_time=1685999841&show_count=1&from_cache=0&original_bid_usd=0.0011&mlf=1&cpa=d302d5f0-a9f6-4386-b6e0-2b4a39f8d4bd&mlc=1&format=default-slide-b_r-body
IP 157.90.84.246:443
ASN #24940 Hetzner Online GmbH
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subjectd26b092649.com
FingerprintE1:B6:AE:E7:84:87:4F:58:9C:43:0F:A1:D3:AE:7F:57:D7:4D:B5:2F
ValidityFri, 02 Jun 2023 03:01:50 GMT - Thu, 31 Aug 2023 03:01:49 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=1248405525874159199&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1408440205&sid=3208208635&cid=14885&price=0.0011&is_cpm=0&cpm=0&ecpm=0.022903653227332958&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=1&ver=8.66.0&ver_c=&refdom=212.32.226.234&hostname=auc-inpage-hz-2-b&site_id=3129609&spot_id=29609&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-06-05&is_native=2&burl=YwjAY4S0qV6Jj4k-Y_NdgFWuN1gGcZoJaG5Z0mtJlmd1sWLNE2AfFA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5329609&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=86e9e35fcfab5560dcc1a51b25bebdc135249e9c598fba59ebe44ef61a19b202&exp=1440&resp_type=&iabcat=IAB25-3&min_cpm=0.011776706189664964&placement_type_id=0&skin_test=0&verify_hash=061c057adff0c9fb2d79e3d4bb71c4a0&score=53.1201213063431&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1408440205%26spot_id%3D29609%26is_adult%3D1%26p%3Dhttps%253A%252F%252F212.32.226.234%252F404%252F%26idzone%3D0%26sid%3D1546&ml=&tag_ab=b&original_bid=0.0011&user_fp=11202870139882239719&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=dmY9VJCAL2GrDmDJ8B0mQy74WUu9zbtkpoN0KbQVFSWcIj3RekwJ386ngPi_gD9P52C8SLuQlXwIvYtox6TrIu0vWzvwBzp-sUAQ0qadtpo2GwZ7C8WhWOnf9OBeZthf1psHVYjcnnwcPMNBgqDTF-AkoqqDFO8WKAMsCNjhfn0Mzb202w&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.0011&pr=&user_keywords=&auc_type=1&aid=3481&ext_cid=0&device_theme=light&keywords=adult&label_ids=89,108,0&conditions=dch_ip,tz_offset&need_redirect_show=0&page=https%3A%2F%2F212.32.226.234%2F404%2F&auction_time=1685999841&show_count=1&from_cache=0&original_bid_usd=0.0011&mlf=1&cpa=d302d5f0-a9f6-4386-b6e0-2b4a39f8d4bd&mlc=1&format=default-slide-b_r-body HTTP/1.1
Host: 52b517df93.d26b092649.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Mon, 05 Jun 2023 21:17:22 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
52b517df93.d26b092649.com/in/show/?mid=1248405525874159199&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1408440205&sid=3208208635&cid=14885&price=0.0011&is_cpm=0&cpm=0&ecpm=0.022903653227332958&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=0&ver=8.66.0&ver_c=&refdom=212.32.226.234&hostname=auc-inpage-hz-2-b&site_id=3129609&spot_id=29609&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-06-05&is_native=2&burl=djoAhzcGfOE6LSZo6V75A6Fa2nrDHorbeK1ZZvBugIyiZP5zJYed7g&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5329609&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=86e9e35fcfab5560dcc1a51b25bebdc135249e9c598fba59ebe44ef61a19b202&exp=1440&resp_type=&iabcat=IAB25-3&min_cpm=0.011776706189664964&placement_type_id=0&skin_test=0&verify_hash=061c057adff0c9fb2d79e3d4bb71c4a0&score=53.1201213063431&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1408440205%26spot_id%3D29609%26is_adult%3D1%26p%3Dhttps%253A%252F%252F212.32.226.234%252F404%252F%26idzone%3D0%26sid%3D1546&ml=&tag_ab=b&original_bid=0.0011&user_fp=11202870139882239719&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=1Lc8KJ8S4jGkdo1ZDdrSB362fs7uxkD8CMy6RK9XNGbkTxf_3pduMltwLUxEEdTHR2AB02fB1SH9m6kluA86TGv_vTTxQQ78llXxiMt9jsOhuhyzCNmcYAKYVR10CawSoNHdLB4f5XdM7AN5TZQgdRrll57OPD6SnPp6mBCCF7-YnpzuEw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.0011&pr=&user_keywords=&auc_type=1&aid=3481&ext_cid=0&device_theme=light&keywords=adult&label_ids=89,108,0&conditions=dch_ip,tz_offset&need_redirect_show=0&page=https%3A%2F%2F212.32.226.234%2F404%2F&auction_time=1685999841&show_count=1&from_cache=0&original_bid_usd=0.0011&mlf=1&cpa=12f3af39-f470-4166-9d73-0ef330792a12&format=default-slide-b_r-body
157.90.84.246200 OK 0 B URL GET HTTP/2 52b517df93.d26b092649.com/in/show/?mid=1248405525874159199&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1408440205&sid=3208208635&cid=14885&price=0.0011&is_cpm=0&cpm=0&ecpm=0.022903653227332958&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=0&ver=8.66.0&ver_c=&refdom=212.32.226.234&hostname=auc-inpage-hz-2-b&site_id=3129609&spot_id=29609&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-06-05&is_native=2&burl=djoAhzcGfOE6LSZo6V75A6Fa2nrDHorbeK1ZZvBugIyiZP5zJYed7g&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5329609&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=86e9e35fcfab5560dcc1a51b25bebdc135249e9c598fba59ebe44ef61a19b202&exp=1440&resp_type=&iabcat=IAB25-3&min_cpm=0.011776706189664964&placement_type_id=0&skin_test=0&verify_hash=061c057adff0c9fb2d79e3d4bb71c4a0&score=53.1201213063431&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1408440205%26spot_id%3D29609%26is_adult%3D1%26p%3Dhttps%253A%252F%252F212.32.226.234%252F404%252F%26idzone%3D0%26sid%3D1546&ml=&tag_ab=b&original_bid=0.0011&user_fp=11202870139882239719&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=1Lc8KJ8S4jGkdo1ZDdrSB362fs7uxkD8CMy6RK9XNGbkTxf_3pduMltwLUxEEdTHR2AB02fB1SH9m6kluA86TGv_vTTxQQ78llXxiMt9jsOhuhyzCNmcYAKYVR10CawSoNHdLB4f5XdM7AN5TZQgdRrll57OPD6SnPp6mBCCF7-YnpzuEw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.0011&pr=&user_keywords=&auc_type=1&aid=3481&ext_cid=0&device_theme=light&keywords=adult&label_ids=89,108,0&conditions=dch_ip,tz_offset&need_redirect_show=0&page=https%3A%2F%2F212.32.226.234%2F404%2F&auction_time=1685999841&show_count=1&from_cache=0&original_bid_usd=0.0011&mlf=1&cpa=12f3af39-f470-4166-9d73-0ef330792a12&format=default-slide-b_r-body
IP 157.90.84.246:443
ASN #24940 Hetzner Online GmbH
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subjectd26b092649.com
FingerprintE1:B6:AE:E7:84:87:4F:58:9C:43:0F:A1:D3:AE:7F:57:D7:4D:B5:2F
ValidityFri, 02 Jun 2023 03:01:50 GMT - Thu, 31 Aug 2023 03:01:49 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/show/?mid=1248405525874159199&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1408440205&sid=3208208635&cid=14885&price=0.0011&is_cpm=0&cpm=0&ecpm=0.022903653227332958&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=0&ver=8.66.0&ver_c=&refdom=212.32.226.234&hostname=auc-inpage-hz-2-b&site_id=3129609&spot_id=29609&utm_source=&utm_medium=&utm_campaign=&utm_content=&expiration_timestamp=0&created_at=2023-06-05&is_native=2&burl=djoAhzcGfOE6LSZo6V75A6Fa2nrDHorbeK1ZZvBugIyiZP5zJYed7g&pop_winurl=&ip=91.90.42.154&testab=0&px_id=5329609&adblock=0&auction_host=&mm=0&yc=0&render_type=mq&campaign_type=lq-pop&uniq=86e9e35fcfab5560dcc1a51b25bebdc135249e9c598fba59ebe44ef61a19b202&exp=1440&resp_type=&iabcat=IAB25-3&min_cpm=0.011776706189664964&placement_type_id=0&skin_test=0&verify_hash=061c057adff0c9fb2d79e3d4bb71c4a0&score=53.1201213063431&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1408440205%26spot_id%3D29609%26is_adult%3D1%26p%3Dhttps%253A%252F%252F212.32.226.234%252F404%252F%26idzone%3D0%26sid%3D1546&ml=&tag_ab=b&original_bid=0.0011&user_fp=11202870139882239719&v2=1&v2_track=0&is_pop_cpc=0&applied_features=main-skins-settings&url=1Lc8KJ8S4jGkdo1ZDdrSB362fs7uxkD8CMy6RK9XNGbkTxf_3pduMltwLUxEEdTHR2AB02fB1SH9m6kluA86TGv_vTTxQQ78llXxiMt9jsOhuhyzCNmcYAKYVR10CawSoNHdLB4f5XdM7AN5TZQgdRrll57OPD6SnPp6mBCCF7-YnpzuEw&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=2&vertical_id=0&real_bid=0.0011&pr=&user_keywords=&auc_type=1&aid=3481&ext_cid=0&device_theme=light&keywords=adult&label_ids=89,108,0&conditions=dch_ip,tz_offset&need_redirect_show=0&page=https%3A%2F%2F212.32.226.234%2F404%2F&auction_time=1685999841&show_count=1&from_cache=0&original_bid_usd=0.0011&mlf=1&cpa=12f3af39-f470-4166-9d73-0ef330792a12&format=default-slide-b_r-body HTTP/1.1
Host: 52b517df93.d26b092649.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Mon, 05 Jun 2023 21:17:22 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
168.119.25.18200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP 168.119.25.18:443
ASN #24940 Hetzner Online GmbH
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
FingerprintD6:6E:0F:A6:67:62:7E:D4:E0:5E:87:61:7A:1E:EB:BB:36:47:D0:71
ValidityMon, 15 May 2023 01:51:00 GMT - Sun, 13 Aug 2023 01:50:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 05 Jun 2023 21:17:22 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?mlf=1&cpa=d01d55bb-8bfe-41ca-a6b6-cca296e52dab&format=default-slide-b_r-body
168.119.25.18200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?mlf=1&cpa=d01d55bb-8bfe-41ca-a6b6-cca296e52dab&format=default-slide-b_r-body
IP 168.119.25.18:443
ASN #24940 Hetzner Online GmbH
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
FingerprintD6:6E:0F:A6:67:62:7E:D4:E0:5E:87:61:7A:1E:EB:BB:36:47:D0:71
ValidityMon, 15 May 2023 01:51:00 GMT - Sun, 13 Aug 2023 01:50:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?mlf=1&cpa=d01d55bb-8bfe-41ca-a6b6-cca296e52dab&format=default-slide-b_r-body HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 05 Jun 2023 21:17:22 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?mlf=1&cpa=7670b360-9056-4510-af69-b24e2400d8d5&mlc=1&format=default-slide-b_r-body
168.119.25.18200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?mlf=1&cpa=7670b360-9056-4510-af69-b24e2400d8d5&mlc=1&format=default-slide-b_r-body
IP 168.119.25.18:443
ASN #24940 Hetzner Online GmbH
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
FingerprintD6:6E:0F:A6:67:62:7E:D4:E0:5E:87:61:7A:1E:EB:BB:36:47:D0:71
ValidityMon, 15 May 2023 01:51:00 GMT - Sun, 13 Aug 2023 01:50:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp?mlf=1&cpa=7670b360-9056-4510-af69-b24e2400d8d5&mlc=1&format=default-slide-b_r-body HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 05 Jun 2023 21:17:22 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
168.119.25.18200 OK 590 B URL GET HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP 168.119.25.18:443
ASN #24940 Hetzner Online GmbH
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
FingerprintD6:6E:0F:A6:67:62:7E:D4:E0:5E:87:61:7A:1E:EB:BB:36:47:D0:71
ValidityMon, 15 May 2023 01:51:00 GMT - Sun, 13 Aug 2023 01:50:59 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Mon, 05 Jun 2023 21:17:22 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
212.32.226.234/manga/where-is-my-hammer/%20%20%200
212.32.226.234302 Found 26 kB URL User Request GET HTTP/2 212.32.226.234/manga/where-is-my-hammer/%20%20%200
IP 212.32.226.234:443
ASN #60781 LeaseWeb Netherlands B.V.
Certificate IssuerZeroSSL
Subject212.32.226.234
FingerprintCB:63:B6:A6:E1:B2:1B:CD:D9:69:FE:47:B5:07:76:A1:11:1A:16:3A
ValidityMon, 17 Apr 2023 00:00:00 GMT - Sun, 16 Jul 2023 23:59:59 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /manga/where-is-my-hammer/%20%20%200 HTTP/1.1
Host: 212.32.226.234
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
server: nginx
date: Mon, 05 Jun 2023 21:17:19 GMT
content-type: text/html; charset=UTF-8
location: /404/
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
212.32.226.234/themes/front/doujindesu/css/doujin.css
212.32.226.234200 OK 26 kB URL GET HTTP/2 212.32.226.234/themes/front/doujindesu/css/doujin.css
IP 212.32.226.234:443
ASN #60781 LeaseWeb Netherlands B.V.
Requested by https://212.32.226.234/404/
Certificate IssuerZeroSSL
Subject212.32.226.234
FingerprintCB:63:B6:A6:E1:B2:1B:CD:D9:69:FE:47:B5:07:76:A1:11:1A:16:3A
ValidityMon, 17 Apr 2023 00:00:00 GMT - Sun, 16 Jul 2023 23:59:59 GMT
File type ASCII text, with very long lines (25564), with CRLF line terminators
Hash 40619f19bf52e2f3d08099668ad14a90
9d11768d70a17cf9cf44c7d7743204f6658b17f9
95a449a722554921efd3fb32ca980c46bb87b86942409c112d838018ea458048
Analyzer Verdict Alert quad9 Sinkholed
GET /themes/front/doujindesu/css/doujin.css HTTP/1.1
Host: 212.32.226.234
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/404/
Cookie: PHPSESSID=dgikg96vdmnann1cduben2iofj
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Mon, 05 Jun 2023 21:17:20 GMT
content-type: text/css
last-modified: Tue, 02 Aug 2022 03:42:48 GMT
vary: Accept-Encoding
etag: W/"62e89d38-6416"
expires: Wed, 05 Jul 2023 21:17:20 GMT
cache-control: max-age=2592000
strict-transport-security: max-age=31536000
content-encoding: gzip
X-Firefox-Spdy: h2
teknologia.co/web-script.js
104.21.65.71200 OK 1.9 kB URL GET HTTP/2 teknologia.co/web-script.js
IP 104.21.65.71:443
Requested by https://212.32.226.234/404/
Certificate IssuerGoogle Trust Services LLC
Subjectteknologia.co
FingerprintDF:41:7F:3E:6A:75:4F:CB:18:2D:93:DF:F2:5C:4C:B4:1E:1D:C1:81
ValidityMon, 29 May 2023 11:54:40 GMT - Sun, 27 Aug 2023 11:54:39 GMT
File type C source, ASCII text, with very long lines (2010), with no line terminators
Hash 025369b5ae9c99acaf3c699ae9637024
ee46c0dd2a9607f1590637cb8279984c56e08753
1323279a6ff30b8461954191b26a8c58cd441769d785e8da55e31137c71451bc
GET /web-script.js HTTP/1.1
Host: teknologia.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 05 Jun 2023 21:17:20 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"633ba836-793"
last-modified: Tue, 04 Oct 2022 03:27:50 GMT
strict-transport-security: max-age=31536000
vary: Accept-Encoding
cache-control: max-age=14400
cf-cache-status: HIT
age: 2100
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cI5KZwMcglSFzwKhzPKT2IyDyiZIjq4e0N4%2FwngcD2pqGPEaU7vqpINuG%2Fealw%2BtxDbyg3MrK86IgPlsfETZrkrdM2DoW1fbvSNJc9Ec4zCd%2BSZ5QCT27NqretrW3z7i"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7d2b711a0c09b4f7-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
use.fontawesome.com/releases/v6.1.0/css/v4-shims.css
172.64.133.15200 OK 26 kB URL GET HTTP/2 use.fontawesome.com/releases/v6.1.0/css/v4-shims.css
IP 172.64.133.15:443
Requested by https://212.32.226.234/404/
Certificate IssuerGoogle Trust Services LLC
Subjectuse.fontawesome.com
FingerprintC8:38:F5:E2:7C:CE:53:71:EB:92:1D:71:F5:78:FE:7C:C4:4D:65:BC
ValiditySat, 06 May 2023 03:15:52 GMT - Fri, 04 Aug 2023 03:15:51 GMT
File type ASCII text, with very long lines (26016)
Hash 39957b41dbef9acf3faf68c55ad34956
3c644091f09054906bb5c6dc305ba2a44bbac302
71de14a3b2d0c876fac3ba03a94cb3982cef13308ee842deccaddfdd40a1b09d
GET /releases/v6.1.0/css/v4-shims.css HTTP/1.1
Host: use.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Mon, 05 Jun 2023 21:17:20 GMT
content-type: text/css
x-amz-id-2: ydgn7T/Gkuv5lcHxAUJ5gJCCrCT0ogBlOBxHB9ZXYfYJVWE+Pknydsrs3A3sS0A8Rx6b4W3FhkU=
x-amz-request-id: SHZ8Z8JCFPQEWGMB
last-modified: Tue, 15 Mar 2022 17:48:57 GMT
etag: W/"39957b41dbef9acf3faf68c55ad34956"
cache-control: max-age=31556926
cf-cache-status: HIT
age: 1563958
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B0nqXYA4GQ4VnevzTl306YVrnPP1MqLpot038mtDrA9e8chGGBW8fDy%2FvouKIQr%2F3tXRpm3RcBt5krModCC3V9c%2BpJX6fJ0vekZ%2B3kOCOcQN8ICPaAUHxxLrnbv6%2Fq4jY%2B4BsrkQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7d2b711a4fa275c0-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
nereserv.com/in/dip?site=native-push&wl=1&event_id=c8250180-2bf6-427c-a17d-081ede0b02a9&subid=1408440205&sid=3208208635&spot_id=29609&created_at=2023-06-05&timezone=0&ver=8.66.0&is_native=1
157.90.84.246200 OK 0 B URL GET HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=c8250180-2bf6-427c-a17d-081ede0b02a9&subid=1408440205&sid=3208208635&spot_id=29609&created_at=2023-06-05&timezone=0&ver=8.66.0&is_native=1
IP 157.90.84.246:443
ASN #24940 Hetzner Online GmbH
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=c8250180-2bf6-427c-a17d-081ede0b02a9&subid=1408440205&sid=3208208635&spot_id=29609&created_at=2023-06-05&timezone=0&ver=8.66.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://212.32.226.234
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Mon, 05 Jun 2023 21:17:21 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ntvpwpush.com/dl/cookies
157.90.84.246200 OK 620 B IP 157.90.84.246:443
ASN #24940 Hetzner Online GmbH
Requested by https://212.32.226.234/404/
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
FingerprintC3:3A:0A:7D:9C:4B:21:97:39:A7:AD:B8:87:47:F1:35:32:D9:84:53
ValidityFri, 28 Apr 2023 11:39:09 GMT - Thu, 27 Jul 2023 11:39:08 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (656), with no line terminators
Hash 0f28ac8b62710210d8c20200cb32caf2
e5cf4c2df4e48eff5fe877531dd3f12351c0c37d
2e6743f06e4cc09ff077b579b75511eaaf5ccf370f70fd2075d74725bf5b872c
GET /dl/cookies HTTP/1.1
Host: ntvpwpush.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://212.32.226.234/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.20.1
date: Mon, 05 Jun 2023 21:17:21 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2