it.davalka.cc/templates/davalka/images/logo.png
200 OK 33 kB URL GET HTTP/3 it.davalka.cc/templates/davalka/images/logo.png
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type PNG image data, 250 x 80, 8-bit/color RGBA, non-interlaced\012- data
Hash 6c0d5c420823efaea7f224e584023171
fbb0dd93efb8453a806d88b34ce510925ac31b36
c78116d28ba955c86c5aea32df53cfb7ded13e90805f4c1ebe8440094d101f8d
GET /templates/davalka/images/logo.png HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/templates/davalka/style/styles.css
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: image/png
content-length: 33348
last-modified: Sat, 01 Jul 2023 07:59:24 GMT
etag: "649fdcdc-8244"
cache-control: max-age=86400
cf-cache-status: HIT
age: 365218
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GIDcGF0CE2B0ssQwe4bVpfvz8u5%2FMUhbzMxrX8UbfUmuAjnvn%2FY6kE3sSg0ELtZeIPDI7P6bCTuQeAJwFeYU0BDsClG6rEni5yPOECEU3eg5Zvr4JeJ7PDH11JVeDeLR"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7329605689-OSL
alt-svc: h3=":443"; ma=86400
it.davalka.cc/cf-fonts/s/open-sans/5.0.15/latin/400/normal.woff2
200 OK 17 kB URL GET HTTP/3 it.davalka.cc/cf-fonts/s/open-sans/5.0.15/latin/400/normal.woff2
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type Web Open Font Format (Version 2), TrueType, length 16740, version 1.0\012- data
Hash e43b535855a4ae53bd5b07a6eeb3bf67
6507312d9491156036316484bf8dc41e8b52ddd9
b34551ae25916c460423b82beb8e0675b27f76a9a2908f18286260fbd6de6681
GET /cf-fonts/s/open-sans/5.0.15/latin/400/normal.woff2 HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-length: 16740
cf-cache-status: HIT
cache-control: public, max-age=31536000, immutable
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3G63UV5v0fbXYskwLkmYKU6Jkz9RSmSxt0Qva%2B9jiKNtgDf4jX6l7prkMKoIADkQNRnr02X84M%2F3bWF9z2wEuN09dcv%2FrDxki3X%2FYt8zMK5w%2FTGErMSlZPEgT%2BYQtZc7"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7359845689-OSL
alt-svc: h3=":443"; ma=86400
it.davalka.cc/cf-fonts/s/open-sans/5.0.15/latin/600/normal.woff2
200 OK 17 kB URL GET HTTP/3 it.davalka.cc/cf-fonts/s/open-sans/5.0.15/latin/600/normal.woff2
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type Web Open Font Format (Version 2), TrueType, length 16756, version 1.0\012- data
Hash 603c99275486a11982874425a0bc0dd1
ffeb62d105d2893d323574407b459fbae8cc90a6
4ffc35ac4d5e3f1546a4c1a879f425f090ff3336e0fce31a39ae4973b5e8c127
GET /cf-fonts/s/open-sans/5.0.15/latin/600/normal.woff2 HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-length: 16756
cf-cache-status: HIT
cache-control: public, max-age=31536000, immutable
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Yvuzl3646Cgg8hPSHuWZMKlXatT%2F3daukGya1RoVjuxjbffZW%2FVwHIgGKEpNj2y5oaWU3v1GKQqFmJqVV%2BAmVAniK2e8EuwHKeoQzY4W8jiOOkp2PR%2FkHnm0lIdVlf2"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a73698e5689-OSL
alt-svc: h3=":443"; ma=86400
it.davalka.cc/cf-fonts/s/open-sans/5.0.15/cyrillic/600/normal.woff2
200 OK 11 kB URL GET HTTP/3 it.davalka.cc/cf-fonts/s/open-sans/5.0.15/cyrillic/600/normal.woff2
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type Web Open Font Format (Version 2), TrueType, length 10620, version 1.0\012- data
Hash 4514fa026105b9df8b92dc29da601c86
c18ed5ea75b3d7685afe1e5a7e4393dee0506933
58888d26f3d92ca567dcbca457056760f300389a94e237b1191862871ad296ba
GET /cf-fonts/s/open-sans/5.0.15/cyrillic/600/normal.woff2 HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-length: 10620
cf-cache-status: HIT
cache-control: public, max-age=31536000, immutable
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PFb1R8dWHiSJ%2BYrBejzmbhQrBI%2FxvMfGw5GDNsKSTcapvr6JlkHgHVue2s3oCRnG%2FSWLjjk9tXVBKkayLGTsLeQDRcpST5sKK5MpNpL1PkPhOSaNWjFSNfKD8Gird%2FPq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a73698f5689-OSL
alt-svc: h3=":443"; ma=86400
it.davalka.cc/cf-fonts/s/open-sans/5.0.15/latin/700/normal.woff2
200 OK 16 kB URL GET HTTP/3 it.davalka.cc/cf-fonts/s/open-sans/5.0.15/latin/700/normal.woff2
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type Web Open Font Format (Version 2), TrueType, length 16372, version 1.0\012- data
Hash e45478d4d6f15dafda1f25d9e0fb5fa1
52cb490cd0ee4442ede034085cda9652b206f91c
d1a17abb1a999842fe425e1a4ace9d90f9c18f3595c21a63d89f0611b90cfd72
GET /cf-fonts/s/open-sans/5.0.15/latin/700/normal.woff2 HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-length: 16372
cf-cache-status: HIT
cache-control: public, max-age=31536000, immutable
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1UH7CewM%2FTEHr8CogCW59SjXeV2Nr9167wonScsEoZRe3vLZcJxfJYHWpokXk4gBOKf7EIh0eIt9yunBCnlXaO5jlDszhfpIzkcttBtAJ6F2b1xeCfQLlI6bu7O9Z6M5"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a73799c5689-OSL
alt-svc: h3=":443"; ma=86400
it.davalka.cc/templates/davalka/fonts/fontawesome-webfont.woff2?v=4.3.0
200 OK 57 kB URL GET HTTP/3 it.davalka.cc/templates/davalka/fonts/fontawesome-webfont.woff2?v=4.3.0
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type Web Open Font Format (Version 2), TrueType, length 56780, version 4.197\012- data
Hash 97493d3f11c0a3bd5cbd959f5d19b699
1075231650f579955905bb2f6527148a8e2b4b16
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
GET /templates/davalka/fonts/fontawesome-webfont.woff2?v=4.3.0 HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/templates/davalka/style/font-awesome.css
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: font/woff2
content-length: 56780
last-modified: Thu, 06 Aug 2020 14:23:47 GMT
etag: "5f2c1273-ddcc"
cache-control: max-age=86400
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Lz%2Fs8xwDt01xvQmhk7JM93Vv7g32lv1tkEID%2FWPoiaVCVLJevy1Sr5zzO1XFZe3GraxEBxC9ju3QkNP%2B21SkTBnvaSjiZ4OGB7%2BGyZe60ltDsg8AudtnUu7wrPCMUHYV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7369945689-OSL
alt-svc: h3=":443"; ma=86400
it.davalka.cc/cf-fonts/s/open-sans/5.0.15/cyrillic/400/normal.woff2
200 OK 11 kB URL GET HTTP/3 it.davalka.cc/cf-fonts/s/open-sans/5.0.15/cyrillic/400/normal.woff2
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type Web Open Font Format (Version 2), TrueType, length 10652, version 1.0\012- data
Hash c010b23b2704126796a794818ca777fb
41d3c9ae6692a1ca032d420646cc49b395fb4c96
624b713241704e0993f7d2147c1f1408a8a0df1be297a490bfe8e2b89387ce93
GET /cf-fonts/s/open-sans/5.0.15/cyrillic/400/normal.woff2 HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-length: 10652
cf-cache-status: HIT
cache-control: public, max-age=31536000, immutable
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sXIfW5Skt7B0W%2B%2Bf8NwKkGC37X8SkiQ726RU3PXfLrfOaRYw0Fp8tBncp2vtSANrrT87W4EfEk84TgTCGH5ICOxiEGG0NxmeGZ1fOHxY7Hu%2BWRECfF3sA1PGQcyXnZlL"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a73b9e35689-OSL
alt-svc: h3=":443"; ma=86400
31825.thanksgivingdelights.com/v3/a/pop/js/224674
200 OK 6.1 kB URL GET HTTP/2 31825.thanksgivingdelights.com/v3/a/pop/js/224674
IP
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subject*.thanksgivingdelights.com
FingerprintCE:9C:43:8D:C8:5B:86:EC:E6:19:28:36:FC:E6:32:F7:DB:F3:0B:14
ValidityTue, 07 Nov 2023 10:55:57 GMT - Mon, 05 Feb 2024 10:55:56 GMT
File type ASCII text, with very long lines (15909), with no line terminators
Hash 938bdeb035cc6f8330cb87e2b6c49d65
a0e8e41f407a3fb37f1ac00bffaf5b41051e0358
72e9308656828925e12d2046f461b18cb13d4e45c35ad9e434e70b28d451dbe1
GET /v3/a/pop/js/224674 HTTP/1.1
Host: 31825.thanksgivingdelights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: application/javascript; charset=UTF-8
content-length: 6115
content-encoding: gzip
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
X-Firefox-Spdy: h2
it.davalka.cc/templates/davalka/images/favicon.png
200 OK 5.0 kB URL GET HTTP/3 it.davalka.cc/templates/davalka/images/favicon.png
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced\012- data
Hash e7228b9b24341c3d03d7db6133b2ae02
d2af8f9010fa10221769c9ae90b8fa1ec5af7361
c77ce116b93c433c48f164efec8ffa01121d1c5300efb7d872ba25fe50f27e91
GET /templates/davalka/images/favicon.png HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: image/png
content-length: 4957
last-modified: Thu, 06 Aug 2020 14:23:41 GMT
etag: "5f2c126d-135d"
cache-control: max-age=86400
cf-cache-status: HIT
age: 107116
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ALOReq7u0XMfC1nMTkQJx0n8PmF2e0ZCJ6XdQ65fEqwksYQxu1YnH1lx%2F6I8q07DpwJaXFnT19o32DjDV%2FNfe548WalPEZQsVNtwuWsx%2BlaLA7I2osEbXc2Xoz3K6yvd"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a768c805689-OSL
alt-svc: h3=":443"; ma=86400
da0f7cbe94.ffe3ca7ae5.com/5d704dd849519c827aa5f75766a5832d/107579?version_name=b
200 OK 1.2 kB URL GET HTTP/2 da0f7cbe94.ffe3ca7ae5.com/5d704dd849519c827aa5f75766a5832d/107579?version_name=b
IP
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectda0f7cbe94.ffe3ca7ae5.com
FingerprintF9:9D:B2:0F:F8:4F:C8:3D:27:3F:C9:4C:36:21:38:26:38:8F:E6:87
ValidityThu, 30 Nov 2023 02:20:43 GMT - Wed, 28 Feb 2024 02:20:42 GMT
File type JSON data\012- , ASCII text, with very long lines (1201), with no line terminators
Hash 76bb56a15b0b7183350c839236ea3d4e
5b954105e40d363ac6d02c8a0fc2461e83ba4ef1
aaf86ee6c6fa53a0306a6db8d844a5f8d8cf8f86d6a66e79e41c52f6f25fb9d9
GET /5d704dd849519c827aa5f75766a5832d/107579?version_name=b HTTP/1.1
Host: da0f7cbe94.ffe3ca7ae5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://it.davalka.cc
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: application/json
content-length: 1201
server: nginx/1.18.0
cache-control: max-age=300
expires: Sun, 03 Dec 2023 22:20:00 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
js.capndr.com/advertising.js
200 OK 0 B URL GET HTTP/2 js.capndr.com/advertising.js
IP
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectjs.capndr.com
FingerprintD9:9C:A9:BD:64:40:4E:C3:80:FB:C1:63:4D:D6:8F:A9:F7:83:AC:F4
ValidityTue, 24 Oct 2023 01:02:38 GMT - Mon, 22 Jan 2024 01:02:37 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /advertising.js HTTP/1.1
Host: js.capndr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 14 Jul 2023 08:23:25 GMT
etag: "64b105fd-0"
expires: Sun, 03 Dec 2023 22:20:01 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
jkha742.xyz/wcm/?sh=it.davalka.cc&sth=7ab3624698f0bee984b8077f8dcf8922&d=e3b000ffe39c980c475b4478201afaac&m=02bd1f51ae5382fc49fdfe0471886ae4&sid=936_104396_79585812&stime=1395.00&curpage=https%3A%2F%2Fit.davalka.cc%2F&rand=0.08563402262375708
200 OK 0 B URL GET HTTP/2 jkha742.xyz/wcm/?sh=it.davalka.cc&sth=7ab3624698f0bee984b8077f8dcf8922&d=e3b000ffe39c980c475b4478201afaac&m=02bd1f51ae5382fc49fdfe0471886ae4&sid=936_104396_79585812&stime=1395.00&curpage=https%3A%2F%2Fit.davalka.cc%2F&rand=0.08563402262375708
IP
ASN #6681 Rozetka Sp. z o.o.
Certificate IssuerLet's Encrypt
Subjectjkha742.xyz
Fingerprint8B:A3:C6:6F:DB:36:FF:30:16:6F:DB:6C:F4:21:57:96:63:FD:3D:48
ValidityMon, 09 Oct 2023 23:40:18 GMT - Sun, 07 Jan 2024 23:40:17 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /wcm/?sh=it.davalka.cc&sth=7ab3624698f0bee984b8077f8dcf8922&d=e3b000ffe39c980c475b4478201afaac&m=02bd1f51ae5382fc49fdfe0471886ae4&sid=936_104396_79585812&stime=1395.00&curpage=https%3A%2F%2Fit.davalka.cc%2F&rand=0.08563402262375708 HTTP/1.1
Host: jkha742.xyz
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
expires: 0
p3p: CP="NON DSP COR CURa TIA"
vary: Accept-Encoding
x-msr: TRUE
timing-allow-origin: *
X-Firefox-Spdy: h2
it.davalka.cc/picture/Amerikanka-mychit-vo-vremia-anala-pered-kotorym-ona-poluchila-chlen-v-rot-i-pizdu.webp
301 Moved Permanently 0 B URL GET HTTP/3 it.davalka.cc/picture/Amerikanka-mychit-vo-vremia-anala-pered-kotorym-ona-poluchila-chlen-v-rot-i-pizdu.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Amerikanka-mychit-vo-vremia-anala-pered-kotorym-ona-poluchila-chlen-v-rot-i-pizdu.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Amerikanka-mychit-vo-vremia-anala-pered-kotorym-ona-poluchila-chlen-v-rot-i-pizdu.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 18:58:34 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cVBfKj4d%2FF%2FGAU%2FtGTnyBw1FPRsSMF9GNRhWuobwqlEubMrxYF9sKaWpNPybEwBZm%2BGtzDXexq7j3QRW5dLRq%2FPhnEg68B9k1F0ORaCbELrS6lyOy%2FmztqGVjcDj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
age: 12448
server: cloudflare
cf-ray: 82ff2a7a98755689-OSL
da0f7cbe94.ffe3ca7ae5.com/9cad8da931c2692e9d7cd7576a8aa52b.js
200 OK 51 kB URL GET HTTP/2 da0f7cbe94.ffe3ca7ae5.com/9cad8da931c2692e9d7cd7576a8aa52b.js
IP
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectda0f7cbe94.ffe3ca7ae5.com
FingerprintF9:9D:B2:0F:F8:4F:C8:3D:27:3F:C9:4C:36:21:38:26:38:8F:E6:87
ValidityThu, 30 Nov 2023 02:20:43 GMT - Wed, 28 Feb 2024 02:20:42 GMT
File type Unicode text, UTF-8 text, with very long lines (65527), with no line terminators
Hash 88c5dfb991f42365982ddee654115444
6ed1c1ffb26875d7e37b2a0838e6da2dbd5de2a6
76a6563e1b32988a00acd346df3386a8e5c8e3fa51ecf5db77670da8109ea398
GET /9cad8da931c2692e9d7cd7576a8aa52b.js HTTP/1.1
Host: da0f7cbe94.ffe3ca7ae5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://it.davalka.cc
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Tue, 28 Nov 2023 12:01:41 GMT
etag: W/"6565d6a5-288d5"
content-encoding: gzip
expires: Sun, 03 Dec 2023 22:20:00 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
ntvpforever.com/keywords
204 No Content 0 B IP
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /keywords HTTP/1.1
Host: ntvpforever.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://it.davalka.cc/
Origin: https://it.davalka.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.20.1
date: Sun, 03 Dec 2023 22:15:01 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
31825.thanksgivingdelights.com/v3/a/ipn/js/224959
200 OK 5.7 kB URL GET HTTP/2 31825.thanksgivingdelights.com/v3/a/ipn/js/224959
IP
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subject*.thanksgivingdelights.com
FingerprintCE:9C:43:8D:C8:5B:86:EC:E6:19:28:36:FC:E6:32:F7:DB:F3:0B:14
ValidityTue, 07 Nov 2023 10:55:57 GMT - Mon, 05 Feb 2024 10:55:56 GMT
File type Unicode text, UTF-8 text, with very long lines (18028), with no line terminators
Hash fc9d06d79e0e296b94b0dfcf1a4b93b1
3eccc7a7aba5fd5dfb36ecf8dc5532f5623ffb59
c8a4167a5d36d0824b17f667100085ad9fb4239e11fc40c0ee8c7fb6e5e21175
GET /v3/a/ipn/js/224959 HTTP/1.1
Host: 31825.thanksgivingdelights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2
it.davalka.cc/picture/Goriachaia-ukrainka-ublazhila-diadiu-Vudmana-i-pro-ego-druzei-ne-zabyla.webp
301 Moved Permanently 0 B URL GET HTTP/3 it.davalka.cc/picture/Goriachaia-ukrainka-ublazhila-diadiu-Vudmana-i-pro-ego-druzei-ne-zabyla.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Goriachaia-ukrainka-ublazhila-diadiu-Vudmana-i-pro-ego-druzei-ne-zabyla.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Goriachaia-ukrainka-ublazhila-diadiu-Vudmana-i-pro-ego-druzei-ne-zabyla.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 23:15:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BgwpkivbLZ748%2B3g%2FG8S9mZioqlN0zKFFaFhBbeBzJBOWu936E7%2BiAFZpXSip0fQkQgYZUvft%2BAt7Zb78c9STTFgILuz%2FbCyNUi76x2a630l94ZGPl7B0z6Ga%2Fr%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 82ff2a7a88555689-OSL
it.davalka.cc/picture/Znatok-kamasutry-otodral-glamurnuiu-milashku-v-raznykh-pozakh.webp
301 Moved Permanently 0 B URL GET HTTP/3 it.davalka.cc/picture/Znatok-kamasutry-otodral-glamurnuiu-milashku-v-raznykh-pozakh.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Znatok-kamasutry-otodral-glamurnuiu-milashku-v-raznykh-pozakh.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Znatok-kamasutry-otodral-glamurnuiu-milashku-v-raznykh-pozakh.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 23:15:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NSsFCBIvsRvj30HuUzWEW9mG%2F0Iif%2FRC4GXUCLd9t3dbet1kpGO057Z1fc0HjLg%2FD2dWOvV%2Fjzb1wkRdgckPbCB4zeOpECoLmQ7ukW2aVtVZens2mZ1GFJyLvO6l"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 82ff2a7a784e5689-OSL
it.davalka.cc/picture/Molodaia-briunetka-soblaznila-svoego-brata-i-otdalas-emu-v-gostinoi-na-divane.webp
301 Moved Permanently 0 B URL GET HTTP/3 it.davalka.cc/picture/Molodaia-briunetka-soblaznila-svoego-brata-i-otdalas-emu-v-gostinoi-na-divane.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Molodaia-briunetka-soblaznila-svoego-brata-i-otdalas-emu-v-gostinoi-na-divane.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Molodaia-briunetka-soblaznila-svoego-brata-i-otdalas-emu-v-gostinoi-na-divane.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 23:15:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KG25towFpjMe6UBzSENvTH3OQszp0foZRMdUrBshKTfkJLAQgPcZIcxfTZU1fSnz6Zlkx6%2BJboJa%2FBsNj5r%2FdU9e6nPgRVNjaZ%2FU2Qz7m11hz4nDL1ONx3QMOg4D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 82ff2a7a88565689-OSL
it.davalka.cc/picture/Molodozheny-zapisyvaiut-khoum-video-v-gorakh.webp
301 Moved Permanently 0 B URL GET HTTP/3 it.davalka.cc/picture/Molodozheny-zapisyvaiut-khoum-video-v-gorakh.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Molodozheny-zapisyvaiut-khoum-video-v-gorakh.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Molodozheny-zapisyvaiut-khoum-video-v-gorakh.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 23:15:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ArJIsSpfhPyYS7EGnqOO6HlqNQ02Mft8SyG5kT8EAecWdiyl5HsXLE8bGk%2BX2xg6n%2FGy2Dza66C1fhUJmayamTR1L8Cg2HgOyofrJ141s0hWSM%2FD6nENQcByVxa%2B"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 82ff2a7a88545689-OSL
it.davalka.cc/picture/Domashnii-seks-s-russkoi-podruzhkoi-ot-pervogo-litsa.webp
301 Moved Permanently 0 B URL GET HTTP/3 it.davalka.cc/picture/Domashnii-seks-s-russkoi-podruzhkoi-ot-pervogo-litsa.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Domashnii-seks-s-russkoi-podruzhkoi-ot-pervogo-litsa.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Domashnii-seks-s-russkoi-podruzhkoi-ot-pervogo-litsa.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 23:15:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WtHvIwZAeeRiNGvGpdAhmk9bmG6mk6kdhwq9YEYEyM7MJBOSWDdRFzJPW5vla1xGT%2FLrufN0RiQ3lMbgmoInGNwz0FRVHg3cyGgR9awVoEzCHbqALWbokAkFs60Y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 82ff2a7a884f5689-OSL
pornogoogle.info/banner/9187/teaser?callback=MP_TEASER_9187&width=210&refer=https%3A%2F%2Fit.davalka.cc%2F&r=&installation_id[]=6453&width_id[6453]=210&_=1701641706671&start=1701641700659
200 OK 2.2 kB URL GET HTTP/2 pornogoogle.info/banner/9187/teaser?callback=MP_TEASER_9187&width=210&refer=https%3A%2F%2Fit.davalka.cc%2F&r=&installation_id[]=6453&width_id[6453]=210&_=1701641706671&start=1701641700659
IP
ASN #50340 OOO Network of data-centers Selectel
Certificate IssuerLet's Encrypt
Subjectpornogoogle.info
Fingerprint2F:DB:C3:3E:14:CC:55:63:3D:B1:59:1A:EA:55:40:7C:1B:2E:4A:B8
ValidityTue, 07 Nov 2023 22:31:33 GMT - Mon, 05 Feb 2024 22:31:32 GMT
File type Unicode text, UTF-8 text, with very long lines (8086), with no line terminators
Hash 206f89820b217bb7bba6c0547be97852
ba81f482606b4bb57a74b21b51eaf356fe530fc3
0e412cbc8af2ba777d1326c939f4e3a29846b02aabd47bd29f41be6ec1e9020a
GET /banner/9187/teaser?callback=MP_TEASER_9187&width=210&refer=https%3A%2F%2Fit.davalka.cc%2F&r=&installation_id[]=6453&width_id[6453]=210&_=1701641706671&start=1701641700659 HTTP/1.1
Host: pornogoogle.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.2
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: application/javascript; charset=UTF-8
set-cookie: key_visitor=89f6441384c6db2204ccbfdb7303966f9a355215caa991a6039ad90b5382c5bba%3A2%3A%7Bi%3A0%3Bs%3A11%3A%22key_visitor%22%3Bi%3A1%3Bs%3A23%3A%22ckbjLsn24wV0E0kF1wW9Ei%7C%22%3B%7D; expires=Sun, 10-Dec-2023 22:15:01 GMT; Max-Age=604800; path=/; HttpOnly
x-frame-options: SAMEORIGIN
content-encoding: gzip
X-Firefox-Spdy: h2
3942b8586f.bbc781f81e.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNTA4NDY1ODA2NzU5MjQzNDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjkzLjEiLCJ0YWdfaWQiOjEwNzU3OSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjQxLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjAsInVzZXJfa2V5d29yZHMiOiJEYXZhbGthJTJDdmlkZW8lMkNwb3JubyUyQ29ubGluZSUyQ2dyYXR1aXRhbWVudGUlMkNQb3JubyUyQ3BlciUyQ2NhdGVnb3JpYSUyQ3Bvcm5vc3RhciUyQ2ltYnJvZ2xpb25pJTJDTnVvdmUlMkN0cm9pZSUyQ3Bvcm5vJTJDb2duaSUyQ2dpb3JubyUyQ1N1bCUyQ3NpdG8lMkNQb3JuJTJDRGF2YWxrYSUyQ3Zlbmdvbm8lMkNhZ2dpb3JuYXRpJTJDcXVvdGlkaWFuYW1lbnRlJTJDdmlkZW8lMkNwb3JubyUyQ2dyYXR1aXRpJTJDY2hlJTJDcHVvaSUyQ2d1YXJkYXJlJTJDb25saW5lJTJDc2VuemElMkNyZWdpc3RyYXppb25lJTJDZSUyQ1NNUy4ifQ==
200 OK 0 B URL GET HTTP/2 3942b8586f.bbc781f81e.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNTA4NDY1ODA2NzU5MjQzNDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjkzLjEiLCJ0YWdfaWQiOjEwNzU3OSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjQxLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjAsInVzZXJfa2V5d29yZHMiOiJEYXZhbGthJTJDdmlkZW8lMkNwb3JubyUyQ29ubGluZSUyQ2dyYXR1aXRhbWVudGUlMkNQb3JubyUyQ3BlciUyQ2NhdGVnb3JpYSUyQ3Bvcm5vc3RhciUyQ2ltYnJvZ2xpb25pJTJDTnVvdmUlMkN0cm9pZSUyQ3Bvcm5vJTJDb2duaSUyQ2dpb3JubyUyQ1N1bCUyQ3NpdG8lMkNQb3JuJTJDRGF2YWxrYSUyQ3Zlbmdvbm8lMkNhZ2dpb3JuYXRpJTJDcXVvdGlkaWFuYW1lbnRlJTJDdmlkZW8lMkNwb3JubyUyQ2dyYXR1aXRpJTJDY2hlJTJDcHVvaSUyQ2d1YXJkYXJlJTJDb25saW5lJTJDc2VuemElMkNyZWdpc3RyYXppb25lJTJDZSUyQ1NNUy4ifQ==
IP
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subject3942b8586f.bbc781f81e.com
Fingerprint9B:A1:C3:88:98:EF:96:69:1C:94:C8:ED:71:A8:E1:EC:C1:81:C6:09
ValidityThu, 30 Nov 2023 02:50:26 GMT - Wed, 28 Feb 2024 02:50:25 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiIxNTA4NDY1ODA2NzU5MjQzNDAwMCIsInRpbWV6b25lIjowLCJ2ZXIiOiIzLjkzLjEiLCJ0YWdfaWQiOjEwNzU3OSwic2NyZWVuX3Jlc29sdXRpb24iOiIxMjgweDEwMjQiLCJhZGJsb2NrIjowLCJ0aW1lem9uZV9vbHNvbiI6IlVUQyIsInV0bV9zb3VyY2UiOiIiLCJ1dG1fbWVkaXVtIjoiIiwidXRtX2NhbXBhaWduIjoiIiwidXRtX2NvbnRlbnQiOiIiLCJtbSI6MCwiaW5pdF9zdGFydF9sYXRlbmN5IjowLjQxLCJpc192MiI6MCwiaXNfdjJfZW1wdHkiOjAsInVzZXJfa2V5d29yZHMiOiJEYXZhbGthJTJDdmlkZW8lMkNwb3JubyUyQ29ubGluZSUyQ2dyYXR1aXRhbWVudGUlMkNQb3JubyUyQ3BlciUyQ2NhdGVnb3JpYSUyQ3Bvcm5vc3RhciUyQ2ltYnJvZ2xpb25pJTJDTnVvdmUlMkN0cm9pZSUyQ3Bvcm5vJTJDb2duaSUyQ2dpb3JubyUyQ1N1bCUyQ3NpdG8lMkNQb3JuJTJDRGF2YWxrYSUyQ3Zlbmdvbm8lMkNhZ2dpb3JuYXRpJTJDcXVvdGlkaWFuYW1lbnRlJTJDdmlkZW8lMkNwb3JubyUyQ2dyYXR1aXRpJTJDY2hlJTJDcHVvaSUyQ2d1YXJkYXJlJTJDb25saW5lJTJDc2VuemElMkNyZWdpc3RyYXppb25lJTJDZSUyQ1NNUy4ifQ== HTTP/1.1
Host: 3942b8586f.bbc781f81e.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://it.davalka.cc
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
it.davalka.cc/picture/Grudastaia-shliukha-soset-stoiak-i-shpilitsia-s-macho.webp
301 Moved Permanently 0 B URL GET HTTP/3 it.davalka.cc/picture/Grudastaia-shliukha-soset-stoiak-i-shpilitsia-s-macho.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Grudastaia-shliukha-soset-stoiak-i-shpilitsia-s-macho.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Grudastaia-shliukha-soset-stoiak-i-shpilitsia-s-macho.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 23:15:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Kx6JcIGfWs0Oq9eUR6IZNSYZlqlO25hxQRFV9tNNP%2FlyZYiWq3LwH9IJil9dj%2FBpN9VD0KwPlfuDcZNfIks6I0q6cg13nZlUahDCnvcDbLeNQ%2FSRDc6xSfxnEz%2BB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 82ff2a7aa87a5689-OSL
it.davalka.cc/picture/Skinuv-oblegaiushchee-korotkoe-plate--sisiastaia-suchka-sdelala-glubokii-minet-i-nasadilas-na-chlen.webp
301 Moved Permanently 0 B URL GET HTTP/3 it.davalka.cc/picture/Skinuv-oblegaiushchee-korotkoe-plate--sisiastaia-suchka-sdelala-glubokii-minet-i-nasadilas-na-chlen.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Skinuv-oblegaiushchee-korotkoe-plate--sisiastaia-suchka-sdelala-glubokii-minet-i-nasadilas-na-chlen.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Skinuv-oblegaiushchee-korotkoe-plate--sisiastaia-suchka-sdelala-glubokii-minet-i-nasadilas-na-chlen.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 23:15:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sL6nnHzdHd%2BHt%2FhBv4Idv77HGVGiVflINh2vUdRj3pHWONiJj41NIfRvUxOSDN2ue5Kk%2BhbVgeYzjQIZ5xCVic08MJzOtDnQKFc%2BNpjvFvBuFdT6GFpwZJjUJ1Km"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 82ff2a7a88595689-OSL
it.davalka.cc/picture/Klubnaia-davalka-prodala-zhopu-na-otieeb-izvratu-v-leginsakh.webp
301 Moved Permanently 0 B URL GET HTTP/3 it.davalka.cc/picture/Klubnaia-davalka-prodala-zhopu-na-otieeb-izvratu-v-leginsakh.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Klubnaia-davalka-prodala-zhopu-na-otieeb-izvratu-v-leginsakh.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Klubnaia-davalka-prodala-zhopu-na-otieeb-izvratu-v-leginsakh.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 23:15:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u1OGSEIaWcPHADcDNuSWNtzxs52VnQrB%2F%2BkxWAMf0GR56LiZ1%2BBE%2BkxHOOshzt%2BxsZOM%2BajlPbEyVN0NCx3gmoWqqRsJMkS4xeoJ7ThEKnOhQ%2B%2F9Es024zBR0Hwz"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 82ff2a7a98765689-OSL
it.davalka.cc/picture/Vozbuzhdennaia-aziatskaia-milashka-poziruet-i-drochit-svoiu-shchelku.webp
301 Moved Permanently 0 B URL GET HTTP/3 it.davalka.cc/picture/Vozbuzhdennaia-aziatskaia-milashka-poziruet-i-drochit-svoiu-shchelku.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Vozbuzhdennaia-aziatskaia-milashka-poziruet-i-drochit-svoiu-shchelku.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Vozbuzhdennaia-aziatskaia-milashka-poziruet-i-drochit-svoiu-shchelku.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 23:15:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BLwGaZod3B%2F8pGDgu2ZL%2B9J%2BIMcvNatNk%2FTmdDpEuWQEOMuS8kFyTwHilvlEzUdlSjQ4vGiplb%2Fn4RKDzlYSNoeMOBkXxEE6d5PlRfar%2F0ERauOy8hRUjNCmfYL6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 82ff2a7a986d5689-OSL
it.davalka.cc/picture/Blondinka-spalila-druga-za-drochkoi-na-svoi-chastnye-zapisi-i-vospolzovalas-im.webp
301 Moved Permanently 0 B URL GET HTTP/3 it.davalka.cc/picture/Blondinka-spalila-druga-za-drochkoi-na-svoi-chastnye-zapisi-i-vospolzovalas-im.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Blondinka-spalila-druga-za-drochkoi-na-svoi-chastnye-zapisi-i-vospolzovalas-im.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Blondinka-spalila-druga-za-drochkoi-na-svoi-chastnye-zapisi-i-vospolzovalas-im.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 23:15:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0gPB2yTscP2W%2BmpdJyi6oN%2FG7KSkem2zwYwaj4P61hfodvPgRw6KPlRGIQ6iewcMtaGtqS4jyUr2kX%2FhccrvSiR2lBAqqTczIw3vYifSjaafwNP%2BBPI9usEUD8TA"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 82ff2a7a98695689-OSL
da0f7cbe94.ffe3ca7ae5.com/cc10455d3ed527b208795706b889338a.js
200 OK 136 kB URL GET HTTP/2 da0f7cbe94.ffe3ca7ae5.com/cc10455d3ed527b208795706b889338a.js
IP
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subjectda0f7cbe94.ffe3ca7ae5.com
FingerprintF9:9D:B2:0F:F8:4F:C8:3D:27:3F:C9:4C:36:21:38:26:38:8F:E6:87
ValidityThu, 30 Nov 2023 02:20:43 GMT - Wed, 28 Feb 2024 02:20:42 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 136 kB (136189 bytes)
Hash 1921240690aab70adaf5b379b94b3185
9fa83c75665a217ce7b2a5b2a7fcec43cf0c19ec
25ab37f5254eae1598cd8d0bd1017f7a32d421a1a2b3418aa41589eb5e993efd
GET /cc10455d3ed527b208795706b889338a.js HTTP/1.1
Host: da0f7cbe94.ffe3ca7ae5.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Thu, 30 Nov 2023 09:44:58 GMT
etag: W/"6568599a-8746e"
content-encoding: gzip
expires: Sun, 03 Dec 2023 22:20:01 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
it.davalka.cc/picture/Ebet-moloduiu-blondinku-v-ochkakh-ot-pervogo-litsa.webp
301 Moved Permanently 0 B URL GET HTTP/3 it.davalka.cc/picture/Ebet-moloduiu-blondinku-v-ochkakh-ot-pervogo-litsa.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Ebet-moloduiu-blondinku-v-ochkakh-ot-pervogo-litsa.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Ebet-moloduiu-blondinku-v-ochkakh-ot-pervogo-litsa.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 23:15:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K5enfNTx9XclKKS9tvpIL%2B10YCf7C4l9N9E20SDqKemj8XCoCVFaUJcU0tnBIjoYrGtzF4mWp3sD6FhWq4BzCfreciEs1mab3UYXxE68U0TUGGPPW9BNeJmucGUB"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 82ff2a7a88585689-OSL
ntvpforever.com/keywords
204 No Content 22 B IP
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
File type JSON data\012- , ASCII text, with no line terminators
Hash 803ed818708dd83bfae04bb20cf48cb0
3a32cabae01dd92a848ec427f4c69b85825e89e8
4c7d996ddffabca7f5a8fba7c3fa72a41f041ba7f96dfdbbd1818ec884aec396
POST /keywords HTTP/1.1
Host: ntvpforever.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 320
Origin: https://it.davalka.cc
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: application/json
content-length: 22
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
69v.club/dear_code/9187/goclick?t=every_sec&c=&ref=
3.5 kB URL GET 69v.club/dear_code/9187/goclick?t=every_sec&c=&ref=
IP
Certificate IssuerGoogle Trust Services LLC
Subject69v.club
FingerprintD5:00:8F:DC:CC:EF:B6:2F:A4:BD:8D:58:48:67:6B:1A:95:E4:E3:8C
ValiditySun, 08 Oct 2023 12:09:36 GMT - Sat, 06 Jan 2024 12:09:35 GMT
Hash faaebecc374ff61eefdf0936b042e0a2
806d672dd227405e99d78750e1c5c38cc410bfca
39eb676ba825738e476a2f0daf34fa285fe118f669c73b3c907404e2fcfa967c
GET /dear_code/9187/goclick?t=every_sec&c=&ref= HTTP/1.1
Host: 69v.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
vary: Accept-Encoding
expires: Sun, 03 Dec 2023 22:15:00 GMT
cache-control: no-cache
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=meyhioef0jURZH0QG6pZhqNZ4%2BTflsv%2B7uBH7cmIu7hQwd145KOpyQdXl0tf46dScS7ogoBdqXVIuyCV83Y5VqMVhQW%2Fz7kBWEcmwqdgVE2rvNksrEXggzNRTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff2a78de24b4f3-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
cdn.1qt.info/banners/tZ/Nw/tZNwO7Ly1ST1IAMvfw3m.gif
200 OK 62 kB URL GET HTTP/2 cdn.1qt.info/banners/tZ/Nw/tZNwO7Ly1ST1IAMvfw3m.gif
IP
Certificate IssuerLet's Encrypt
Subject1qt.info
Fingerprint9B:EF:28:8C:72:CC:0D:36:C7:88:10:78:FB:48:0E:3F:88:BB:95:D5
ValiditySat, 02 Dec 2023 19:30:08 GMT - Fri, 01 Mar 2024 19:30:07 GMT
File type GIF image data, version 89a, 300 x 300\012- data
Hash f31db9b2018513774e25d114cea2ec38
8363fe737850a9ce1d4f4d203b6e14a0366cd4a6
71351895de2940632adf0499176d4cebcdb25eaca7e689e2b0e1a424233a8f03
GET /banners/tZ/Nw/tZNwO7Ly1ST1IAMvfw3m.gif HTTP/1.1
Host: cdn.1qt.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/gif
content-length: 62197
last-modified: Tue, 21 Jan 2020 13:32:34 GMT
etag: "5e26fd72-f2f5"
cf-cache-status: REVALIDATED
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AbNYxrDMYClbfJPYm3vvWV7pzc39PjxTTgPDkLhHu41yhs6tM0LFvE16SxCKMAHyv6tYJJle%2BLa8457tt9hqbJb%2FUzpIOG57m3AEWDTA0w7Gd1Vs1U2vD5rt2d3NTpc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7b1856b4f3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=107579
204 No Content 58 B URL OPTIONS HTTP/1.1 fp.metricswpsh.com/fp?tag_id=107579
IP
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
File type JSON data\012- , ASCII text
Hash 49cb75c0da6be8cc97daea0ae2498649
1dd230c3f22a2308b9c091fe1e952b5e8d44bc88
3f61f6927c8c29196e623750a164dcd6895cc2dc3a592ccc5d755b3d4d407841
POST /fp?tag_id=107579 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 23168
Origin: https://it.davalka.cc
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Sun, 03 Dec 2023 22:15:01 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 58
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://it.davalka.cc
Set-Cookie: id=17809194100488540132; Expires=Mon, 02 Dec 2024 22:15:01 GMT; Secure; SameSite=None
Vary: Origin
cdn.1qt.info/banners/Bx/as/Bxas81vLzVTO96zQjRTu.gif/r/160x160
200 OK 18 kB URL GET HTTP/2 cdn.1qt.info/banners/Bx/as/Bxas81vLzVTO96zQjRTu.gif/r/160x160
IP
Certificate IssuerLet's Encrypt
Subject1qt.info
Fingerprint9B:EF:28:8C:72:CC:0D:36:C7:88:10:78:FB:48:0E:3F:88:BB:95:D5
ValiditySat, 02 Dec 2023 19:30:08 GMT - Fri, 01 Mar 2024 19:30:07 GMT
File type GIF image data, version 87a, 160 x 160\012- data
Hash 73a9756ec7740b3ae25fb9405abe266f
2e4657021b1851041e4f600cc5ea4767466ab9b1
305465b97bf6cb59ebf3d22e46bff29e6d7fc564e47c1f170c9a97be612bac5f
GET /banners/Bx/as/Bxas81vLzVTO96zQjRTu.gif/r/160x160 HTTP/1.1
Host: cdn.1qt.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/gif
content-length: 18327
last-modified: Tue, 21 Jan 2020 13:30:39 GMT
etag: W/"5e26fcff-75f7"
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OrSU255E4MYM29FglEkmusn7KByWXcLZDpElfi6qz6AxJZU213iKLe%2FtE9vtnbDKsNQVTScmynWLRXaYePq%2Ft%2BerME8OpE%2B93q2sKDxUTgUGOnDKj8GiWHSeF6xUh6Y%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff2a7b285cb4f3-OSL
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
davalka.cc/picture/Goriachaia-ukrainka-ublazhila-diadiu-Vudmana-i-pro-ego-druzei-ne-zabyla.webp
200 OK 10 kB URL GET HTTP/3 davalka.cc/picture/Goriachaia-ukrainka-ublazhila-diadiu-Vudmana-i-pro-ego-druzei-ne-zabyla.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash dd712bcd780663a9e0ca0a6d42e002e8
82c3d4e2648fc0aaf8c40d2b238faf15fff10dbb
248b0e3f0338bfff62a1d69d0141cc3664f3e5cc6cc1b6fdf403ef4beb01890f
GET /picture/Goriachaia-ukrainka-ublazhila-diadiu-Vudmana-i-pro-ego-druzei-ne-zabyla.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 10394
last-modified: Sat, 03 Jun 2023 08:53:27 GMT
etag: "647aff87-289a"
cache-control: max-age=86400
cf-cache-status: HIT
age: 796867
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OjEw5xRIjORyzo81yOxhdiVKZxCaklcAN%2FspINM5ZMeVqNBP0y0nycfT8ZoeozdSSg9yhkWTjEl%2BcvOPOT%2BHyN%2FFlaFiQR%2BWtCF7IXMDdR6QQiu1UUUvGlVBXbSU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7cfa665689-OSL
alt-svc: h3=":443"; ma=86400
davalka.cc/picture/Molodaia-briunetka-soblaznila-svoego-brata-i-otdalas-emu-v-gostinoi-na-divane.webp
200 OK 8.0 kB URL GET HTTP/3 davalka.cc/picture/Molodaia-briunetka-soblaznila-svoego-brata-i-otdalas-emu-v-gostinoi-na-divane.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 680353f2dfad53bbfff87bfe1ec124d7
11f658bbce4232ed987caf29330da94593683e46
cae3a76feca0c743f5385dd32832a5906cde1d68b023f2b96ebfb673cabbb444
GET /picture/Molodaia-briunetka-soblaznila-svoego-brata-i-otdalas-emu-v-gostinoi-na-divane.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 7988
last-modified: Sat, 03 Jun 2023 09:01:12 GMT
etag: "647b0158-1f34"
cache-control: max-age=86400
cf-cache-status: HIT
age: 102156
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IBh1PmV7vbGj0CK1y%2BH45mmqwzydYaKBy488of93bnxT3lTMveUcrndd32RLhfpa7AP06%2FjfIFqc6PkozovWfRxOM32xCvNaqpbgX7n7ojF32SO20GQgbVRw%2FcCS"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7cfa685689-OSL
alt-svc: h3=":443"; ma=86400
davalka.cc/picture/Aziat-podobral-pianu-vypusknitsu-s-lavochki-i-doma-vzial-s-nee-platu-naturoi.webp
200 OK 5.9 kB URL GET HTTP/3 davalka.cc/picture/Aziat-podobral-pianu-vypusknitsu-s-lavochki-i-doma-vzial-s-nee-platu-naturoi.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x252, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a79607f70b8530280146edc216576d18
ae961f63a891964d1c322380f03ba90193217e6b
097194e66c7452a5e2f91f7cc84ce0086635ac5d4657b3da79d4fbd3c1d02560
GET /picture/Aziat-podobral-pianu-vypusknitsu-s-lavochki-i-doma-vzial-s-nee-platu-naturoi.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 5946
last-modified: Sat, 03 Jun 2023 08:50:08 GMT
etag: "647afec0-173a"
cache-control: max-age=86400
cf-cache-status: HIT
age: 180528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tk02eImRkG%2FODUGK28swu1RDI95jK5fXIq1T2VZ%2BGhZjq7RA62neb8vZ9wAAS1xJlc%2B2oyVYU0fqEBN%2FXSIhMuA7AOUC4TCeES9P%2BxLU1G3YoLvncVLqBqToQ0cs"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7cfa5f5689-OSL
alt-svc: h3=":443"; ma=86400
davalka.cc/picture/Znatok-kamasutry-otodral-glamurnuiu-milashku-v-raznykh-pozakh.webp
200 OK 6.3 kB URL GET HTTP/3 davalka.cc/picture/Znatok-kamasutry-otodral-glamurnuiu-milashku-v-raznykh-pozakh.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6125079eb2ce96c4713fd70125a005e1
210ebaefc4ac370ee240ab941fcfeea191757433
fb3c1e07ec696fa71ef73dc3889e37bbad129eed559c7022e0ea551a4a48c447
GET /picture/Znatok-kamasutry-otodral-glamurnuiu-milashku-v-raznykh-pozakh.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 6256
last-modified: Sat, 03 Jun 2023 09:28:39 GMT
etag: "647b07c7-1870"
cache-control: max-age=86400
cf-cache-status: HIT
age: 641673
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=leRzU5a6uXkubCNA58DWhHNSRmhcvrIJMZgI3amxbmWoD3uFwRoNDqQO4FvP4xrUaVKkP90XydIIA5zILB0ONomGUu0dL1uRDPNuktVkZ234jk870IWAZVNcxJ%2FJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7cfa675689-OSL
alt-svc: h3=":443"; ma=86400
davalka.cc/picture/Domashnii-seks-s-russkoi-podruzhkoi-ot-pervogo-litsa.webp
200 OK 14 kB URL GET HTTP/3 davalka.cc/picture/Domashnii-seks-s-russkoi-podruzhkoi-ot-pervogo-litsa.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a26e1d285bf72887b794c57d46bc6ee1
5d78f796a8c58e781f958e1a5ffeeb4e49ddbbf5
a779768598f135972f158e7e6b0960611c4f3c73b947e019ec84ad9799ea248b
GET /picture/Domashnii-seks-s-russkoi-podruzhkoi-ot-pervogo-litsa.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 13938
last-modified: Sat, 03 Jun 2023 08:52:18 GMT
etag: "647aff42-3672"
cache-control: max-age=86400
cf-cache-status: HIT
age: 471342
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jyYsGGKs3RdK04orBVnnpjZePaH05txzqAU3MtvJ%2FWrZ64yHz2IVp8ArcG%2FIyChZXw39NP0CdJOKTLA5LZj17QdX0t%2FmQr2jKTMMDnYo%2BrL3FU0xH4M0TTWwo33i"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7d0a7a5689-OSL
alt-svc: h3=":443"; ma=86400
davalka.cc/picture/Molodozheny-zapisyvaiut-khoum-video-v-gorakh.webp
200 OK 21 kB URL GET HTTP/3 davalka.cc/picture/Molodozheny-zapisyvaiut-khoum-video-v-gorakh.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 895b03b20d5f17ca99615bc2e3cd1194
4c683ad95f618e134a14e37c2ac3de19c8950789
5598f2a78426977957e88cadf02e77165f09eaaa8b7863baa6beee23f86b532f
GET /picture/Molodozheny-zapisyvaiut-khoum-video-v-gorakh.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 20952
last-modified: Sat, 03 Jun 2023 09:01:34 GMT
etag: "647b016e-51d8"
cache-control: max-age=86400
cf-cache-status: HIT
age: 824314
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NwQVBclFTDUCVLAK4Ve931Eu5i1CiEBZuAhiAzIsxsRzYQ8P3I4hgDerjuGaRMXTebdjI8aP%2FdyZ6jvotyYc%2FuYtu0bimeDuwFImIRzPVD95%2BKIRTQ91ZbGohMpT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7d0a795689-OSL
alt-svc: h3=":443"; ma=86400
davalka.cc/picture/Skinuv-oblegaiushchee-korotkoe-plate--sisiastaia-suchka-sdelala-glubokii-minet-i-nasadilas-na-chlen.webp
200 OK 11 kB URL GET HTTP/3 davalka.cc/picture/Skinuv-oblegaiushchee-korotkoe-plate--sisiastaia-suchka-sdelala-glubokii-minet-i-nasadilas-na-chlen.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0acc619856aec33403ba3e78a0717333
3cb7d0581ae4973e290616f0d62e03efc64c0bf5
229caca43261d65f1ad4b34e27adc331dca165aea264204bc17b7724e898a386
GET /picture/Skinuv-oblegaiushchee-korotkoe-plate--sisiastaia-suchka-sdelala-glubokii-minet-i-nasadilas-na-chlen.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 10558
last-modified: Sat, 03 Jun 2023 09:18:02 GMT
etag: "647b054a-293e"
cache-control: max-age=86400
cf-cache-status: HIT
age: 102156
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vgPT7keNT%2BsBhmjAxP195qrpQGbB2JcGrWtxavM4M5QPP7p%2FlGJcjqAITZoELrCOnL4AvB%2BD6%2FdJ7l8xIhOrqXa%2Bug%2Bac6nGYnBy4ncGZ7Psgz0NtBjEhQuYYIVx"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7d1a7f5689-OSL
alt-svc: h3=":443"; ma=86400
davalka.cc/picture/Vozbuzhdennaia-aziatskaia-milashka-poziruet-i-drochit-svoiu-shchelku.webp
200 OK 5.4 kB URL GET HTTP/3 davalka.cc/picture/Vozbuzhdennaia-aziatskaia-milashka-poziruet-i-drochit-svoiu-shchelku.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 424x240, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash d8be6689c9aab5a581cc5d6f4dabc6b0
b839c623a5a2ae6304085290710f229402dcc43c
62772ba865fe5e17320e96d35c5fba1ad15b86d605516e0c0dfc0dea44d108be
GET /picture/Vozbuzhdennaia-aziatskaia-milashka-poziruet-i-drochit-svoiu-shchelku.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 5444
last-modified: Sat, 03 Jun 2023 09:25:42 GMT
etag: "647b0716-1544"
cache-control: max-age=86400
cf-cache-status: HIT
age: 180528
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gfcr6mhzCVdMFliuY7TPKSDGJw2O5JB%2FXAr2a4mVe9bxFN4ml2DI72xBPKrsAtTrrN1NfSNHjH%2BuFZbFm%2F2xibCo%2Babd1HViVEo8qujgp3ee8hCjHmOgfHPWbr5I"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7d1a875689-OSL
alt-svc: h3=":443"; ma=86400
davalka.cc/picture/Ebet-moloduiu-blondinku-v-ochkakh-ot-pervogo-litsa.webp
200 OK 7.3 kB URL GET HTTP/3 davalka.cc/picture/Ebet-moloduiu-blondinku-v-ochkakh-ot-pervogo-litsa.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash bc80aeae4848589680cd521f65ce3a2a
c12984db5dbf4c6470ada2a621f0ca04eb604b1c
1b6321a6ccc8820d6473d26a66c3b83cc148b0062de7f6f737c7190c65da523b
GET /picture/Ebet-moloduiu-blondinku-v-ochkakh-ot-pervogo-litsa.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 7328
last-modified: Sat, 03 Jun 2023 08:52:51 GMT
etag: "647aff63-1ca0"
cache-control: max-age=86400
cf-cache-status: HIT
age: 102156
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HWs%2Bhwsuyo0l3HdDaK1JZi1J72pc50zx8WN8eiTMZPyDd48oGPEUjOLq5iqTwR5EBNmIwtoBu4rm3NRpvjVDrJOgyPNrAAxrtz90hVTfktRPe0arhCifbjHLyHOc"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7d2a8b5689-OSL
alt-svc: h3=":443"; ma=86400
davalka.cc/picture/Amerikanka-mychit-vo-vremia-anala-pered-kotorym-ona-poluchila-chlen-v-rot-i-pizdu.webp
200 OK 9.7 kB URL GET HTTP/3 davalka.cc/picture/Amerikanka-mychit-vo-vremia-anala-pered-kotorym-ona-poluchila-chlen-v-rot-i-pizdu.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7ae902d3145b2493d6f4b34c5de3377c
c7972d749f12377da3b49111825fe766fd551dec
09e647793a42d8b87b91db0101b6a318975e9c6920b01a46cbddfac6d1a959de
GET /picture/Amerikanka-mychit-vo-vremia-anala-pered-kotorym-ona-poluchila-chlen-v-rot-i-pizdu.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 9738
last-modified: Sat, 03 Jun 2023 08:49:49 GMT
etag: "647afead-260a"
cache-control: max-age=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ftt5ebCWKGivLP1EL%2FbChV1ygdnzsgU%2B51NOl8a4Lemzn26NFmxL03wzhStThu9PTHpClVqxwb%2Bl4sPGksuuDYJMSg44qwrzgXK0iWQcEfSOHyo1mMx9dmIlGrte"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7cfa5c5689-OSL
alt-svc: h3=":443"; ma=86400
davalka.cc/picture/Poka-muzha-net-doma--briunetka-vyzvala-na-dom-massazhista-i-sovratila-ego-na-analnyi-seks.webp
200 OK 11 kB URL GET HTTP/3 davalka.cc/picture/Poka-muzha-net-doma--briunetka-vyzvala-na-dom-massazhista-i-sovratila-ego-na-analnyi-seks.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 6741a6dfe62a9392bfbeb766973d1b55
4305c662e419f3334f3a623dfed6251564f1879f
095b7013968c2394c5f5a3342636c06cc39d25812070b64cd658d8e6e9508d1d
GET /picture/Poka-muzha-net-doma--briunetka-vyzvala-na-dom-massazhista-i-sovratila-ego-na-analnyi-seks.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 10874
last-modified: Sat, 03 Jun 2023 09:06:38 GMT
etag: "647b029e-2a7a"
cache-control: max-age=86400
cf-cache-status: HIT
age: 635815
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4UtWRw6UOZBVqnXA%2BiscV590No0lBcPTiPXkHh0oDlIeow1EHAaXk%2BbxCrpy8O8abRgE2RlEe8w6%2BxRzDCgVbs%2BqH2LkweziV0WRGhg3XicAXYrC5c4C5tlKJZ6y"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7d2a8a5689-OSL
alt-svc: h3=":443"; ma=86400
davalka.cc/picture/Blondinka-spalila-druga-za-drochkoi-na-svoi-chastnye-zapisi-i-vospolzovalas-im.webp
200 OK 10 kB URL GET HTTP/3 davalka.cc/picture/Blondinka-spalila-druga-za-drochkoi-na-svoi-chastnye-zapisi-i-vospolzovalas-im.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 81baaddb0c8576f79fe7d513308a4303
439ecb8ed3327da7d31b770b2898a439ea91e80a
3882cac6b639bb57cf4e500b21e576aca52466294d01d7c4bb6687e6410b25d0
GET /picture/Blondinka-spalila-druga-za-drochkoi-na-svoi-chastnye-zapisi-i-vospolzovalas-im.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 10430
last-modified: Sat, 03 Jun 2023 08:50:29 GMT
etag: "647afed5-28be"
cache-control: max-age=86400
cf-cache-status: HIT
age: 703315
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xZ7cgkTvDOYtb5mM02f0FLRwFsWdBLPsuKJdjjmd%2Fn1slRO121OrId%2BvFAZp3gSEXThLU92vaAAR4Z%2B0Z6HafkldVg3pkkbtByd%2F%2FVW8ck8jKR3dnw%2BWJKJ0GRQT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7d1a885689-OSL
alt-svc: h3=":443"; ma=86400
davalka.cc/picture/Khudoshchavaia-belosnezhka-otomstila-nevernomu-muzhu-s-chernym-ochkarikom.webp
200 OK 8.8 kB URL GET HTTP/3 davalka.cc/picture/Khudoshchavaia-belosnezhka-otomstila-nevernomu-muzhu-s-chernym-ochkarikom.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 0b073b06926be8fae18d642f1e132e9a
26acbde81e1a73a9e6c652507dbfe218bb7c19ec
450dceb1332edecd533d8a9b5224a4688384b06a39bb51cad1c42acd9fa012d0
GET /picture/Khudoshchavaia-belosnezhka-otomstila-nevernomu-muzhu-s-chernym-ochkarikom.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 8758
last-modified: Sat, 03 Jun 2023 08:54:53 GMT
etag: "647affdd-2236"
cache-control: max-age=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zVE5MfapirHuxpWdhhFruyOkMBmS3mKbxYP2L1uuNhuv5yyKAWINIO3ScdMFT8AsC3stTF3S2HMmkFIJTshJVHm23pvmu6A02iuTDkTYZ4msvsRDxYOfdBqD%2Fhbp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7cfa655689-OSL
alt-svc: h3=":443"; ma=86400
davalka.cc/picture/Grudastaia-shliukha-soset-stoiak-i-shpilitsia-s-macho.webp
200 OK 4.2 kB URL GET HTTP/3 davalka.cc/picture/Grudastaia-shliukha-soset-stoiak-i-shpilitsia-s-macho.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 60659d1eb6c9b4848542d9e80fd49abe
9ef32a357d9a7a78d01e6bb11a8d6ce8ea457e41
11c72849d23ecc17b07ae09674c6053d8ffb10e2223ba3bd47150870deccddd7
GET /picture/Grudastaia-shliukha-soset-stoiak-i-shpilitsia-s-macho.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 4158
last-modified: Sat, 03 Jun 2023 08:53:43 GMT
etag: "647aff97-103e"
cache-control: max-age=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nT%2FFH8OGE7OHtubWLhiFeT5Pu8HfNoHHWPdwpByszvoJZjvpBMP6%2FWfi2unun3URZ9N2E%2FJKaQRgQfsi9m0HhqnwyJtW57chK2tZb4O2P7pLxEgJx0vEEbg%2B%2BacV"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7d1a7e5689-OSL
alt-svc: h3=":443"; ma=86400
davalka.cc/picture/Klubnaia-davalka-prodala-zhopu-na-otieeb-izvratu-v-leginsakh.webp
200 OK 14 kB URL GET HTTP/3 davalka.cc/picture/Klubnaia-davalka-prodala-zhopu-na-otieeb-izvratu-v-leginsakh.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 95f6120abd4c73ee802afaba91943d9a
e11cf54032b8766bd2d53ad422d9a1b3d97dab2c
3c8ae3cf2400ea404cfba59a055efbb569d7bded2c23302340c08690be0882b5
GET /picture/Klubnaia-davalka-prodala-zhopu-na-otieeb-izvratu-v-leginsakh.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 14434
last-modified: Sat, 03 Jun 2023 08:55:05 GMT
etag: "647affe9-3862"
cache-control: max-age=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Pj8vtrXkKQBHq2Y1LHRT9UQ8DTX4qQDFK41%2BejDMQgtHflG902MlTEXcaFvsgtTkzrXf018z68GM1RcH%2B2nCyxtl3y3KKtXOmYhyekq79ByW0mY9Aqj7WZ%2FI2UCP"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7d1a835689-OSL
alt-svc: h3=":443"; ma=86400
nereserv.com/in/dip?site=native-push&wl=1&event_id=c41eb379-4229-421a-a2f9-9e2119a26c2d&subid=787285550&sid=3573639325&spot_id=406844&created_at=2023-12-03&timezone=0&ver=8.121.0&is_native=1
200 OK 0 B URL GET HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=c41eb379-4229-421a-a2f9-9e2119a26c2d&subid=787285550&sid=3573639325&spot_id=406844&created_at=2023-12-03&timezone=0&ver=8.121.0&is_native=1
IP
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectnotification.tubecup.net
Fingerprint0D:7A:7C:53:DB:15:35:28:E9:E6:2B:90:43:BB:EF:E5:AB:BE:DA:E3
ValidityThu, 09 Nov 2023 09:29:43 GMT - Wed, 07 Feb 2024 09:29:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=c41eb379-4229-421a-a2f9-9e2119a26c2d&subid=787285550&sid=3573639325&spot_id=406844&created_at=2023-12-03&timezone=0&ver=8.121.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://it.davalka.cc
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
davalka.cc/picture/Kunimen-otlizal-kisku-vozliublennoi-i-trakhnul-perevozbuzhdennym-chlenom.webp
200 OK 13 kB URL GET HTTP/3 davalka.cc/picture/Kunimen-otlizal-kisku-vozliublennoi-i-trakhnul-perevozbuzhdennym-chlenom.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 450x253, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash fe176da3514a4296f0e4026069b327dc
f68d4dad27ebb21055703c5051aeebf67d81bb8b
2fe9716b0dd7d788b89c7d3d8a9d19f0974d93a288f7e10b9aebe4b1cf6b9360
GET /picture/Kunimen-otlizal-kisku-vozliublennoi-i-trakhnul-perevozbuzhdennym-chlenom.webp HTTP/1.1
Host: davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://it.davalka.cc/
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: image/webp
content-length: 13246
last-modified: Sat, 03 Jun 2023 08:56:51 GMT
etag: "647b0053-33be"
cache-control: max-age=86400
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jZphgP95DLpmkaI1AihqMjLuhkpLyMyxzHzM8see4OtFJHRWFbVYALURgPYv%2BODJDy4WPaZ4da0ZevMmT4w8x8Xl6MOVNxhdwehTygUq%2FvyzexrprPw2NIyKPrCH"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7d2a915689-OSL
alt-svc: h3=":443"; ma=86400
e4342886e5.26dffa4094.com/in/multy
204 No Content 0 B URL OPTIONS HTTP/2 e4342886e5.26dffa4094.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subject26dffa4094.com
Fingerprint9C:9F:BE:07:E3:8F:F8:0E:E0:05:AD:CF:A6:BE:3B:92:00:3C:5C:57
ValidityThu, 30 Nov 2023 03:01:48 GMT - Wed, 28 Feb 2024 03:01:47 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
OPTIONS /in/multy HTTP/1.1
Host: e4342886e5.26dffa4094.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://it.davalka.cc/
Origin: https://it.davalka.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 204 No Content
server: nginx/1.18.0
date: Sun, 03 Dec 2023 22:15:02 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
302 Found 0 B URL GET HTTP/2 accounts.google.com/ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube
IP
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ServiceLogin?passive=true&continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&uilel=3&hl=en&service=youtube HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
content-type: application/binary
set-cookie: __Host-GAPS=1:Q6AkWRcDgOak10c3C6tEYnxuU1t1gw:6nVTL0XvHQYhn0q7; Expires=Tue, 02-Dec-2025 22:15:02 GMT; Path=/; Secure; HttpOnly; Priority=HIGH
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 03 Dec 2023 22:15:02 GMT
location: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0WdeH6aMFG2VJ2IM8sJ6M8BRKIm6yTPvdf5EiDJpt9bgYsZ60ePHds-5_Lewmzyy8yJfxf
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'nonce-LtmfDE1ncT3A_UX8b9kfUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy: unsafe-none
server: ESF
content-length: 0
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0WdeH6aMFG2VJ2IM8sJ6M8BRKIm6yTPvdf5EiDJpt9bgYsZ60ePHds-5_Lewmzyy8yJfxf
302 Found 402 B URL GET HTTP/2 accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0WdeH6aMFG2VJ2IM8sJ6M8BRKIm6yTPvdf5EiDJpt9bgYsZ60ePHds-5_Lewmzyy8yJfxf
IP
Certificate IssuerGoogle Trust Services LLC
Subjectaccounts.google.com
Fingerprint1E:A9:E1:96:78:1D:08:FC:96:C8:C2:34:4F:02:D3:3D:FA:9A:D2:6B
ValidityMon, 23 Oct 2023 11:25:04 GMT - Mon, 15 Jan 2024 11:25:03 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (397)
Hash 4ad1582778e5103cb52d91bc1ed4d603
8471a02bd10466efc96f2528224e64c71fb17932
a9d97abc0cd2516c065b55b3c0862fb78605240dad5ee7ef4fc0c1c508953a61
GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico&hl=en&passive=true&service=youtube&uilel=3&ifkv=ASKXGp0WdeH6aMFG2VJ2IM8sJ6M8BRKIm6yTPvdf5EiDJpt9bgYsZ60ePHds-5_Lewmzyy8yJfxf HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 302 Found
content-type: text/html; charset=UTF-8
set-cookie: __Host-GAPS=1:uGHrJ0dva-HQYQZf2yYo6gDZhA8klw:C5pLOeODr0FVVj4k;Path=/;Expires=Tue, 02-Dec-2025 22:15:02 GMT;Secure;HttpOnly;Priority=HIGH
x-frame-options: DENY
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 03 Dec 2023 22:15:02 GMT
location: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp24ER0NQGICmLn7FOzhUiWiL4bn8RbscVzrQ-6EsBMjL8pLwk--CwXYeMVmRQsHQ0VZEz6P8g&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1409992839%3A1701641702299556&theme=glif
strict-transport-security: max-age=31536000; includeSubDomains
content-security-policy: script-src 'nonce-Uc-3BZbw4hr8mBE0XmW8sA' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport
report-to: {"group":"coop_gse_qebhlk","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gse_qebhlk"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="coop_gse_qebhlk"
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 402
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
e4342886e5.26dffa4094.com/in/multy
204 No Content 2.7 kB URL OPTIONS HTTP/2 e4342886e5.26dffa4094.com/in/multy
IP
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subject26dffa4094.com
Fingerprint9C:9F:BE:07:E3:8F:F8:0E:E0:05:AD:CF:A6:BE:3B:92:00:3C:5C:57
ValidityThu, 30 Nov 2023 03:01:48 GMT - Wed, 28 Feb 2024 03:01:47 GMT
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (22914), with no line terminators
Hash a74dab5e5ca78e216fc79c465d845ed1
1b30847fef73ad75c64e6c844f7c4591ed9df5c7
f7672b9dbf01bb5e9973162dddac7723cbe72b3320c7a004c8298cc11ac5effe
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
POST /in/multy HTTP/1.1
Host: e4342886e5.26dffa4094.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 1839
Origin: https://it.davalka.cc
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 03 Dec 2023 22:15:02 GMT
content-type: application/json
content-length: 2665
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
e4342886e5.26dffa4094.com/in/show/?tag_ab=b&site_id=31406844&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fit.davalka.cc%2F&refdom=it.davalka.cc&auction_time=1701641702&subid=787285550&sid=3573639325&tcid=0&ver=8.121.0&ver_c=&spot_id=406844&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-03&iabcat=IAB25-3&keywords=adult&user_fp=3778550308585732526&score=100&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D787285550%26spot_id%3D406844%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fit.davalka.cc%252F%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D787285550%26spot_id%3D406844%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fit.davalka.cc%252F%26idzone%3D0%26sid%3D1886&icons=fd-GvO429ZYuBkAJcEkG0cf_MTLDgdrux3FynE6yLd_x6QVpb08ZJ4Rw5p1c40oB10Gzjniz079AGFUzLBxUk7p5JBSdzxQt5e9jHvgwhb2RtVD0DleinqW8Uph76dXLZnZkEtUYxM7o4KLPwC3ImLmdY8RjaiZWadFk02vlN88rS68_xw&ext_cid=0&px_id=406844&min_cpm=0.07538080531683282&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2941610486533996588&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.046674626031096136&cpm=0&verify_hash=b9a49b3dc789f2f5dc5841484f45e3ae&is_native=4&real_bid=0.0006951014699204368&original_bid_usd=0.001122608&original_bid=0.001122608&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,93,27,108,0&need_redirect_show=0&applied_features=coef_099,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&site=native-push-adult&price=0.001122608&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000011226079999999999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=efbe82c1-d009-4315-9708-4b13394555bc
200 OK 0 B URL GET HTTP/2 e4342886e5.26dffa4094.com/in/show/?tag_ab=b&site_id=31406844&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fit.davalka.cc%2F&refdom=it.davalka.cc&auction_time=1701641702&subid=787285550&sid=3573639325&tcid=0&ver=8.121.0&ver_c=&spot_id=406844&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-03&iabcat=IAB25-3&keywords=adult&user_fp=3778550308585732526&score=100&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D787285550%26spot_id%3D406844%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fit.davalka.cc%252F%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D787285550%26spot_id%3D406844%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fit.davalka.cc%252F%26idzone%3D0%26sid%3D1886&icons=fd-GvO429ZYuBkAJcEkG0cf_MTLDgdrux3FynE6yLd_x6QVpb08ZJ4Rw5p1c40oB10Gzjniz079AGFUzLBxUk7p5JBSdzxQt5e9jHvgwhb2RtVD0DleinqW8Uph76dXLZnZkEtUYxM7o4KLPwC3ImLmdY8RjaiZWadFk02vlN88rS68_xw&ext_cid=0&px_id=406844&min_cpm=0.07538080531683282&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2941610486533996588&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.046674626031096136&cpm=0&verify_hash=b9a49b3dc789f2f5dc5841484f45e3ae&is_native=4&real_bid=0.0006951014699204368&original_bid_usd=0.001122608&original_bid=0.001122608&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,93,27,108,0&need_redirect_show=0&applied_features=coef_099,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&site=native-push-adult&price=0.001122608&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000011226079999999999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=efbe82c1-d009-4315-9708-4b13394555bc
IP
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subject26dffa4094.com
Fingerprint9C:9F:BE:07:E3:8F:F8:0E:E0:05:AD:CF:A6:BE:3B:92:00:3C:5C:57
ValidityThu, 30 Nov 2023 03:01:48 GMT - Wed, 28 Feb 2024 03:01:47 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /in/show/?tag_ab=b&site_id=31406844&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fit.davalka.cc%2F&refdom=it.davalka.cc&auction_time=1701641702&subid=787285550&sid=3573639325&tcid=0&ver=8.121.0&ver_c=&spot_id=406844&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-03&iabcat=IAB25-3&keywords=adult&user_fp=3778550308585732526&score=100&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D787285550%26spot_id%3D406844%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fit.davalka.cc%252F%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=41e2b054b7d7fdd561f6651d06d511e5&url=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D787285550%26spot_id%3D406844%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fit.davalka.cc%252F%26idzone%3D0%26sid%3D1886&icons=fd-GvO429ZYuBkAJcEkG0cf_MTLDgdrux3FynE6yLd_x6QVpb08ZJ4Rw5p1c40oB10Gzjniz079AGFUzLBxUk7p5JBSdzxQt5e9jHvgwhb2RtVD0DleinqW8Uph76dXLZnZkEtUYxM7o4KLPwC3ImLmdY8RjaiZWadFk02vlN88rS68_xw&ext_cid=0&px_id=406844&min_cpm=0.07538080531683282&out_id=1&campaign_type=pop-default&aid=0&cid=2957&uniq=&mid=2941610486533996588&skin_id=2&vertical_id=0&skin_test=0&from_cache=0&ecpm=0.046674626031096136&cpm=0&verify_hash=b9a49b3dc789f2f5dc5841484f45e3ae&is_native=4&real_bid=0.0006951014699204368&original_bid_usd=0.001122608&original_bid=0.001122608&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=114,93,27,108,0&need_redirect_show=0&applied_features=coef_099,main-skins-settings&show_count=1&expiration_timestamp=0&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FIN%2FIN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp&site=native-push-adult&price=0.001122608&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000011226079999999999&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=efbe82c1-d009-4315-9708-4b13394555bc HTTP/1.1
Host: e4342886e5.26dffa4094.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 03 Dec 2023 22:15:02 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
e4342886e5.26dffa4094.com/in/show/?tag_ab=b&site_id=31406844&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fit.davalka.cc%2F&refdom=it.davalka.cc&auction_time=1701641702&subid=787285550&sid=3573639325&tcid=0&ver=8.121.0&ver_c=&spot_id=406844&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-03&iabcat=IAB25-3&keywords=adult&user_fp=3778550308585732526&score=100&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D787285550%26spot_id%3D406844%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fit.davalka.cc%252F%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=7a15d2de30911df2d92099d4170f58dd&url=https%3A%2F%2Fxml-v4.ezmob.com%2Fclick%3Fi%3DW9mKyd6zTk8_0%26p%3D1701641702.483748&icons=lqc1oVj4fzNyu8pqn2sfGFmIAvmJdVWOB9Qbalqdxy1CMJuSFOyXruOea3pS9UsZtkD2J-Hj2aSvjvlAqvV4swxufyME__AMyCCkWcTnkknB66yhoD4c94GhzWEu7e-AiZNdNXBWvBdsKyzEgGC9R1Z0Cwi909i4&ext_cid=0&px_id=73406844&min_cpm=0.0026868983631598794&out_id=0&campaign_type=hq&aid=3330&cid=14052&uniq=&mid=2941610486533996588&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.011488526843891565&cpm=0&verify_hash=e85dff11f0cca1082e12b4a596918ef9&is_native=1&real_bid=0.0048&original_bid_usd=0.0048&original_bid=0.0048&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,90,5,98&need_redirect_show=0&applied_features=coef_099,main-skins-settings&show_count=1&expiration_timestamp=1701728102&image_url=&site=native-push-adult&price=0.0048&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000048&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&st=0.03&cpa=bbca29cc-33a8-45d2-8110-4b723a03d69b
200 OK 0 B URL GET HTTP/2 e4342886e5.26dffa4094.com/in/show/?tag_ab=b&site_id=31406844&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fit.davalka.cc%2F&refdom=it.davalka.cc&auction_time=1701641702&subid=787285550&sid=3573639325&tcid=0&ver=8.121.0&ver_c=&spot_id=406844&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-03&iabcat=IAB25-3&keywords=adult&user_fp=3778550308585732526&score=100&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D787285550%26spot_id%3D406844%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fit.davalka.cc%252F%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=7a15d2de30911df2d92099d4170f58dd&url=https%3A%2F%2Fxml-v4.ezmob.com%2Fclick%3Fi%3DW9mKyd6zTk8_0%26p%3D1701641702.483748&icons=lqc1oVj4fzNyu8pqn2sfGFmIAvmJdVWOB9Qbalqdxy1CMJuSFOyXruOea3pS9UsZtkD2J-Hj2aSvjvlAqvV4swxufyME__AMyCCkWcTnkknB66yhoD4c94GhzWEu7e-AiZNdNXBWvBdsKyzEgGC9R1Z0Cwi909i4&ext_cid=0&px_id=73406844&min_cpm=0.0026868983631598794&out_id=0&campaign_type=hq&aid=3330&cid=14052&uniq=&mid=2941610486533996588&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.011488526843891565&cpm=0&verify_hash=e85dff11f0cca1082e12b4a596918ef9&is_native=1&real_bid=0.0048&original_bid_usd=0.0048&original_bid=0.0048&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,90,5,98&need_redirect_show=0&applied_features=coef_099,main-skins-settings&show_count=1&expiration_timestamp=1701728102&image_url=&site=native-push-adult&price=0.0048&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000048&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&st=0.03&cpa=bbca29cc-33a8-45d2-8110-4b723a03d69b
IP
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subject26dffa4094.com
Fingerprint9C:9F:BE:07:E3:8F:F8:0E:E0:05:AD:CF:A6:BE:3B:92:00:3C:5C:57
ValidityThu, 30 Nov 2023 03:01:48 GMT - Wed, 28 Feb 2024 03:01:47 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert Quad9 DNS malicious Sinkholed
GET /in/show/?tag_ab=b&site_id=31406844&adblock=0&testab=0&auction_host=&mm=0&yc=0&render_type=hq&pr=&banner_width=300&banner_height=100&user_keywords=&device_theme=light&v2_track=0&v2=0&conditions=dch_ip,tz_offset&ssp=3964&page=https%3A%2F%2Fit.davalka.cc%2F&refdom=it.davalka.cc&auction_time=1701641702&subid=787285550&sid=3573639325&tcid=0&ver=8.121.0&ver_c=&spot_id=406844&utm_source=&utm_medium=&utm_campaign=&utm_content=&created_at=2023-12-03&iabcat=IAB25-3&keywords=adult&user_fp=3778550308585732526&score=100&durl=https%3A%2F%2Fkts.dasdaily.com%2Fin%2F1546%2F%3Fad_sub%3D787285550%26spot_id%3D406844%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fit.davalka.cc%252F%26idzone%3D0%26sid%3D1886&is_cpm=0&resp_type=&crid=&crtid=7a15d2de30911df2d92099d4170f58dd&url=https%3A%2F%2Fxml-v4.ezmob.com%2Fclick%3Fi%3DW9mKyd6zTk8_0%26p%3D1701641702.483748&icons=lqc1oVj4fzNyu8pqn2sfGFmIAvmJdVWOB9Qbalqdxy1CMJuSFOyXruOea3pS9UsZtkD2J-Hj2aSvjvlAqvV4swxufyME__AMyCCkWcTnkknB66yhoD4c94GhzWEu7e-AiZNdNXBWvBdsKyzEgGC9R1Z0Cwi909i4&ext_cid=0&px_id=73406844&min_cpm=0.0026868983631598794&out_id=0&campaign_type=hq&aid=3330&cid=14052&uniq=&mid=2941610486533996588&skin_id=2&vertical_id=5&skin_test=0&from_cache=0&ecpm=0.011488526843891565&cpm=0&verify_hash=e85dff11f0cca1082e12b4a596918ef9&is_native=1&real_bid=0.0048&original_bid_usd=0.0048&original_bid=0.0048&exp=0&placement_type_id=0&ua_mismatch=Mozilla%2F5.0%20%28Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0%29%20Gecko%2F20100101%20Firefox%2F105.0&ip_mismatch=91.90.42.154&geo=NO&carrier=-&label_ids=4,90,5,98&need_redirect_show=0&applied_features=coef_099,main-skins-settings&show_count=1&expiration_timestamp=1701728102&image_url=&site=native-push-adult&price=0.0048&hostname=auc-inpage-hz-8-a&auc_type=1&pop_type=1&site_id64=&interest_vertical_ids=&mo=&ve=&timezone_olson=UTC&topics=&historical_keywords=&pop_cpc=0.0000048&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&st=0.03&cpa=bbca29cc-33a8-45d2-8110-4b723a03d69b HTTP/1.1
Host: e4342886e5.26dffa4094.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 03 Dec 2023 22:15:02 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp24ER0NQGICmLn7FOzhUiWiL4bn8RbscVzrQ-6EsBMjL8pLwk--CwXYeMVmRQsHQ0VZEz6P8g&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1409992839%3A1701641702299556&theme=glif
403 Forbidden 1.6 kB URL GET HTTP/3 accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp24ER0NQGICmLn7FOzhUiWiL4bn8RbscVzrQ-6EsBMjL8pLwk--CwXYeMVmRQsHQ0VZEz6P8g&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1409992839%3A1701641702299556&theme=glif
IP
Certificate IssuerGoogle Trust Services LLC
Subject*.google.com
Fingerprint4C:0D:17:8C:F1:30:7C:3A:6F:9B:8E:B4:83:0E:5C:BD:ED:17:3E:95
ValidityMon, 23 Oct 2023 11:18:24 GMT - Mon, 15 Jan 2024 11:18:23 GMT
File type gzip compressed data, max compression\012- data
Hash 5c732b2556a10b0c8fe249fb6f8a592d
f3290b37a5226bdab0804272ac1738e90355f135
bf9151733c8918d34b320c61d4691addc8a556e6572f59dc012cdac5cf7bb946
GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico&hl=en&ifkv=ASKXGp24ER0NQGICmLn7FOzhUiWiL4bn8RbscVzrQ-6EsBMjL8pLwk--CwXYeMVmRQsHQ0VZEz6P8g&passive=true&service=youtube&uilel=3&flowName=GlifWebSignIn&flowEntry=ServiceLogin&dsh=S1409992839%3A1701641702299556&theme=glif HTTP/1.1
Host: accounts.google.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 403 Forbidden
content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Sun, 03 Dec 2023 22:15:02 GMT
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
strict-transport-security: max-age=31536000; includeSubDomains
report-to: {"group":"AccountsSignInUi","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="AccountsSignInUi"
content-security-policy: script-src 'nonce-lgH6lqooxHbEOa2h1g5htg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
200 OK 790 B URL GET HTTP/2 static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp
IP
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 65156a660e465299370ebd90d84aa461
12ff60b17f579a77e42a8be7b6b1892fc71be33d
e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18
GET /creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 03 Dec 2023 22:15:02 GMT
content-type: image/webp
content-length: 790
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
etag: "5fbd16bb-316"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
69v.club/show/clickunder/9187?callback=__MPAY_CLICKUNDER_CALLBACK__&url=https%3A%2F%2Fit.davalka.cc%2F&referrer=&time=1701641706794
200 OK 352 B URL GET HTTP/3 69v.club/show/clickunder/9187?callback=__MPAY_CLICKUNDER_CALLBACK__&url=https%3A%2F%2Fit.davalka.cc%2F&referrer=&time=1701641706794
IP
Certificate IssuerGoogle Trust Services LLC
Subject69v.club
FingerprintD5:00:8F:DC:CC:EF:B6:2F:A4:BD:8D:58:48:67:6B:1A:95:E4:E3:8C
ValiditySun, 08 Oct 2023 12:09:36 GMT - Sat, 06 Jan 2024 12:09:35 GMT
File type ASCII text, with very long lines (575), with no line terminators
Hash 5f97a0ae7815e8c7ae6c59b3d718960b
6e471292b040f2f125060cb5fa70b3c20e8f50fd
2132c02298e18b326526886078e7816aeeafcae9ff432168048f1016ce0003cd
GET /show/clickunder/9187?callback=__MPAY_CLICKUNDER_CALLBACK__&url=https%3A%2F%2Fit.davalka.cc%2F&referrer=&time=1701641706794 HTTP/1.1
Host: 69v.club
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:02 GMT
content-type: application/javascript; charset=UTF-8
set-cookie: key_visitor=7cfa0416820bf07020f9a04a509f4c6773d525a4480411fce5cf450b2bcbd4a2a%3A2%3A%7Bi%3A0%3Bs%3A11%3A%22key_visitor%22%3Bi%3A1%3Bs%3A23%3A%22Nv5uV2Zxzaw4BxstLdKDEH%7C%22%3B%7D; expires=Sun, 10-Dec-2023 22:15:01 GMT; Max-Age=604799; path=/; HttpOnly
x-frame-options: SAMEORIGIN
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ndlbN2FToiA1bwRlBnZGkZXklSExrr1yfjzWTk54B0crfcH9kkLLc7gqX8Rdp2mvsRFicJnOc8A%2FfSQKFpFEuFWlSfiEt2j0%2B30UM4xulRVwRY4Wl%2BnxTjiVTw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff2a7c98627131-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
static.ezmob.com/n254/ad/100x100_RjyM9D2be6JqorMkNv8e.jpeg
200 OK 2.2 kB URL GET HTTP/1.1 static.ezmob.com/n254/ad/100x100_RjyM9D2be6JqorMkNv8e.jpeg
IP
ASN #20940 Akamai International B.V.
Certificate IssuerLet's Encrypt
Subjectstatic.ezmob.com
FingerprintA8:65:7F:8E:6E:7A:6C:8B:00:79:6F:51:F7:A6:5B:B9:74:91:F0:DD
ValiditySun, 19 Nov 2023 21:18:33 GMT - Sat, 17 Feb 2024 21:18:32 GMT
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 100x100, components 3\012- data
Hash 32f482923a5b891a5c091a4d4269139c
0825403d19012f92f96cf7c002c52f8f8536b03f
f08503c6f257dd7457cb882657dfe5cf87f4e40a7970083f1f7e5d465cd41697
GET /n254/ad/100x100_RjyM9D2be6JqorMkNv8e.jpeg HTTP/1.1
Host: static.ezmob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: image/jpeg
Content-Length: 2224
Last-Modified: Sat, 02 Sep 2023 09:24:30 GMT
ETag: "64f2ff4e-8b0"
Accept-Ranges: bytes
Cache-Control: max-age=25065
Expires: Mon, 04 Dec 2023 05:12:48 GMT
Date: Sun, 03 Dec 2023 22:15:03 GMT
Connection: keep-alive
X-Forward-Proto: http
CDN-Origin-Protocol: HTTP
it.davalka.cc/templates/davalka/style/styles.css
200 OK 28 kB URL GET HTTP/3 it.davalka.cc/templates/davalka/style/styles.css
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type ASCII text, with very long lines (28239), with no line terminators
Hash 28d775edfd5a9fcc9c2ebf51a70893d1
3f72096ce52ae9e0b0b31424535a8df0e6666a38
151c5837f1989c7dc4daadd4629f387d3f09e8d7d1fc5b33e05c2c823f0238b9
GET /templates/davalka/style/styles.css HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=32161
etag: W/"630e4d37-7da1"
last-modified: Tue, 30 Aug 2022 17:47:35 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 365220
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=I7hTn6edifn%2Fnc%2FEbWl%2FqPjm78oZ7B8GpdSmV8TH8Xt3%2BN6sCG9qt6hoAIwblnLIObrjcd0OmFlPxuRDh06UVUcL3xGAwYP24qT97hN6XmWdnQb2d26IaoLmDgj28lre"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff2a7238485689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
it.davalka.cc/picture/Poka-muzha-net-doma--briunetka-vyzvala-na-dom-massazhista-i-sovratila-ego-na-analnyi-seks.webp
301 Moved Permanently 11 kB URL GET HTTP/3 it.davalka.cc/picture/Poka-muzha-net-doma--briunetka-vyzvala-na-dom-massazhista-i-sovratila-ego-na-analnyi-seks.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Poka-muzha-net-doma--briunetka-vyzvala-na-dom-massazhista-i-sovratila-ego-na-analnyi-seks.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Poka-muzha-net-doma--briunetka-vyzvala-na-dom-massazhista-i-sovratila-ego-na-analnyi-seks.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 23:15:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jNc2cmrs%2B2I2OVjcXAUAe4zSxXSZ15qSAXVy8CvJrFQeHjlZhNnwZ4Eouf7as8lxOPiNBQM5%2Bi5lh37GmPE5YaADlZ%2B9tXXSiaCC5A4eYqYTPqODBteeKKZvAMxp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 82ff2a7a98625689-OSL
it.davalka.cc/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
200 OK 12 kB URL GET HTTP/3 it.davalka.cc/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type ASCII text, with very long lines (12331)
Hash 88a769d2fe35899fd45a332a0a032cc0
514c6c1d8475d17e412849a4c90159517d0fa10a
ccf00d1923b0131a10e0c6d26f95e5dee6ebf8621a27e83c5a2f68a2e0093142
GET /cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min.js HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: application/javascript
last-modified: Tue, 28 Nov 2023 16:06:21 GMT
etag: W/"65660ffd-302c"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=95QTOyyNn2LhcA76cda91T1Au81ZXhXUo7uFGc3%2FdPkY9RJ%2BE9CyRdvGd6w9SY5xGI1%2BuARZM2FP8KBFHTv%2BmPzEfJY3nAl0mAJ1AZhSQr54uBdlkueQiWMM0IonDa%2F8"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 82ff2a7238575689-OSL
x-frame-options: DENY
x-content-type-options: nosniff
expires: Tue, 05 Dec 2023 22:15:00 GMT
cache-control: max-age=172800, public
content-encoding: gzip
static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=f2f2590f-90ae-4fda-8172-a61896167b5d
200 OK 790 B URL GET HTTP/2 static.bookmsg.com/creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=f2f2590f-90ae-4fda-8172-a61896167b5d
IP
ASN #24940 Hetzner Online GmbH
Certificate IssuerLet's Encrypt
Subjectbookmsg.com
Fingerprint84:FF:B2:EC:22:57:12:AF:98:D1:21:28:6D:29:74:88:74:C2:08:C4
ValiditySat, 11 Nov 2023 01:54:54 GMT - Fri, 09 Feb 2024 01:54:53 GMT
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 65156a660e465299370ebd90d84aa461
12ff60b17f579a77e42a8be7b6b1892fc71be33d
e3b2784385cd128d5a6dfdec7f4be2147d6b57fa66c1a36c61c085aaf27f9e18
GET /creatives/IN/IN_da5b583487923e03a815871465a0b6f24c2cb005_icon.webp?pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&mlf=1&mlc=1&st=0.03&cpa=f2f2590f-90ae-4fda-8172-a61896167b5d HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.18.0
date: Sun, 03 Dec 2023 22:15:02 GMT
content-type: image/webp
content-length: 790
last-modified: Tue, 24 Nov 2020 14:20:43 GMT
etag: "5fbd16bb-316"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
storage.multstorage.com/log/count.html
200 OK 882 B URL GET HTTP/2 storage.multstorage.com/log/count.html
IP
Certificate IssuerGoogle Trust Services LLC
Subjectmultstorage.com
Fingerprint1F:90:8C:BB:6B:B0:99:41:3A:23:DF:A4:57:1A:25:0F:88:BA:C6:DE
ValidityMon, 20 Nov 2023 10:07:51 GMT - Sun, 18 Feb 2024 10:07:50 GMT
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (919), with no line terminators
Hash 053b1fe641da8057571d40ebaf1624ab
09b2648b7d08c84621298f0b939cea5170a65022
6606334874a3edb8295831f41d3684433e4553ffe0a72e58c90926e00f39c6a4
GET /log/count.html HTTP/1.1
Host: storage.multstorage.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:15:01 GMT
content-type: text/html
last-modified: Mon, 18 Sep 2023 14:39:06 GMT
vary: Accept-Encoding
x-request-id: 353641f438571179428852bc8c722148
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9wsI9K%2FMeVnQ9Gn12hn3t5SVbZRtkIdhH%2FZR5R3P8gJD6gi4t2nFeyTc%2BCql2YoXvUzfsTfdjJffZ2KIN2uZesxd5iwPrpNXWcju%2FJtx%2F0ZzIqmZEeJvsYNMPc%2Bsnmpjt3Y8%2FBUqj09IYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff2a79a9a356a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
it.davalka.cc/templates/davalka/js/lazyload.js
200 OK 2.4 kB URL GET HTTP/3 it.davalka.cc/templates/davalka/js/lazyload.js
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type ASCII text, with very long lines (2442), with no line terminators
Hash 4ec8e7e4098d9d58e515d3625d1ee9d0
90c3e11bb15fca656e0deebd03900b9cf778c87a
b05aa209e18dada2aa0ee7b8ffa5d31fd2c1f1527a8da88f21ebbeb7ec304d88
GET /templates/davalka/js/lazyload.js HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=2431
etag: W/"5f2c126c-97f"
last-modified: Thu, 06 Aug 2020 14:23:40 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 365218
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=u2MsB4LK3A9uGdK4oFKkU55utR5fXEU3PTXCoJE9rD5dy%2FZc6%2B%2BVJdNyqtgeCz%2FDwC6%2FITj%2BLRieAiyYYh%2B0HmTK7NRsim3DttYhqRAatenD7cQ2yXPGVhtDU4VUzrbJ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff2a742a3e5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
xml-v4.ezmob.com/thumbnail?i=W9mKyd6zTk8_0&p=1701641702.483748&imgt=icon&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&st=0.03&cpa=8992db3f-e15d-4fcb-a4bf-596775f8c1f2
302 Found 2.2 kB URL GET HTTP/1.1 xml-v4.ezmob.com/thumbnail?i=W9mKyd6zTk8_0&p=1701641702.483748&imgt=icon&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&st=0.03&cpa=8992db3f-e15d-4fcb-a4bf-596775f8c1f2
IP
ASN #27257 WEBAIR-INTERNET
Certificate IssuerLet's Encrypt
Subjectezmob.com
Fingerprint3A:5C:F3:70:08:CA:82:A6:80:84:D4:ED:65:42:36:E7:93:0A:59:71
ValidityFri, 06 Oct 2023 14:52:32 GMT - Thu, 04 Jan 2024 14:52:31 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=W9mKyd6zTk8_0&p=1701641702.483748&imgt=icon&pattern1=0&pattern2=0&pattern3=0&pattern4=0&pattern5=0&format=default-view-t_r-body&st=0.03&cpa=8992db3f-e15d-4fcb-a4bf-596775f8c1f2 HTTP/1.1
Host: xml-v4.ezmob.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 302 Found
Server: nginx
Date: Sun, 03 Dec 2023 22:15:03 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Location: https://static.ezmob.com/n254/ad/100x100_RjyM9D2be6JqorMkNv8e.jpeg
it.davalka.cc/templates/davalka/style/engine.css
200 OK 56 kB URL GET HTTP/3 it.davalka.cc/templates/davalka/style/engine.css
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type ASCII text, with very long lines (55708), with no line terminators
Hash 1043df47221c69aec00515a1a533e553
8e184dd8dab21587a532d63168a3e149da7f107f
c967bb5d1fbe2c614d86df1b81839addf8207d74f355a1d7b1bab9ea664f8f55
GET /templates/davalka/style/engine.css HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=61776
etag: W/"5f2c1270-f150"
last-modified: Thu, 06 Aug 2020 14:23:44 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 107122
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kmRvZCCNy8AemmrkuTf3VbCWvN%2BNkuuF3mnvdEujLI1bN9TFXyEQxp2ByLmWLOgRG1PyOsFDV0S%2BZl6PtklYj6OLlpVrX5GXGAzNHcNtLoX9R5PRQI6ge5eRvAJMDzNe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff2a72384c5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
it.davalka.cc/templates/davalka/style/font-awesome.css
200 OK 24 kB URL GET HTTP/3 it.davalka.cc/templates/davalka/style/font-awesome.css
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type ASCII text, with very long lines (23629)
Hash 183540cd2e86c4fb48612ab38f94d28e
ff1c3a56b406d546dd37a64b42069317ad682968
1ea4dfe698af85b8c0be2bea33995932214934666bf103846330a3ed3fda3ce0
GET /templates/davalka/style/font-awesome.css HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=28747
etag: W/"5f2c1270-704b"
last-modified: Thu, 06 Aug 2020 14:23:44 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 289010
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cK1B9WGT5H11xzn2v3kcDeD4SJpGPTM3F6AWAeu%2BDTJQycWxJj%2B2M%2FlpBF1%2FYKFStgylL4iWWViY%2BZo4ZP9mxgpPySARd9%2BNAQLlbytIQBhDFxxLXnBbpQ8Mmrmwds%2BQ"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff2a7238555689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
pornogoogle.info/embed_teaser/9187/6453
0 B URL GET pornogoogle.info/embed_teaser/9187/6453
IP
Certificate IssuerLet's Encrypt
Subjectpornogoogle.info
Fingerprint2F:DB:C3:3E:14:CC:55:63:3D:B1:59:1A:EA:55:40:7C:1B:2E:4A:B8
ValidityTue, 07 Nov 2023 22:31:33 GMT - Mon, 05 Feb 2024 22:31:32 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /embed_teaser/9187/6453 HTTP/1.1
Host: pornogoogle.info
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx/1.14.2
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: text/html; charset=utf-8
x-powered-by: Express
access-control-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
vary: Accept-Encoding
content-encoding: gzip
x-frame-options: SAMEORIGIN
X-Firefox-Spdy: h2
it.davalka.cc/picture/Kunimen-otlizal-kisku-vozliublennoi-i-trakhnul-perevozbuzhdennym-chlenom.webp
301 Moved Permanently 13 kB URL GET HTTP/3 it.davalka.cc/picture/Kunimen-otlizal-kisku-vozliublennoi-i-trakhnul-perevozbuzhdennym-chlenom.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Kunimen-otlizal-kisku-vozliublennoi-i-trakhnul-perevozbuzhdennym-chlenom.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Kunimen-otlizal-kisku-vozliublennoi-i-trakhnul-perevozbuzhdennym-chlenom.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 23:15:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3v%2BK6puMo7fATGI9tDo3bNN2VeWxgku8ZgdHLoaDZ1IqTxBA8%2Fqgw3koovANu8JpNObubDa1YmyNmFCVlZ4%2BvxoakuRefIpAhkcukzLBKGyvk9%2FGjFfwR0NOpC%2Br"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 82ff2a7a98705689-OSL
it.davalka.cc/picture/Aziat-podobral-pianu-vypusknitsu-s-lavochki-i-doma-vzial-s-nee-platu-naturoi.webp
301 Moved Permanently 5.9 kB URL GET HTTP/3 it.davalka.cc/picture/Aziat-podobral-pianu-vypusknitsu-s-lavochki-i-doma-vzial-s-nee-platu-naturoi.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Aziat-podobral-pianu-vypusknitsu-s-lavochki-i-doma-vzial-s-nee-platu-naturoi.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Aziat-podobral-pianu-vypusknitsu-s-lavochki-i-doma-vzial-s-nee-platu-naturoi.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 20:40:33 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XY3lPpBj8davPshiTv1CDrL8eEx537nuoOhIqqSAZINILWUdOyE7Hkh9IixhlZJeO7Sgv3ZTDCGzhfGJqJcskSC3H2vsSl5yavnuXX4UfMVs973g2etpBXwcV7dj"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: HIT
server: cloudflare
cf-ray: 82ff2a7a885d5689-OSL
it.davalka.cc/templates/davalka/style/reset-settings.css
200 OK 14 kB URL GET HTTP/3 it.davalka.cc/templates/davalka/style/reset-settings.css
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type ASCII text, with very long lines (14187), with no line terminators
Hash b518d35dd86a3a8bef771cc0a12ec0dc
fa796205d90605d5e88d671340c4ce095040bb35
6f9ef12233a62072c82f27a98fdede602d296f924e23b376a86ae8834870746c
GET /templates/davalka/style/reset-settings.css HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/templates/davalka/style/styles.css
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=16031
etag: W/"5f2c1270-3e9f"
last-modified: Thu, 06 Aug 2020 14:23:44 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 365218
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2665NA5mxfBvp8jhtEaztjev0H0D4WfGWRavWUOsHN%2Bge%2FSkk0gdfBniBfPpxBvLWVBSfozk4KB6zg1KFjH%2BMBq4tmHfcIBBw5EHTB1DDxguQXqq8DXb%2B3OK%2BsXtdtCe"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff2a7278a45689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
it.davalka.cc/templates/davalka/js/libs.js
200 OK 3.4 kB URL GET HTTP/3 it.davalka.cc/templates/davalka/js/libs.js
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type Unicode text, UTF-8 text, with very long lines (3544), with no line terminators
Hash fe12c290cca58a634e9680d2b606d1ce
2cdca9575e99d74f31a3ba43e7875991ee81fe4a
e513b57d1eb54660383783751bf00894c874b9c25660de2cedbda0d0008b416e
GET /templates/davalka/js/libs.js HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=3938
etag: W/"5f2c126b-f62"
last-modified: Thu, 06 Aug 2020 14:23:39 GMT
vary: Accept-Encoding
cache-control: max-age=86400
cf-cache-status: HIT
age: 365217
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fFumADPJY%2B6UuH0omnk68mnecMdVfSNal7AdrUBiAznZGyMTjq93RO6TaJx2Oys4awxOA8j%2BQCm8KHLtebuqplSEI7AiVaEuFzUKUKZdkC%2FbNXopWGsj1DfUSoOive3b"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff2a742a3f5689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
200 OK 65 kB URL User Request GET HTTP/2 IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Sun, 03 Dec 2023 22:14:59 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.2.34
cache-control: max-age=86400
expires: Thu, 23 Nov 2023 11:09:50 GMT
last-modified: Thu, 23 Nov 2023 11:09:50 GMT
cf-cache-status: HIT
age: 812786
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p1oVsP%2BpaOp0HmC4RLMXYIOh4qc2WPpKRhJhfVvUdPtcsdcgdsKawLVbzCkDYXj%2FtluOGdaGhY23CdmxTeta67LCmhu%2F5NqLPsCo30M%2FAzxYkM6NqcZNODiudDOda5TO"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff2a70384b56a5-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
it.davalka.cc/engine/classes/min/index.php?charset=utf-8&g=general&19
200 OK 208 kB URL GET HTTP/3 it.davalka.cc/engine/classes/min/index.php?charset=utf-8&g=general&19
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
File type ASCII text, with very long lines (65536), with no line terminators
Size 208 kB (208336 bytes)
Hash f773d15da634656a9368777eeb343f8a
2473c03f7c1505b01faece9e7d8b94a193ecd7df
9a68b32711c579b23cb31e8b5e605bde66095d28f84ae6f871b3d8e5091d2744
GET /engine/classes/min/index.php?charset=utf-8&g=general&19 HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 200 OK
date: Sun, 03 Dec 2023 22:15:00 GMT
content-type: application/x-javascript; charset=utf-8
cache-control: max-age=31536000
cf-bgj: minify
cf-polished: origSize=208376
etag: W/"pub1596723752;gz"
expires: Fri, 22 Nov 2024 08:57:03 GMT
last-modified: Thu, 06 Aug 2020 14:22:32 GMT
vary: Accept-Encoding
x-powered-by: PHP/7.2.34
cf-cache-status: HIT
age: 812782
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GyTsGFi2%2BzWVtOLym%2Bu7QGUTeGfdBdWpMMCP8OfY1LZtd2TjJ99Ha5iZ0gPlhjK%2BTpBbb7lmUUFzT6QqbcWxIsiMdNPMH07u9rMLYHlq%2B%2Bmobbp6QXtzGvi9gO%2FycD93"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 82ff2a743a445689-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400
it.davalka.cc/picture/Khudoshchavaia-belosnezhka-otomstila-nevernomu-muzhu-s-chernym-ochkarikom.webp
301 Moved Permanently 8.8 kB URL GET HTTP/3 it.davalka.cc/picture/Khudoshchavaia-belosnezhka-otomstila-nevernomu-muzhu-s-chernym-ochkarikom.webp
IP
Certificate IssuerLet's Encrypt
Subjectdavalka.cc
Fingerprint29:F4:1D:9E:0B:5F:3A:76:B7:CF:A2:95:5F:61:FA:F3:D3:FF:1B:F2
ValidityFri, 27 Oct 2023 06:44:43 GMT - Thu, 25 Jan 2024 06:44:42 GMT
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /picture/Khudoshchavaia-belosnezhka-otomstila-nevernomu-muzhu-s-chernym-ochkarikom.webp HTTP/1.1
Host: it.davalka.cc
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
HTTP/3 301 Moved Permanently
date: Sun, 03 Dec 2023 22:15:01 GMT
content-length: 0
location: https://davalka.cc/picture/Khudoshchavaia-belosnezhka-otomstila-nevernomu-muzhu-s-chernym-ochkarikom.webp
cache-control: max-age=86400
expires: Sun, 03 Dec 2023 23:15:01 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3fW9AdnKa3aaXkrfV77tMvbPDn6NAqHCHcVsWfHnPLEE8RbmfV3N%2B8L82v6WRY%2Fb97obpgfj8u2yfhYmytCqiE8FkIbw9kWE1vI4xJE%2FjwPrZKHWXncHZ5CdnUlf"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
alt-svc: h3=":443"; ma=86400
cf-cache-status: MISS
server: cloudflare
cf-ray: 82ff2a7a885f5689-OSL
31825.thanksgivingdelights.com/iSNCDoEzOg_pZtdxoEWUMWYX08lW-dyDfP1Yfo_FTpdGNc6c9opRoJuNW95heNLKkdgHcvR2jvrqFui6Hea9aS6VmqTCpLiCbQEWLr8mJHtgv85KrnHZFHjyUbrZgTHjA9zJe3c?kws=davalka%2Cvideo%2Cporno%2Conline%2Cgratuitamente%2Cper%2Ccategoria%2Cpornostar%2Cimbroglioni&abl=0&fsb=0&pageUri=https%3A%2F%2Fit.davalka.cc%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Sun%20Dec%2003%202023%2022%3A15%3A07%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%224%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1
200 OK 2.4 kB URL GET HTTP/2 31825.thanksgivingdelights.com/iSNCDoEzOg_pZtdxoEWUMWYX08lW-dyDfP1Yfo_FTpdGNc6c9opRoJuNW95heNLKkdgHcvR2jvrqFui6Hea9aS6VmqTCpLiCbQEWLr8mJHtgv85KrnHZFHjyUbrZgTHjA9zJe3c?kws=davalka%2Cvideo%2Cporno%2Conline%2Cgratuitamente%2Cper%2Ccategoria%2Cpornostar%2Cimbroglioni&abl=0&fsb=0&pageUri=https%3A%2F%2Fit.davalka.cc%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Sun%20Dec%2003%202023%2022%3A15%3A07%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%224%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1
IP
ASN #39572 DataWeb Global Group B.V.
Certificate IssuerLet's Encrypt
Subject*.thanksgivingdelights.com
FingerprintCE:9C:43:8D:C8:5B:86:EC:E6:19:28:36:FC:E6:32:F7:DB:F3:0B:14
ValidityTue, 07 Nov 2023 10:55:57 GMT - Mon, 05 Feb 2024 10:55:56 GMT
File type ASCII text, with very long lines (2432), with no line terminators
Hash 98d37abb450e840ef8234670e8b3a54a
fcff766d93e1d7da4cb2ad479fe62374ceed33b3
fcb2fff927bbfdf47c76292ebdb27c190a69535d2e59e47fe2a712ff1aa6f823
GET /iSNCDoEzOg_pZtdxoEWUMWYX08lW-dyDfP1Yfo_FTpdGNc6c9opRoJuNW95heNLKkdgHcvR2jvrqFui6Hea9aS6VmqTCpLiCbQEWLr8mJHtgv85KrnHZFHjyUbrZgTHjA9zJe3c?kws=davalka%2Cvideo%2Cporno%2Conline%2Cgratuitamente%2Cper%2Ccategoria%2Cpornostar%2Cimbroglioni&abl=0&fsb=0&pageUri=https%3A%2F%2Fit.davalka.cc%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A105.0)%20Gecko%2F20100101%20Firefox%2F105.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Sun%20Dec%2003%202023%2022%3A15%3A07%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%224%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1 HTTP/1.1
Host: 31825.thanksgivingdelights.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://it.davalka.cc
DNT: 1
Connection: keep-alive
Referer: https://it.davalka.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
server: nginx
date: Sun, 03 Dec 2023 22:15:04 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://it.davalka.cc
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Sun, 03 Dec 2023 22:15:04 UTC
expires: Sun, 03 Dec 2023 22:15:04 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
172.67.152.236
82.148.12.69
157.90.84.246
23.36.76.226
88.208.59.102
104.21.40.151
188.114.97.1