hentaicovid.com/games-animes/free-download-01039002
188.114.96.1301 Moved Permanently 162 B URL HTTP/1.1 hentaicovid.com/games-animes/free-download-01039002
IP 188.114.96.1:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 4f8e702cc244ec5d4de32740c0ecbd97
3adb1f02d5b6054de0046e367c1d687b6cdf7aff
9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1
GET /games-animes/free-download-01039002 HTTP/1.1
Host: hentaicovid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Mon, 27 Mar 2023 17:20:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: https://hentaicovid.com/games-animes/free-download-01039002
X-Content-Type-Options: "nosniff" always
X-XSS-Protection: "1; mode=block" always
Strict-Transport-Security: "max-age=31536000; includeSubDomains; preload" always
Referrer-Policy: no-referrer-when-downgrade
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fAPjKg4F35clzZcyefKlVPjtUP8w%2BJR%2BHPZ%2BlCz2aIbkbm8XmAqed0%2BdXZ0qkB7SmdUXPIHEW9Wo%2BS%2BcsXjMG0EmP0YI4%2FXHmE329utKEfo1WvcW72xvBDYCmeg4MzYKQNc%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 7ae94d465fd0b4f1-OSL
alt-svc: h2=":443"; ma=60
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 93f633ce30c038eb581544323c5a971e
2f60526cb750c6babccc207f75fb5a8ae6f7598b
0ff6df80a892199848fb943af78541b66efc09a7ab70d4b169906fdbac1eabf8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0FF6DF80A892199848FB943AF78541B66EFC09A7AB70D4B169906FDBAC1EABF8"
Last-Modified: Mon, 27 Mar 2023 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20047
Expires: Mon, 27 Mar 2023 22:54:10 GMT
Date: Mon, 27 Mar 2023 17:20:03 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash c83d39f350161ed2f5d20dcd68e47c92
2695a888e652cb314f8094cc6073c3364336d272
62e5cc6aea61c3c32acd964d4bbe143806416008181eebc4451a8f035b69a0bc
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "62E5CC6AEA61C3C32ACD964D4BBE143806416008181EEBC4451A8F035B69A0BC"
Last-Modified: Mon, 27 Mar 2023 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18351
Expires: Mon, 27 Mar 2023 22:25:54 GMT
Date: Mon, 27 Mar 2023 17:20:03 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
35.241.9.150200 OK 939 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash bc86ef2a0cee04915bc360f5821adc8f
3658f9028cce204d38f7f48fcfaa2a8e4f54383a
aeecd718d03811322457de4f20828bdba86b277e7e0e328cae9c0a8075638454
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Retry-After, Content-Length, Backoff, Alert
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 939
via: 1.1 google
date: Mon, 27 Mar 2023 16:27:58 GMT
content-type: application/json
age: 3125
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 9bb70197d53617b5e6889b890dd2ae26
f3e9b8a743de494529baf2d078a622539f965307
a094a13905b7f1cd89475f9c83f9245580d4c3c7228d51d5c16622aec3c6aa45
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A094A13905B7F1CD89475F9C83F9245580D4C3C7228D51D5C16622AEC3C6AA45"
Last-Modified: Sat, 25 Mar 2023 07:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10830
Expires: Mon, 27 Mar 2023 20:20:33 GMT
Date: Mon, 27 Mar 2023 17:20:03 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash e7bace7c1e04d44012e37ddffe36e5d5
3ac8d7c0a9d3e3f0b28b2530c7b8d8407b4042c2
6b4f80f2e95b26f6122ea8dcd0ef8d762299be822c69e839fc37581ca2bcb5f2
GET /chains/remote-settings.content-signature.mozilla.org-2023-04-30-16-53-14.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: N4T22z836JGTRwxaP3dQNw7KvcXLtzaOx0KdvthAIb+O2CTgxvFRyAY78k38ybsfY8aCNjwnBu8=
x-amz-request-id: BR5W1GXYMV24H218
x-amz-server-side-encryption: AES256
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Mon, 27 Mar 2023 17:01:43 GMT
age: 1100
last-modified: Sat, 11 Mar 2023 16:53:15 GMT
etag: "e7bace7c1e04d44012e37ddffe36e5d5"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Mon, 27 Mar 2023 17:20:03 GMT
content-type: application/json
content-length: 12
access-control-allow-credentials: true
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-expose-headers: content-type
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
code.jquery.com/jquery-3.4.1.min.js
69.16.175.42200 OK 31 kB URL HTTP/2 code.jquery.com/jquery-3.4.1.min.js
IP 69.16.175.42:0
File type ASCII text, with very long lines (65451)
Hash 9abb42735168ac9e960b770179b642aa
11475bf8c7244af7a820108b7762e7a3f95aa52c
df53c09a6546b3d23dc0b2d0d92c39808c5663a75f4bf1f8d035fd11b7c81243
GET /jquery-3.4.1.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:04 GMT
content-encoding: gzip
content-length: 30638
content-type: application/javascript; charset=utf-8
last-modified: Fri, 20 Aug 2021 17:47:53 GMT
accept-ranges: bytes
server: nginx
etag: W/"611feac9-15851"
cache-control: max-age=315360000, public
access-control-allow-origin: *
vary: Accept-Encoding
x-hw: 1679937604.dop022.sk1.t,1679937604.cds251.sk1.hn,1679937604.cds201.sk1.c
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 1.8 kB IP 142.250.74.131:0
Hash 4e8bfde6b7259b0a8fb1e27f3bdfd3a3
4dede9b57bf09c3ec4b7aa88ef12c886a95a64f3
accee7380ec8e1f538febf22caea0ac4fd6e6b60c1a62b62e32a6a124f5f25c5
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 27 Mar 2023 17:20:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 3.9 kB IP 142.250.74.131:0
Hash 7f160e38bcae7088fb504286a3a844cc
ceff4eb78afae60bc42eb1e6bcd1750e1addc107
84fe317b511ea2d9a97589e033dd44943bebe16a794ed3f8c29b7fce0c565daa
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 27 Mar 2023 17:20:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
a.realsrv.com/ad-provider.js
185.76.9.23200 OK 24 kB URL HTTP/2 a.realsrv.com/ad-provider.js
IP 185.76.9.23:0
ASN #60068 Datacamp Limited
Hash 6ac42ced0270138c82441e6b171e231d
4dd1e85bfcb7dde72e921641369e8d644aebc116
e801cd855710fc53a0eee457e416e0280c55dc82668a17ba5d3f0d20ceda6dfa
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:04 GMT
content-type: application/javascript
vary: Accept-Encoding
etag: W/"4a7886b0595c8711a5aae6eac4a"
expires: Mon, 27 Mar 2023 18:30:47 GMT
cache-control: max-age=10800
access-control-allow-origin: *
x-cache-op: HIT
server: CDN77-Turbo
x-77-nzt: AblMCRSHITH/LBkAAA
x-77-nzt-ray: af585630d785104044d02164c5d6f913
x-accel-expires: @1679941960
x-cache: HIT
x-age: 6444
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: gzip
X-Firefox-Spdy: h2
www.googletagmanager.com/gtag/js?id=UA-82095008-10
142.250.74.40200 OK 45 kB URL HTTP/2 www.googletagmanager.com/gtag/js?id=UA-82095008-10
IP 142.250.74.40:0
File type ASCII text, with very long lines (2206)
Hash f4cb011ba4d766c317efe7d1b562a410
ce181596cc48b2478dfda74e7781c76268c90025
9eeb646c16d3aa74f0dff6402e2a8e4f32180400b31ccd8542ce64e4305ca161
GET /gtag/js?id=UA-82095008-10 HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Mon, 27 Mar 2023 17:20:04 GMT
expires: Mon, 27 Mar 2023 17:20:04 GMT
cache-control: private, max-age=900
last-modified: Mon, 27 Mar 2023 16:20:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 44824
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 2f5773ec2bd71cedc30a772f8fef15ac
be2204175325a1732a267afed560295d1d8ba034
dcc389b503609943829f28cca36acb0db09edb0995f5728f7d315259e2c040c7
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 27 Mar 2023 17:20:04 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Fri, 24 Mar 2023 07:46:40 GMT
Expires: Fri, 31 Mar 2023 07:46:39 GMT
Etag: "be2204175325a1732a267afed560295d1d8ba034"
Cache-Control: max-age=310594,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ae94d4b283db505-OSL
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
35.241.9.150200 OK 329 B URL HTTP/2 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 35.241.9.150:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: Content-Length, ETag, Content-Type, Cache-Control, Pragma, Alert, Last-Modified, Retry-After, Backoff, Expires
content-security-policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-length: 329
via: 1.1 google
date: Mon, 27 Mar 2023 17:14:35 GMT
age: 329
last-modified: Fri, 25 Mar 2022 17:45:46 GMT
etag: "1648230346554"
content-type: application/json
cache-control: max-age=3600,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 472 B IP 142.250.74.131:0
Hash 1eebd93ef4ace8f93b306d6a46d47288
e968b59494a1ec170444176e4a45733e34289be0
ac364c1480c475154359adb0bd62380d9f51d59d0617c77977001a0eb184d77e
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 27 Mar 2023 17:20:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
kit.fontawesome.com/d2f7a09671.js
104.18.22.52200 OK 4.6 kB URL HTTP/2 kit.fontawesome.com/d2f7a09671.js
IP 104.18.22.52:0
Hash d2ff513ed5065eee26a9c26cb86b6944
b66fcc580f11b06e7ab8b3970721784236835076
35dc46cefe3799c0f9cc947a92900279b807bac7486d096e56405f12fd0e0a1c
GET /d2f7a09671.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:04 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, must-revalidate
strict-transport-security: max-age=31536000; preload
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F1BT8q8vMsE-guMAATki
cf-cache-status: REVALIDATED
server: cloudflare
cf-ray: 7ae94d4b1cd6b4f9-OSL
content-encoding: gzip
X-Firefox-Spdy: h2
push.services.mozilla.com/
34.117.65.55101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 34.117.65.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: Gj5SBxXZLtQ6eHJTKr53fQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: 1f7/1fz83HnXBtSKDHbPpb3BBe4=
Date: Mon, 27 Mar 2023 17:20:04 GMT
Via: 1.1 google
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
tfosrv.com/sppc.php
216.18.168.29200 OK 37 kB IP 216.18.168.29:0
File type Unicode text, UTF-8 text, with very long lines (65501), with no line terminators
Hash d4ec410e7d740b20f93cd1d48e327a60
4e1403cccb5b8df425d73b7d2fc5f9c47ad55301
74a51e37cf65072ffe1cbc3a3cd9dc63cfcee86ac239a6957de2be5652081b6f
GET /sppc.php HTTP/1.1
Host: tfosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx
date: Mon, 27 Mar 2023 17:20:04 GMT
content-type: text/javascript
transfer-encoding: chunked
vary: Accept-Encoding
cache-control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
expires: 0
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
content-encoding: gzip
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-request-id: 6421D044-D812A81D01BBC3176-446D950
tfosrv.com/etag
216.18.168.29200 OK 0 B IP 216.18.168.29:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /etag HTTP/1.1
Host: tfosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx
date: Mon, 27 Mar 2023 17:20:04 GMT
content-length: 0
access-control-allow-origin: https://hentaicovid.com
access-control-allow-credentials: true
access-control-expose-headers: ETag
access-control-allow-headers: If-None-Match, Origin
etag: 82a320bf-6073-45bd-817d-86597e481d5b
set-cookie: sppc_uuid=82a320bf-6073-45bd-817d-86597e481d5b; max-age=31536000; path=/; secure; SameSite=None
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-request-id: 6421D044-D812A81D01BBC3176-446D962
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 9f118fb224d6a3feb68bb7296958d8fe
7ccaa3d7e3b47dec93f7ddb398615bd71227b26e
2f70628100003ab47f5fb5622f8951ec8f4bad4b88cc3c083983a5c31356b429
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 27 Mar 2023 17:20:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.35200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.35:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 24 Mar 2023 10:26:41 GMT
expires: Sat, 23 Mar 2024 10:26:41 GMT
cache-control: public, max-age=31536000
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
age: 284003
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.131200 OK 471 B IP 142.250.74.131:0
Hash 9f118fb224d6a3feb68bb7296958d8fe
7ccaa3d7e3b47dec93f7ddb398615bd71227b26e
2f70628100003ab47f5fb5622f8951ec8f4bad4b88cc3c083983a5c31356b429
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Mon, 27 Mar 2023 17:20:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
tfosrv.com/show_std.php?ident=3275&id_site=13892&id_channel=66521&ref=https%3A%2F%2Fhentaicovid.com%2Fgames-animes%2Ffree-download-01039002&width=468&height=60&id_palette=1&ck=740&vars=%7B%22site_id%22%3A13892%2C%22channel_id%22%3A66521%7D&uuid=82a320bf-6073-45bd-817d-86597e481d5b
216.18.168.29200 OK 264 B URL HTTP/1.1 tfosrv.com/show_std.php?ident=3275&id_site=13892&id_channel=66521&ref=https%3A%2F%2Fhentaicovid.com%2Fgames-animes%2Ffree-download-01039002&width=468&height=60&id_palette=1&ck=740&vars=%7B%22site_id%22%3A13892%2C%22channel_id%22%3A66521%7D&uuid=82a320bf-6073-45bd-817d-86597e481d5b
IP 216.18.168.29:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 70d55a2bb12351c94d631805640703e0
e64b7fccc43c0b5f1ae4326c5a0e3592bffe849b
2e9c6f5bfae1570971889394cb63357d882e4a33fa55d0520639caf49bb72606
GET /show_std.php?ident=3275&id_site=13892&id_channel=66521&ref=https%3A%2F%2Fhentaicovid.com%2Fgames-animes%2Ffree-download-01039002&width=468&height=60&id_palette=1&ck=740&vars=%7B%22site_id%22%3A13892%2C%22channel_id%22%3A66521%7D&uuid=82a320bf-6073-45bd-817d-86597e481d5b HTTP/1.1
Host: tfosrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaicovid.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx
date: Mon, 27 Mar 2023 17:20:05 GMT
content-type: text/html; charset=UTF-8
transfer-encoding: chunked
vary: Accept-Encoding
set-cookie: sppc_uuid=82a320bf-6073-45bd-817d-86597e481d5b; max-age=31536000; path=/; secure; SameSite=None
content-encoding: gzip
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
x-request-id: 6421D044-D812A81D01BBC3176-446D972
ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-regular-400.woff2
172.64.168.22200 OK 13 kB URL HTTP/2 ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-regular-400.woff2
IP 172.64.168.22:0
File type Web Open Font Format (Version 2), TrueType, length 13216, version 331.-31196\012- data
Hash b8f1c6a3a94d42b082c29f0b1db8ba95
2e410a47e3321a42072f966b964c0cad9a3457a4
48fb6f0d8ac464d95cbc2df3ffa7bf5066950898c5581f5133d0565abb7f706b
GET /releases/v5.15.4/webfonts/free-fa-regular-400.woff2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:05 GMT
content-type: font/woff2
content-length: 13216
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:58:24 GMT
etag: "b8f1c6a3a94d42b082c29f0b1db8ba95"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 d5bf5eae21ab3c661f2c71654c0881f9.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR52-C1
x-amz-cf-id: 0tKEGAFX6sUrToJGGSvBGAFhHkoMsKp5WKM6JdqaVqdwDQYBDVFn0A==
age: 8715154
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dt%2FkLBsnH7zE1D1xyf5dao6klXX17mjuMFCv1Hk4QIte9D15XUJIaNXL%2FdUMqZIQmKgl7hnahdATOSrjOIItZDOJvTD9xKxhHUMPdlbSBCE8uGbULnSQj2rLAzDsIZT%2Bafsnf%2B346g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ae94d507b2f4164-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2
172.64.168.22200 OK 78 kB URL HTTP/2 ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2
IP 172.64.168.22:0
File type Web Open Font Format (Version 2), TrueType, length 78168, version 331.-31196\012- data
Hash a9fd1225fb2cd32320e2b931dca01089
44ec5c6a868b4ce62350d9f040ed8e18f7a1d128
c5dd43f53f3af822cbf17b1fb75f46192cdbd51724f277acf6cf0dacb3fd57e7
GET /releases/v5.15.4/webfonts/free-fa-solid-900.woff2 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:05 GMT
content-type: font/woff2
content-length: 78168
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:58:24 GMT
etag: "a9fd1225fb2cd32320e2b931dca01089"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 db92535f619848d07c0f5eb965b50adc.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: NrNw2sf72XuUc6gC2cqj4kYJHiggMSouYvYHVIEx___h03BaVYwCZQ==
age: 2844703
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LGkxGtpRHtAc6qOLjvWjW%2F0PijWZ9BwkkBC8rc569SPb7bF9y37jMR6xUNI66KROi4JSpnD050nlZ%2Bddz8Kh9yL%2FTAFAYmKssOYioZ6kx8uUMdgN6Vx90jO5Fw9sk99Ft%2BxZZ9Yolw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ae94d507b254164-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.78200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.78:0
File type ASCII text, with very long lines (1490)
Hash ca7fbbfd120e3e329633044190bbf134
d17f81e03dd827554ddd207ea081fb46b3415445
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20085
date: Mon, 27 Mar 2023 16:05:11 GMT
expires: Mon, 27 Mar 2023 18:05:11 GMT
cache-control: public, max-age=7200
age: 4494
last-modified: Tue, 10 Jan 2023 21:29:14 GMT
content-type: text/javascript
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
www.google-analytics.com/j/collect?v=1&_v=j99&a=1745895319&t=pageview&_s=1&dl=https%3A%2F%2Fhentaicovid.com%2Fgames-animes%2Ffree-download-01039002&ul=en-us&de=UTF-8&dt=%E3%81%8A%E8%A6%8B%E8%88%9E%E3%81%84%20CFNM%20-%20RJ01039002%20-%20Free%20Download%20%7C%20Free%20Download%20%7C%20HentaiCovid.com%20%7C%20Hentai%20OVAs%20-%20Hentai%20Games%20-%20Hentai%20CGs%20-%20Hentai%20Mangas%20-%20Hentai%20Voices&sd=24-bit&sr=1280x1024&vp=1140x836&je=0&_u=YEBAAUABAAAAACAAI~&jid=1785469176&gjid=1049955169&cid=756319734.1679937624&tid=UA-82095008-10&_gid=486583635.1679937624&_r=1>m=457e33m0&jsscut=1&z=672636421
142.250.74.78200 OK 1 B URL HTTP/2 www.google-analytics.com/j/collect?v=1&_v=j99&a=1745895319&t=pageview&_s=1&dl=https%3A%2F%2Fhentaicovid.com%2Fgames-animes%2Ffree-download-01039002&ul=en-us&de=UTF-8&dt=%E3%81%8A%E8%A6%8B%E8%88%9E%E3%81%84%20CFNM%20-%20RJ01039002%20-%20Free%20Download%20%7C%20Free%20Download%20%7C%20HentaiCovid.com%20%7C%20Hentai%20OVAs%20-%20Hentai%20Games%20-%20Hentai%20CGs%20-%20Hentai%20Mangas%20-%20Hentai%20Voices&sd=24-bit&sr=1280x1024&vp=1140x836&je=0&_u=YEBAAUABAAAAACAAI~&jid=1785469176&gjid=1049955169&cid=756319734.1679937624&tid=UA-82095008-10&_gid=486583635.1679937624&_r=1>m=457e33m0&jsscut=1&z=672636421
IP 142.250.74.78:0
File type very short file (no magic)
Hash c4ca4238a0b923820dcc509a6f75849b
356a192b7913b04c54574d18c28d46e6395428ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
POST /j/collect?v=1&_v=j99&a=1745895319&t=pageview&_s=1&dl=https%3A%2F%2Fhentaicovid.com%2Fgames-animes%2Ffree-download-01039002&ul=en-us&de=UTF-8&dt=%E3%81%8A%E8%A6%8B%E8%88%9E%E3%81%84%20CFNM%20-%20RJ01039002%20-%20Free%20Download%20%7C%20Free%20Download%20%7C%20HentaiCovid.com%20%7C%20Hentai%20OVAs%20-%20Hentai%20Games%20-%20Hentai%20CGs%20-%20Hentai%20Mangas%20-%20Hentai%20Voices&sd=24-bit&sr=1280x1024&vp=1140x836&je=0&_u=YEBAAUABAAAAACAAI~&jid=1785469176&gjid=1049955169&cid=756319734.1679937624&tid=UA-82095008-10&_gid=486583635.1679937624&_r=1>m=457e33m0&jsscut=1&z=672636421 HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 0
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://hentaicovid.com
date: Mon, 27 Mar 2023 17:20:05 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
last-modified: Sun, 17 May 1998 03:00:00 GMT
access-control-allow-credentials: true
x-content-type-options: nosniff
content-type: text/plain
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash e839e189fee5eba6ed7db09f2a9cb2d3
22a70dd761aef9e0e03a9d1feb19778ffbea71b7
f1b6fb9ba2c77a16003815740748e90babd750f8d993b73689365dfef430ea04
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Mon, 27 Mar 2023 17:20:05 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 27 Mar 2023 15:44:37 GMT
Expires: Mon, 03 Apr 2023 15:44:36 GMT
Etag: "22a70dd761aef9e0e03a9d1feb19778ffbea71b7"
Cache-Control: max-age=598470,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7ae94d527f8bb505-OSL
delivery.impressionmonster.com/sync.php?uuid=82a320bf-6073-45bd-817d-86597e481d5b
216.18.168.25200 OK 441 B URL HTTP/1.1 delivery.impressionmonster.com/sync.php?uuid=82a320bf-6073-45bd-817d-86597e481d5b
IP 216.18.168.25:0
Hash 4d7aa6b9cf83b5d2f4796a982dc02b48
40bdc9f8817227630911a09c2ea81b196028fd61
7d921e1ba3f5a6833f2d40ca4ad142f59282481dc43a9e936bc74161e29087ad
GET /sync.php?uuid=82a320bf-6073-45bd-817d-86597e481d5b HTTP/1.1
Host: delivery.impressionmonster.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://tfosrv.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
server: nginx
date: Mon, 27 Mar 2023 17:20:05 GMT
content-type: text/plain; charset=utf-8
transfer-encoding: chunked
vary: Accept-Encoding
set-cookie: sppc_uuid=82a320bf-6073-45bd-817d-86597e481d5b; max-age=31536000; path=/; secure; SameSite=None
content-encoding: gzip
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Full-Version,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-allow-origin: *
access-control-allow-methods: GET, POST, PUT, DELETE, OPTIONS
x-request-id: 6421D045-D812A81901BB3A52F-381C4B8
syndication.realsrv.com/v1/api.php
95.211.229.247200 OK 10 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (19223), with no line terminators
Hash a3f8ae6a4bcc2e38e6c0cdc768d0c4fb
02564dded3343f4854f2a21fe99a25b94f5ded3b
e8f2e453f86e9aafd18e51b91b83360a50f9f44c65a6bb6c95bec2add3aad49e
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 543
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 17:20:05 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hentaicovid.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226421d04511bad5.949981771974019257%22%3B%7D; expires=Wed, 26-Mar-2025 17:20:05 GMT; Max-Age=63072000; path=/; domain=realsrv.com; secure; SameSite=None
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VOS05DMQy8Chd40dhxfl2zBgnEAZK8VnRBuwChIs3hSd5D3ZCR5bE9HkehfoFfND2IPygOCCziCpypk2B8en6hCd+Pl6967tfv8+r69YMZGkpmKtASWYKqgRZ9Es0UAcNgknQIc4xZxxD0xIAGbzaZg0hhAt9eH7eQAaUHbhow+LzN6TE4bnO3SbO151hxtFWyae2hnaRjXUV8Pk3hv79ih0OK+4W/Br2YV1Muci+M44HbuH7+XDp5l+8Im8EwMpuJufaegsUOsWIhtorkW0pATIbWfgFXbqbsYgEAAA==
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VOS05DMQy8Chd40dhxfl2zBgnEAZK8VnRBuwChIs3hSd5D3ZCR5bE9HkehfoFfND2IPygOCCziCpypk2B8en6hCd+Pl6967tfv8+r69YMZGkpmKtASWYKqgRZ9Es0UAcNgknQIc4xZxxD0xIAGbzaZg0hhAt9eH7eQAaUHbhow+LzN6TE4bnO3SbO151hxtFWyae2hnaRjXUV8Pk3hv79ih0OK+4W/Br2YV1Muci+M44HbuH7+XDp5l+8Im8EwMpuJufaegsUOsWIhtorkW0pATIbWfgFXbqbsYgEAAA==
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA2VOS05DMQy8Chd40dhxfl2zBgnEAZK8VnRBuwChIs3hSd5D3ZCR5bE9HkehfoFfND2IPygOCCziCpypk2B8en6hCd+Pl6967tfv8+r69YMZGkpmKtASWYKqgRZ9Es0UAcNgknQIc4xZxxD0xIAGbzaZg0hhAt9eH7eQAaUHbhow+LzN6TE4bnO3SbO151hxtFWyae2hnaRjXUV8Pk3hv79ih0OK+4W/Br2YV1Muci+M44HbuH7+XDp5l+8Im8EwMpuJufaegsUOsWIhtorkW0pATIbWfgFXbqbsYgEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226421d04511bad5.949981771974019257%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 17:20:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hentaicovid.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D; expires=Wed, 26 Mar 2025 17:20:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPy04DMQz8FX5go/Er2fTMGSQQH7Abd0UPtAcQKpI/nmSBXsjI0tge2xMGywSZuNyRHBgHWFRKFUk5kWk8PD6FUrwezx/LqV0+T57a5S2MyGaNUsE1RzVmRWjOlYyDCGECtYyuyEKsHL0vgQ42UR0sARQF8fJ8vwd19OGMawY6H6d7Gto5rmN0pVW9zXnBUZ1m5aXZulGDO5HM2xD+s4ofJKnd6bjwWwghleFsolui0R9iby/vX+cWcZP//W94t32NBKkOp1F981K8rJlkwVxA7rlm99bWorV8A3zCznJnAQAA
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPy04DMQz8FX5go/Er2fTMGSQQH7Abd0UPtAcQKpI/nmSBXsjI0tge2xMGywSZuNyRHBgHWFRKFUk5kWk8PD6FUrwezx/LqV0+T57a5S2MyGaNUsE1RzVmRWjOlYyDCGECtYyuyEKsHL0vgQ42UR0sARQF8fJ8vwd19OGMawY6H6d7Gto5rmN0pVW9zXnBUZ1m5aXZulGDO5HM2xD+s4ofJKnd6bjwWwghleFsolui0R9iby/vX+cWcZP//W94t32NBKkOp1F981K8rJlkwVxA7rlm99bWorV8A3zCznJnAQAA
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA2VPy04DMQz8FX5go/Er2fTMGSQQH7Abd0UPtAcQKpI/nmSBXsjI0tge2xMGywSZuNyRHBgHWFRKFUk5kWk8PD6FUrwezx/LqV0+T57a5S2MyGaNUsE1RzVmRWjOlYyDCGECtYyuyEKsHL0vgQ42UR0sARQF8fJ8vwd19OGMawY6H6d7Gto5rmN0pVW9zXnBUZ1m5aXZulGDO5HM2xD+s4ofJKnd6bjwWwghleFsolui0R9iby/vX+cWcZP//W94t32NBKkOp1F981K8rJlkwVxA7rlm99bWorV8A3zCznJnAQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226421d04511bad5.949981771974019257%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 17:20:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hentaicovid.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D; expires=Wed, 26 Mar 2025 17:20:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPy04DMQz8FX6gqxnbefXMGSQQH7Cb7IoeaA9FqEj+eJIV9EJGkcf2+CUQPUAPkh6oR8ERwQungslkYjB/en5xo7+v58/5VC9fpzbVy4dnSCjZU4GU6CWIGNyi5ghzEh4ShUm6MMeYGb3n1dEhQc0Gm8AeT/C318f9s0NcgZsEdD5m++jROW6jduFireY4Y7XGbDLXsGysaI3UvA3hv12xg5Oi3zMm4BdKUzHxA++OeX/wPT1fv8/V/S7/OzB3FvY2fWGzYXxb67qwpZCUgplx3WzLiTWxFOTyA3SBql9oAQAA
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPy04DMQz8FX6gqxnbefXMGSQQH7Cb7IoeaA9FqEj+eJIV9EJGkcf2+CUQPUAPkh6oR8ERwQungslkYjB/en5xo7+v58/5VC9fpzbVy4dnSCjZU4GU6CWIGNyi5ghzEh4ShUm6MMeYGb3n1dEhQc0Gm8AeT/C318f9s0NcgZsEdD5m++jROW6jduFireY4Y7XGbDLXsGysaI3UvA3hv12xg5Oi3zMm4BdKUzHxA++OeX/wPT1fv8/V/S7/OzB3FvY2fWGzYXxb67qwpZCUgplx3WzLiTWxFOTyA3SBql9oAQAA
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA2VPy04DMQz8FX6gqxnbefXMGSQQH7Cb7IoeaA9FqEj+eJIV9EJGkcf2+CUQPUAPkh6oR8ERwQungslkYjB/en5xo7+v58/5VC9fpzbVy4dnSCjZU4GU6CWIGNyi5ghzEh4ShUm6MMeYGb3n1dEhQc0Gm8AeT/C318f9s0NcgZsEdD5m++jROW6jduFireY4Y7XGbDLXsGysaI3UvA3hv12xg5Oi3zMm4BdKUzHxA++OeX/wPT1fv8/V/S7/OzB3FvY2fWGzYXxb67qwpZCUgplx3WzLiTWxFOTyA3SBql9oAQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226421d04511bad5.949981771974019257%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 17:20:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hentaicovid.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D; expires=Wed, 26 Mar 2025 17:20:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPSU4DQQz8Ch/IqLz1kjNnkEA8oJcZkQPJAYSC5MfTPUAuuNRSuV22ywyWA+TA8Y7kyDjCPNOSsSgvZOoPj0+u5K/r+aOc2uXz1Jd2eXMjsqQeMzgHz8ascA0hk7ETwU2gFjAUQUCZfdTFMcAmqpMtAHmEvzzf748GRnPANQCDz9UjdR0c19laqWpvKRSs2ikpl2Z1o4beiSRtU/jPKn6wKEj2Db8fLqTCyn6gW6I+Ar6Xy/vXubnf5H/3Te+2jxnjVKdT51rjVtayqtkWY6q1ESxXxC6p1/oNvHXPXGcBAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPSU4DQQz8Ch/IqLz1kjNnkEA8oJcZkQPJAYSC5MfTPUAuuNRSuV22ywyWA+TA8Y7kyDjCPNOSsSgvZOoPj0+u5K/r+aOc2uXz1Jd2eXMjsqQeMzgHz8ascA0hk7ETwU2gFjAUQUCZfdTFMcAmqpMtAHmEvzzf748GRnPANQCDz9UjdR0c19laqWpvKRSs2ikpl2Z1o4beiSRtU/jPKn6wKEj2Db8fLqTCyn6gW6I+Ar6Xy/vXubnf5H/3Te+2jxnjVKdT51rjVtayqtkWY6q1ESxXxC6p1/oNvHXPXGcBAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA2VPSU4DQQz8Ch/IqLz1kjNnkEA8oJcZkQPJAYSC5MfTPUAuuNRSuV22ywyWA+TA8Y7kyDjCPNOSsSgvZOoPj0+u5K/r+aOc2uXz1Jd2eXMjsqQeMzgHz8ascA0hk7ETwU2gFjAUQUCZfdTFMcAmqpMtAHmEvzzf748GRnPANQCDz9UjdR0c19laqWpvKRSs2ikpl2Z1o4beiSRtU/jPKn6wKEj2Db8fLqTCyn6gW6I+Ar6Xy/vXubnf5H/3Te+2jxnjVKdT51rjVtayqtkWY6q1ESxXxC6p1/oNvHXPXGcBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226421d04511bad5.949981771974019257%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 17:20:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hentaicovid.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D; expires=Wed, 26 Mar 2025 17:20:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPS05DMQy8Chd4T+NfPl2zBgnEAV6SRnRBuyhCRfLhSZ6gGzKyPZbHnzBYFsjC8YHkwDjAPNOasSqvZOpPzy+u5O/H8+d2qpevU1vr5cMT2HLymME5eDZmhWuQFKBOBLdITJGHMIWQOPioi2OATVQnW0EUPcLfXh93owF2AW5sGHzu9jljcNxmb6Giraaw4aiNkvJWrXSqaI1IUp/Cf7diB61iEvcN+IWQCiv7QvdEfTz4Xt6u3+fqfpf/fTANZvuYcbDqDN67Be5bQu0iUsR6KNKSlDp8bPwDxAUiaGgBAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPS05DMQy8Chd4T+NfPl2zBgnEAV6SRnRBuyhCRfLhSZ6gGzKyPZbHnzBYFsjC8YHkwDjAPNOasSqvZOpPzy+u5O/H8+d2qpevU1vr5cMT2HLymME5eDZmhWuQFKBOBLdITJGHMIWQOPioi2OATVQnW0EUPcLfXh93owF2AW5sGHzu9jljcNxmb6Giraaw4aiNkvJWrXSqaI1IUp/Cf7diB61iEvcN+IWQCiv7QvdEfTz4Xt6u3+fqfpf/fTANZvuYcbDqDN67Be5bQu0iUsR6KNKSlDp8bPwDxAUiaGgBAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA2VPS05DMQy8Chd4T+NfPl2zBgnEAV6SRnRBuyhCRfLhSZ6gGzKyPZbHnzBYFsjC8YHkwDjAPNOasSqvZOpPzy+u5O/H8+d2qpevU1vr5cMT2HLymME5eDZmhWuQFKBOBLdITJGHMIWQOPioi2OATVQnW0EUPcLfXh93owF2AW5sGHzu9jljcNxmb6Giraaw4aiNkvJWrXSqaI1IUp/Cf7diB61iEvcN+IWQCiv7QvdEfTz4Xt6u3+fqfpf/fTANZvuYcbDqDN67Be5bQu0iUsR6KNKSlDp8bPwDxAUiaGgBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226421d04511bad5.949981771974019257%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 17:20:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hentaicovid.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D; expires=Wed, 26 Mar 2025 17:20:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VQy07DQAz8FX6gq/Fr4+0ZriAV9QOSTVf0QHsoQkXyx7NJRS54Dh5r7JFtBssOsuPhiWTP2MOiUCpIyolM4/XtEErxcbp8jed6/T7PqV4/QznDSgwFXHIUY1aE5sExIIg6H9yK5HCou7hG1yXQwSaqC0uAKGBsEHbSHH32+P4cL8dDUELOeUt9GLgTuvm60mKnneO+WE406Vw9jzjpTK48VpsaVcwzkXhbGv+dgAeS5tJ1/qtDSIWVY0dbodEDscrj7edSI7b2B2w16Ff6smGoNq+jt+aTTug/qJBm1EbWVqvZL1C39m13AQAA
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VQy07DQAz8FX6gq/Fr4+0ZriAV9QOSTVf0QHsoQkXyx7NJRS54Dh5r7JFtBssOsuPhiWTP2MOiUCpIyolM4/XtEErxcbp8jed6/T7PqV4/QznDSgwFXHIUY1aE5sExIIg6H9yK5HCou7hG1yXQwSaqC0uAKGBsEHbSHH32+P4cL8dDUELOeUt9GLgTuvm60mKnneO+WE406Vw9jzjpTK48VpsaVcwzkXhbGv+dgAeS5tJ1/qtDSIWVY0dbodEDscrj7edSI7b2B2w16Ff6smGoNq+jt+aTTug/qJBm1EbWVqvZL1C39m13AQAA
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA2VQy07DQAz8FX6gq/Fr4+0ZriAV9QOSTVf0QHsoQkXyx7NJRS54Dh5r7JFtBssOsuPhiWTP2MOiUCpIyolM4/XtEErxcbp8jed6/T7PqV4/QznDSgwFXHIUY1aE5sExIIg6H9yK5HCou7hG1yXQwSaqC0uAKGBsEHbSHH32+P4cL8dDUELOeUt9GLgTuvm60mKnneO+WE406Vw9jzjpTK48VpsaVcwzkXhbGv+dgAeS5tJ1/qtDSIWVY0dbodEDscrj7edSI7b2B2w16Ff6smGoNq+jt+aTTug/qJBm1EbWVqvZL1C39m13AQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226421d04511bad5.949981771974019257%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 17:20:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hentaicovid.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D; expires=Wed, 26 Mar 2025 17:20:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VOS05DMQy8Chd40fiTOOmaNUggDvCSl4ouaBcgVCQfnuQVdUNGkcf2eGwGywJZ2B5IDowDohcKBUE5UFR/en5xJX/v56/11C7fpy20y4dncCzZrYBL8hKZFa5JckzZieDRiMl4CHNKmbKPvjgGOIrqZAGQYeMGf3t93D8NsAtw5YjB53afLoPjOqcrVd1aTiu6bpSV1xbrkRq2jUjycQr/XYsbQqFs+4a/ggupsLIvdE/Ux4Pv7fXz59zc7/Ib4m4wTlWdYcwZmyWpYo16rJ1BvSnIinY2/QUQCF0MZAEAAA==
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VOS05DMQy8Chd40fiTOOmaNUggDvCSl4ouaBcgVCQfnuQVdUNGkcf2eGwGywJZ2B5IDowDohcKBUE5UFR/en5xJX/v56/11C7fpy20y4dncCzZrYBL8hKZFa5JckzZieDRiMl4CHNKmbKPvjgGOIrqZAGQYeMGf3t93D8NsAtw5YjB53afLoPjOqcrVd1aTiu6bpSV1xbrkRq2jUjycQr/XYsbQqFs+4a/ggupsLIvdE/Ux4Pv7fXz59zc7/Ib4m4wTlWdYcwZmyWpYo16rJ1BvSnIinY2/QUQCF0MZAEAAA==
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA2VOS05DMQy8Chd40fiTOOmaNUggDvCSl4ouaBcgVCQfnuQVdUNGkcf2eGwGywJZ2B5IDowDohcKBUE5UFR/en5xJX/v56/11C7fpy20y4dncCzZrYBL8hKZFa5JckzZieDRiMl4CHNKmbKPvjgGOIrqZAGQYeMGf3t93D8NsAtw5YjB53afLoPjOqcrVd1aTiu6bpSV1xbrkRq2jUjycQr/XYsbQqFs+4a/ggupsLIvdE/Ux4Pv7fXz59zc7/Ib4m4wTlWdYcwZmyWpYo16rJ1BvSnIinY2/QUQCF0MZAEAAA== HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226421d04511bad5.949981771974019257%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 17:20:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hentaicovid.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D; expires=Wed, 26 Mar 2025 17:20:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPS05DMRC7Chd4keeTX9esQQJxgHxeRRe0iyJUpDk8SQTdMFYUR+PYMwyWDbJxfCA5MA7wlsllOGVHXu3p+cWU7H0/f5ZTu3ydumuXD0tgn5PFDM7BsmdWmAZJAWpEMB+JKfIQphASs42+GAbYi+pkDkNiEfb2+rgODbAJcGOPwWe2TY/BcZt/K1XtLYWCXTsl5dJ8PVJD70SSjlP4b1YskGONshLwCyEVVraN7g+1UbDVLtfvczO7y/8WTIP5ZTMGVp2XoeRaq1Dfsw+hlzLcusSSotScdvkBF92002gBAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPS05DMRC7Chd4keeTX9esQQJxgHxeRRe0iyJUpDk8SQTdMFYUR+PYMwyWDbJxfCA5MA7wlsllOGVHXu3p+cWU7H0/f5ZTu3ydumuXD0tgn5PFDM7BsmdWmAZJAWpEMB+JKfIQphASs42+GAbYi+pkDkNiEfb2+rgODbAJcGOPwWe2TY/BcZt/K1XtLYWCXTsl5dJ8PVJD70SSjlP4b1YskGONshLwCyEVVraN7g+1UbDVLtfvczO7y/8WTIP5ZTMGVp2XoeRaq1Dfsw+hlzLcusSSotScdvkBF92002gBAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA2VPS05DMRC7Chd4keeTX9esQQJxgHxeRRe0iyJUpDk8SQTdMFYUR+PYMwyWDbJxfCA5MA7wlsllOGVHXu3p+cWU7H0/f5ZTu3ydumuXD0tgn5PFDM7BsmdWmAZJAWpEMB+JKfIQphASs42+GAbYi+pkDkNiEfb2+rgODbAJcGOPwWe2TY/BcZt/K1XtLYWCXTsl5dJ8PVJD70SSjlP4b1YskGONshLwCyEVVraN7g+1UbDVLtfvczO7y/8WTIP5ZTMGVp2XoeRaq1Dfsw+hlzLcusSSotScdvkBF92002gBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226421d04511bad5.949981771974019257%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 17:20:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hentaicovid.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D; expires=Wed, 26 Mar 2025 17:20:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPy04DMQz8FX6g0fiRxO4ZriAV9QN2k13RA/QAQkXyx5Mtai/YB4/t8cjDYNlBdlwfSPaMPXI4JUdSTpQ1nl8OoRRvy8fXdGrn71NP7fweygXZozrYS3hmVoS6sBAH0cDVsksJgxmxaYy9BEZyFtUNJUAylWrMbuZSoyKOr4/xdDwEJZRS7mUcAxcCgq4vbXI6MC6b5Eyz9mZlwqKdTHlqeV6poXcisXUj/rOAv0y1lDoIfBuEkAorx47ujcYIxHU9ff58tIg7/eZ785SvMsOsbY/G2n0pbuBJFxJvStbndWKvoxT0X1iG+D5+AQAA
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPy04DMQz8FX6g0fiRxO4ZriAV9QN2k13RA/QAQkXyx5Mtai/YB4/t8cjDYNlBdlwfSPaMPXI4JUdSTpQ1nl8OoRRvy8fXdGrn71NP7fweygXZozrYS3hmVoS6sBAH0cDVsksJgxmxaYy9BEZyFtUNJUAylWrMbuZSoyKOr4/xdDwEJZRS7mUcAxcCgq4vbXI6MC6b5Eyz9mZlwqKdTHlqeV6poXcisXUj/rOAv0y1lDoIfBuEkAorx47ujcYIxHU9ff58tIg7/eZ785SvMsOsbY/G2n0pbuBJFxJvStbndWKvoxT0X1iG+D5+AQAA
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA2VPy04DMQz8FX6g0fiRxO4ZriAV9QN2k13RA/QAQkXyx5Mtai/YB4/t8cjDYNlBdlwfSPaMPXI4JUdSTpQ1nl8OoRRvy8fXdGrn71NP7fweygXZozrYS3hmVoS6sBAH0cDVsksJgxmxaYy9BEZyFtUNJUAylWrMbuZSoyKOr4/xdDwEJZRS7mUcAxcCgq4vbXI6MC6b5Eyz9mZlwqKdTHlqeV6poXcisXUj/rOAv0y1lDoIfBuEkAorx47ujcYIxHU9ff58tIg7/eZ785SvMsOsbY/G2n0pbuBJFxJvStbndWKvoxT0X1iG+D5+AQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226421d04511bad5.949981771974019257%22%3B%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 17:20:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hentaicovid.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D; expires=Wed, 26 Mar 2025 17:20:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPOU4EMRD8Ch8Yqy9fGxOzEogHeOwZsQG7AQgtUj2e9gQQ4JLdZfdRZSHRhXSR/MB6EjpRROVQKZgEjoan8zOM8bZdP9ul374uI/TbO1JOuVbkSlITahQxgiXNrAXMhEiSsxky15JFEzyvIIdE9XdngYi5IBNeXx6PzQ4h+DllJzXndJ9tK682ekmNNhtcTFqP686dxmAX3WfhP5vuQ5ISmChN0aCS5kg5nEwom4oJFv69GHwRjnT7+L524K88HSEeEwRs/i0GRhm7xNY3GUW3pq27u0IcS92Ybf0BG5ELbmcBAAA=
95.211.229.247200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA2VPOU4EMRD8Ch8Yqy9fGxOzEogHeOwZsQG7AQgtUj2e9gQQ4JLdZfdRZSHRhXSR/MB6EjpRROVQKZgEjoan8zOM8bZdP9ul374uI/TbO1JOuVbkSlITahQxgiXNrAXMhEiSsxky15JFEzyvIIdE9XdngYi5IBNeXx6PzQ4h+DllJzXndJ9tK682ekmNNhtcTFqP686dxmAX3WfhP5vuQ5ISmChN0aCS5kg5nEwom4oJFv69GHwRjnT7+L524K88HSEeEwRs/i0GRhm7xNY3GUW3pq27u0IcS92Ybf0BG5ELbmcBAAA=
IP 95.211.229.247:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA2VPOU4EMRD8Ch8Yqy9fGxOzEogHeOwZsQG7AQgtUj2e9gQQ4JLdZfdRZSHRhXSR/MB6EjpRROVQKZgEjoan8zOM8bZdP9ul374uI/TbO1JOuVbkSlITahQxgiXNrAXMhEiSsxky15JFEzyvIIdE9XdngYi5IBNeXx6PzQ4h+DllJzXndJ9tK682ekmNNhtcTFqP686dxmAX3WfhP5vuQ5ISmChN0aCS5kg5nEwom4oJFv69GHwRjnT7+L524K88HSEeEwRs/i0GRhm7xNY3GUW3pq27u0IcS92Ybf0BG5ELbmcBAAA= HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%226421d04511bad5.949981771974019257%22%3B%7D; __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.0199%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 27 Mar 2023 17:20:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://hentaicovid.com
Access-Control-Allow-Credentials: true
Set-Cookie: __upt=%7B%22v%22%3A1%2C%22id%22%3A%220%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22110.029701%22%7D; expires=Wed, 26 Mar 2025 17:20:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
go.xlivrdr.com/smartpop/092ba119f71c45080bc079964bc918d5ea43dba8ca3906931e64cedceef0ef50?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304560&memberId=ooddNHdLHTPHNVS4ASOprrumqndZdXRNPTO6V01cqq5ZXTTSupmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7SbSnbW2vOXenaa2mfPWrTibWXbaaai3h0rutwGz71CjvaPUP7nOldK6V0rpXSuldTXXdNVS6VwfY-&p1=5304560&ax=0&trackOff=1&kbLimit=1000
104.18.51.106302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/092ba119f71c45080bc079964bc918d5ea43dba8ca3906931e64cedceef0ef50?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304560&memberId=ooddNHdLHTPHNVS4ASOprrumqndZdXRNPTO6V01cqq5ZXTTSupmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7SbSnbW2vOXenaa2mfPWrTibWXbaaai3h0rutwGz71CjvaPUP7nOldK6V0rpXSuldTXXdNVS6VwfY-&p1=5304560&ax=0&trackOff=1&kbLimit=1000
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/092ba119f71c45080bc079964bc918d5ea43dba8ca3906931e64cedceef0ef50?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304560&memberId=ooddNHdLHTPHNVS4ASOprrumqndZdXRNPTO6V01cqq5ZXTTSupmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7SbSnbW2vOXenaa2mfPWrTibWXbaaai3h0rutwGz71CjvaPUP7nOldK6V0rpXSuldTXXdNVS6VwfY-&p1=5304560&ax=0&trackOff=1&kbLimit=1000 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaicovid.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 27 Mar 2023 17:20:06 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?ax=0&campaignId=092ba119f71c45080bc079964bc918d5ea43dba8ca3906931e64cedceef0ef50&campaignType=smartpop&creativeId=dce28b2e94745c1cb9b5fe2e09bf2d127f158343ad9702f00eed42254ad3906e&iterationId=287261&kbLimit=1000&masterSmartpopId=1915&memberId=ooddNHdLHTPHNVS4ASOprrumqndZdXRNPTO6V01cqq5ZXTTSupmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7SbSnbW2vOXenaa2mfPWrTibWXbaaai3h0rutwGz71CjvaPUP7nOldK6V0rpXSuldTXXdNVS6VwfY-&p1=5304560&ruleId=18&smartpopId=7199&sourceId=5304560&tag=-girls%2Findian&trackOff=1&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29806
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=67569723.29806; Path=/; HttpOnly; SameSite=Strict
__cflb=0H28uukSkGJRy5UBr1XYMARUwdYFVsfEwggoycHHTm6; SameSite=None; Secure; path=/; expires=Tue, 28-Mar-23 16:20:06 GMT; HttpOnly
server: cloudflare
cf-ray: 7ae94d560a901c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
go.xlivrdr.com/smartpop/092ba119f71c45080bc079964bc918d5ea43dba8ca3906931e64cedceef0ef50?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304560&memberId=ooddNHdLHTPHNVS4ASOprrumqndZdXRLNdO6V01cqq5ZXTTSupmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7SbSnbW2vOXenaa2mfPWrTibWXbaaai3h0rutwGz71CjvaPUP7nOldK6V0rpXSuldTXXdNVS6VwfY-&p1=5304560&ax=0&trackOff=1&kbLimit=1000
104.18.51.106302 Found 0 B URL HTTP/2 go.xlivrdr.com/smartpop/092ba119f71c45080bc079964bc918d5ea43dba8ca3906931e64cedceef0ef50?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304560&memberId=ooddNHdLHTPHNVS4ASOprrumqndZdXRLNdO6V01cqq5ZXTTSupmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7SbSnbW2vOXenaa2mfPWrTibWXbaaai3h0rutwGz71CjvaPUP7nOldK6V0rpXSuldTXXdNVS6VwfY-&p1=5304560&ax=0&trackOff=1&kbLimit=1000
IP 104.18.51.106:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /smartpop/092ba119f71c45080bc079964bc918d5ea43dba8ca3906931e64cedceef0ef50?userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&sourceId=5304560&memberId=ooddNHdLHTPHNVS4ASOprrumqndZdXRLNdO6V01cqq5ZXTTSupmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7SbSnbW2vOXenaa2mfPWrTibWXbaaai3h0rutwGz71CjvaPUP7nOldK6V0rpXSuldTXXdNVS6VwfY-&p1=5304560&ax=0&trackOff=1&kbLimit=1000 HTTP/1.1
Host: go.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaicovid.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Mon, 27 Mar 2023 17:20:06 GMT
content-length: 0
location: https://creative.xlivrdr.com/widgets/v4/Universal?ax=0&campaignId=092ba119f71c45080bc079964bc918d5ea43dba8ca3906931e64cedceef0ef50&campaignType=smartpop&creativeId=dce28b2e94745c1cb9b5fe2e09bf2d127f158343ad9702f00eed42254ad3906e&iterationId=287261&kbLimit=1000&masterSmartpopId=1915&memberId=ooddNHdLHTPHNVS4ASOprrumqndZdXRLNdO6V01cqq5ZXTTSupmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7SbSnbW2vOXenaa2mfPWrTibWXbaaai3h0rutwGz71CjvaPUP7nOldK6V0rpXSuldTXXdNVS6VwfY-&p1=5304560&ruleId=18&smartpopId=7199&sourceId=5304560&tag=-girls%2Findian&trackOff=1&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29806
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: DYNAMIC
set-cookie: _var=67569723.29806; Path=/; HttpOnly; SameSite=Strict
__cflb=02DiuDfsBaY2bRYJiCeS4Kkib9dpHBnhabyNbrtm9bWnp; SameSite=None; Secure; path=/; expires=Tue, 28-Mar-23 16:20:06 GMT; HttpOnly
server: cloudflare
cf-ray: 7ae94d55fa861c02-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/426059/3cc3d5c8ea4bbd8c0ed4dacafdcd282d3fc814bd.mp4
185.76.9.15206 Partial Content 32 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/3cc3d5c8ea4bbd8c0ed4dacafdcd282d3fc814bd.mp4
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 46a82a76147e97ec54036a25fd44da15
3cc3d5c8ea4bbd8c0ed4dacafdcd282d3fc814bd
961272a8a9be28469c0213471d158bd511a3ccf5a0d5eef2d896f63bdbed4c9e
GET /library/426059/3cc3d5c8ea4bbd8c0ed4dacafdcd282d3fc814bd.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: video/mp4
content-length: 32064
last-modified: Fri, 24 Mar 2023 16:18:55 GMT
etag: "641dcd6f-7d40"
expires: Sat, 23 Mar 2024 16:26:43 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
server: CDN77-Turbo
x-77-nzt: AblMCQ1OETf/AgEEAA
x-77-nzt-ray: c0a4cc28ed0562c746d021646fbb280a
x-accel-expires: @1711211204
x-cache: HIT
x-age: 262402
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-32063/32064
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/802598/6b1159a266f251531a9dfe22f4d53ce6ae06511d.mp4
185.76.9.15206 Partial Content 32 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/802598/6b1159a266f251531a9dfe22f4d53ce6ae06511d.mp4
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 958ce37551ddcf3f7d0112d69b5870c6
6b1159a266f251531a9dfe22f4d53ce6ae06511d
6a38f29108cc60c780b96a493f19e76c38ce4064c1794cff531c9fd4951c3c2c
GET /library/802598/6b1159a266f251531a9dfe22f4d53ce6ae06511d.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 206 Partial Content
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: video/mp4
content-length: 31974
last-modified: Mon, 13 Mar 2023 15:25:11 GMT
etag: "640f4057-7ce6"
expires: Wed, 13 Mar 2024 18:54:34 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
server: CDN77-Turbo
x-77-nzt: AblMCQ1ntDj/PwABAA
x-77-nzt-ray: c0a4cc28ed0562c746d021640d9b420a
x-accel-expires: @1711408007
x-cache: HIT
x-age: 65599
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-31973/31974
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/802598/9bd05ec22b7213cc4c2c610eda5dfa3c4c04ed78.mp4
185.76.9.15206 Partial Content 56 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/802598/9bd05ec22b7213cc4c2c610eda5dfa3c4c04ed78.mp4
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash e98fe2e76424886cc05a3daa5eed0493
9bd05ec22b7213cc4c2c610eda5dfa3c4c04ed78
33b7160c9a0199b8a75c7fd35a441ecd0145324de41e9d178ee393f785f7fa48
GET /library/802598/9bd05ec22b7213cc4c2c610eda5dfa3c4c04ed78.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: video/mp4
content-length: 55819
last-modified: Thu, 11 Aug 2022 08:23:06 GMT
etag: "62f4bc6a-da0b"
expires: Sat, 02 Mar 2024 08:11:31 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
server: CDN77-Turbo
x-77-nzt: AblMCQ0SwTf/BIcAAA
x-77-nzt-ray: c0a4cc28ed0562c746d021646835590a
x-accel-expires: @1711439042
x-cache: HIT
x-age: 34564
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-55818/55819
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/426059/cb7b3d28da67fca6b8220f221b4ecb7d065a59cf.mp4
185.76.9.15206 Partial Content 26 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/426059/cb7b3d28da67fca6b8220f221b4ecb7d065a59cf.mp4
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 103a1986d904a7629e9ad1ff279cec46
cb7b3d28da67fca6b8220f221b4ecb7d065a59cf
476e43e5257bdc79e2626713444fa7e91ab90045359462c9c926f47453e4b182
GET /library/426059/cb7b3d28da67fca6b8220f221b4ecb7d065a59cf.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: video/mp4
content-length: 26006
last-modified: Mon, 13 Mar 2023 17:13:15 GMT
etag: "640f59ab-6596"
expires: Tue, 12 Mar 2024 18:02:10 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
server: CDN77-Turbo
x-77-nzt: AblMCQ1LfN7/JGsSAA
x-77-nzt-ray: c0a4cc28ed0562c746d02164a742880a
x-accel-expires: @1710266530
x-cache: HIT
x-age: 1207076
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-26005/26006
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/802598/a958c47847fee7cdff15fb479a0705f852913f14.mp4
185.76.9.15206 Partial Content 39 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/802598/a958c47847fee7cdff15fb479a0705f852913f14.mp4
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 7a7c6077fd3da683b414231bbe387e70
a958c47847fee7cdff15fb479a0705f852913f14
9e9e4ba625f5a0ea2a6e8090471253028b4e73540ef742a6244420022e8c7d0a
GET /library/802598/a958c47847fee7cdff15fb479a0705f852913f14.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: video/mp4
content-length: 38631
last-modified: Thu, 11 Aug 2022 06:53:20 GMT
etag: "62f4a760-96e7"
expires: Thu, 26 Oct 2023 10:03:22 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
server: CDN77-Turbo
x-77-nzt: AblMCQ0Imw7/D8obAA
x-77-nzt-ray: c0a4cc28ed0562c746d02164d5d8a80a
x-accel-expires: @1709652407
x-cache: HIT
x-age: 1821199
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-38630/38631
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/802598/7ffe873db5878caff18c1d92f43af300face5b56.mp4
185.76.9.15206 Partial Content 37 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/802598/7ffe873db5878caff18c1d92f43af300face5b56.mp4
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash b25ea947f83d5fcd6ddcdc0f497b4c1d
7ffe873db5878caff18c1d92f43af300face5b56
b6a8276eb35c576262ac292a4be46b864125f01cb42bd08e1bebaf4923a45363
GET /library/802598/7ffe873db5878caff18c1d92f43af300face5b56.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: video/mp4
content-length: 37431
last-modified: Thu, 17 Nov 2022 11:37:21 GMT
etag: "63761cf1-9237"
expires: Fri, 17 Nov 2023 11:55:07 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
server: CDN77-Turbo
x-77-nzt: AblMCQ2Mi47/JIgAAA
x-77-nzt-ray: c0a4cc28ed0562c746d021649556f80a
x-accel-expires: @1711438754
x-cache: HIT
x-age: 34852
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-37430/37431
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/802598/c6deb332332e3da6bb12a1d5daa69e317087358c.mp4
185.76.9.15206 Partial Content 80 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/802598/c6deb332332e3da6bb12a1d5daa69e317087358c.mp4
IP 185.76.9.15:0
ASN #60068 Datacamp Limited
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash cc003a56ed891aa74e5c1b343657f63d
c6deb332332e3da6bb12a1d5daa69e317087358c
60335e3a47316a7d7a39b46b3213a7a9e1650d9c4ecb75dcaaec3279b56044bf
GET /library/802598/c6deb332332e3da6bb12a1d5daa69e317087358c.mp4 HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: video/mp4
content-length: 79945
last-modified: Thu, 11 Aug 2022 06:53:20 GMT
etag: "62f4a760-13849"
expires: Tue, 05 Mar 2024 10:50:53 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
server: CDN77-Turbo
x-77-nzt: AblMCQ3ezGD/D8obAA
x-77-nzt-ray: c0a4cc28ed0562c746d021646227bb0a
x-accel-expires: @1709652407
x-cache: HIT
x-age: 1821199
x-77-pop: stockholmSE
x-77-cache: HIT
content-range: bytes 0-79944/79945
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3283
Expires: Mon, 27 Mar 2023 18:14:49 GMT
Date: Mon, 27 Mar 2023 17:20:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3283
Expires: Mon, 27 Mar 2023 18:14:49 GMT
Date: Mon, 27 Mar 2023 17:20:06 GMT
Connection: keep-alive
r3.o.lencr.org/
23.33.119.27200 OK 503 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash be1cd1cf8e462ca6f6acb2f132e614d5
037f3bc7ab850fa2c69f2584bb24340b25bb6f3c
e212abd38fd1ccc428a4c480913938f8ea6e9da873ebe73df55cdbee7fff2efa
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E212ABD38FD1CCC428A4C480913938F8EA6E9DA873EBE73DF55CDBEE7FFF2EFA"
Last-Modified: Sun, 26 Mar 2023 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3283
Expires: Mon, 27 Mar 2023 18:14:49 GMT
Date: Mon, 27 Mar 2023 17:20:06 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F217b24c4-6cf4-4be4-bdbf-764890bd9672.jpeg
34.120.237.76200 OK 4.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F217b24c4-6cf4-4be4-bdbf-764890bd9672.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8cc79a830964d923d24a45f5ccc9939b
557cc4827414912c41319ad961c14cce71ed4a18
b3b1c73b34057cb6e41920f3d55213ad8c193076525767c051960ec26d17ca3c
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F217b24c4-6cf4-4be4-bdbf-764890bd9672.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 4775
x-amzn-requestid: 28d0e56d-ed03-4686-bd49-34f193f1c65a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CK96KF9coAMFvMA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641aa9da-122cd32a6f23e8442a52464c;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 07:10:18 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: psNReeBG7nAuKQXIMl1zwCVmvtZ-xwn6Fx8oAIX4wi4GCNUWNWOGMA==
via: 1.1 4e4278a2778e72cc34feef6db603088c.cloudfront.net (CloudFront), 1.1 34f8ef0e4c880df0650a814412a26ea6.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 22:12:36 GMT
age: 68850
etag: "557cc4827414912c41319ad961c14cce71ed4a18"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4429ed9b-a655-45dc-a59b-78db53c9c2f6.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4429ed9b-a655-45dc-a59b-78db53c9c2f6.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e999a9d79efe60a30b2942c5f2940294
c3891c43b16521f66eb3a52d83694de2ddd39871
290ed1232883a4ec63ef42c30f40b819983c5544e35261d2d1e0d1e55d0c8b07
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4429ed9b-a655-45dc-a59b-78db53c9c2f6.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12017
x-amzn-requestid: 4f61a0c7-4b18-4289-b47c-eeeff93d873f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Ca6yQGNtoAMFsxw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-64210b41-350e4e2425d9606e478872b5;Sampled=0
x-amzn-remapped-date: Mon, 27 Mar 2023 03:19:29 GMT
x-amz-cf-pop: HIO52-P1, SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: TCzHm5qTtnAUDSmayc-LLFmDfV7o6PaaYYfVtN_w7cC3o66HCa3DEg==
via: 1.1 b3cdce1c2fc39b89f45c98c417351f26.cloudfront.net (CloudFront), 1.1 0a2ce08fa1ec3c33302a7547d3305978.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 03:34:08 GMT
age: 49558
etag: "c3891c43b16521f66eb3a52d83694de2ddd39871"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb0254d-5c75-4e14-a0c6-04283194ce5b.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb0254d-5c75-4e14-a0c6-04283194ce5b.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 668a8a17a1bb77ea7db7fa23c9df9690
242108539ff8694a3c557d07b2b000e764a77f24
100952573dc9eeba889a77f4d148b646accb99f277035f0607b1c6918f93a358
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fccb0254d-5c75-4e14-a0c6-04283194ce5b.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10591
x-amzn-requestid: 8359ddc1-a6c6-4caf-9de3-f2eb4dcb0c78
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CaIO-F0QIAMF5_A=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6420ba5f-72ee066911fdddb62c4a201d;Sampled=0
x-amzn-remapped-date: Sun, 26 Mar 2023 21:34:23 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: hfm1xuKZ-Olu263DvYfbYlEnANaiIL9e7jEDUqDAf3ihT5N2HAdyIA==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 60b744e5b364d04abea9fa6686121242.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 21:49:30 GMT
age: 70236
etag: "242108539ff8694a3c557d07b2b000e764a77f24"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fb4d16c-eef2-49cc-ac24-b125a7d6d9e0.jpeg
34.120.237.76200 OK 3.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fb4d16c-eef2-49cc-ac24-b125a7d6d9e0.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1ec08d4bd079a92161fc80f41281b5a9
bf61369962342cce85de8f48942b4b150fd2721e
8a8ed12c31d89d71c3cb88f0813ded83939529206461e917dcb0b8bc11abdda4
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F3fb4d16c-eef2-49cc-ac24-b125a7d6d9e0.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3589
x-amzn-requestid: 9c09af43-79e8-4734-b28b-4194e0bb1e4e
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CW1uyE2joAMF50g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641f6991-7607d33f6301182b591c56e8;Sampled=0
x-amzn-remapped-date: Sat, 25 Mar 2023 21:37:21 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Miss from cloudfront
x-amz-cf-id: pjRA439kqSg5daR_Zuvsf2l45R4oqv3AMWNiMCGQ_C5o2KA8kEd3TQ==
via: 1.1 46673955829b59a6da0ab071e0b7fbea.cloudfront.net (CloudFront), 1.1 27a84054de24e45f952ea4056a821764.cloudfront.net (CloudFront), 1.1 google
date: Sun, 26 Mar 2023 21:37:24 GMT
age: 70962
etag: "bf61369962342cce85de8f48942b4b150fd2721e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
34.120.237.76200 OK 5.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c831201ad81f55c63c1b101ce854a810
0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5
c854489720d2ca4a95eef00addda0fcdaf481402d044df7725282654a97eb54a
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F00ac1765-db6c-42e3-99bf-d857d27a34b9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5556
x-amzn-requestid: 6b050645-14aa-47f7-b4a5-2e27abbe5115
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CM69eHE3IAMF0Yw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641b71ef-6ab2948e2bf2578f29798372;Sampled=0
x-amzn-remapped-date: Wed, 22 Mar 2023 21:23:59 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: CgU9j02Bnw0UdIwQ3sRCDvJoPitHIAUTRDhLH_PMXYlAPoAwSbv6Iw==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 4d8620b80ebe37d366388e117039aa8e.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 05:36:52 GMT
age: 42194
etag: "0e9b952f6489f0a5f4862d3bea2fbe0ecdd379e5"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d7ce900-ce9b-481b-9205-9748eeded2e8.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d7ce900-ce9b-481b-9205-9748eeded2e8.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 22905e8a7c8b1741dd51842c114a6517
c5900fe2396e0ca371c4847af4e96149850c3577
1525f9f39c09370fcb1f58f079f2d741a4c6d13fba26e6dd5b79466153d7685e
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4d7ce900-ce9b-481b-9205-9748eeded2e8.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10405
x-amzn-requestid: 0b8dad7a-2ec1-4eed-9a2c-06079ed46662
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: CRi69E9xoAMFiJg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-641d4b79-2f606ac041c5db24583c8d51;Sampled=0
x-amzn-remapped-date: Fri, 24 Mar 2023 07:04:25 GMT
x-amz-cf-pop: SEA19-C1
x-cache: Hit from cloudfront
x-amz-cf-id: qbbEi0tXZLKo6qjrbJMtTHdhWziYrLrgzY1hzt_LrQJoeDDBbJnZBA==
via: 1.1 4b800f7fa2c3fbb9f4f3c505b0df315e.cloudfront.net (CloudFront), 1.1 b48dedcc55e63f14261aa92cf2d61522.cloudfront.net (CloudFront), 1.1 google
date: Mon, 27 Mar 2023 05:54:17 GMT
age: 41149
etag: "c5900fe2396e0ca371c4847af4e96149850c3577"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
video.ktkjmp.com/adsbygoogle.js
104.18.48.21200 OK 16 B URL HTTP/2 video.ktkjmp.com/adsbygoogle.js
IP 104.18.48.21:0
Hash 3d7f7a60216d40dea48e495fef6903c9
fecdb5184f55cf012563d78940eb97b10b9cc99b
96d83ac9f20fc0b88404f307f135e212642e02d6ea295c96b28aed0d771a224f
GET /adsbygoogle.js HTTP/1.1
Host: video.ktkjmp.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://creative.xlivrdr.com/
Origin: https://creative.xlivrdr.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: application/javascript
content-length: 16
x-amz-id-2: umnGOMVCjminO+qe5UBV06OrSizh/U59KvaEibge5v1gMRbq/UnThpljPBepeh+5w7wEpQIcu/4=
x-amz-request-id: 3YW9SERF7DC7262X
last-modified: Thu, 10 Mar 2022 13:52:07 GMT
etag: "3d7f7a60216d40dea48e495fef6903c9"
x-amz-meta-s3cmd-attrs: atime:1646920284/ctime:1646920283/gid:20/gname:staff/md5:3d7f7a60216d40dea48e495fef6903c9/mode:33188/mtime:1646920283/uid:501/uname:mikhailchubar
x-amz-version-id: eIgLIBoMMcsEXtxOH6UDjWyfAquRpkIG
access-control-allow-origin: https://creative.xlivrdr.com
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Content-Length, Accept-Encoding, x-requested-with
cf-cache-status: HIT
age: 1772
expires: Mon, 27 Mar 2023 21:20:06 GMT
cache-control: public, max-age=14400
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ae94d5849beb511-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1679937570/102498870
104.18.63.132200 OK 22 kB URL HTTP/2 img.strpst.com/thumbs/1679937570/102498870
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash f37c547bffc96ef43e64c508f3f64b13
b6f0d66cfb953c631601c0f5d61dee49a961245c
1d1c59a1e8042f6798b8f901c2c7119e29f4c7dd790420ddc7443c29838e1bd0
GET /thumbs/1679937570/102498870 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: image/jpeg
content-length: 21921
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=1, max-stale=1, stale-if-error=1
cf-bgj: imgq:100,h2pri
cf-polished: origSize=23031, status=webp_bigger
etag: "9bed14cf9e1b636f617e489b34105beb"
last-modified: Mon, 27 Mar 2023 17:18:50 GMT
cf-cache-status: HIT
age: 19
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ae94d596a1b1c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1679937570/52427699
104.18.63.132200 OK 22 kB URL HTTP/2 img.strpst.com/thumbs/1679937570/52427699
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash cebaef3887e3b00dfc9414ad7f97a91f
715ee82de630d42e0efb666bf50967b78b78660d
017c225b935f530c58d7809ed0c90ff3d688ca3760c06c472aa665bb68dd7c52
GET /thumbs/1679937570/52427699 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: image/jpeg
content-length: 21751
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=1, max-stale=1, stale-if-error=1
cf-bgj: imgq:100,h2pri
cf-polished: origSize=22503, status=webp_bigger
etag: "7ca5d20b806e64445ffb22724f29eb5a"
last-modified: Mon, 27 Mar 2023 17:19:06 GMT
cf-cache-status: HIT
age: 14
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ae94d596a1e1c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1679937570/94937915
104.18.63.132200 OK 18 kB URL HTTP/2 img.strpst.com/thumbs/1679937570/94937915
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 06134771cdf604679541e7479843c64d
2f0dbdbe2b6d8cc9ab5a744d8c0e12db04d89fb3
d981f308bfbd1493a8c4a1a357baff837019ed3f0fea9d9aabde222a46a59c1e
GET /thumbs/1679937570/94937915 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: image/jpeg
content-length: 18263
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=1, max-stale=1, stale-if-error=1
cf-bgj: imgq:100,h2pri
cf-polished: origSize=19104, status=webp_bigger
etag: "4069c253b427658b56c43cbdb05aa74a"
last-modified: Mon, 27 Mar 2023 17:19:11 GMT
cf-cache-status: HIT
age: 14
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ae94d596a221c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1679937570/69938281
104.18.63.132200 OK 24 kB URL HTTP/2 img.strpst.com/thumbs/1679937570/69938281
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 9b69cb4938c22f4b94afc086404cbced
4cb5345b47ae8700ae424c958c13e594118c05c4
6b29425d18031500d4b61aeb5bbcd95881c1eb7f844084de35d964ac53ee8fc1
GET /thumbs/1679937570/69938281 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: image/jpeg
content-length: 24361
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=1, max-stale=1, stale-if-error=1
cf-bgj: imgq:100,h2pri
cf-polished: origSize=25415, status=webp_bigger
etag: "a9f787287d35333fadd883d357477ece"
last-modified: Mon, 27 Mar 2023 17:18:57 GMT
cf-cache-status: HIT
age: 17
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ae94d596a231c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1679937570/91490855
104.18.63.132200 OK 20 kB URL HTTP/2 img.strpst.com/thumbs/1679937570/91490855
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 6863a29e9011b9531c3898502a3c4cf5
982b1b1781fa0b00ba89e349c21a0d2e3bc7bf9a
b95421772a4f7f60c946637831727aa142f0e9a4c77f24a2af999b8c300f196b
GET /thumbs/1679937570/91490855 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: image/jpeg
content-length: 20044
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=1, max-stale=1, stale-if-error=1
cf-bgj: imgq:100,h2pri
cf-polished: origSize=20776, status=webp_bigger
etag: "2f2591982dac9cf03231162c39a26334"
last-modified: Mon, 27 Mar 2023 17:19:34 GMT
cf-cache-status: HIT
age: 14
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ae94d596a271c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1679937570/76271810
104.18.63.132200 OK 109 kB URL HTTP/2 img.strpst.com/thumbs/1679937570/76271810
IP 104.18.63.132:0
Size 109 kB (108840 bytes)
Hash 703072d91f0de6468bb3f3e90557bc80
3b14420f1392180fc1ef02feda69eeba599fe513
50fd56967812ce4d4a54948b8bab0bf0c4aa693fff1d6e041e27f0c93ac68e3a
GET /thumbs/1679937570/76271810 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: image/jpeg
content-length: 29807
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=1, max-stale=1, stale-if-error=1
cf-bgj: imgq:100,h2pri
cf-polished: origSize=31254, status=webp_bigger
etag: "2d023631ad033e1b7faf77ab50168c69"
last-modified: Mon, 27 Mar 2023 17:19:12 GMT
cf-cache-status: HIT
age: 19
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ae94d597a291c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1679937570/74768272
104.18.63.132200 OK 64 kB URL HTTP/2 img.strpst.com/thumbs/1679937570/74768272
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash afb52efc72888c3ab843349759e06fd8
1b90fd5adee4a7766fd3f556fb75beea438009ee
4878050e4ecc29cadc6c22d196a674415ecf35db0bf801196a9da46546d49bd7
GET /thumbs/1679937570/74768272 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: image/jpeg
content-length: 64530
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=1, max-stale=1, stale-if-error=1
cf-bgj: imgq:100,h2pri
cf-polished: origSize=67057, status=webp_bigger
etag: "bcdb8978348f096a997bb53b1bd523fb"
last-modified: Mon, 27 Mar 2023 17:18:50 GMT
cf-cache-status: HIT
age: 19
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ae94d597a2f1c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1679937570/15433975
104.18.63.132200 OK 43 kB URL HTTP/2 img.strpst.com/thumbs/1679937570/15433975
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 640x360, components 3\012- data
Hash a4c1f4bc9ad05058a41db3c320f86cc0
5440e6fa73da5d0bad216af100d82d5807abcba6
573105c3664c6eb01e78b41b2af884c0d797651697930a43e80afaf097b0e16c
GET /thumbs/1679937570/15433975 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: image/jpeg
content-length: 43365
access-control-allow-credentials: true
access-control-allow-headers: *
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=1, max-stale=1, stale-if-error=1
cf-bgj: imgq:100,h2pri
cf-polished: origSize=44769, status=webp_bigger
etag: "f6c52994f91286b5ab01fc37579a89fb"
last-modified: Mon, 27 Mar 2023 17:19:00 GMT
cf-cache-status: HIT
age: 19
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ae94d597a2b1c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img.strpst.com/thumbs/1679937570/72568703
104.18.63.132200 OK 28 kB URL HTTP/2 img.strpst.com/thumbs/1679937570/72568703
IP 104.18.63.132:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 0x0, segment length 16, progressive, precision 8, 270x360, components 3\012- data
Hash 4371a9f9f04c2a9e050acae18e0c1344
410b6550a046e7c94877383e290d58f4271ce0c8
4039283392595353a7db93b3eb79cba0808891b1339111c592ff189da0a63e99
GET /thumbs/1679937570/72568703 HTTP/1.1
Host: img.strpst.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://creative.xlivrdr.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: image/jpeg
content-length: 27541
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=1800, s-maxage=1800, stale-while-revalidate=1, max-stale=1, stale-if-error=1
cf-bgj: imgq:100,h2pri
cf-polished: origSize=28814, status=webp_bigger
etag: "d6cc07ecc719486b06e7db1e3faeac0c"
last-modified: Mon, 27 Mar 2023 17:19:07 GMT
cf-cache-status: HIT
age: 19
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ae94d597a371c12-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
creative.xlivrdr.com/widgets/v4/Universal?ax=0&campaignId=092ba119f71c45080bc079964bc918d5ea43dba8ca3906931e64cedceef0ef50&campaignType=smartpop&creativeId=dce28b2e94745c1cb9b5fe2e09bf2d127f158343ad9702f00eed42254ad3906e&iterationId=287261&kbLimit=1000&masterSmartpopId=1915&memberId=ooddNHdLHTPHNVS4ASOprrumqndZdXRLNdO6V01cqq5ZXTTSupmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7SbSnbW2vOXenaa2mfPWrTibWXbaaai3h0rutwGz71CjvaPUP7nOldK6V0rpXSuldTXXdNVS6VwfY-&p1=5304560&ruleId=18&smartpopId=7199&sourceId=5304560&tag=-girls%2Findian&trackOff=1&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29806
104.18.51.106200 OK 59 kB URL HTTP/2 creative.xlivrdr.com/widgets/v4/Universal?ax=0&campaignId=092ba119f71c45080bc079964bc918d5ea43dba8ca3906931e64cedceef0ef50&campaignType=smartpop&creativeId=dce28b2e94745c1cb9b5fe2e09bf2d127f158343ad9702f00eed42254ad3906e&iterationId=287261&kbLimit=1000&masterSmartpopId=1915&memberId=ooddNHdLHTPHNVS4ASOprrumqndZdXRLNdO6V01cqq5ZXTTSupmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7SbSnbW2vOXenaa2mfPWrTibWXbaaai3h0rutwGz71CjvaPUP7nOldK6V0rpXSuldTXXdNVS6VwfY-&p1=5304560&ruleId=18&smartpopId=7199&sourceId=5304560&tag=-girls%2Findian&trackOff=1&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29806
IP 104.18.51.106:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash d3afc8b67caccecc1d0b41f6bf44e438
6c898757aa3da6544aafd93c1ee0d73ef5b4aff7
64451c1f7c6e1f2711ccb4c27816e59648f9baffd65ceecacc9f665b58daea6a
GET /widgets/v4/Universal?ax=0&campaignId=092ba119f71c45080bc079964bc918d5ea43dba8ca3906931e64cedceef0ef50&campaignType=smartpop&creativeId=dce28b2e94745c1cb9b5fe2e09bf2d127f158343ad9702f00eed42254ad3906e&iterationId=287261&kbLimit=1000&masterSmartpopId=1915&memberId=ooddNHdLHTPHNVS4ASOprrumqndZdXRLNdO6V01cqq5ZXTTSupmdQ6mV0rpXSunqoppdRNTRPTO6iamieml0rpnSuldK6V0zpXSumc7SbSnbW2vOXenaa2mfPWrTibWXbaaai3h0rutwGz71CjvaPUP7nOldK6V0rpXSuldTXXdNVS6VwfY-&p1=5304560&ruleId=18&smartpopId=7199&sourceId=5304560&tag=-girls%2Findian&trackOff=1&userId=1f2ad638bb163e0f21b19d6cbbcd5805b56eb7b1ef21117b6157eaf2a11915c9&variationId=29806 HTTP/1.1
Host: creative.xlivrdr.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hentaicovid.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:06 GMT
content-type: text/html
last-modified: Mon, 27 Mar 2023 08:47:47 GMT
expires: Mon, 27 Mar 2023 17:20:00 GMT
cache-control: max-age=10
strict-transport-security: max-age=15768000
pragma: public
report-to: { "endpoints":[{ "url": "https://go.stripchat.com/report" }], "group": "default", "max_age": 1048576 }
cf-cache-status: HIT
age: 5
vary: Accept-Encoding
server: cloudflare
cf-ray: 7ae94d568b491c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
188.114.99.234200 OK 0 B URL HTTP/2 stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP 188.114.99.234:0
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:04 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 11/15/2021 21:49:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 2729ae8f2fc6c761bdc17d91cc795f58
cdn-cache: HIT
cf-cache-status: HIT
age: 25384358
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 7ae94d4a78f9b4ee-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
delivery.taroads.com/pub?id=201125
188.114.96.1200 OK 0 B URL HTTP/2 delivery.taroads.com/pub?id=201125
IP 188.114.96.1:0
GET /pub?id=201125 HTTP/1.1
Host: delivery.taroads.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:04 GMT
content-type: text/javascript;charset=UTF-8
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zNV%2Fp3%2B5tk%2BlypE1wSabXkQbSaLLQNAH2FQY1kbWhYIS85BAF8GrbLzJHb3YNK2nLnHlzrO9AFsom7mZwg9zFjZIM%2FbZ7KfvNeE52wiYnDVfuS03Rm1%2BW3S0G3UMhtGUSLGtX4PM5g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ae94d4b1e1e0b39-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=d2f7a09671
172.64.168.22200 OK 0 B URL HTTP/2 ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=d2f7a09671
IP 172.64.168.22:0
GET /releases/v5.15.4/css/free.min.css?token=d2f7a09671 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:04 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"a12ec7ebe75a4d59a5dd6b79e2ba2e16"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 81dd58fce895623c177df225d0a65d52.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: ZYJXcI7TiAH09nyKtTTBw9hJODFV58SNj1JduUfPgSmKclTl0wm0SA==
age: 2309847
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tWQ0EwF8n1eyXkbGdzI6sYn3G3DCGKLL1LrSy0kuh6lnrFB30VZPJajEnc%2BhUvdcwm5buR09VG4tzk3bTb%2FETJXGpxSMyDJPWkP22iXgNxN9oNjBJxklVMF8%2BQJ8OdAvybi%2FGHHnqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ae94d4e2f594164-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hentaicovid.com/games-animes/free-download-01039002
188.114.96.1200 OK 0 B URL HTTP/2 hentaicovid.com/games-animes/free-download-01039002
IP 188.114.96.1:0
NIDS Severity Alert suricata medium ET HUNTING Suspicious GET Request with Possible COVID-19 Domain M1
GET /games-animes/free-download-01039002 HTTP/1.1
Host: hentaicovid.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:04 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: no-cache, private
set-cookie: XSRF-TOKEN=eyJpdiI6InZTSlNQZUJ0WUhNNnlmakcwa24wcWc9PSIsInZhbHVlIjoibXRRS0JkRGVobjlLVWZabWxYbzBrVWo3Q3k5ZHVkTEZGeW93aTdkNXVXS3pkOUIyMUZoNk5ESWh1S3I3VWdDWSIsIm1hYyI6IjdkOGE3NTJlNmQ0M2VhMmEyZGZjZjA4ZjdlMjEyODZhNTczODQyMTBlZjdmMjcwMWIxMDNiMDRlYWFmM2I3OWMifQ%3D%3D; expires=Mon, 27-Mar-2023 19:20:03 GMT; Max-Age=7200; path=/
laravel_session=eyJpdiI6Inc3anNsYkJQSHJHVlM1cHUySzRUY2c9PSIsInZhbHVlIjoiaFF6NmdtWTlBamlXalZjUGg0NHhrelA5dUx1aE5vV1VFSmROUnFkV3FVUjFRZFFHOUNcL2hPaXl6S1wveTA4bkRYIiwibWFjIjoiMzlkNmE1ZGFlNTUyNzhmMGVjM2FhYzRkYWY3MGFlZjlhY2IwMjViNzNlYmY2NzQzZWM2ZTRiMTdkNDc0YmU5ZSJ9; expires=Mon, 27-Mar-2023 19:20:03 GMT; Max-Age=7200; path=/; httponly
x-content-type-options: "nosniff" always
x-xss-protection: "1; mode=block" always
strict-transport-security: "max-age=31536000; includeSubDomains; preload" always
referrer-policy: no-referrer-when-downgrade
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B9Kkymfj6cTMZPvWGx4fhoYjUpPDSJhOwmiwEBvTwBCWAbZcU5FT6qLZR5agPLQ49XPi4boolFcsIk7Nb5MHaS4MApRrDqWFGuij6Ey5EkjSllPlOrvPIWdo27Mo%2FGQZ%2BXg%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ae94d479bcab518-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto&display=swap
142.250.74.138200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto&display=swap
IP 142.250.74.138:0
GET /css?family=Roboto&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Mon, 27 Mar 2023 17:20:04 GMT
date: Mon, 27 Mar 2023 17:20:04 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2
marksheet.io/css/reset.css
104.21.51.20200 OK 0 B URL HTTP/2 marksheet.io/css/reset.css
IP 104.21.51.20:0
GET /css/reset.css HTTP/1.1
Host: marksheet.io
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:04 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 09 May 2022 07:04:55 GMT
vary: Accept-Encoding
access-control-allow-origin: *
etag: W/"6278bd17-1144"
expires: Mon, 27 Mar 2023 17:28:45 GMT
cache-control: max-age=14400
x-proxy-cache: MISS
x-github-request-id: 9624:66A5:139EEA9:1AA6BEF:6356C43B
cf-cache-status: REVALIDATED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yphlMZ0L1kAGFcu0GnxS5scKB08j%2Bv8qACCtqNZ%2BIjBaplfL0VtBi2nvkYjXL%2FXr%2BsFh6zbdcaTrOQpM3VyKMX8gM%2B55g%2BNw%2BIcvv4RL%2B4VTt4XwODNf%2BU2U2rJGM6g%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ae94d4b0d5bb529-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=d2f7a09671
172.64.168.22200 OK 0 B URL HTTP/2 ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=d2f7a09671
IP 172.64.168.22:0
GET /releases/v5.15.4/css/free-v4-shims.min.css?token=d2f7a09671 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hentaicovid.com
Connection: keep-alive
Referer: https://hentaicovid.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Mon, 27 Mar 2023 17:20:04 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Wed, 04 Aug 2021 18:53:09 GMT
etag: W/"76f34b71fc9fb641507ff6a822cc07f5"
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 f546fae491a152f9c1396e6d0a62bb42.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: K4tRNljXPMqWZ6OLrHBqnpxeMR93yzVnGyYdilE6-vMXTfP0szcLfw==
age: 2309847
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G2jPhdX4rvhjcEDIitkbLhI3AZdiLi1o8gu0NfpAKgRhgOcNRZ%2B0aw8%2BLyoITpm%2BH%2B2t44phW5cN%2Ba6TaYwGixn4QVTohlhO5CDhRmIA6eB3lxLIKMLU8sSKpuEI3IRXbMJSjfmqFA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7ae94d4e2f664164-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2