hdzog.tube/
104.21.56.56301 Moved Permanently 0 B IP 104.21.56.56:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: hdzog.tube
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Fri, 16 Sep 2022 14:04:21 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Fri, 16 Sep 2022 15:04:21 GMT
Location: https://hdzog.tube/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f2%2FSFWikjHXCIEt3umwVlmszSIilfmuLfKaFjm4fbqc0LT%2Bi2PzI6ikAKdPM3BteHuZeGt1hG9BtmOWpHMLJcOVEzLBCX4K5oPlpvc1HZ2V2Xnh4r9RUu2j6Cxsk"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ba269779b41c06-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.115200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 91dd975a7b17b2922dd23c0e49314e40
57a2ece1e3cee7c4ebf927f2ba92f52cac395fe2
09966873bbf317f8910c59544cfde2a6d46e8acd2905797cc7c85c6b4d18ea8a
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Content-Type, Alert, Backoff, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Fri, 16 Sep 2022 13:10:49 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 277d0e3af1ffdcb1ee40b7dc9f040146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: uioYRmtw4s3RrStuDuxFDbBnlEZZbu89R4rHvGbOEzzpOiiTL1JXMw==
Age: 3212
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 96daaf84cd2c07756756caf7a2724a29
d24d47c68eec98d44bf341dab9d893df97103e1a
fef9ce9f75ec19e7ae2ccbffb6654db2473a2b4acc94c1b4303e5ec24149465f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FEF9CE9F75EC19E7AE2CCBFFB6654DB2473A2B4ACC94C1B4303E5EC24149465F"
Last-Modified: Thu, 15 Sep 2022 18:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4527
Expires: Fri, 16 Sep 2022 15:19:48 GMT
Date: Fri, 16 Sep 2022 14:04:21 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.35200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.35:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Fri, 16 Sep 2022 04:35:16 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 8e6dce34fd223e0c9d89fd938d1784a2.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: yHJ1fPFTnoZZYc81tztpZhhDqd2kIDD00QWQoKqoUSya0KDdC3e-Aw==
age: 34146
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47c50e6b900319570684e73c2602ee43
4fa649d794ad77d35ef563ce3cfe39fafead3844
97f8b6c00b6367d1772bbd319cbb1358cbed71bb77f5975f03753ce308eeb90d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "97F8B6C00B6367D1772BBD319CBB1358CBED71BB77F5975F03753CE308EEB90D"
Last-Modified: Wed, 14 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19235
Expires: Fri, 16 Sep 2022 19:24:56 GMT
Date: Fri, 16 Sep 2022 14:04:21 GMT
Connection: keep-alive
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Fri, 16 Sep 2022 14:04:21 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.77.32200 OK 345 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 47c50e6b900319570684e73c2602ee43
4fa649d794ad77d35ef563ce3cfe39fafead3844
97f8b6c00b6367d1772bbd319cbb1358cbed71bb77f5975f03753ce308eeb90d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "97F8B6C00B6367D1772BBD319CBB1358CBED71BB77F5975F03753CE308EEB90D"
Last-Modified: Wed, 14 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19235
Expires: Fri, 16 Sep 2022 19:24:56 GMT
Date: Fri, 16 Sep 2022 14:04:21 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3b816941816ca5fed922c0604e9da8dc
94c14ea6c512c6c262479b4299f1cd4dd99ea5cd
a05000788114487ba8b8c661ba1370b29c96a93a16275b3fab497cf75722b51d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 2.8 kB IP 142.250.74.3:0
Hash f524bae19f762c0a13b7b96f810a73bd
2fda8517a5c1a6ff68a94045591a74249f5a1ec8
89c1c24d420f24914bbd6b14cd6e915e6869a8ae8508a8dbb8cd8791930d00f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.115200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.115:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Fri, 16 Sep 2022 14:03:22 GMT
Expires: Fri, 16 Sep 2022 14:50:50 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 a7d2a4ec2f50830f128dc406960aef9a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: u5VP1UoOJ_3efYDL3qz0P9c9KjVu2cAz5a5jC6rFJ2smyvEsiE6mRQ==
Age: 59
www.googletagmanager.com/gtm.js?id=GTM-MVMB4DG
142.250.74.72200 OK 38 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-MVMB4DG
IP 142.250.74.72:0
File type ASCII text, with very long lines (2198)
Hash 887fd012c59a4babde33997c1338aa5b
9a66fb791cd366b0e0b296962e8ab58ffda8d371
5460ff0c23fb0c872edf73f373aa3b8c2d6cd060872418b6e4008d97e4b8d154
GET /gtm.js?id=GTM-MVMB4DG HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 16 Sep 2022 14:04:21 GMT
expires: Fri, 16 Sep 2022 14:04:21 GMT
cache-control: private, max-age=900
last-modified: Fri, 16 Sep 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 38213
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.googletagmanager.com/gtm.js?id=GTM-PGXHKV
142.250.74.72200 OK 169 kB URL HTTP/2 www.googletagmanager.com/gtm.js?id=GTM-PGXHKV
IP 142.250.74.72:0
File type Unicode text, UTF-8 text, with very long lines (55196)
Size 169 kB (169158 bytes)
Hash 2d11b219e55846121caf8a25d5431975
24146054f0b24a8cd20e2b453bef619187d33c2f
d9cedd6c4a575e3d295b31725fdf8abaac79da2bc2da518bf58de5dd41cbe68b
GET /gtm.js?id=GTM-PGXHKV HTTP/1.1
Host: www.googletagmanager.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-encoding: br
vary: Accept-Encoding
date: Fri, 16 Sep 2022 14:04:21 GMT
expires: Fri, 16 Sep 2022 14:04:21 GMT
cache-control: private, max-age=900
last-modified: Fri, 16 Sep 2022 12:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
server: Google Tag Manager
content-length: 46652
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 3b816941816ca5fed922c0604e9da8dc
94c14ea6c512c6c262479b4299f1cd4dd99ea5cd
a05000788114487ba8b8c661ba1370b29c96a93a16275b3fab497cf75722b51d
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:21 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
a.exosrv.com/ads.js
205.185.216.42200 OK 972 B IP 205.185.216.42:0
File type ASCII text, with very long lines (2474), with no line terminators
Hash 7d9604b94c86720afb5884077110afc0
ff271b314f322f21e76ff297026be2c8fa7ea027
48c044514d04c243384bdfee5b66cbea06d1dcf9e21597361dbe5597b6d6d7c4
GET /ads.js HTTP/1.1
Host: a.exosrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 14:04:21 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 972
Content-Type: application/javascript
Accept-Ranges: bytes
Server: nginx
etag: W/"b60fdcc211f42a1f246a8c80b56"
Cache-Control: max-age=10800
X-HW: 1663337061.dop218.sk1.t,1663337061.cds224.sk1.shn,1663337061.cds224.sk1.c
Access-Control-Allow-Origin: *, *
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 3db421016cf0e3ad25f324cf0faf0fac
b15909de1105d4d2fb5be5b3920c454daf022445
914b15f28636e0a5e851540ffb0625ecd09d0546b2f1f7af90b267ceebcf1d5d
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6434
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:22 GMT
Last-Modified: Fri, 16 Sep 2022 12:17:08 GMT
Server: ECS (ska/F70E)
X-Cache: HIT
Content-Length: 471
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Fri, 16 Sep 2022 12:41:12 GMT
expires: Fri, 16 Sep 2022 14:41:12 GMT
cache-control: public, max-age=7200
age: 4990
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ads.exoclick.com/ads.js
205.185.216.10200 OK 974 B IP 205.185.216.10:0
File type ASCII text, with very long lines (2476), with no line terminators
Hash 92af51b4341a31ff621022c2a648c05e
3761459319128e7349981f338926abcd89ba58e0
6dd1f44f60b3c9584b3d9a54af5348c3fc36c7e13585f593f205ed42a0fa7e9f
GET /ads.js HTTP/1.1
Host: ads.exoclick.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 14:04:22 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 974
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"8f3c7314efe500b41baba9f571b"
X-HW: 1663337062.dop022.sk1.t,1663337062.cds249.sk1.shn,1663337062.dop022.sk1.t,1663337062.cds003.sk1.c
Access-Control-Allow-Origin: *, *
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0e8c70d5506244cb050544acb0044b81
7dea133999a3a019ab064244dded2cd9aa94ddca
9e53787d4c467c3e928de3e936d1f575d139fe4a3f12ac5a3129836c46b0282a
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9E53787D4C467C3E928DE3E936D1F575D139FE4A3F12AC5A3129836C46B0282A"
Last-Modified: Thu, 15 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18342
Expires: Fri, 16 Sep 2022 19:10:04 GMT
Date: Fri, 16 Sep 2022 14:04:22 GMT
Connection: keep-alive
js.wpadmngr.com/npc/sdk/wp-banners.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpadmngr.com/npc/sdk/wp-banners.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpadmngr.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Fri, 16 Sep 2022 14:09:22 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
push.services.mozilla.com/
54.148.17.90101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 54.148.17.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: x+6V75vEZckCTAoVwvysKg==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: nxwjv8eHW1nzXliv8eKYZzlbOhA=
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 645fdee47e91d1df1101e1d835398236
39665f2b323bcee5ecd7f4eb2f486e8423b71c50
66713961fb91c2361571f035fc6cb28f434502674616b2d9201c1b2ed48dc8f8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66713961FB91C2361571F035FC6CB28F434502674616B2D9201C1B2ED48DC8F8"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3497
Expires: Fri, 16 Sep 2022 15:02:39 GMT
Date: Fri, 16 Sep 2022 14:04:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 645fdee47e91d1df1101e1d835398236
39665f2b323bcee5ecd7f4eb2f486e8423b71c50
66713961fb91c2361571f035fc6cb28f434502674616b2d9201c1b2ed48dc8f8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66713961FB91C2361571F035FC6CB28F434502674616B2D9201C1B2ED48DC8F8"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3497
Expires: Fri, 16 Sep 2022 15:02:39 GMT
Date: Fri, 16 Sep 2022 14:04:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 645fdee47e91d1df1101e1d835398236
39665f2b323bcee5ecd7f4eb2f486e8423b71c50
66713961fb91c2361571f035fc6cb28f434502674616b2d9201c1b2ed48dc8f8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66713961FB91C2361571F035FC6CB28F434502674616B2D9201C1B2ED48DC8F8"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3497
Expires: Fri, 16 Sep 2022 15:02:39 GMT
Date: Fri, 16 Sep 2022 14:04:22 GMT
Connection: keep-alive
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 1897fcbc0f6cc7c6298d05f545f77059
d54131b6f0292aa56cfef6556d4fc194b6cffa9c
9c657012df86aed7097544d5bc1ee3f04dace7e2f1cf644f0685bb414e97a7b4
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 14:04:22 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Tue, 20 Sep 2022 09:51:21 GMT
ETag: "d54131b6f0292aa56cfef6556d4fc194b6cffa9c"
Last-Modified: Fri, 16 Sep 2022 09:51:22 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2923
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ba26a04b45b517-OSL
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 645fdee47e91d1df1101e1d835398236
39665f2b323bcee5ecd7f4eb2f486e8423b71c50
66713961fb91c2361571f035fc6cb28f434502674616b2d9201c1b2ed48dc8f8
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "66713961FB91C2361571F035FC6CB28F434502674616B2D9201C1B2ED48DC8F8"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3497
Expires: Fri, 16 Sep 2022 15:02:39 GMT
Date: Fri, 16 Sep 2022 14:04:22 GMT
Connection: keep-alive
tn.hdzog.com/contents/videos_screenshots/2313000/2313013/300x169/1.jpg
45.133.44.25200 OK 20 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2313000/2313013/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash 00e9ccd41f1a2fe19b3230d6b316f729
5c408b3b1a7e6b0ea8fafc26cdfd7d9f4080d0da
bb7cbf339f1c174e27d471bfb621e0108f94783cea0ea4f78386a7a385429b14
GET /contents/videos_screenshots/2313000/2313013/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 19904
server: nginx/1.21.2
last-modified: Fri, 02 Sep 2022 13:36:49 GMT
etag: "631206f1-4dc0"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1433d14bf06ea257ce78842134f0bede
6dd0ef1b13831233764fe68c45389cc8737c2a1f
1e2a43bc20e5f95e686c9024ec572015d9b8901879d701dfd7c058e5e0c16757
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1E2A43BC20E5F95E686C9024EC572015D9B8901879D701DFD7C058E5E0C16757"
Last-Modified: Thu, 15 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7208
Expires: Fri, 16 Sep 2022 16:04:30 GMT
Date: Fri, 16 Sep 2022 14:04:22 GMT
Connection: keep-alive
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 938 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 1897fcbc0f6cc7c6298d05f545f77059
d54131b6f0292aa56cfef6556d4fc194b6cffa9c
9c657012df86aed7097544d5bc1ee3f04dace7e2f1cf644f0685bb414e97a7b4
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Fri, 16 Sep 2022 14:04:22 GMT
Content-Type: application/ocsp-response
Content-Length: 938
Connection: keep-alive
Expires: Tue, 20 Sep 2022 09:51:21 GMT
ETag: "d54131b6f0292aa56cfef6556d4fc194b6cffa9c"
Last-Modified: Fri, 16 Sep 2022 09:51:22 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 2923
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74ba26a08b7eb517-OSL
tn.hdzog.com/contents/videos_screenshots/2313000/2313475/300x169/1.jpg
45.133.44.25200 OK 20 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2313000/2313475/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash 0c3dda8a100dcd49687155a4f67a9169
667fab483b61a5138d06b2535670201020e2b0b4
f01c8b551db497d1bd025e8320a0d35ae383d966560d9a2130617f01e5890f05
GET /contents/videos_screenshots/2313000/2313475/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 19683
server: nginx/1.21.2
last-modified: Sat, 03 Sep 2022 08:27:27 GMT
etag: "63130fef-4ce3"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tn.hdzog.com/contents/videos_screenshots/2313000/2313177/300x169/1.jpg
45.133.44.25200 OK 18 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2313000/2313177/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash 70178dc9508a491b37d3a97e6cf2097e
01c07c675c61a81a60fff063c7574196bad96e33
8a6d7f6aa5b2d4fcbbd257dc2b17b68f04dac9e28c769a389400a263b1a48f70
GET /contents/videos_screenshots/2313000/2313177/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 18333
server: nginx/1.21.2
last-modified: Fri, 02 Sep 2022 20:51:27 GMT
etag: "63126ccf-479d"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tn.hdzog.com/contents/videos_screenshots/2312000/2312457/300x169/1.jpg
45.133.44.25200 OK 25 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2312000/2312457/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash 4b0d22b3ec992d0ef64d7d7e57513e08
ab8001a88927570420fb3f41e94559a1a7a0989a
3dc53d18f230d5a90fe9c471489a7e96f6bb789739a042683249f13e75082daa
GET /contents/videos_screenshots/2312000/2312457/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 25092
server: nginx/1.21.2
last-modified: Thu, 01 Sep 2022 13:43:05 GMT
etag: "6310b6e9-6204"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tn.hdzog.com/contents/videos_screenshots/2310000/2310485/300x169/1.jpg
45.133.44.25200 OK 22 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2310000/2310485/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash 910e37331c11411c2afae679fe5bc9dc
9a740f06746410b3b255564715d22c0989cb5d49
711038a8c5938a9c1e09c99689d3ee89cca8dbbc65b5bc4a570dbcf5b4044c19
GET /contents/videos_screenshots/2310000/2310485/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 22028
server: nginx/1.21.2
last-modified: Thu, 25 Aug 2022 03:32:08 GMT
etag: "6306ed38-560c"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tn.hdzog.com/contents/videos_screenshots/2310000/2310351/300x169/1.jpg
45.133.44.25200 OK 24 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2310000/2310351/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash a29134f157e4ba89af8a6cb7483bd040
455c21aa8a0f479ae4d2152c195fedf6876a043c
6bca78193e59e3158732b4be07cd49298a3e21e7af34fdcb9d11260a24ec89fb
GET /contents/videos_screenshots/2310000/2310351/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 23608
server: nginx/1.21.2
last-modified: Wed, 24 Aug 2022 23:02:48 GMT
etag: "6306ae18-5c38"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tn.hdzog.com/contents/videos_screenshots/2313000/2313721/300x169/1.jpg
45.133.44.25200 OK 23 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2313000/2313721/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash 2affaf6ea841a12d28204d7559ec32d7
a6649a70b80b0a4971242861a9cf6fcc800d62ab
310e006d558bfb450c8c7e96f73792191b343474358972596fb6065503fe3080
GET /contents/videos_screenshots/2313000/2313721/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 23093
server: nginx/1.21.2
last-modified: Sat, 03 Sep 2022 15:28:20 GMT
etag: "63137294-5a35"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tn.hdzog.com/contents/videos_screenshots/2308000/2308387/300x169/1.jpg
45.133.44.25200 OK 23 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2308000/2308387/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash f94c7f21a9ebbf0bc8113656f74096bd
16039f4636d84281d580a834ed2e9d5df9fc216f
d174c112f3e4eff6003a4bed260fa7872afb45611a5d064051b4f68bdb21f1e9
GET /contents/videos_screenshots/2308000/2308387/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 22587
server: nginx/1.21.2
last-modified: Tue, 16 Aug 2022 14:45:30 GMT
etag: "62fbad8a-583b"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tn.hdzog.com/contents/videos_screenshots/2310000/2310673/300x169/1.jpg
45.133.44.25200 OK 20 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2310000/2310673/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash 1034b4e6e8bfd0af591cc1182a8701ba
2107829445bbf5a24a104c2872cad5e2aee6116d
5073abca5965d524383372ebbe7b17b3270b9f8f97b4b94a5c6220e2156d8251
GET /contents/videos_screenshots/2310000/2310673/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 19534
server: nginx/1.21.2
last-modified: Thu, 25 Aug 2022 10:26:15 GMT
etag: "63074e47-4c4e"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tn.hdzog.com/contents/videos_screenshots/2309000/2309045/300x169/1.jpg
45.133.44.25200 OK 25 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2309000/2309045/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash ec60710bea80ac8572a96a484df86522
c1f82277b7116919e97d3588c34a493d2af555b4
280317b1ddfa818fe253e43d06ebd2512c048a713a4771a01f2a24eb3c4fed18
GET /contents/videos_screenshots/2309000/2309045/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 25415
server: nginx/1.21.2
last-modified: Mon, 22 Aug 2022 15:08:17 GMT
etag: "63039be1-6347"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tn.hdzog.com/contents/videos_screenshots/2305000/2305007/300x169/1.jpg
45.133.44.25200 OK 17 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2305000/2305007/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash 393270519fd6553fed434d7d53d23379
6d54534351b0ddbc0eacd6895e2d4088ce68baa4
2b99de0135f57819a4e760d2203bff47ff0bf68196abf36427c92763f68a6710
GET /contents/videos_screenshots/2305000/2305007/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 16639
server: nginx/1.21.2
last-modified: Wed, 10 Aug 2022 13:53:42 GMT
etag: "62f3b866-40ff"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tn.hdzog.com/contents/videos_screenshots/2316000/2316051/300x169/1.jpg
45.133.44.25200 OK 24 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2316000/2316051/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash beb2be9eb233edddb31e01819e15e9f9
0256b020b72285b390eee3d38c97931879004a51
d62ea7c7c77ec17ce391951bc63c496b9470e7bdceaa79128b99c3ce671b5304
GET /contents/videos_screenshots/2316000/2316051/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 23851
server: nginx/1.21.2
last-modified: Wed, 07 Sep 2022 17:53:20 GMT
etag: "6318da90-5d2b"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tn.hdzog.com/contents/videos_screenshots/2311000/2311807/300x169/1.jpg
45.133.44.25200 OK 28 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2311000/2311807/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash f56d57c5a35b80324b976477337c50c5
35a8cea5cad08da03d0653d60391f03dd7cecb8a
360853968c69b277b74d9762f7fc339f634b2a8560dd7ebc07ef690ce520801f
GET /contents/videos_screenshots/2311000/2311807/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 28427
server: nginx/1.21.2
last-modified: Fri, 26 Aug 2022 22:31:09 GMT
etag: "630949ad-6f0b"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tn.hdzog.com/contents/videos_screenshots/2312000/2312573/300x169/1.jpg
45.133.44.25200 OK 27 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2312000/2312573/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash f7bde38b2261ef9af1d0a248e8ed14d9
925a2646ec05aceaba63c118a5b0497ef37d0997
1a333ea647c0847cf817c15f49e8312985af47971c7e67afc55fd9f91825f10a
GET /contents/videos_screenshots/2312000/2312573/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 26571
server: nginx/1.21.2
last-modified: Thu, 01 Sep 2022 17:48:11 GMT
etag: "6310f05b-67cb"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tn.hdzog.com/contents/videos_screenshots/2312000/2312993/300x169/1.jpg
45.133.44.25200 OK 23 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2312000/2312993/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash e2881984ea3ba5c0bcde6807db19fdd8
c7e79ba64b10c68bb88b020b324988a4f2c2cf5e
8bdf24c22dfda212bccd052ec9a8937a6e84a31c5be30730829603bc67967a9b
GET /contents/videos_screenshots/2312000/2312993/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 22555
server: nginx/1.21.2
last-modified: Fri, 02 Sep 2022 12:32:58 GMT
etag: "6311f7fa-581b"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
tn.hdzog.com/contents/videos_screenshots/2316000/2316531/300x169/1.jpg
45.133.44.25200 OK 22 kB URL HTTP/2 tn.hdzog.com/contents/videos_screenshots/2316000/2316531/300x169/1.jpg
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash ccc86579c743fc8fedf2cb71ce3c5e14
31eee3c6334678b6403bbd6176a3075e3188bd25
e5b23790f02cd01e1912608e0198c5befb20d2ff370ba5e8be014bfb8789e495
GET /contents/videos_screenshots/2316000/2316531/300x169/1.jpg HTTP/1.1
Host: tn.hdzog.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: image/jpeg
content-length: 22059
server: nginx/1.21.2
last-modified: Thu, 08 Sep 2022 15:26:17 GMT
etag: "631a0999-562b"
cache-control: max-age=7776000
expires: Thu, 15 Dec 2022 14:04:22 GMT
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 64d18d7c3c9879b4dd0f9cff44326a9b
2b6c83c93d4a435a5c6060446eb0f7b4932a76bb
3e4aa3476355f61668cb6b73f5c264b476f72d2902e38a299fb4f7c7ce61fb20
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3E4AA3476355F61668CB6B73F5C264B476F72D2902E38A299FB4F7C7CE61FB20"
Last-Modified: Thu, 15 Sep 2022 15:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9891
Expires: Fri, 16 Sep 2022 16:49:13 GMT
Date: Fri, 16 Sep 2022 14:04:22 GMT
Connection: keep-alive
fp.metricswpsh.com/fp?tag_id=688
157.90.84.244204 No Content 0 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=688
IP 157.90.84.244:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /fp?tag_id=688 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://hdzog.tube/
Origin: https://hdzog.tube
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.20.1
Date: Fri, 16 Sep 2022 14:04:22 GMT
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://hdzog.tube
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
5dcd3345c4.4eb28685b6.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI5OTA0NjEyMzcwMzU0OTQ4MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOC4xIiwidGFnX2lkIjo2ODgsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC40MiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiJTIwIn0=
45.133.44.25200 OK 0 B URL HTTP/2 5dcd3345c4.4eb28685b6.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI5OTA0NjEyMzcwMzU0OTQ4MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOC4xIiwidGFnX2lkIjo2ODgsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC40MiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiJTIwIn0=
IP 45.133.44.25:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI5OTA0NjEyMzcwMzU0OTQ4MDAwIiwidGltZXpvbmUiOjAsInZlciI6IjMuOC4xIiwidGFnX2lkIjo2ODgsInNjcmVlbl9yZXNvbHV0aW9uIjoiMTI4MHgxMDI0IiwiYWRibG9jayI6MCwidGltZXpvbmVfb2xzb24iOiJVVEMiLCJ1dG1fc291cmNlIjoiIiwidXRtX21lZGl1bSI6IiIsInV0bV9jYW1wYWlnbiI6IiIsInV0bV9jb250ZW50IjoiIiwibW0iOjAsImluaXRfc3RhcnRfbGF0ZW5jeSI6MC40MiwiaXNfdjIiOjAsImlzX3YyX2VtcHR5IjowLCJ1c2VyX2tleXdvcmRzIjoiJTIwIn0= HTTP/1.1
Host: 5dcd3345c4.4eb28685b6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hdzog.tube
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:22 GMT
content-length: 0
server: nginx/1.18.0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6898c32ed832cf6e22e24b058f901cb7
6076fcbd2cb05830a64368b758fd586eda37fd95
413a82d49d19ebb5dc6daffb45b6f3ed7fb8cecaee4289ab08eab522fe8d259d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "413A82D49D19EBB5DC6DAFFB45B6F3ED7FB8CECAEE4289AB08EAB522FE8D259D"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7769
Expires: Fri, 16 Sep 2022 16:13:51 GMT
Date: Fri, 16 Sep 2022 14:04:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6898c32ed832cf6e22e24b058f901cb7
6076fcbd2cb05830a64368b758fd586eda37fd95
413a82d49d19ebb5dc6daffb45b6f3ed7fb8cecaee4289ab08eab522fe8d259d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "413A82D49D19EBB5DC6DAFFB45B6F3ED7FB8CECAEE4289AB08EAB522FE8D259D"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=7769
Expires: Fri, 16 Sep 2022 16:13:51 GMT
Date: Fri, 16 Sep 2022 14:04:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash e834d07a515a0d59b36fcc48deb40e64
bc65b0164def4ba12bfab7d151d13586e5af341e
4bb9e61e4240c55b441a1dc0fb003f819d32e183cab88667a68284d682894b99
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "4BB9E61E4240C55B441A1DC0FB003F819D32E183CAB88667A68284D682894B99"
Last-Modified: Wed, 14 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9496
Expires: Fri, 16 Sep 2022 16:42:38 GMT
Date: Fri, 16 Sep 2022 14:04:22 GMT
Connection: keep-alive
mc.yandex.ru/metrika/tag.js
77.88.21.119200 OK 72 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 77.88.21.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (681)
Hash 034d4604beaddff5783b9878fadfaee6
64d5e1e0dbbbd62d6a64349dd964763b7ab4cbea
f8a957ee3468693f465da61d899438a2b674369b80c9d5c9ffff1111a7091290
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 71985
date: Fri, 16 Sep 2022 14:04:22 GMT
access-control-allow-origin: *
etag: "6323e622-11931"
expires: Fri, 16 Sep 2022 15:04:22 GMT
last-modified: Fri, 16 Sep 2022 05:57:38 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
vast.yomeno.xyz/prepare
109.206.176.75204 No Content 0 B IP 109.206.176.75:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /prepare HTTP/1.1
Host: vast.yomeno.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://hdzog.tube/
Origin: https://hdzog.tube
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.20.1
date: Fri, 16 Sep 2022 14:04:23 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://hdzog.tube
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
content-type: text/plain; charset=utf-8
content-length: 0
X-Firefox-Spdy: h2
fp.metricswpsh.com/fp?tag_id=688
157.90.84.244200 OK 28 B URL HTTP/1.1 fp.metricswpsh.com/fp?tag_id=688
IP 157.90.84.244:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text
Hash d8ded99ae3089c609f0f3dfd190a3299
aa378c43d5b8dc4887db4f93f86a319f75731b6f
f5526ab1e5df71c978b3db3ada96990b256be308611834bea29d342b88338000
POST /fp?tag_id=688 HTTP/1.1
Host: fp.metricswpsh.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 22269
Origin: https://hdzog.tube
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.20.1
Date: Fri, 16 Sep 2022 14:04:22 GMT
Content-Type: application/json; charset=UTF-8
Content-Length: 28
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://hdzog.tube
Set-Cookie: id=3560637481489444469; Expires=Sat, 16 Sep 2023 14:04:22 GMT; Secure; SameSite=None
Vary: Origin
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4edad97b47c2fb69944e04395bb8988f
8c5cc3a1378e41c3ed10756b03f4fc245967f29a
e352af9d154f53e8f89affa7df01134bb4260020b6d61236b61f68d898eae617
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E352AF9D154F53E8F89AFFA7DF01134BB4260020B6D61236B61F68D898EAE617"
Last-Modified: Thu, 15 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10724
Expires: Fri, 16 Sep 2022 17:03:06 GMT
Date: Fri, 16 Sep 2022 14:04:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4edad97b47c2fb69944e04395bb8988f
8c5cc3a1378e41c3ed10756b03f4fc245967f29a
e352af9d154f53e8f89affa7df01134bb4260020b6d61236b61f68d898eae617
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E352AF9D154F53E8F89AFFA7DF01134BB4260020B6D61236B61F68D898EAE617"
Last-Modified: Thu, 15 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10724
Expires: Fri, 16 Sep 2022 17:03:06 GMT
Date: Fri, 16 Sep 2022 14:04:22 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4edad97b47c2fb69944e04395bb8988f
8c5cc3a1378e41c3ed10756b03f4fc245967f29a
e352af9d154f53e8f89affa7df01134bb4260020b6d61236b61f68d898eae617
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "E352AF9D154F53E8F89AFFA7DF01134BB4260020B6D61236B61F68D898EAE617"
Last-Modified: Thu, 15 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10724
Expires: Fri, 16 Sep 2022 17:03:06 GMT
Date: Fri, 16 Sep 2022 14:04:22 GMT
Connection: keep-alive
mc.yandex.ru/metrika/watch.js
77.88.21.119200 OK 57 kB URL HTTP/2 mc.yandex.ru/metrika/watch.js
IP 77.88.21.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (569)
Hash c88af7521379660d8b1c4cfaad1362f4
f4a277fbd562a31d329bf4561878c2512be3b4a0
3e33643c480df9268cc54e0086082dd14e1791ba6bc161c0ec81c5855b0acca5
GET /metrika/watch.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 56896
date: Fri, 16 Sep 2022 14:04:22 GMT
access-control-allow-origin: *
etag: "6323e622-de40"
expires: Fri, 16 Sep 2022 15:04:22 GMT
last-modified: Fri, 16 Sep 2022 05:57:38 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
13857ba7bd.4eb28685b6.com/health/
162.55.139.130200 OK 0 B URL HTTP/2 13857ba7bd.4eb28685b6.com/health/
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /health/ HTTP/1.1
Host: 13857ba7bd.4eb28685b6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 16 Sep 2022 14:04:22 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
nereserv.com/in/dip?site=native-push&wl=1&event_id=11721a84-dffd-4ef2-8365-1e8e1ebff182&subid=1839248037&sid=612886935&spot_id=307&created_at=2022-09-16&timezone=0&ver=7.3.0&is_native=1
168.119.25.22200 OK 0 B URL HTTP/2 nereserv.com/in/dip?site=native-push&wl=1&event_id=11721a84-dffd-4ef2-8365-1e8e1ebff182&subid=1839248037&sid=612886935&spot_id=307&created_at=2022-09-16&timezone=0&ver=7.3.0&is_native=1
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/dip?site=native-push&wl=1&event_id=11721a84-dffd-4ef2-8365-1e8e1ebff182&subid=1839248037&sid=612886935&spot_id=307&created_at=2022-09-16&timezone=0&ver=7.3.0&is_native=1 HTTP/1.1
Host: nereserv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hdzog.tube
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 16 Sep 2022 14:04:22 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
13857ba7bd.4eb28685b6.com/health/
162.55.139.130200 OK 0 B URL HTTP/2 13857ba7bd.4eb28685b6.com/health/
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /health/ HTTP/1.1
Host: 13857ba7bd.4eb28685b6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 16 Sep 2022 14:04:22 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
13857ba7bd.4eb28685b6.com/health/
162.55.139.130200 OK 0 B URL HTTP/2 13857ba7bd.4eb28685b6.com/health/
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /health/ HTTP/1.1
Host: 13857ba7bd.4eb28685b6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 16 Sep 2022 14:04:22 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
13857ba7bd.4eb28685b6.com/health/
162.55.139.130200 OK 0 B URL HTTP/2 13857ba7bd.4eb28685b6.com/health/
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /health/ HTTP/1.1
Host: 13857ba7bd.4eb28685b6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 16 Sep 2022 14:04:22 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ceb8265201.4eb28685b6.com/in/multy
168.119.25.22204 No Content 0 B URL HTTP/2 ceb8265201.4eb28685b6.com/in/multy
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /in/multy HTTP/1.1
Host: ceb8265201.4eb28685b6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://hdzog.tube/
Origin: https://hdzog.tube
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
server: nginx/1.18.0
date: Fri, 16 Sep 2022 14:04:22 GMT
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f26cf3f11c1c22539ca8c442b1da0d82
1faa25833479e6d4cb15c29a4774348d900807b6
71155c5db2f6e73a5facb859d8b27a3963c9c7f3e2edfb61a72df1597a5ac355
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "71155C5DB2F6E73A5FACB859D8B27A3963C9C7F3E2EDFB61A72DF1597A5AC355"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2302
Expires: Fri, 16 Sep 2022 14:42:45 GMT
Date: Fri, 16 Sep 2022 14:04:23 GMT
Connection: keep-alive
13857ba7bd.4eb28685b6.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMDEzNiwidHlwZSI6InBvcCIsImlkem9uZSI6OTkyOTIyLCJhZF90YWdzIjoic3RyYWlnaHQiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6MzAxMzYsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjgsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4fSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzAxMzYiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vaGR6b2cudHViZS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjYzMzM3MDQ2NjY2fX0=
162.55.139.130200 OK 1.8 kB URL HTTP/2 13857ba7bd.4eb28685b6.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMDEzNiwidHlwZSI6InBvcCIsImlkem9uZSI6OTkyOTIyLCJhZF90YWdzIjoic3RyYWlnaHQiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6MzAxMzYsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjgsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4fSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzAxMzYiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vaGR6b2cudHViZS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjYzMzM3MDQ2NjY2fX0=
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1654)
Hash 2299669a73a8692287d89aac192bc305
60be3cab7f11807087879027db2f5f15f9012336
1a173c239b212b3afbbcd6baaccd584e49ee204fe73f9010982a41155f8031f3
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMDEzNiwidHlwZSI6InBvcCIsImlkem9uZSI6OTkyOTIyLCJhZF90YWdzIjoic3RyYWlnaHQiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6MzAxMzYsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjgsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4fSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzAxMzYiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vaGR6b2cudHViZS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjYzMzM3MDQ2NjY2fX0= HTTP/1.1
Host: 13857ba7bd.4eb28685b6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1c7d4c051943716fea7f93ef3f3afe61
237d7393f3e6b4ef5b85905221a676df579419b0
cc333e9808f2ee930a925a18cbfa0e1eab11003f7462f4f28de808b9c1b559c6
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CC333E9808F2EE930A925A18CBFA0E1EAB11003F7462F4F28DE808B9C1B559C6"
Last-Modified: Fri, 16 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=18458
Expires: Fri, 16 Sep 2022 19:12:01 GMT
Date: Fri, 16 Sep 2022 14:04:23 GMT
Connection: keep-alive
js.wpshsdk.com/npc/sdk/wp-banners.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/wp-banners.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /npc/sdk/wp-banners.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 0
server: nginx/1.18.0
last-modified: Fri, 20 Aug 2021 15:14:31 GMT
etag: "611fc6d7-0"
expires: Fri, 16 Sep 2022 14:09:23 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
13857ba7bd.4eb28685b6.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMDEzOSwidHlwZSI6InBvcCIsImlkem9uZSI6OTkyOTM4LCJhZF90YWdzIjoic3RyYWlnaHQiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6MzAxMzksIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjgsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4fSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzAxMzkiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vaGR6b2cudHViZS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjYzMzM3MDQ2NzM0fX0=
162.55.139.130200 OK 1.8 kB URL HTTP/2 13857ba7bd.4eb28685b6.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMDEzOSwidHlwZSI6InBvcCIsImlkem9uZSI6OTkyOTM4LCJhZF90YWdzIjoic3RyYWlnaHQiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6MzAxMzksIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjgsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4fSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzAxMzkiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vaGR6b2cudHViZS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjYzMzM3MDQ2NzM0fX0=
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1653)
Hash 7924d20d7621dcc701fc42c1259fb661
d03351c3997899368af78d0bd990b968a3e2a627
a5aebd816feb32e9f99c43fca5d307d1fac9a5db3c0b2b7d03fec513d22639d6
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMDEzOSwidHlwZSI6InBvcCIsImlkem9uZSI6OTkyOTM4LCJhZF90YWdzIjoic3RyYWlnaHQiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6MzAxMzksIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjgsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4fSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzAxMzkiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vaGR6b2cudHViZS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjYzMzM3MDQ2NzM0fX0= HTTP/1.1
Host: 13857ba7bd.4eb28685b6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 16 Sep 2022 14:04:23 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
13857ba7bd.4eb28685b6.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMDEzOCwidHlwZSI6InBvcCIsImlkem9uZSI6OTkyOTMyLCJhZF90YWdzIjoic3RyYWlnaHQiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6MzAxMzgsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjgsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4fSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzAxMzgiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vaGR6b2cudHViZS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjYzMzM3MDQ2NzIzfX0=
162.55.139.130200 OK 1.8 kB URL HTTP/2 13857ba7bd.4eb28685b6.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMDEzOCwidHlwZSI6InBvcCIsImlkem9uZSI6OTkyOTMyLCJhZF90YWdzIjoic3RyYWlnaHQiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6MzAxMzgsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjgsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4fSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzAxMzgiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vaGR6b2cudHViZS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjYzMzM3MDQ2NzIzfX0=
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (1632)
Hash 8f3d80b7b557e0164f292cf3b8f97a73
31a4ee3a9371297cc8369ce378ee6785ce28da29
95eabc01207c660f9e52fdcb09c854f1365ae559bd79419a125419853115bd26
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMDEzOCwidHlwZSI6InBvcCIsImlkem9uZSI6OTkyOTMyLCJhZF90YWdzIjoic3RyYWlnaHQiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6MzAxMzgsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjgsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4fSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzAxMzgiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vaGR6b2cudHViZS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjYzMzM3MDQ2NzIzfX0= HTTP/1.1
Host: 13857ba7bd.4eb28685b6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 16 Sep 2022 14:04:23 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
58d5a211a4.4eb28685b6.com/get/
94.130.197.134200 OK 1.7 kB URL HTTP/2 58d5a211a4.4eb28685b6.com/get/
IP 94.130.197.134:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , ASCII text, with very long lines (1667), with no line terminators
Hash 612bb70112041f8e684e8cb25de2f7e2
c4f0189bf21465ad4c4f1f58b151a7637383c58c
428de55e60e109eb8016715f1e4c3a08949b933af2eb69d02d4f28760e010f43
Analyzer Verdict Alert quad9 Sinkholed
POST /get/ HTTP/1.1
Host: 58d5a211a4.4eb28685b6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hdzog.tube/
Content-Type: text/plain;charset=UTF-8
Origin: https://hdzog.tube
Content-Length: 475
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 16 Sep 2022 14:04:23 GMT
content-type: application/json
content-length: 1667
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
s.optnx.com/cimp.php?data=TVRZMk16TXpOekEyTW54alkySm1OVGRsWkdWa01USm1PV1k1WWpCbVpHRTVORGszTjJGbU1qZ3pZZy0tfC9saWJyYXJ5LzcyMzY2Mi82MTlhODA5ZDYwZjMyMGRkZWMyZjQxNjM0OTA4NzRlZmNmMDZiZDI4LmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGhkem9nLmNvbXw3MjM2NjJ8NjY2MTczfDkwMTEwNHw0MTc2MjA0fDUwOHw1MzE0MTYwfDc1NTYzMTc0fDE1fDN8MHwwfDI1MzQ0fDB8MXw3NXxFVVJ8RVVSfDF8MS4wMDI0fDIxfDMwMHgyNTB8MXxOT1J8fDIwfDR8MXx8OWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzh8Yjk0YTJlODEzMjU4YzI0MTU0ZGRmNTQ3MDg2ZmQ5MDN8MXwwfGhkem9nLnR1YmV8MHwwfDB8MC4wMnwxfDB8ZXhjaGFuZ2VfYmFubmVyfDB8MHwwfC0xfDB8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8T0t8NGZhYTA0M2RlMGE1MmFjYmU4MjAxZGI2YzA0N2M1NmI-
95.211.229.246302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZMk16TXpOekEyTW54alkySm1OVGRsWkdWa01USm1PV1k1WWpCbVpHRTVORGszTjJGbU1qZ3pZZy0tfC9saWJyYXJ5LzcyMzY2Mi82MTlhODA5ZDYwZjMyMGRkZWMyZjQxNjM0OTA4NzRlZmNmMDZiZDI4LmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGhkem9nLmNvbXw3MjM2NjJ8NjY2MTczfDkwMTEwNHw0MTc2MjA0fDUwOHw1MzE0MTYwfDc1NTYzMTc0fDE1fDN8MHwwfDI1MzQ0fDB8MXw3NXxFVVJ8RVVSfDF8MS4wMDI0fDIxfDMwMHgyNTB8MXxOT1J8fDIwfDR8MXx8OWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzh8Yjk0YTJlODEzMjU4YzI0MTU0ZGRmNTQ3MDg2ZmQ5MDN8MXwwfGhkem9nLnR1YmV8MHwwfDB8MC4wMnwxfDB8ZXhjaGFuZ2VfYmFubmVyfDB8MHwwfC0xfDB8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8T0t8NGZhYTA0M2RlMGE1MmFjYmU4MjAxZGI2YzA0N2M1NmI-
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZMk16TXpOekEyTW54alkySm1OVGRsWkdWa01USm1PV1k1WWpCbVpHRTVORGszTjJGbU1qZ3pZZy0tfC9saWJyYXJ5LzcyMzY2Mi82MTlhODA5ZDYwZjMyMGRkZWMyZjQxNjM0OTA4NzRlZmNmMDZiZDI4LmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGhkem9nLmNvbXw3MjM2NjJ8NjY2MTczfDkwMTEwNHw0MTc2MjA0fDUwOHw1MzE0MTYwfDc1NTYzMTc0fDE1fDN8MHwwfDI1MzQ0fDB8MXw3NXxFVVJ8RVVSfDF8MS4wMDI0fDIxfDMwMHgyNTB8MXxOT1J8fDIwfDR8MXx8OWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzh8Yjk0YTJlODEzMjU4YzI0MTU0ZGRmNTQ3MDg2ZmQ5MDN8MXwwfGhkem9nLnR1YmV8MHwwfDB8MC4wMnwxfDB8ZXhjaGFuZ2VfYmFubmVyfDB8MHwwfC0xfDB8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8T0t8NGZhYTA0M2RlMGE1MmFjYmU4MjAxZGI2YzA0N2M1NmI- HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://13857ba7bd.4eb28685b6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 16 Sep 2022 14:04:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263248267416c33.092030442798036967%22%3B%7D; expires=Sun, 15 Sep 2024 14:04:23 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: https://s3t3d2y8.afcdn.net/library/723662/619a809d60f320ddec2f4163490874efcf06bd28.gif
X-Robots-Tag: noindex, follow
s.optnx.com/cimp.php?data=TVRZMk16TXpOekEyTTN4aU5qRTNOVFJrWW1VNE9HTXhORFkzWmpNd1lURmxNMlprTjJObE16TXdOQS0tfC9saWJyYXJ5LzcyMzY2Mi82MTlhODA5ZDYwZjMyMGRkZWMyZjQxNjM0OTA4NzRlZmNmMDZiZDI4LmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGhkem9nLmNvbXw3MjM2NjJ8NjY2MTczfDkwMTEwNHw0MTc2MjA0fDUwOHw1MzE0MTYwfDc1NTYzMTc0fDE1fDN8MHwwfDI1MzQ0fDB8MXw3NXxFVVJ8RVVSfDF8MS4wMDI0fDIxfDMwMHgyNTB8MXxOT1J8fDIwfDR8MXx8OWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzh8Yjk0YTJlODEzMjU4YzI0MTU0ZGRmNTQ3MDg2ZmQ5MDN8MXwwfGhkem9nLnR1YmV8MHwwfDB8MC4wNXwxfDB8ZXhjaGFuZ2VfYmFubmVyfDB8MHwwfC0xfDB8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8T0t8MTBiYzg5NWQ4YWI3ZDMyMTRiNjUyZGZhNjYwNTE4ZGU-
95.211.229.246302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZMk16TXpOekEyTTN4aU5qRTNOVFJrWW1VNE9HTXhORFkzWmpNd1lURmxNMlprTjJObE16TXdOQS0tfC9saWJyYXJ5LzcyMzY2Mi82MTlhODA5ZDYwZjMyMGRkZWMyZjQxNjM0OTA4NzRlZmNmMDZiZDI4LmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGhkem9nLmNvbXw3MjM2NjJ8NjY2MTczfDkwMTEwNHw0MTc2MjA0fDUwOHw1MzE0MTYwfDc1NTYzMTc0fDE1fDN8MHwwfDI1MzQ0fDB8MXw3NXxFVVJ8RVVSfDF8MS4wMDI0fDIxfDMwMHgyNTB8MXxOT1J8fDIwfDR8MXx8OWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzh8Yjk0YTJlODEzMjU4YzI0MTU0ZGRmNTQ3MDg2ZmQ5MDN8MXwwfGhkem9nLnR1YmV8MHwwfDB8MC4wNXwxfDB8ZXhjaGFuZ2VfYmFubmVyfDB8MHwwfC0xfDB8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8T0t8MTBiYzg5NWQ4YWI3ZDMyMTRiNjUyZGZhNjYwNTE4ZGU-
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZMk16TXpOekEyTTN4aU5qRTNOVFJrWW1VNE9HTXhORFkzWmpNd1lURmxNMlprTjJObE16TXdOQS0tfC9saWJyYXJ5LzcyMzY2Mi82MTlhODA5ZDYwZjMyMGRkZWMyZjQxNjM0OTA4NzRlZmNmMDZiZDI4LmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGhkem9nLmNvbXw3MjM2NjJ8NjY2MTczfDkwMTEwNHw0MTc2MjA0fDUwOHw1MzE0MTYwfDc1NTYzMTc0fDE1fDN8MHwwfDI1MzQ0fDB8MXw3NXxFVVJ8RVVSfDF8MS4wMDI0fDIxfDMwMHgyNTB8MXxOT1J8fDIwfDR8MXx8OWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzh8Yjk0YTJlODEzMjU4YzI0MTU0ZGRmNTQ3MDg2ZmQ5MDN8MXwwfGhkem9nLnR1YmV8MHwwfDB8MC4wNXwxfDB8ZXhjaGFuZ2VfYmFubmVyfDB8MHwwfC0xfDB8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8T0t8MTBiYzg5NWQ4YWI3ZDMyMTRiNjUyZGZhNjYwNTE4ZGU- HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://13857ba7bd.4eb28685b6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 16 Sep 2022 14:04:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263248267413142.225037513630661093%22%3B%7D; expires=Sun, 15 Sep 2024 14:04:23 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: https://s3t3d2y8.afcdn.net/library/723662/619a809d60f320ddec2f4163490874efcf06bd28.gif
X-Robots-Tag: noindex, follow
s.optnx.com/cimp.php?data=TVRZMk16TXpOekEyTW54alkySm1OVGRsWkdWa01USm1PV1k1WWpCbVpHRTVORGszTjJGbU1qZ3pZZy0tfC9saWJyYXJ5LzcyMzY2Mi9jZjVjNDFiNjdiNTRlNDQ2MmIyYWY1YWI3ZGNkMTUyMWVkYTE3ZDY2LmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGhkem9nLmNvbXw3MjM2NjJ8NjY2MTczfDkxNTgyNHw0Mjg3NTgwfDUwOHw1MzE0MTg2fDc1NTYzNDc2fDE1fDN8MHwwfDI1MzQ0fDB8MXw3NXxFVVJ8RVVSfDF8MS4wMDI0fDM0fHwxfE5PUnx8MjB8NHwxfHw5ZTQ5NDdmMzU3NTE0NjU0MTFmZDFhNGY1YzM1OGM3OHxiOTRhMmU4MTMyNThjMjQxNTRkZGY1NDcwODZmZDkwM3wxfDB8aGR6b2cudHViZXwwfDB8MHwwLjAxfDF8MHxleGNoYW5nZV9uYXRpdmVfYWR8MHwwfDB8LTF8MHwwfHx8MXwxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3xlNDc0OTFmYTkxZmJmMTQ1NGU3ODExMDgyZDE4ODI3Yg--
95.211.229.246302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZMk16TXpOekEyTW54alkySm1OVGRsWkdWa01USm1PV1k1WWpCbVpHRTVORGszTjJGbU1qZ3pZZy0tfC9saWJyYXJ5LzcyMzY2Mi9jZjVjNDFiNjdiNTRlNDQ2MmIyYWY1YWI3ZGNkMTUyMWVkYTE3ZDY2LmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGhkem9nLmNvbXw3MjM2NjJ8NjY2MTczfDkxNTgyNHw0Mjg3NTgwfDUwOHw1MzE0MTg2fDc1NTYzNDc2fDE1fDN8MHwwfDI1MzQ0fDB8MXw3NXxFVVJ8RVVSfDF8MS4wMDI0fDM0fHwxfE5PUnx8MjB8NHwxfHw5ZTQ5NDdmMzU3NTE0NjU0MTFmZDFhNGY1YzM1OGM3OHxiOTRhMmU4MTMyNThjMjQxNTRkZGY1NDcwODZmZDkwM3wxfDB8aGR6b2cudHViZXwwfDB8MHwwLjAxfDF8MHxleGNoYW5nZV9uYXRpdmVfYWR8MHwwfDB8LTF8MHwwfHx8MXwxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3xlNDc0OTFmYTkxZmJmMTQ1NGU3ODExMDgyZDE4ODI3Yg--
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZMk16TXpOekEyTW54alkySm1OVGRsWkdWa01USm1PV1k1WWpCbVpHRTVORGszTjJGbU1qZ3pZZy0tfC9saWJyYXJ5LzcyMzY2Mi9jZjVjNDFiNjdiNTRlNDQ2MmIyYWY1YWI3ZGNkMTUyMWVkYTE3ZDY2LmpwZ3xodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGhkem9nLmNvbXw3MjM2NjJ8NjY2MTczfDkxNTgyNHw0Mjg3NTgwfDUwOHw1MzE0MTg2fDc1NTYzNDc2fDE1fDN8MHwwfDI1MzQ0fDB8MXw3NXxFVVJ8RVVSfDF8MS4wMDI0fDM0fHwxfE5PUnx8MjB8NHwxfHw5ZTQ5NDdmMzU3NTE0NjU0MTFmZDFhNGY1YzM1OGM3OHxiOTRhMmU4MTMyNThjMjQxNTRkZGY1NDcwODZmZDkwM3wxfDB8aGR6b2cudHViZXwwfDB8MHwwLjAxfDF8MHxleGNoYW5nZV9uYXRpdmVfYWR8MHwwfDB8LTF8MHwwfHx8MXwxNDQwfHwwfDB8MHwwfDB8MHwxfDB8fDh8MXxNb3ppbGxhLzUuMCAoWDExOyBMaW51eCB4ODZfNjQ7IHJ2Ojk2LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvOTYuMHxPS3xlNDc0OTFmYTkxZmJmMTQ1NGU3ODExMDgyZDE4ODI3Yg-- HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://13857ba7bd.4eb28685b6.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263248267413142.225037513630661093%22%3B%7D
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 16 Sep 2022 14:04:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%2263248267413142.225037513630661093%22%3B%7D; expires=Sun, 15 Sep 2024 14:04:23 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: https://s3t3d2y8.afcdn.net/library/723662/cf5c41b67b54e4462b2af5ab7dcd1521eda17d66.jpg
X-Robots-Tag: noindex, follow
s.optnx.com/cimp.php?data=TVRZMk16TXpOekEyTW54alkySm1OVGRsWkdWa01USm1PV1k1WWpCbVpHRTVORGszTjJGbU1qZ3pZZy0tfC9saWJyYXJ5LzcyMzY2Mi82MTlhODA5ZDYwZjMyMGRkZWMyZjQxNjM0OTA4NzRlZmNmMDZiZDI4LmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGhkem9nLmNvbXw3MjM2NjJ8NjY2MTczfDkwMTEwNHw0MTc2MjA0fDUwOHw1MzE0MTYwfDc1NTYzMTc0fDE1fDN8MHwwfDI1MzQ0fDB8MXw3NXxFVVJ8RVVSfDF8MS4wMDI0fDIxfDMwMHgyNTB8MXxOT1J8fDIwfDR8MXx8OWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzh8Yjk0YTJlODEzMjU4YzI0MTU0ZGRmNTQ3MDg2ZmQ5MDN8MXwwfGhkem9nLnR1YmV8MHwwfDB8MC4wMnwxfDB8ZXhjaGFuZ2VfYmFubmVyfDB8MHwwfC0xfDB8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8T0t8NGZhYTA0M2RlMGE1MmFjYmU4MjAxZGI2YzA0N2M1NmI-
95.211.229.246302 Found 0 B URL HTTP/1.1 s.optnx.com/cimp.php?data=TVRZMk16TXpOekEyTW54alkySm1OVGRsWkdWa01USm1PV1k1WWpCbVpHRTVORGszTjJGbU1qZ3pZZy0tfC9saWJyYXJ5LzcyMzY2Mi82MTlhODA5ZDYwZjMyMGRkZWMyZjQxNjM0OTA4NzRlZmNmMDZiZDI4LmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGhkem9nLmNvbXw3MjM2NjJ8NjY2MTczfDkwMTEwNHw0MTc2MjA0fDUwOHw1MzE0MTYwfDc1NTYzMTc0fDE1fDN8MHwwfDI1MzQ0fDB8MXw3NXxFVVJ8RVVSfDF8MS4wMDI0fDIxfDMwMHgyNTB8MXxOT1J8fDIwfDR8MXx8OWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzh8Yjk0YTJlODEzMjU4YzI0MTU0ZGRmNTQ3MDg2ZmQ5MDN8MXwwfGhkem9nLnR1YmV8MHwwfDB8MC4wMnwxfDB8ZXhjaGFuZ2VfYmFubmVyfDB8MHwwfC0xfDB8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8T0t8NGZhYTA0M2RlMGE1MmFjYmU4MjAxZGI2YzA0N2M1NmI-
IP 95.211.229.246:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cimp.php?data=TVRZMk16TXpOekEyTW54alkySm1OVGRsWkdWa01USm1PV1k1WWpCbVpHRTVORGszTjJGbU1qZ3pZZy0tfC9saWJyYXJ5LzcyMzY2Mi82MTlhODA5ZDYwZjMyMGRkZWMyZjQxNjM0OTA4NzRlZmNmMDZiZDI4LmdpZnxodHRwc3w5MS45MC40Mi4xNTR8Tk9SfDQxfGhkem9nLmNvbXw3MjM2NjJ8NjY2MTczfDkwMTEwNHw0MTc2MjA0fDUwOHw1MzE0MTYwfDc1NTYzMTc0fDE1fDN8MHwwfDI1MzQ0fDB8MXw3NXxFVVJ8RVVSfDF8MS4wMDI0fDIxfDMwMHgyNTB8MXxOT1J8fDIwfDR8MXx8OWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzh8Yjk0YTJlODEzMjU4YzI0MTU0ZGRmNTQ3MDg2ZmQ5MDN8MXwwfGhkem9nLnR1YmV8MHwwfDB8MC4wMnwxfDB8ZXhjaGFuZ2VfYmFubmVyfDB8MHwwfC0xfDB8MHx8fDF8MTQ0MHx8MHwwfDB8MHwwfDB8MXwwfHw4fDF8TW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0OyBydjo5Ni4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94Lzk2LjB8T0t8NGZhYTA0M2RlMGE1MmFjYmU4MjAxZGI2YzA0N2M1NmI- HTTP/1.1
Host: s.optnx.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://13857ba7bd.4eb28685b6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Fri, 16 Sep 2022 14:04:23 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22632482674945d4.649645583784257473%22%3B%7D; expires=Sun, 15 Sep 2024 14:04:23 GMT; path=; domain=.optnx.com; Secure; SameSite=none
Location: https://s3t3d2y8.afcdn.net/library/723662/619a809d60f320ddec2f4163490874efcf06bd28.gif
X-Robots-Tag: noindex, follow
13857ba7bd.4eb28685b6.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMDEzNywidHlwZSI6InBvcCIsImlkem9uZSI6OTkyOTI2LCJhZF90YWdzIjoic3RyYWlnaHQiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6MzAxMzcsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjgsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4fSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzAxMzciLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vaGR6b2cudHViZS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjYzMzM3MDQ2NzMwfX0=
162.55.139.130200 OK 2.1 kB URL HTTP/2 13857ba7bd.4eb28685b6.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMDEzNywidHlwZSI6InBvcCIsImlkem9uZSI6OTkyOTI2LCJhZF90YWdzIjoic3RyYWlnaHQiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6MzAxMzcsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjgsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4fSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzAxMzciLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vaGR6b2cudHViZS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjYzMzM3MDQ2NzMwfX0=
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (1452)
Hash ec0428f782ef46cf22ad8fb4fb629bdd
a1024538120e8a87f73181cb53415ac41cd793a5
dd59530a8d9ee545c04b35e7ccc0a94f423105456e5f4ee874216d4206a3771d
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNDk2LCJzcGFjZWlkIjozMDEzNywidHlwZSI6InBvcCIsImlkem9uZSI6OTkyOTI2LCJhZF90YWdzIjoic3RyYWlnaHQiLCJsYWJlbHMiOiIiLCJhbGxvd2VkX2xhYmVscyI6IiIsInRpdGxlIjoiIiwic3ViaWQiOiIwIiwidXRtMSI6IiIsInV0bTIiOiIiLCJ1dG00IjoiIiwic3BvdF9pZCI6MzAxMzcsIm11bHRpcGxlIjpmYWxzZSwiaXNfaWZyYW1lIjpmYWxzZSwicmVmZG9tYWluIjoiIiwicGwiOjgsInN0cmF0YWdlbSI6bnVsbCwiZ3lyIjowLCJhY2NlbCI6MCwic3NwIjozNzU4fSwiYmFubmVyIjp7InciOjMwMCwiaCI6MjUwfX1dLCJzaXRlIjp7ImlkIjoiMzAxMzciLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vaGR6b2cudHViZS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjYzMzM3MDQ2NzMwfX0= HTTP/1.1
Host: 13857ba7bd.4eb28685b6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.16.0
date: Fri, 16 Sep 2022 14:04:23 GMT
content-type: text/html
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
content-encoding: gzip
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/723662/619a809d60f320ddec2f4163490874efcf06bd28.gif
185.76.9.19200 OK 74 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/723662/619a809d60f320ddec2f4163490874efcf06bd28.gif
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type GIF image data, version 89a, 300 x 250\012- data
Hash e5b7084733771dbf111a735cf65f1f3e
619a809d60f320ddec2f4163490874efcf06bd28
3081115a8f85ecf98a0a12d773928c7e88d3a952f09e67f9d90072e95505fa03
GET /library/723662/619a809d60f320ddec2f4163490874efcf06bd28.gif HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://13857ba7bd.4eb28685b6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:23 GMT
content-type: image/gif
content-length: 74160
last-modified: Wed, 31 Aug 2022 13:14:28 GMT
etag: "630f5eb4-121b0"
expires: Thu, 31 Aug 2023 13:21:27 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1693489884
server: CDN77-Turbo
x-77-nzt: AblMCQ1Rabf/CxsVAA
x-77-nzt-ray: 0dvd9f9f1RU
x-cache: HIT
x-age: 1383179
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/723662/cf5c41b67b54e4462b2af5ab7dcd1521eda17d66.jpg
185.76.9.19200 OK 15 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/723662/cf5c41b67b54e4462b2af5ab7dcd1521eda17d66.jpg
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash aba7438a3ad4ba84c8e70908194788a5
cf5c41b67b54e4462b2af5ab7dcd1521eda17d66
ee070a745a12a4667b1ed92c74321f7fe004c5d28fd557deb8eb9edae9088eb6
GET /library/723662/cf5c41b67b54e4462b2af5ab7dcd1521eda17d66.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://13857ba7bd.4eb28685b6.com/
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:23 GMT
content-type: image/jpeg
content-length: 15012
last-modified: Tue, 23 Feb 2021 15:12:34 GMT
etag: "60351b62-3aa4"
expires: Fri, 30 Jun 2023 11:24:30 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688304794
server: CDN77-Turbo
x-77-nzt: AblMCQ0mYPj/TTlkAA
x-77-nzt-ray: uh7y0zuwfeY
x-cache: HIT
x-age: 6568269
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
77.88.21.119200 OK 7.2 kB URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 77.88.21.119:0
Hash 8f3b882ff61b54f27f6abb5d3ecb0f95
84a38f2f4c38690806f894b9963fdc1998b79708
5e309590601fdb8a9dc49e7ec655856fa56caa8d1598373693b6a0312f1c0ee4
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Fri, 16 Sep 2022 14:04:23 GMT
access-control-allow-origin: *
etag: "6323e622-2b"
expires: Fri, 16 Sep 2022 15:04:23 GMT
accept-ranges: bytes
last-modified: Fri, 16 Sep 2022 05:57:38 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d98ca20ee8c127b36dfc75dca913f9de
a0e8f7e3fe952bf79b19eec2ddd45b3063a8c8c8
95ed59e057ead2feada86c3c14aa18582d2d3842655bac3134ac41b6e938007d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "95ED59E057EAD2FEADA86C3C14AA18582D2D3842655BAC3134AC41B6E938007D"
Last-Modified: Thu, 15 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6838
Expires: Fri, 16 Sep 2022 15:58:21 GMT
Date: Fri, 16 Sep 2022 14:04:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3184
Expires: Fri, 16 Sep 2022 14:57:27 GMT
Date: Fri, 16 Sep 2022 14:04:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3184
Expires: Fri, 16 Sep 2022 14:57:27 GMT
Date: Fri, 16 Sep 2022 14:04:23 GMT
Connection: keep-alive
mc.yandex.ru/watch/49315045?wmode=7&page-url=https%3A%2F%2Fhdzog.tube%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A870%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A1523332444893%3Ahid%3A1011481791%3Az%3A0%3Ai%3A20220916140406%3Aet%3A1663337047%3Ac%3A1%3Arn%3A907520187%3Arqn%3A1%3Au%3A1663337047430667905%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663337044769%3Ads%3A0%2C67%2C111%2C1%2C311%2C0%2C%2C388%2C6%2C1018%2C1018%2C0%2C949%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663337047%3At%3A&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/49315045?wmode=7&page-url=https%3A%2F%2Fhdzog.tube%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A870%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A1523332444893%3Ahid%3A1011481791%3Az%3A0%3Ai%3A20220916140406%3Aet%3A1663337047%3Ac%3A1%3Arn%3A907520187%3Arqn%3A1%3Au%3A1663337047430667905%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663337044769%3Ads%3A0%2C67%2C111%2C1%2C311%2C0%2C%2C388%2C6%2C1018%2C1018%2C0%2C949%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663337047%3At%3A&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 04846a4abb6f5fc2498154fd28bd7a55
86171e24122a515f35718f231b6cedf1f0c7c930
30567a0748ad56c07f8e5fe8f14b1bf1d6105dd5425a5672c97f78ff898582de
GET /watch/49315045?wmode=7&page-url=https%3A%2F%2Fhdzog.tube%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A870%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A1523332444893%3Ahid%3A1011481791%3Az%3A0%3Ai%3A20220916140406%3Aet%3A1663337047%3Ac%3A1%3Arn%3A907520187%3Arqn%3A1%3Au%3A1663337047430667905%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663337044769%3Ads%3A0%2C67%2C111%2C1%2C311%2C0%2C%2C388%2C6%2C1018%2C1018%2C0%2C949%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663337047%3At%3A&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hdzog.tube
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/49315045/1?wmode=7&page-url=https%3A%2F%2Fhdzog.tube%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ofv6mafcjh9urjbdp7e2g%3Afp%3A870%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A1%3Adp%3A0%3Als%3A1523332444893%3Ahid%3A1011481791%3Az%3A0%3Ai%3A20220916140406%3Aet%3A1663337047%3Ac%3A1%3Arn%3A907520187%3Arqn%3A1%3Au%3A1663337047430667905%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663337044769%3Ads%3A0%2C67%2C111%2C1%2C311%2C0%2C%2C388%2C6%2C1018%2C1018%2C0%2C949%3Awv%3A2%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663337047%3At%3A&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Fri, 16 Sep 2022 14:04:23 GMT
access-control-allow-origin: https://hdzog.tube
set-cookie: yandexuid=2908374111663337063; Expires=Sat, 16-Sep-2023 14:04:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=2908374111663337063; Expires=Sat, 16-Sep-2023 14:04:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1415609561663337063; Path=/; SameSite=None; Secure
i=GNM+Xkd5nk+yOSdsz6iKo1YvIP5Pf/gSCvvRBOGzbgCzysSmGe44n5Ho3huhWbaZas+6jXWVd75eBfgNoQfEjXjNPGI=; Expires=Mon, 13-Sep-2032 14:04:20 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1694873063.yrts.1663337063#1694873063.yrtsi.1663337063; Expires=Sat, 16-Sep-2023 14:04:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 16-Sep-2022 14:04:23 GMT
last-modified: Fri, 16-Sep-2022 14:04:23 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3184
Expires: Fri, 16 Sep 2022 14:57:27 GMT
Date: Fri, 16 Sep 2022 14:04:23 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 4abe181b1d086cd7e122d7de32f63fb6
e3482d4df0d59c247109ff7fb97f20ec6f142c4d
63c277b85854c244e38f5b3e60a073eb15962a0784ba1b726353e3ec0c3e9e02
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63C277B85854C244E38F5B3E60A073EB15962A0784BA1B726353E3EC0C3E9E02"
Last-Modified: Thu, 15 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3184
Expires: Fri, 16 Sep 2022 14:57:27 GMT
Date: Fri, 16 Sep 2022 14:04:23 GMT
Connection: keep-alive
mc.yandex.ru/watch/33008259?wmode=7&page-url=https%3A%2F%2Fhdzog.tube%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ocpriggyfyr946elviuuw%3Afp%3A870%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A2%3Adp%3A0%3Als%3A769786274456%3Ahid%3A1011481791%3Az%3A0%3Ai%3A20220916140406%3Aet%3A1663337047%3Ac%3A1%3Arn%3A543054212%3Arqn%3A1%3Au%3A1663337047430667905%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663337044769%3Ads%3A0%2C67%2C111%2C1%2C311%2C0%2C%2C388%2C6%2C1018%2C1018%2C0%2C949%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663337047%3At%3A&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
77.88.21.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/33008259?wmode=7&page-url=https%3A%2F%2Fhdzog.tube%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ocpriggyfyr946elviuuw%3Afp%3A870%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A2%3Adp%3A0%3Als%3A769786274456%3Ahid%3A1011481791%3Az%3A0%3Ai%3A20220916140406%3Aet%3A1663337047%3Ac%3A1%3Arn%3A543054212%3Arqn%3A1%3Au%3A1663337047430667905%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663337044769%3Ads%3A0%2C67%2C111%2C1%2C311%2C0%2C%2C388%2C6%2C1018%2C1018%2C0%2C949%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663337047%3At%3A&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 77.88.21.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash fe7e9dc186e264aaf36e971d8bffac42
a69e4987601f11c8191fcb2ca99e5cf94f7b6a78
b6ab5c634af1fd86ce4d1f05ee95497fda8af977d4ffaefc810d72649a03f534
GET /watch/33008259?wmode=7&page-url=https%3A%2F%2Fhdzog.tube%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ocpriggyfyr946elviuuw%3Afp%3A870%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A2%3Adp%3A0%3Als%3A769786274456%3Ahid%3A1011481791%3Az%3A0%3Ai%3A20220916140406%3Aet%3A1663337047%3Ac%3A1%3Arn%3A543054212%3Arqn%3A1%3Au%3A1663337047430667905%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663337044769%3Ads%3A0%2C67%2C111%2C1%2C311%2C0%2C%2C388%2C6%2C1018%2C1018%2C0%2C949%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663337047%3At%3A&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hdzog.tube
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/33008259/1?wmode=7&page-url=https%3A%2F%2Fhdzog.tube%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A2ocpriggyfyr946elviuuw%3Afp%3A870%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A882%3Acn%3A2%3Adp%3A0%3Als%3A769786274456%3Ahid%3A1011481791%3Az%3A0%3Ai%3A20220916140406%3Aet%3A1663337047%3Ac%3A1%3Arn%3A543054212%3Arqn%3A1%3Au%3A1663337047430667905%3Aw%3A1268x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663337044769%3Ads%3A0%2C67%2C111%2C1%2C311%2C0%2C%2C388%2C6%2C1018%2C1018%2C0%2C949%3Aco%3A0%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663337047%3At%3A&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Fri, 16 Sep 2022 14:04:23 GMT
access-control-allow-origin: https://hdzog.tube
set-cookie: yandexuid=8022730301663337063; Expires=Sat, 16-Sep-2023 14:04:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=8022730301663337063; Expires=Sat, 16-Sep-2023 14:04:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=2650284901663337063; Path=/; SameSite=None; Secure
i=ieFQCw1hzFNTZ6hZ3FJfws57Cb6Xxzlpg9PyXYpaFQN2aMbTvynOZLAd7tF/JhtBlk8+CdKlr5dFpbxu/JT8vklT0Bk=; Expires=Mon, 13-Sep-2032 14:04:16 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1694873063.yrts.1663337063#1694873063.yrtsi.1663337063; Expires=Sat, 16-Sep-2023 14:04:23 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Fri, 16-Sep-2022 14:04:23 GMT
last-modified: Fri, 16-Sep-2022 14:04:23 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png
34.120.237.76200 OK 14 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 512280055633fcce9abc7d11a9816a24
de5c3e010fca76659455a144875a52c25fa72bdd
435eadb36830928b20d4cf8ead62134b75bd0ed3228489d9fdee66450bcbeaed
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F855bc857-3105-4de6-b3a8-0eb895422ea5.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 13536
x-amzn-requestid: 5533b257-1558-472b-aeb9-8207a78e1110
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDzFa4IAMF9Rg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb1-05d0dfde7a488ed97d2a40d5;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: aCCBUNe1NErAN4RiVGCdh-sBxSnMm-XfcFzE-h8IcCq6W1Om-UX45g==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:45:46 GMT
age: 58717
etag: "de5c3e010fca76659455a144875a52c25fa72bdd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png
34.120.237.76200 OK 45 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png
IP 34.120.237.76:0
Hash 3625ae4480c731c97d7e8eabb3686283
92a2ddc501ca236b4203b2c8d623ea7c64868add
4b3a88e3caef5814b70c20a230fba7c59b4273650cdbc81ff4e9d847baf7cdf0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F4a73e855-9877-4793-b59a-30b8e5a96117.png HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8435
x-amzn-requestid: f6efd924-4f54-41a6-8771-087803b5b8ac
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhU0-EJaoAMFvtQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239b52-37c21ee857fe27d104b70337;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:38:26 GMT
x-amz-cf-pop: SFO5-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: hhh1q_MrZVAaRWwmc1IuJbL3KhhwwHQgceaL15okbg4NvKJlWfUjyA==
via: 1.1 773ca14e6bd4bf9244988cb69fc9dca8.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 22:02:34 GMT
age: 57709
etag: "b6e634ef27eba9da38c6472565e0fdca6898e4f0"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash e6d17788c7d2a1a91e68eff48df14bd1
8e1090346d90bc69e7a95384e6a7a01154e31567
1e1eefa02e4c55e73be87a309ad5c2335856125cb678cff6ebc42c5ff73a0e2b
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fee084149-a07d-4141-a484-d9f352209914.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9904
x-amzn-requestid: a23cb4b3-db6e-48ae-90b1-3ecf6478bf52
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDpH_CIAMFl4w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb0-15869210609a18587467d1e2;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:00 GMT
x-amz-cf-pop: SEA19-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: JyXQcHKFIksMgLMROqOfV1ZqdFKSp3QSIlGmXuDR6h88o9J6s-mgkw==
via: 1.1 1002c05e647d0804e83147cdd205d14a.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 22:14:32 GMT
age: 56991
etag: "8e1090346d90bc69e7a95384e6a7a01154e31567"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash da1bd18c37b83b0ef4641036dc208eec
abb5c719ec9341c6d4146297a2a1eca171df9c81
0085a66912a814c619a1257545d36610c7109ba32f1b097176102d3d3db2c8d0
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fed934f67-48ba-4d22-a8f8-4f5f7a10a9f9.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12425
x-amzn-requestid: 96b5f0d2-1327-4180-9d48-f915630c3de2
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhVDqHyooAMFqyg=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239bb0-7d89d2d7024f6a821a62c948;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:40:00 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: dxJEH4Jh8lAZ0T28BZnFLhWczwZ7oOaspCmR-SWudP32cF3BQc6wmw==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 5397b304713f6301c7c94ac084b6ed08.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:56:40 GMT
age: 58063
etag: "abb5c719ec9341c6d4146297a2a1eca171df9c81"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg
34.120.237.76200 OK 12 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash f876cdc19dca10c62d83d19303512c7f
9f812c7bc1b42b0cea3e42694e7d1f6738789770
c647aac44ba9eb501eb7def781ca0168b4eb71a716283cc6f4e6782939a396cc
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F45619ede-b86e-4373-9398-fec60bb9e862.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 12123
x-amzn-requestid: b04ac3c4-b4d8-4094-8b7d-bd229bb7d577
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Yb2GvFnEoAMF-Gw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63216a2a-4e5927ac3f1d0b215ce5a8dc;Sampled=0
x-amzn-remapped-date: Wed, 14 Sep 2022 05:44:10 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: 1W0Ito5yNmHNxtYBj5jOJQ3Z2OP_Shvhpj94YUDwLHQKzt-zgqjI8A==
via: 1.1 ddd913fbbe7367d44af4ac06097e7a2a.cloudfront.net (CloudFront), 1.1 f9d716a351f14a0ac1fac2449734849a.cloudfront.net (CloudFront), 1.1 google
date: Fri, 16 Sep 2022 03:12:38 GMT
age: 39105
etag: "9f812c7bc1b42b0cea3e42694e7d1f6738789770"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032fbd06-806d-41e6-9160-3fdf480555ac.webp
34.120.237.76200 OK 9.3 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032fbd06-806d-41e6-9160-3fdf480555ac.webp
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash d242ded8ac40a1eb617303256d5f34eb
afbe7dae2d65763a004b5bddc697131762da7bf2
b4b08292f36acfca7df3710c29c184c5ff18592e6383eddc5582d302184fce59
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F032fbd06-806d-41e6-9160-3fdf480555ac.webp HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9256
x-amzn-requestid: 19e81e48-6501-4938-906c-60aa7acdb33a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YhUj5EE5oAMFvwA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63239ae5-3031e84f158e1ad94da4875b;Sampled=0
x-amzn-remapped-date: Thu, 15 Sep 2022 21:36:37 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: MgjhIwjrfVL6-SF04ZPyZVUIOlXUTJu8E8r6KtOZ_QH0OEZC4uG4yQ==
via: 1.1 5a1753718d8b33365e5f693dd338c510.cloudfront.net (CloudFront), 1.1 001e7070d795018d01b93988b9723742.cloudfront.net (CloudFront), 1.1 google
date: Thu, 15 Sep 2022 21:45:09 GMT
age: 58754
etag: "afbe7dae2d65763a004b5bddc697131762da7bf2"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/common/config.js
45.133.44.24200 OK 19 B URL HTTP/2 js.wpshsdk.com/npc/sdk/common/config.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type JSON data\012- , ASCII text, with no line terminators
Hash d429a4c4c8811f5af56a90eb228fb020
4be43b59c9f6d8c3a1bb7aaa76ae98927fc33a65
13a58748ff23440b9272d048ba9fa8fcc0d468cf96e420a37a1c5c29c27ab32c
GET /npc/sdk/common/config.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hdzog.tube/
Origin: https://hdzog.tube
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:23 GMT
content-type: application/javascript; charset=utf-8
content-length: 19
server: nginx/1.18.0
last-modified: Wed, 14 Sep 2022 10:35:27 GMT
etag: "6321ae6f-13"
expires: Fri, 16 Sep 2022 14:09:23 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ceb8265201.4eb28685b6.com/in/multy
168.119.25.22200 OK 8.9 kB URL HTTP/2 ceb8265201.4eb28685b6.com/in/multy
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (8850), with no line terminators
Hash 7cc820897da5b30422ffc74e6967dd35
7f3efde5e89e96c1910ae1ca737b8ada24f27508
c1c7ba9fc20a9107cdb0c334bf4667506c704014612b072c95d458957c0c3ed4
Analyzer Verdict Alert quad9 Sinkholed
POST /in/multy HTTP/1.1
Host: ceb8265201.4eb28685b6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json;charset=utf-8
Content-Length: 642
Origin: https://hdzog.tube
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 16 Sep 2022 14:04:24 GMT
content-type: application/json
content-length: 8853
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
X-Firefox-Spdy: h2
ceb8265201.4eb28685b6.com/in/show/?mid=25539657&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1839248037&sid=612886935&cid=2957&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=7.3.0&ver_c=&refdom=hdzog.tube&hostname=auc-inpage-hz-3-c&site_id=31307&spot_id=307&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=0&created_at=2022-09-16&is_native=4&auction_queue=0&burl=92mAhkrFEoFFJRvNA_0TS7U5x29lH7fngpBMB4HOJhLLU6vUQvenCw&pop_winurl=&ip=91.90.42.154&testab=0&px_id=0&adblock=0&auction_host=all&mm=0&yc=0&render_type=hq&campaign_type=pop-default&uniq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855&exp=0&resp_type=&iabcat=IAB25-3&min_cpm=0&placement_type_id=&skin_test=0&verify_hash=fe030d4facdc0b597c2b9af0dbf1378e&score=63.48710185322771&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1839248037%26spot_id%3D307%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fhdzog.tube%252F%26idzone%3D4438142%26sid%3D1886&ml=&tag_ab=a&original_bid=0&v2_track=0&url=y2i-8kSeZklGVTYr_SrUCtRYyJ7mr0wIER5GjYTZnxGqdfmEzIIIYsbZKLLTqgh7Z97xiILLctQsV8zxSCGzqDp4sjfZ9WuuquPmMIewNMODKyV4MJBvMUEW2DofWF6cXTcRQjZoglWnWiSM8UNzYy6YK6Dabbv3rOf3oJc8PgLgHfhuFA&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=4&vertical_id=0&real_bid=0&pr=&user_keywords=&auc_type=1&aid=0&ext_cid=0&device_theme=light&keywords=&mlc=1&format=social-scale-b_r-body&mlf=1&cpa=546ff1b2-8bf2-45d5-88ae-5eddb0dcdbd5
168.119.25.22302 Found 0 B URL HTTP/2 ceb8265201.4eb28685b6.com/in/show/?mid=25539657&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1839248037&sid=612886935&cid=2957&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=7.3.0&ver_c=&refdom=hdzog.tube&hostname=auc-inpage-hz-3-c&site_id=31307&spot_id=307&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=0&created_at=2022-09-16&is_native=4&auction_queue=0&burl=92mAhkrFEoFFJRvNA_0TS7U5x29lH7fngpBMB4HOJhLLU6vUQvenCw&pop_winurl=&ip=91.90.42.154&testab=0&px_id=0&adblock=0&auction_host=all&mm=0&yc=0&render_type=hq&campaign_type=pop-default&uniq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855&exp=0&resp_type=&iabcat=IAB25-3&min_cpm=0&placement_type_id=&skin_test=0&verify_hash=fe030d4facdc0b597c2b9af0dbf1378e&score=63.48710185322771&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1839248037%26spot_id%3D307%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fhdzog.tube%252F%26idzone%3D4438142%26sid%3D1886&ml=&tag_ab=a&original_bid=0&v2_track=0&url=y2i-8kSeZklGVTYr_SrUCtRYyJ7mr0wIER5GjYTZnxGqdfmEzIIIYsbZKLLTqgh7Z97xiILLctQsV8zxSCGzqDp4sjfZ9WuuquPmMIewNMODKyV4MJBvMUEW2DofWF6cXTcRQjZoglWnWiSM8UNzYy6YK6Dabbv3rOf3oJc8PgLgHfhuFA&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=4&vertical_id=0&real_bid=0&pr=&user_keywords=&auc_type=1&aid=0&ext_cid=0&device_theme=light&keywords=&mlc=1&format=social-scale-b_r-body&mlf=1&cpa=546ff1b2-8bf2-45d5-88ae-5eddb0dcdbd5
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/show/?mid=25539657&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1839248037&sid=612886935&cid=2957&price=0&is_cpm=0&cpm=0&ecpm=0&crid=&crtid=8fc5a3949d58ed66158a5da3a7b48b19&tcid=0&out_id=1&ver=7.3.0&ver_c=&refdom=hdzog.tube&hostname=auc-inpage-hz-3-c&site_id=31307&spot_id=307&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=0&created_at=2022-09-16&is_native=4&auction_queue=0&burl=92mAhkrFEoFFJRvNA_0TS7U5x29lH7fngpBMB4HOJhLLU6vUQvenCw&pop_winurl=&ip=91.90.42.154&testab=0&px_id=0&adblock=0&auction_host=all&mm=0&yc=0&render_type=hq&campaign_type=pop-default&uniq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855&exp=0&resp_type=&iabcat=IAB25-3&min_cpm=0&placement_type_id=&skin_test=0&verify_hash=fe030d4facdc0b597c2b9af0dbf1378e&score=63.48710185322771&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1839248037%26spot_id%3D307%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fhdzog.tube%252F%26idzone%3D4438142%26sid%3D1886&ml=&tag_ab=a&original_bid=0&v2_track=0&url=y2i-8kSeZklGVTYr_SrUCtRYyJ7mr0wIER5GjYTZnxGqdfmEzIIIYsbZKLLTqgh7Z97xiILLctQsV8zxSCGzqDp4sjfZ9WuuquPmMIewNMODKyV4MJBvMUEW2DofWF6cXTcRQjZoglWnWiSM8UNzYy6YK6Dabbv3rOf3oJc8PgLgHfhuFA&image_url=https%3A%2F%2Fstatic.bookmsg.com%2Fcreatives%2FUS%2FUS_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp&skin_id=4&vertical_id=0&real_bid=0&pr=&user_keywords=&auc_type=1&aid=0&ext_cid=0&device_theme=light&keywords=&mlc=1&format=social-scale-b_r-body&mlf=1&cpa=546ff1b2-8bf2-45d5-88ae-5eddb0dcdbd5 HTTP/1.1
Host: ceb8265201.4eb28685b6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Fri, 16 Sep 2022 14:04:24 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
X-Firefox-Spdy: h2
ceb8265201.4eb28685b6.com/in/show/?mid=25539657&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1839248037&sid=612886935&cid=2703&price=0.0126&is_cpm=0&cpm=0&ecpm=0.10136816828417514&crid=49675&crtid=c749e815f15eae14d8075c784a574be8&tcid=0&out_id=0&ver=7.3.0&ver_c=&refdom=hdzog.tube&hostname=auc-inpage-hz-3-c&site_id=31307&spot_id=307&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=1663394664&created_at=2022-09-16&is_native=1&auction_queue=0&burl=-SUFd1PxhbGMUVlHQTpSXGl6VPbD89fLCHnwBgXS8q2LS1GyHAFSLA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=73307&adblock=0&auction_host=all&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.005951155277540885&placement_type_id=&skin_test=0&verify_hash=c7a040c046dd9dbf88d63e8473e2f390&score=63.48710185322771&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1839248037%26spot_id%3D307%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fhdzog.tube%252F%26idzone%3D4438142%26sid%3D1886&ml=&tag_ab=a&original_bid=0.0126&v2_track=0&url=Ze3q0gkSjACpx3V3uKHTGVp3hKlAAyf1LExDpQmocGhYRiu_Ln3KkhgWLUqjVHgyDU3vdoMGTUBKmpD56RRbaTDFoayf20YQHeMBTih8UrXHSh3OLu23ov4mDl6RKb55G200lz6SqO82cmitKiPayqC-5tqG6WG9mMN7tk6O5iyPB6umlIQgITS8xKRsK2ax9-XtcCnxsLmPtQVOOeXfA9Ty3RDt936SSdmdOuh6ts6FmzluW1yKsrgTU1NzvDKyq7-uU54dyVhvssnABGzqDHUWqcTgwUft6xdQmfHfpkwrupH36uQjmSPeC0xygN7DsmnG3TmfGtCWXdr5KurfO6p6xcS9-OKHIacdao9r2Ze3r2f1m_WK0GgAxL7xDe6bzzGoI6Yf87NMClJ_h9peLO4HY5QBswj9gms1h9MBCs4owJmgxUGCtHPdLDNQGogmsgMjg-gkZxGSL3HNXnrSCqzhOs8mgd70G92reKFu93e9H1m_fpi6S1pMjODg4CkFcSiz0hAjrdOihG-E_VHYkkC3Pl_nJO9wuj8DNycAzUwS6XLL5UeUOQ6Haux5LD-NbssK_yVBJ34HBYROn-2xf0uIGSeX2YjBUKujyF-bPEiablbWbdWPKlBYp17d8ptAPJ2LE3j-C5IwUrWYDzvQK15kdSYFVZ3rDxa27Q&image_url=https%3A%2F%2Fhypoterian.com%2Fie%3Fv%3D4%26c%3D0vKhDpzvh_ByMQPOf1OoSl0q5w2YWfPcD-GyNTdi-NrdwPk1mSILQv4SmjcbeyU2-wb7xxTckcBU46ysjp3XIZH-u0MAN_omxEE9DQquuTyN0SVjXxkPy0b-xq1AoPPxI_CEE1GiXCnXuJB8ImA90m_UHombBHob_a_3allK9iupbq6txNLyxCjJn6Ot_JiZihA7ZFirgNE4qQjWKTEZbNah3dwdt-G7ioYL_h1jVUYYLt5zq-qLINt5KtQjqVICYKcqSItnWglnut2EpfPNHH3zlhLIuZDM6WLc6yiEXO8p17Jf0FVIlrB6HV-wDkqdDisfKSb30fKRT_pWsvwXM0g3yeDIz8uoJtaBcjhv-opCv7Nh-dZ61uX0WEhScliCdkVnovAiynaBLftcSAQY9pigVD2n0mB2BRFs5HSK5FWFnWrG58lEfl5v-TQpog%3D%3D&skin_id=4&vertical_id=5&real_bid=0.010836&pr=&user_keywords=&auc_type=1&aid=291&ext_cid=0&device_theme=light&keywords=&format=social-scale-b_r-body&cpa=c162e8b1-c5f8-428a-a5bc-e3893149c1b1
168.119.25.22302 Found 0 B URL HTTP/2 ceb8265201.4eb28685b6.com/in/show/?mid=25539657&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1839248037&sid=612886935&cid=2703&price=0.0126&is_cpm=0&cpm=0&ecpm=0.10136816828417514&crid=49675&crtid=c749e815f15eae14d8075c784a574be8&tcid=0&out_id=0&ver=7.3.0&ver_c=&refdom=hdzog.tube&hostname=auc-inpage-hz-3-c&site_id=31307&spot_id=307&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=1663394664&created_at=2022-09-16&is_native=1&auction_queue=0&burl=-SUFd1PxhbGMUVlHQTpSXGl6VPbD89fLCHnwBgXS8q2LS1GyHAFSLA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=73307&adblock=0&auction_host=all&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.005951155277540885&placement_type_id=&skin_test=0&verify_hash=c7a040c046dd9dbf88d63e8473e2f390&score=63.48710185322771&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1839248037%26spot_id%3D307%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fhdzog.tube%252F%26idzone%3D4438142%26sid%3D1886&ml=&tag_ab=a&original_bid=0.0126&v2_track=0&url=Ze3q0gkSjACpx3V3uKHTGVp3hKlAAyf1LExDpQmocGhYRiu_Ln3KkhgWLUqjVHgyDU3vdoMGTUBKmpD56RRbaTDFoayf20YQHeMBTih8UrXHSh3OLu23ov4mDl6RKb55G200lz6SqO82cmitKiPayqC-5tqG6WG9mMN7tk6O5iyPB6umlIQgITS8xKRsK2ax9-XtcCnxsLmPtQVOOeXfA9Ty3RDt936SSdmdOuh6ts6FmzluW1yKsrgTU1NzvDKyq7-uU54dyVhvssnABGzqDHUWqcTgwUft6xdQmfHfpkwrupH36uQjmSPeC0xygN7DsmnG3TmfGtCWXdr5KurfO6p6xcS9-OKHIacdao9r2Ze3r2f1m_WK0GgAxL7xDe6bzzGoI6Yf87NMClJ_h9peLO4HY5QBswj9gms1h9MBCs4owJmgxUGCtHPdLDNQGogmsgMjg-gkZxGSL3HNXnrSCqzhOs8mgd70G92reKFu93e9H1m_fpi6S1pMjODg4CkFcSiz0hAjrdOihG-E_VHYkkC3Pl_nJO9wuj8DNycAzUwS6XLL5UeUOQ6Haux5LD-NbssK_yVBJ34HBYROn-2xf0uIGSeX2YjBUKujyF-bPEiablbWbdWPKlBYp17d8ptAPJ2LE3j-C5IwUrWYDzvQK15kdSYFVZ3rDxa27Q&image_url=https%3A%2F%2Fhypoterian.com%2Fie%3Fv%3D4%26c%3D0vKhDpzvh_ByMQPOf1OoSl0q5w2YWfPcD-GyNTdi-NrdwPk1mSILQv4SmjcbeyU2-wb7xxTckcBU46ysjp3XIZH-u0MAN_omxEE9DQquuTyN0SVjXxkPy0b-xq1AoPPxI_CEE1GiXCnXuJB8ImA90m_UHombBHob_a_3allK9iupbq6txNLyxCjJn6Ot_JiZihA7ZFirgNE4qQjWKTEZbNah3dwdt-G7ioYL_h1jVUYYLt5zq-qLINt5KtQjqVICYKcqSItnWglnut2EpfPNHH3zlhLIuZDM6WLc6yiEXO8p17Jf0FVIlrB6HV-wDkqdDisfKSb30fKRT_pWsvwXM0g3yeDIz8uoJtaBcjhv-opCv7Nh-dZ61uX0WEhScliCdkVnovAiynaBLftcSAQY9pigVD2n0mB2BRFs5HSK5FWFnWrG58lEfl5v-TQpog%3D%3D&skin_id=4&vertical_id=5&real_bid=0.010836&pr=&user_keywords=&auc_type=1&aid=291&ext_cid=0&device_theme=light&keywords=&format=social-scale-b_r-body&cpa=c162e8b1-c5f8-428a-a5bc-e3893149c1b1
IP 168.119.25.22:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /in/show/?mid=25539657&pid=0&site=native-push-adult&sc=NO&usage_type=DCH&subid=1839248037&sid=612886935&cid=2703&price=0.0126&is_cpm=0&cpm=0&ecpm=0.10136816828417514&crid=49675&crtid=c749e815f15eae14d8075c784a574be8&tcid=0&out_id=0&ver=7.3.0&ver_c=&refdom=hdzog.tube&hostname=auc-inpage-hz-3-c&site_id=31307&spot_id=307&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=1663394664&created_at=2022-09-16&is_native=1&auction_queue=0&burl=-SUFd1PxhbGMUVlHQTpSXGl6VPbD89fLCHnwBgXS8q2LS1GyHAFSLA&pop_winurl=&ip=91.90.42.154&testab=0&px_id=73307&adblock=0&auction_host=all&mm=0&yc=0&render_type=hq&campaign_type=hq&uniq=&exp=&resp_type=&iabcat=IAB25-3&min_cpm=0.005951155277540885&placement_type_id=&skin_test=0&verify_hash=c7a040c046dd9dbf88d63e8473e2f390&score=63.48710185322771&durl=https%3A%2F%2Fts.cvastico.com%2Fin%2F1546%2F%3Fad_sub%3D1839248037%26spot_id%3D307%26is_adult%3D1%26p%3Dhttps%253A%252F%252Fhdzog.tube%252F%26idzone%3D4438142%26sid%3D1886&ml=&tag_ab=a&original_bid=0.0126&v2_track=0&url=Ze3q0gkSjACpx3V3uKHTGVp3hKlAAyf1LExDpQmocGhYRiu_Ln3KkhgWLUqjVHgyDU3vdoMGTUBKmpD56RRbaTDFoayf20YQHeMBTih8UrXHSh3OLu23ov4mDl6RKb55G200lz6SqO82cmitKiPayqC-5tqG6WG9mMN7tk6O5iyPB6umlIQgITS8xKRsK2ax9-XtcCnxsLmPtQVOOeXfA9Ty3RDt936SSdmdOuh6ts6FmzluW1yKsrgTU1NzvDKyq7-uU54dyVhvssnABGzqDHUWqcTgwUft6xdQmfHfpkwrupH36uQjmSPeC0xygN7DsmnG3TmfGtCWXdr5KurfO6p6xcS9-OKHIacdao9r2Ze3r2f1m_WK0GgAxL7xDe6bzzGoI6Yf87NMClJ_h9peLO4HY5QBswj9gms1h9MBCs4owJmgxUGCtHPdLDNQGogmsgMjg-gkZxGSL3HNXnrSCqzhOs8mgd70G92reKFu93e9H1m_fpi6S1pMjODg4CkFcSiz0hAjrdOihG-E_VHYkkC3Pl_nJO9wuj8DNycAzUwS6XLL5UeUOQ6Haux5LD-NbssK_yVBJ34HBYROn-2xf0uIGSeX2YjBUKujyF-bPEiablbWbdWPKlBYp17d8ptAPJ2LE3j-C5IwUrWYDzvQK15kdSYFVZ3rDxa27Q&image_url=https%3A%2F%2Fhypoterian.com%2Fie%3Fv%3D4%26c%3D0vKhDpzvh_ByMQPOf1OoSl0q5w2YWfPcD-GyNTdi-NrdwPk1mSILQv4SmjcbeyU2-wb7xxTckcBU46ysjp3XIZH-u0MAN_omxEE9DQquuTyN0SVjXxkPy0b-xq1AoPPxI_CEE1GiXCnXuJB8ImA90m_UHombBHob_a_3allK9iupbq6txNLyxCjJn6Ot_JiZihA7ZFirgNE4qQjWKTEZbNah3dwdt-G7ioYL_h1jVUYYLt5zq-qLINt5KtQjqVICYKcqSItnWglnut2EpfPNHH3zlhLIuZDM6WLc6yiEXO8p17Jf0FVIlrB6HV-wDkqdDisfKSb30fKRT_pWsvwXM0g3yeDIz8uoJtaBcjhv-opCv7Nh-dZ61uX0WEhScliCdkVnovAiynaBLftcSAQY9pigVD2n0mB2BRFs5HSK5FWFnWrG58lEfl5v-TQpog%3D%3D&skin_id=4&vertical_id=5&real_bid=0.010836&pr=&user_keywords=&auc_type=1&aid=291&ext_cid=0&device_theme=light&keywords=&format=social-scale-b_r-body&cpa=c162e8b1-c5f8-428a-a5bc-e3893149c1b1 HTTP/1.1
Host: ceb8265201.4eb28685b6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.18.0
date: Fri, 16 Sep 2022 14:04:24 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://hypoterian.com/ie?v=4&c=7JwckVUM5MjvKzYVBGFEZbHmL7Hrmr6oxBym42QmtlGp4gFKH9b_zRN-D2-MCzUEU2eY-SI1WlMy5IwPLU9GU55KzJdgm_DfDKxlAe6MdgyPzw3yEV8Icdq7LsiG77rdUaM4n-XAHXWaxBOBlbLeoqSxXmVh0wMBfYRxnsS0Fr77uKrpTPrRWrrXEM6eivScmpMtyY8YGU8iEyA8LC4CWU_AW7lAF6Srin7oBHcKrO_c8fbe4KPk9nsJ5xxa3gPNh6OgoctAaMQkdy1vNYijUbgDVDWYTatBSiKRAeFnIbPMHM1rfDQFIKkRPAvG4SI3_gCebGwOPVIlcleXbX4s-GMP77IPuJplfuKxZ5Ea-TCLo9pF5nXJQK3srzFTsW0VunVKG7r7fuQUm99mjMqrSnx2M_Cjk46cvWDA&v1=457&v2=49675
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 5eed405bfc6bd776893a7dd9506709dd
b3fb07532c234d00b0568fdcac0fff67a731001b
fd8ada6cbdc7fbc093985a29cebb3a7c45ec113627bc34f481934d6b66039e78
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "FD8ADA6CBDC7FBC093985A29CEBB3A7C45EC113627BC34F481934D6B66039E78"
Last-Modified: Fri, 16 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17845
Expires: Fri, 16 Sep 2022 19:01:49 GMT
Date: Fri, 16 Sep 2022 14:04:24 GMT
Connection: keep-alive
hypoterian.com/ie?v=4&c=0vKhDpzvh_ByMQPOf1OoSl0q5w2YWfPcD-GyNTdi-NrdwPk1mSILQv4SmjcbeyU2-wb7xxTckcBU46ysjp3XIZH-u0MAN_omxEE9DQquuTyN0SVjXxkPy0b-xq1AoPPxI_CEE1GiXCnXuJB8ImA90m_UHombBHob_a_3allK9iupbq6txNLyxCjJn6Ot_JiZihA7ZFirgNE4qQjWKTEZbNah3dwdt-G7ioYL_h1jVUYYLt5zq-qLINt5KtQjqVICYKcqSItnWglnut2EpfPNHH3zlhLIuZDM6WLc6yiEXO8p17Jf0FVIlrB6HV-wDkqdDisfKSb30fKRT_pWsvwXM0g3yeDIz8uoJtaBcjhv-opCv7Nh-dZ61uX0WEhScliCdkVnovAiynaBLftcSAQY9pigVD2n0mB2BRFs5HSK5FWFnWrG58lEfl5v-TQpog==
213.239.207.252301 Moved Permanently 0 B URL HTTP/1.1 hypoterian.com/ie?v=4&c=0vKhDpzvh_ByMQPOf1OoSl0q5w2YWfPcD-GyNTdi-NrdwPk1mSILQv4SmjcbeyU2-wb7xxTckcBU46ysjp3XIZH-u0MAN_omxEE9DQquuTyN0SVjXxkPy0b-xq1AoPPxI_CEE1GiXCnXuJB8ImA90m_UHombBHob_a_3allK9iupbq6txNLyxCjJn6Ot_JiZihA7ZFirgNE4qQjWKTEZbNah3dwdt-G7ioYL_h1jVUYYLt5zq-qLINt5KtQjqVICYKcqSItnWglnut2EpfPNHH3zlhLIuZDM6WLc6yiEXO8p17Jf0FVIlrB6HV-wDkqdDisfKSb30fKRT_pWsvwXM0g3yeDIz8uoJtaBcjhv-opCv7Nh-dZ61uX0WEhScliCdkVnovAiynaBLftcSAQY9pigVD2n0mB2BRFs5HSK5FWFnWrG58lEfl5v-TQpog==
IP 213.239.207.252:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=0vKhDpzvh_ByMQPOf1OoSl0q5w2YWfPcD-GyNTdi-NrdwPk1mSILQv4SmjcbeyU2-wb7xxTckcBU46ysjp3XIZH-u0MAN_omxEE9DQquuTyN0SVjXxkPy0b-xq1AoPPxI_CEE1GiXCnXuJB8ImA90m_UHombBHob_a_3allK9iupbq6txNLyxCjJn6Ot_JiZihA7ZFirgNE4qQjWKTEZbNah3dwdt-G7ioYL_h1jVUYYLt5zq-qLINt5KtQjqVICYKcqSItnWglnut2EpfPNHH3zlhLIuZDM6WLc6yiEXO8p17Jf0FVIlrB6HV-wDkqdDisfKSb30fKRT_pWsvwXM0g3yeDIz8uoJtaBcjhv-opCv7Nh-dZ61uX0WEhScliCdkVnovAiynaBLftcSAQY9pigVD2n0mB2BRFs5HSK5FWFnWrG58lEfl5v-TQpog== HTTP/1.1
Host: hypoterian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 16 Sep 2022 14:04:23 GMT
content-length: 0
location: https://img.vmmcdn.com/get/37693351/71046_image.jpg
x-app-id: 12
static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
168.119.25.20200 OK 590 B URL HTTP/2 static.bookmsg.com/creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp
IP 168.119.25.20:0
ASN #24940 Hetzner Online GmbH
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 100x100, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash debce753f1ce6652c1637491fd72b1b1
fd102eb3f058f7a43b0f9ec03541681699f5895e
c2443b0a74b25158756abb7aa12832e5442adab247aab6e24514f54396c72579
GET /creatives/US/US_34c3a6403004486b593fb6a3428d7a2748437f4f_icon.webp HTTP/1.1
Host: static.bookmsg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.18.0
date: Fri, 16 Sep 2022 14:04:24 GMT
content-type: image/webp
content-length: 590
last-modified: Tue, 24 Nov 2020 14:24:12 GMT
etag: "5fbd178c-24e"
cache-control: public, max-age=315360000
accept-ranges: bytes
X-Firefox-Spdy: h2
hypoterian.com/ie?v=4&c=7JwckVUM5MjvKzYVBGFEZbHmL7Hrmr6oxBym42QmtlGp4gFKH9b_zRN-D2-MCzUEU2eY-SI1WlMy5IwPLU9GU55KzJdgm_DfDKxlAe6MdgyPzw3yEV8Icdq7LsiG77rdUaM4n-XAHXWaxBOBlbLeoqSxXmVh0wMBfYRxnsS0Fr77uKrpTPrRWrrXEM6eivScmpMtyY8YGU8iEyA8LC4CWU_AW7lAF6Srin7oBHcKrO_c8fbe4KPk9nsJ5xxa3gPNh6OgoctAaMQkdy1vNYijUbgDVDWYTatBSiKRAeFnIbPMHM1rfDQFIKkRPAvG4SI3_gCebGwOPVIlcleXbX4s-GMP77IPuJplfuKxZ5Ea-TCLo9pF5nXJQK3srzFTsW0VunVKG7r7fuQUm99mjMqrSnx2M_Cjk46cvWDA&v1=457&v2=49675
213.239.207.252301 Moved Permanently 0 B URL HTTP/1.1 hypoterian.com/ie?v=4&c=7JwckVUM5MjvKzYVBGFEZbHmL7Hrmr6oxBym42QmtlGp4gFKH9b_zRN-D2-MCzUEU2eY-SI1WlMy5IwPLU9GU55KzJdgm_DfDKxlAe6MdgyPzw3yEV8Icdq7LsiG77rdUaM4n-XAHXWaxBOBlbLeoqSxXmVh0wMBfYRxnsS0Fr77uKrpTPrRWrrXEM6eivScmpMtyY8YGU8iEyA8LC4CWU_AW7lAF6Srin7oBHcKrO_c8fbe4KPk9nsJ5xxa3gPNh6OgoctAaMQkdy1vNYijUbgDVDWYTatBSiKRAeFnIbPMHM1rfDQFIKkRPAvG4SI3_gCebGwOPVIlcleXbX4s-GMP77IPuJplfuKxZ5Ea-TCLo9pF5nXJQK3srzFTsW0VunVKG7r7fuQUm99mjMqrSnx2M_Cjk46cvWDA&v1=457&v2=49675
IP 213.239.207.252:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /ie?v=4&c=7JwckVUM5MjvKzYVBGFEZbHmL7Hrmr6oxBym42QmtlGp4gFKH9b_zRN-D2-MCzUEU2eY-SI1WlMy5IwPLU9GU55KzJdgm_DfDKxlAe6MdgyPzw3yEV8Icdq7LsiG77rdUaM4n-XAHXWaxBOBlbLeoqSxXmVh0wMBfYRxnsS0Fr77uKrpTPrRWrrXEM6eivScmpMtyY8YGU8iEyA8LC4CWU_AW7lAF6Srin7oBHcKrO_c8fbe4KPk9nsJ5xxa3gPNh6OgoctAaMQkdy1vNYijUbgDVDWYTatBSiKRAeFnIbPMHM1rfDQFIKkRPAvG4SI3_gCebGwOPVIlcleXbX4s-GMP77IPuJplfuKxZ5Ea-TCLo9pF5nXJQK3srzFTsW0VunVKG7r7fuQUm99mjMqrSnx2M_Cjk46cvWDA&v1=457&v2=49675 HTTP/1.1
Host: hypoterian.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 301 Moved Permanently
server: fasthttp
date: Fri, 16 Sep 2022 14:04:24 GMT
content-length: 0
location: https://img.vmmcdn.com/get/99966263/71046_icon.png
x-app-id: 12
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 49259f5ee7550f034de62f1a4afc066c
56a2e36c6c5a17e8cdb6895960155bc8357c05ab
b9969441c0fc7a68f67f853be6d428e88368b44c5e19fe4b984736c42245e804
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B9969441C0FC7A68F67F853BE6D428E88368B44C5E19FE4B984736C42245E804"
Last-Modified: Wed, 14 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=3483
Expires: Fri, 16 Sep 2022 15:02:27 GMT
Date: Fri, 16 Sep 2022 14:04:24 GMT
Connection: keep-alive
img.vmmcdn.com/get/37693351/71046_image.jpg
46.4.121.113200 OK 28 kB URL HTTP/2 img.vmmcdn.com/get/37693351/71046_image.jpg
IP 46.4.121.113:0
ASN #24940 Hetzner Online GmbH
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 80", baseline, precision 8, 720x480, components 3\012- data
Hash a004bf3188a7ccef2e10a7668688bb66
153b663e551f89a1c63f8f7f130d0bd94e7c6644
eab0c053e028263b899b57bfd48b9fc38ebaeb3ad1c69837add876c64a069380
GET /get/37693351/71046_image.jpg HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.14.1
date: Fri, 16 Sep 2022 14:04:24 GMT
content-type: image/jpeg
content-length: 27908
last-modified: Sat, 27 Nov 2021 11:12:16 GMT
cache-control: public, max-age=604800
etag: "61a21290-6d04"
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
img.vmmcdn.com/get/99966263/71046_icon.png
46.4.121.113200 OK 65 kB URL HTTP/2 img.vmmcdn.com/get/99966263/71046_icon.png
IP 46.4.121.113:0
ASN #24940 Hetzner Online GmbH
File type PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced\012- data
Hash fa28820bcc0c365a2cc55fd313efe719
409db3e7e6d44723c22826ea6c58d88d95fa5907
b4274f07ae50b72eb24f7e9ea62788cfd5556ca3d3811ac7e868c123e5fb490e
GET /get/99966263/71046_icon.png HTTP/1.1
Host: img.vmmcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.14.1
date: Fri, 16 Sep 2022 14:04:24 GMT
content-type: image/png
content-length: 65293
last-modified: Sat, 27 Nov 2021 11:12:16 GMT
cache-control: public, max-age=604800
etag: "61a21290-ff0d"
x-proxy-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash d98ca20ee8c127b36dfc75dca913f9de
a0e8f7e3fe952bf79b19eec2ddd45b3063a8c8c8
95ed59e057ead2feada86c3c14aa18582d2d3842655bac3134ac41b6e938007d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "95ED59E057EAD2FEADA86C3C14AA18582D2D3842655BAC3134AC41B6E938007D"
Last-Modified: Thu, 15 Sep 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6837
Expires: Fri, 16 Sep 2022 15:58:21 GMT
Date: Fri, 16 Sep 2022 14:04:24 GMT
Connection: keep-alive
13857ba7bd.4eb28685b6.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNjk1LCJzcGFjZWlkIjoyNDM2NCwidHlwZSI6InBvcCIsImlkem9uZSI6MSwiYWRfdGFncyI6InN0cmFpZ2h0IiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjI0MzY0LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6ZmFsc2UsInJlZmRvbWFpbiI6IiIsInBsIjowLCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1OH0sImJhbm5lciI6eyJ3IjoxLCJoIjoxfX1dLCJzaXRlIjp7ImlkIjoiMjQzNjQiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vaGR6b2cudHViZS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjYzMzM3MDQ5Mzg5fX0=
162.55.139.130302 Found 0 B URL HTTP/2 13857ba7bd.4eb28685b6.com/get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNjk1LCJzcGFjZWlkIjoyNDM2NCwidHlwZSI6InBvcCIsImlkem9uZSI6MSwiYWRfdGFncyI6InN0cmFpZ2h0IiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjI0MzY0LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6ZmFsc2UsInJlZmRvbWFpbiI6IiIsInBsIjowLCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1OH0sImJhbm5lciI6eyJ3IjoxLCJoIjoxfX1dLCJzaXRlIjp7ImlkIjoiMjQzNjQiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vaGR6b2cudHViZS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjYzMzM3MDQ5Mzg5fX0=
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /get/?go=1&data=eyJpbXAiOlt7InNlY3VyZSI6MSwiZXh0Ijp7ImlkIjoxNjk1LCJzcGFjZWlkIjoyNDM2NCwidHlwZSI6InBvcCIsImlkem9uZSI6MSwiYWRfdGFncyI6InN0cmFpZ2h0IiwibGFiZWxzIjoiIiwiYWxsb3dlZF9sYWJlbHMiOiIiLCJ0aXRsZSI6IiIsInN1YmlkIjoiMCIsInV0bTEiOiIiLCJ1dG0yIjoiIiwidXRtNCI6IiIsInNwb3RfaWQiOjI0MzY0LCJtdWx0aXBsZSI6ZmFsc2UsImlzX2lmcmFtZSI6ZmFsc2UsInJlZmRvbWFpbiI6IiIsInBsIjowLCJzdHJhdGFnZW0iOm51bGwsImd5ciI6MCwiYWNjZWwiOjAsInNzcCI6Mzc1OH0sImJhbm5lciI6eyJ3IjoxLCJoIjoxfX1dLCJzaXRlIjp7ImlkIjoiMjQzNjQiLCJjYXQiOlsiSUFCMjUiXSwicGFnZSI6Imh0dHBzOi8vaGR6b2cudHViZS8ifSwiZGV2aWNlIjp7InciOjEyODAsImgiOjEwMjR9LCJ1c2VyIjp7ImlkIjoiOWU0OTQ3ZjM1NzUxNDY1NDExZmQxYTRmNWMzNThjNzgifSwiZXh0Ijp7ImR0IjoxNjYzMzM3MDQ5Mzg5fX0= HTTP/1.1
Host: 13857ba7bd.4eb28685b6.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Fri, 16 Sep 2022 14:04:25 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: https://rtbrennab.com/banner/in/show/?mid=1391986146&pid=0&site=24364&sc=NO&usage_type=DCH&subid=0&sid=0&cid=13088&price=0&is_cpm=1&cpm=0.0036000000000000003&ecpm=0.0036000000000000003&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=hdzog.tube&hostname=auc-banner-hz-1&site_id=0&spot_id=24364&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=IAB25&min_cpm=0.00000010000000000000001&placement_type_id=0&skin_test=&verify_hash=&score=98&ml=&ttl=&space_id=24364&banner_width=1&banner_height=1&accel=0&gyr=0&iabcat=IAB25&url=%2F%2Fbts.red12flyw2.site%2Fin%2Fbanners%3Fkatds_ep%3DNyz86nSxaSdxGsqbGKErKl8Y2rh-JSHrJHVi4vJlkNOgtCSJxHbTCUl5TtFOiWoQnM6MOsann1mxYwKCgnsihusdNqHfCZo-MMpT9fB3t2j6a4E2QR6CQtcHiNPEScQj0zoO27EypARYrRTIWbcgqy_NgRTslF7fur4ZC2ARdFhj2lyNTZ_nFltMC2MqAUzByc7XUuxmYVduOXE8X-ndwyIjzCQ25i4gyxVGhcEpA_3a6S48Ttms68_ooQB0ENJdzDkrdneteUsRPeEeLydLWljtMytGwCcToB2jBxG-ddarMelR9auy6dKuWRgfTbYlqyi_r1AmE5IE2SAJhHhtqTf2kwPL7Ax9NOhNgK14SogLE9skYCgbgCOEkZ88adBB2K6wwPCnpD1t6LezBGt2gU07Tj9qVH1VhISglF5pIcTJbjgZFVpxv6RZPf8-BIBurMXPbx3z5mljRdsxz_YbGy16TSozxopJDjmO0bxFK5XDLFJrbG9JdUfHAELPUDRYRSyU4s8c0RD6F7SywzFS-LPtvy4rsTXQzFVmnjiyoV4J38NDgHvSTz-AUzs1OAzqNtjNAiHupA&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=straight&stratagem=
X-Firefox-Spdy: h2
rtbrennab.com/banner/in/show/?mid=1391986146&pid=0&site=24364&sc=NO&usage_type=DCH&subid=0&sid=0&cid=13088&price=0&is_cpm=1&cpm=0.0036000000000000003&ecpm=0.0036000000000000003&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=hdzog.tube&hostname=auc-banner-hz-1&site_id=0&spot_id=24364&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=IAB25&min_cpm=0.00000010000000000000001&placement_type_id=0&skin_test=&verify_hash=&score=98&ml=&ttl=&space_id=24364&banner_width=1&banner_height=1&accel=0&gyr=0&iabcat=IAB25&url=%2F%2Fbts.red12flyw2.site%2Fin%2Fbanners%3Fkatds_ep%3DNyz86nSxaSdxGsqbGKErKl8Y2rh-JSHrJHVi4vJlkNOgtCSJxHbTCUl5TtFOiWoQnM6MOsann1mxYwKCgnsihusdNqHfCZo-MMpT9fB3t2j6a4E2QR6CQtcHiNPEScQj0zoO27EypARYrRTIWbcgqy_NgRTslF7fur4ZC2ARdFhj2lyNTZ_nFltMC2MqAUzByc7XUuxmYVduOXE8X-ndwyIjzCQ25i4gyxVGhcEpA_3a6S48Ttms68_ooQB0ENJdzDkrdneteUsRPeEeLydLWljtMytGwCcToB2jBxG-ddarMelR9auy6dKuWRgfTbYlqyi_r1AmE5IE2SAJhHhtqTf2kwPL7Ax9NOhNgK14SogLE9skYCgbgCOEkZ88adBB2K6wwPCnpD1t6LezBGt2gU07Tj9qVH1VhISglF5pIcTJbjgZFVpxv6RZPf8-BIBurMXPbx3z5mljRdsxz_YbGy16TSozxopJDjmO0bxFK5XDLFJrbG9JdUfHAELPUDRYRSyU4s8c0RD6F7SywzFS-LPtvy4rsTXQzFVmnjiyoV4J38NDgHvSTz-AUzs1OAzqNtjNAiHupA&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=straight&stratagem=
162.55.139.130302 Found 0 B URL HTTP/2 rtbrennab.com/banner/in/show/?mid=1391986146&pid=0&site=24364&sc=NO&usage_type=DCH&subid=0&sid=0&cid=13088&price=0&is_cpm=1&cpm=0.0036000000000000003&ecpm=0.0036000000000000003&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=hdzog.tube&hostname=auc-banner-hz-1&site_id=0&spot_id=24364&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=IAB25&min_cpm=0.00000010000000000000001&placement_type_id=0&skin_test=&verify_hash=&score=98&ml=&ttl=&space_id=24364&banner_width=1&banner_height=1&accel=0&gyr=0&iabcat=IAB25&url=%2F%2Fbts.red12flyw2.site%2Fin%2Fbanners%3Fkatds_ep%3DNyz86nSxaSdxGsqbGKErKl8Y2rh-JSHrJHVi4vJlkNOgtCSJxHbTCUl5TtFOiWoQnM6MOsann1mxYwKCgnsihusdNqHfCZo-MMpT9fB3t2j6a4E2QR6CQtcHiNPEScQj0zoO27EypARYrRTIWbcgqy_NgRTslF7fur4ZC2ARdFhj2lyNTZ_nFltMC2MqAUzByc7XUuxmYVduOXE8X-ndwyIjzCQ25i4gyxVGhcEpA_3a6S48Ttms68_ooQB0ENJdzDkrdneteUsRPeEeLydLWljtMytGwCcToB2jBxG-ddarMelR9auy6dKuWRgfTbYlqyi_r1AmE5IE2SAJhHhtqTf2kwPL7Ax9NOhNgK14SogLE9skYCgbgCOEkZ88adBB2K6wwPCnpD1t6LezBGt2gU07Tj9qVH1VhISglF5pIcTJbjgZFVpxv6RZPf8-BIBurMXPbx3z5mljRdsxz_YbGy16TSozxopJDjmO0bxFK5XDLFJrbG9JdUfHAELPUDRYRSyU4s8c0RD6F7SywzFS-LPtvy4rsTXQzFVmnjiyoV4J38NDgHvSTz-AUzs1OAzqNtjNAiHupA&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=straight&stratagem=
IP 162.55.139.130:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /banner/in/show/?mid=1391986146&pid=0&site=24364&sc=NO&usage_type=DCH&subid=0&sid=0&cid=13088&price=0&is_cpm=1&cpm=0.0036000000000000003&ecpm=0.0036000000000000003&crid=&crtid=d41d8cd98f00b204e9800998ecf8427e&tcid=0&out_id=&ver=&ver_c=&refdom=hdzog.tube&hostname=auc-banner-hz-1&site_id=0&spot_id=24364&utm_source=&utm_medium=&utm_campaign=&utm_content=&expirationTimestamp=0&created_at=0000-00-00&is_native=6&auction_queue=0&pop_winurl=&ip=91.90.42.154&testab=&px_id=0&adblock=0&auction_host=&mm=&yc=&render_type=&campaign_type=&uniq=&exp=&resp_type=iframeAd&iabcat=IAB25&min_cpm=0.00000010000000000000001&placement_type_id=0&skin_test=&verify_hash=&score=98&ml=&ttl=&space_id=24364&banner_width=1&banner_height=1&accel=0&gyr=0&iabcat=IAB25&url=%2F%2Fbts.red12flyw2.site%2Fin%2Fbanners%3Fkatds_ep%3DNyz86nSxaSdxGsqbGKErKl8Y2rh-JSHrJHVi4vJlkNOgtCSJxHbTCUl5TtFOiWoQnM6MOsann1mxYwKCgnsihusdNqHfCZo-MMpT9fB3t2j6a4E2QR6CQtcHiNPEScQj0zoO27EypARYrRTIWbcgqy_NgRTslF7fur4ZC2ARdFhj2lyNTZ_nFltMC2MqAUzByc7XUuxmYVduOXE8X-ndwyIjzCQ25i4gyxVGhcEpA_3a6S48Ttms68_ooQB0ENJdzDkrdneteUsRPeEeLydLWljtMytGwCcToB2jBxG-ddarMelR9auy6dKuWRgfTbYlqyi_r1AmE5IE2SAJhHhtqTf2kwPL7Ax9NOhNgK14SogLE9skYCgbgCOEkZ88adBB2K6wwPCnpD1t6LezBGt2gU07Tj9qVH1VhISglF5pIcTJbjgZFVpxv6RZPf8-BIBurMXPbx3z5mljRdsxz_YbGy16TSozxopJDjmO0bxFK5XDLFJrbG9JdUfHAELPUDRYRSyU4s8c0RD6F7SywzFS-LPtvy4rsTXQzFVmnjiyoV4J38NDgHvSTz-AUzs1OAzqNtjNAiHupA&pr=&bid_crid=&bid_cid=&is_iframe=0&ad_tags=straight&stratagem= HTTP/1.1
Host: rtbrennab.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hdzog.tube/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: nginx/1.16.0
date: Fri, 16 Sep 2022 14:04:25 GMT
content-length: 0
vary: Origin
cache-control: no-transform, no-cache, no-store, must-revalidate
pragma: no-cache
access-control-allow-origin: *
access-control-allow-headers: Content-Type
access-control-allow-methods: *
location: //bts.red12flyw2.site/in/banners?katds_ep=Nyz86nSxaSdxGsqbGKErKl8Y2rh-JSHrJHVi4vJlkNOgtCSJxHbTCUl5TtFOiWoQnM6MOsann1mxYwKCgnsihusdNqHfCZo-MMpT9fB3t2j6a4E2QR6CQtcHiNPEScQj0zoO27EypARYrRTIWbcgqy_NgRTslF7fur4ZC2ARdFhj2lyNTZ_nFltMC2MqAUzByc7XUuxmYVduOXE8X-ndwyIjzCQ25i4gyxVGhcEpA_3a6S48Ttms68_ooQB0ENJdzDkrdneteUsRPeEeLydLWljtMytGwCcToB2jBxG-ddarMelR9auy6dKuWRgfTbYlqyi_r1AmE5IE2SAJhHhtqTf2kwPL7Ax9NOhNgK14SogLE9skYCgbgCOEkZ88adBB2K6wwPCnpD1t6LezBGt2gU07Tj9qVH1VhISglF5pIcTJbjgZFVpxv6RZPf8-BIBurMXPbx3z5mljRdsxz_YbGy16TSozxopJDjmO0bxFK5XDLFJrbG9JdUfHAELPUDRYRSyU4s8c0RD6F7SywzFS-LPtvy4rsTXQzFVmnjiyoV4J38NDgHvSTz-AUzs1OAzqNtjNAiHupA
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6f568e801eebb50027fa55be6aab6c99
bbcf5978a953a9a29fc292c53e202a4bb57fff62
514ee25337921280eb20c4692555dad4580a696919cc757b75333823ce17718d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "514EE25337921280EB20C4692555DAD4580A696919CC757B75333823CE17718D"
Last-Modified: Wed, 14 Sep 2022 04:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1513
Expires: Fri, 16 Sep 2022 14:29:38 GMT
Date: Fri, 16 Sep 2022 14:04:25 GMT
Connection: keep-alive
bts.red12flyw2.site/in/banners?katds_ep=Nyz86nSxaSdxGsqbGKErKl8Y2rh-JSHrJHVi4vJlkNOgtCSJxHbTCUl5TtFOiWoQnM6MOsann1mxYwKCgnsihusdNqHfCZo-MMpT9fB3t2j6a4E2QR6CQtcHiNPEScQj0zoO27EypARYrRTIWbcgqy_NgRTslF7fur4ZC2ARdFhj2lyNTZ_nFltMC2MqAUzByc7XUuxmYVduOXE8X-ndwyIjzCQ25i4gyxVGhcEpA_3a6S48Ttms68_ooQB0ENJdzDkrdneteUsRPeEeLydLWljtMytGwCcToB2jBxG-ddarMelR9auy6dKuWRgfTbYlqyi_r1AmE5IE2SAJhHhtqTf2kwPL7Ax9NOhNgK14SogLE9skYCgbgCOEkZ88adBB2K6wwPCnpD1t6LezBGt2gU07Tj9qVH1VhISglF5pIcTJbjgZFVpxv6RZPf8-BIBurMXPbx3z5mljRdsxz_YbGy16TSozxopJDjmO0bxFK5XDLFJrbG9JdUfHAELPUDRYRSyU4s8c0RD6F7SywzFS-LPtvy4rsTXQzFVmnjiyoV4J38NDgHvSTz-AUzs1OAzqNtjNAiHupA
109.206.163.112302 Found 0 B URL HTTP/2 bts.red12flyw2.site/in/banners?katds_ep=Nyz86nSxaSdxGsqbGKErKl8Y2rh-JSHrJHVi4vJlkNOgtCSJxHbTCUl5TtFOiWoQnM6MOsann1mxYwKCgnsihusdNqHfCZo-MMpT9fB3t2j6a4E2QR6CQtcHiNPEScQj0zoO27EypARYrRTIWbcgqy_NgRTslF7fur4ZC2ARdFhj2lyNTZ_nFltMC2MqAUzByc7XUuxmYVduOXE8X-ndwyIjzCQ25i4gyxVGhcEpA_3a6S48Ttms68_ooQB0ENJdzDkrdneteUsRPeEeLydLWljtMytGwCcToB2jBxG-ddarMelR9auy6dKuWRgfTbYlqyi_r1AmE5IE2SAJhHhtqTf2kwPL7Ax9NOhNgK14SogLE9skYCgbgCOEkZ88adBB2K6wwPCnpD1t6LezBGt2gU07Tj9qVH1VhISglF5pIcTJbjgZFVpxv6RZPf8-BIBurMXPbx3z5mljRdsxz_YbGy16TSozxopJDjmO0bxFK5XDLFJrbG9JdUfHAELPUDRYRSyU4s8c0RD6F7SywzFS-LPtvy4rsTXQzFVmnjiyoV4J38NDgHvSTz-AUzs1OAzqNtjNAiHupA
IP 109.206.163.112:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/banners?katds_ep=Nyz86nSxaSdxGsqbGKErKl8Y2rh-JSHrJHVi4vJlkNOgtCSJxHbTCUl5TtFOiWoQnM6MOsann1mxYwKCgnsihusdNqHfCZo-MMpT9fB3t2j6a4E2QR6CQtcHiNPEScQj0zoO27EypARYrRTIWbcgqy_NgRTslF7fur4ZC2ARdFhj2lyNTZ_nFltMC2MqAUzByc7XUuxmYVduOXE8X-ndwyIjzCQ25i4gyxVGhcEpA_3a6S48Ttms68_ooQB0ENJdzDkrdneteUsRPeEeLydLWljtMytGwCcToB2jBxG-ddarMelR9auy6dKuWRgfTbYlqyi_r1AmE5IE2SAJhHhtqTf2kwPL7Ax9NOhNgK14SogLE9skYCgbgCOEkZ88adBB2K6wwPCnpD1t6LezBGt2gU07Tj9qVH1VhISglF5pIcTJbjgZFVpxv6RZPf8-BIBurMXPbx3z5mljRdsxz_YbGy16TSozxopJDjmO0bxFK5XDLFJrbG9JdUfHAELPUDRYRSyU4s8c0RD6F7SywzFS-LPtvy4rsTXQzFVmnjiyoV4J38NDgHvSTz-AUzs1OAzqNtjNAiHupA HTTP/1.1
Host: bts.red12flyw2.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hdzog.tube/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Fri, 16 Sep 2022 14:04:25 GMT
content-length: 0
cache-control: no-cache, no-store, must-revalidate
location: //tb.baimgfroggd.site/in/1816/?user_id=1226b69f493e2b52840123381dd0c9d9826d0551&bid=0.004235&katds_labels=&utm1=tcb&utm2=746462914-1&utm3=195-21720-0&utm4=0-9039295-14&ts=1663337065
pragma: no-cache
vary: *
set-cookie: 750.0=1; expires=Sat, 17 Sep 2022 14:04:25 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash f307a0de584014cd4e0c4851824a848a
2278013720807e06bea0b02e39177d1de58199b6
cf871d13e93993e70e67598514bc50fd3f0363bf70643d7171ade3f4a4a3c3ab
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "CF871D13E93993E70E67598514BC50FD3F0363BF70643D7171ADE3F4A4A3C3AB"
Last-Modified: Wed, 14 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12372
Expires: Fri, 16 Sep 2022 17:30:37 GMT
Date: Fri, 16 Sep 2022 14:04:25 GMT
Connection: keep-alive
tb.baimgfroggd.site/in/1816/?user_id=1226b69f493e2b52840123381dd0c9d9826d0551&bid=0.004235&katds_labels=&utm1=tcb&utm2=746462914-1&utm3=195-21720-0&utm4=0-9039295-14&ts=1663337065
109.206.176.122302 Found 0 B URL HTTP/2 tb.baimgfroggd.site/in/1816/?user_id=1226b69f493e2b52840123381dd0c9d9826d0551&bid=0.004235&katds_labels=&utm1=tcb&utm2=746462914-1&utm3=195-21720-0&utm4=0-9039295-14&ts=1663337065
IP 109.206.176.122:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /in/1816/?user_id=1226b69f493e2b52840123381dd0c9d9826d0551&bid=0.004235&katds_labels=&utm1=tcb&utm2=746462914-1&utm3=195-21720-0&utm4=0-9039295-14&ts=1663337065 HTTP/1.1
Host: tb.baimgfroggd.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hdzog.tube/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Fri, 16 Sep 2022 14:04:26 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://promotion-doctor.xyz/yt/ls?eu=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3DD%26q%3Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FOZO_VC9x6Kk%253Fenablejsapi%253D1%2526origin%253D%2A%2526playsinline%253D1%2526autoplay%253D1%2526mute%253D1&ee=https%3A%2F%2Fvs.javcosplay.com%2Fsts%2F&pid=60807&p=0.0100&oid=2330423&sp=0.004235&spp=1000&se=impression&ru=https%3A%2F%2Ftb.baimgfroggd.site%2Fin%2F1816%2F%3Fkatds_norep%3D1%26katds_nothrottle%3D1%26katds_nocountuniq%3D1%26katds_response%3Dpix&ab=1663337584&vi=OZO_VC9x6Kk&tcbbi=https%3A%2F%2Flh3.googleusercontent.com%2FVpAJU4nVm9mzKA2H5GVcUR7qJ8aGQhXPg-KaKDSZQDcdDgIpwGLY0b7HgluLUDFh82djR2OUm9hSwC6r4qt8s4MSJuMoiNZjzn-TWw%3Dw1440-l80-sg-rj-c0xffffff&tcbbc=https%3A%2F%2Fwww.google.com%2F&ts=1663337065&utm1=tcb&utm2=746462914-1&utm3=195-21720-0&utm4=0-9039295-14
pragma: no-cache
vary: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 1816.2330423=1; expires=Sat, 17 Sep 2022 14:04:26 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 38 kB IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 402bcb577d92974fccd4e1793b2fae83
c8027886d340266a09bb62ea08c23aafa1193259
18b02164e645c455ee971533a127d9b2a1c47e83479d5c43693b7a66057c5746
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "63BFE86E44076EE68F46595755D711D5B86FEFD5C0F25B3810CDA92EB253C629"
Last-Modified: Wed, 14 Sep 2022 22:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8597
Expires: Fri, 16 Sep 2022 16:27:43 GMT
Date: Fri, 16 Sep 2022 14:04:26 GMT
Connection: keep-alive
promotion-doctor.xyz/yt/ls?eu=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3DD%26q%3Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FOZO_VC9x6Kk%253Fenablejsapi%253D1%2526origin%253D%2A%2526playsinline%253D1%2526autoplay%253D1%2526mute%253D1&ee=https%3A%2F%2Fvs.javcosplay.com%2Fsts%2F&pid=60807&p=0.0100&oid=2330423&sp=0.004235&spp=1000&se=impression&ru=https%3A%2F%2Ftb.baimgfroggd.site%2Fin%2F1816%2F%3Fkatds_norep%3D1%26katds_nothrottle%3D1%26katds_nocountuniq%3D1%26katds_response%3Dpix&ab=1663337584&vi=OZO_VC9x6Kk&tcbbi=https%3A%2F%2Flh3.googleusercontent.com%2FVpAJU4nVm9mzKA2H5GVcUR7qJ8aGQhXPg-KaKDSZQDcdDgIpwGLY0b7HgluLUDFh82djR2OUm9hSwC6r4qt8s4MSJuMoiNZjzn-TWw%3Dw1440-l80-sg-rj-c0xffffff&tcbbc=https%3A%2F%2Fwww.google.com%2F&ts=1663337065&utm1=tcb&utm2=746462914-1&utm3=195-21720-0&utm4=0-9039295-14
109.206.161.244200 OK 11 kB URL HTTP/2 promotion-doctor.xyz/yt/ls?eu=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3DD%26q%3Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FOZO_VC9x6Kk%253Fenablejsapi%253D1%2526origin%253D%2A%2526playsinline%253D1%2526autoplay%253D1%2526mute%253D1&ee=https%3A%2F%2Fvs.javcosplay.com%2Fsts%2F&pid=60807&p=0.0100&oid=2330423&sp=0.004235&spp=1000&se=impression&ru=https%3A%2F%2Ftb.baimgfroggd.site%2Fin%2F1816%2F%3Fkatds_norep%3D1%26katds_nothrottle%3D1%26katds_nocountuniq%3D1%26katds_response%3Dpix&ab=1663337584&vi=OZO_VC9x6Kk&tcbbi=https%3A%2F%2Flh3.googleusercontent.com%2FVpAJU4nVm9mzKA2H5GVcUR7qJ8aGQhXPg-KaKDSZQDcdDgIpwGLY0b7HgluLUDFh82djR2OUm9hSwC6r4qt8s4MSJuMoiNZjzn-TWw%3Dw1440-l80-sg-rj-c0xffffff&tcbbc=https%3A%2F%2Fwww.google.com%2F&ts=1663337065&utm1=tcb&utm2=746462914-1&utm3=195-21720-0&utm4=0-9039295-14
IP 109.206.161.244:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (9199)
Hash 406c3c705f33ddb0a5a158756ece5a20
079d1b20045b3b557d68f8aa4af4ff9f9dc0021a
1d04da52596584b33cd4672c17fe48ea7bc49be52c3955f0765bf8b3b297d65c
GET /yt/ls?eu=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3DD%26q%3Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FOZO_VC9x6Kk%253Fenablejsapi%253D1%2526origin%253D%2A%2526playsinline%253D1%2526autoplay%253D1%2526mute%253D1&ee=https%3A%2F%2Fvs.javcosplay.com%2Fsts%2F&pid=60807&p=0.0100&oid=2330423&sp=0.004235&spp=1000&se=impression&ru=https%3A%2F%2Ftb.baimgfroggd.site%2Fin%2F1816%2F%3Fkatds_norep%3D1%26katds_nothrottle%3D1%26katds_nocountuniq%3D1%26katds_response%3Dpix&ab=1663337584&vi=OZO_VC9x6Kk&tcbbi=https%3A%2F%2Flh3.googleusercontent.com%2FVpAJU4nVm9mzKA2H5GVcUR7qJ8aGQhXPg-KaKDSZQDcdDgIpwGLY0b7HgluLUDFh82djR2OUm9hSwC6r4qt8s4MSJuMoiNZjzn-TWw%3Dw1440-l80-sg-rj-c0xffffff&tcbbc=https%3A%2F%2Fwww.google.com%2F&ts=1663337065&utm1=tcb&utm2=746462914-1&utm3=195-21720-0&utm4=0-9039295-14 HTTP/1.1
Host: promotion-doctor.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hdzog.tube/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:26 GMT
content-type: text/html; charset=utf-8
content-length: 11433
access-control-allow-credentials: true
access-control-allow-origin: *
strict-transport-security: max-age=15724800; includeSubDomains
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash adf062ef947d956533ac6710e4946f7a
fcf2a52666188d43290e3c46689c49dbc953c7f3
acef87cf331d35f5c7ea7577227517565a96c1cc3de4a4f514b0bafd7cf36bea
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "ACEF87CF331D35F5C7EA7577227517565A96C1CC3DE4A4F514B0BAFD7CF36BEA"
Last-Modified: Thu, 15 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4357
Expires: Fri, 16 Sep 2022 15:17:03 GMT
Date: Fri, 16 Sep 2022 14:04:26 GMT
Connection: keep-alive
cdn.doctorvideos.xyz/sm/files/ls/rb-a34acae.js
45.133.44.24200 OK 1.8 MB URL HTTP/2 cdn.doctorvideos.xyz/sm/files/ls/rb-a34acae.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 1.8 MB (1755114 bytes)
Hash 3a5b1cfcdc85ca55ce5ede4b4490e7d4
d254dd799577fce96ac2c09de15caef269126ca2
7c4ba7b655fde8e642fce60e927a1eeeb48642e1a707b43b49e1d19cdb6301c7
GET /sm/files/ls/rb-a34acae.js HTTP/1.1
Host: cdn.doctorvideos.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promotion-doctor.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:26 GMT
content-type: application/javascript; charset=utf-8
content-length: 1755114
server: nginx/1.12.2
last-modified: Fri, 02 Sep 2022 09:54:44 GMT
etag: "6311d2e4-1ac7ea"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 9.9 kB IP 142.250.74.3:0
Hash 1674ae6d36da216782c3c529afea6753
925d1478ec527222c05e052d4e3b023bdf5660ca
92b8117808f0049203fcd2a3ea162b0d622a43d926dc96cb25cacdfe71813534
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
lh3.googleusercontent.com/VpAJU4nVm9mzKA2H5GVcUR7qJ8aGQhXPg-KaKDSZQDcdDgIpwGLY0b7HgluLUDFh82djR2OUm9hSwC6r4qt8s4MSJuMoiNZjzn-TWw=w1440-l80-sg-rj-c0xffffff
142.250.74.1200 OK 40 kB URL HTTP/2 lh3.googleusercontent.com/VpAJU4nVm9mzKA2H5GVcUR7qJ8aGQhXPg-KaKDSZQDcdDgIpwGLY0b7HgluLUDFh82djR2OUm9hSwC6r4qt8s4MSJuMoiNZjzn-TWw=w1440-l80-sg-rj-c0xffffff
IP 142.250.74.1:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=2, software=Picasa], baseline, precision 8, 693x462, components 3\012- data
Hash f19407c2b238e50370b74f4c3245d5a8
93caabeb45b7e3d4afe0b60b1557afe9117e1515
a9e43c507e2164e831bc6d4fc78f1893d6860f01d7327a85e377c7ae714173bb
GET /VpAJU4nVm9mzKA2H5GVcUR7qJ8aGQhXPg-KaKDSZQDcdDgIpwGLY0b7HgluLUDFh82djR2OUm9hSwC6r4qt8s4MSJuMoiNZjzn-TWw=w1440-l80-sg-rj-c0xffffff HTTP/1.1
Host: lh3.googleusercontent.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promotion-doctor.xyz/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="unnamed.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 39552
x-xss-protection: 0
date: Fri, 16 Sep 2022 11:40:42 GMT
expires: Mon, 12 Sep 2022 19:41:24 GMT
cache-control: public, max-age=86400, no-transform
age: 8625
etag: "v1"
content-type: image/jpeg
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash ac082490a03359c5608a1f06d6a28748
5fcc0b7a4b814615f13e95b83fbc4fe99577771e
1b1e3c0fca1ad0b559b154fb01f14b9001e056bde40c07ada6bc53583b24de3f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1B1E3C0FCA1AD0B559B154FB01F14B9001E056BDE40C07ADA6BC53583B24DE3F"
Last-Modified: Fri, 16 Sep 2022 05:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2468
Expires: Fri, 16 Sep 2022 14:45:35 GMT
Date: Fri, 16 Sep 2022 14:04:27 GMT
Connection: keep-alive
cdn.doctorvideos.xyz/sm/files/ls/rv-a34acae.js
45.133.44.24200 OK 158 kB URL HTTP/2 cdn.doctorvideos.xyz/sm/files/ls/rv-a34acae.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (65536), with no line terminators
Size 158 kB (158101 bytes)
Hash b95ef24fcbbdc967acf62af80fa7e827
c1774d4fc5eab72b7e4b6c101e31a2f8700b701e
52f671c0b8a979a28c9ba3172d1af50c0e8b4cec2f6f865b2968ba5dd3bd30a2
GET /sm/files/ls/rv-a34acae.js HTTP/1.1
Host: cdn.doctorvideos.xyz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promotion-doctor.xyz/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:27 GMT
content-type: application/javascript; charset=utf-8
content-length: 158101
server: nginx/1.12.2
last-modified: Fri, 02 Sep 2022 09:54:45 GMT
etag: "6311d2e5-26995"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: max-age=315360000
x-proxy-cache: HIT
access-control-allow-origin: *
accept-ranges: bytes
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 20ae50d0df52817906a88b07b3c08138
0f999020f07959636477be4178d238d4dd460464
26eb9c5ac69c9144425fb15a481336487c1923bb141685aea110b0e3dfc20171
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
vs.javcosplay.com/sts/?eu=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3DD%26q%3Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FOZO_VC9x6Kk%253Fenablejsapi%253D1%2526origin%253D%2A%2526playsinline%253D1%2526autoplay%253D1%2526mute%253D1&ee=https%3A%2F%2Fvs.javcosplay.com%2Fsts%2F&pid=60807&p=0.0100&oid=2330423&sp=0.004235&spp=1000&se=impression&ru=https%3A%2F%2Ftb.baimgfroggd.site%2Fin%2F1816%2F%3Fkatds_norep%3D1%26katds_nothrottle%3D1%26katds_nocountuniq%3D1%26katds_response%3Dpix&ab=1663337584&vi=OZO_VC9x6Kk&tcbbi=https%3A%2F%2Flh3.googleusercontent.com%2FVpAJU4nVm9mzKA2H5GVcUR7qJ8aGQhXPg-KaKDSZQDcdDgIpwGLY0b7HgluLUDFh82djR2OUm9hSwC6r4qt8s4MSJuMoiNZjzn-TWw%3Dw1440-l80-sg-rj-c0xffffff&tcbbc=https%3A%2F%2Fwww.google.com%2F&ts=1663337065&utm1=tcb&utm2=746462914-1&utm3=195-21720-0&utm4=0-9039295-14&type=impression&isr=
109.206.163.112200 OK 2 B URL HTTP/2 vs.javcosplay.com/sts/?eu=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3DD%26q%3Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FOZO_VC9x6Kk%253Fenablejsapi%253D1%2526origin%253D%2A%2526playsinline%253D1%2526autoplay%253D1%2526mute%253D1&ee=https%3A%2F%2Fvs.javcosplay.com%2Fsts%2F&pid=60807&p=0.0100&oid=2330423&sp=0.004235&spp=1000&se=impression&ru=https%3A%2F%2Ftb.baimgfroggd.site%2Fin%2F1816%2F%3Fkatds_norep%3D1%26katds_nothrottle%3D1%26katds_nocountuniq%3D1%26katds_response%3Dpix&ab=1663337584&vi=OZO_VC9x6Kk&tcbbi=https%3A%2F%2Flh3.googleusercontent.com%2FVpAJU4nVm9mzKA2H5GVcUR7qJ8aGQhXPg-KaKDSZQDcdDgIpwGLY0b7HgluLUDFh82djR2OUm9hSwC6r4qt8s4MSJuMoiNZjzn-TWw%3Dw1440-l80-sg-rj-c0xffffff&tcbbc=https%3A%2F%2Fwww.google.com%2F&ts=1663337065&utm1=tcb&utm2=746462914-1&utm3=195-21720-0&utm4=0-9039295-14&type=impression&isr=
IP 109.206.163.112:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /sts/?eu=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3DD%26q%3Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FOZO_VC9x6Kk%253Fenablejsapi%253D1%2526origin%253D%2A%2526playsinline%253D1%2526autoplay%253D1%2526mute%253D1&ee=https%3A%2F%2Fvs.javcosplay.com%2Fsts%2F&pid=60807&p=0.0100&oid=2330423&sp=0.004235&spp=1000&se=impression&ru=https%3A%2F%2Ftb.baimgfroggd.site%2Fin%2F1816%2F%3Fkatds_norep%3D1%26katds_nothrottle%3D1%26katds_nocountuniq%3D1%26katds_response%3Dpix&ab=1663337584&vi=OZO_VC9x6Kk&tcbbi=https%3A%2F%2Flh3.googleusercontent.com%2FVpAJU4nVm9mzKA2H5GVcUR7qJ8aGQhXPg-KaKDSZQDcdDgIpwGLY0b7HgluLUDFh82djR2OUm9hSwC6r4qt8s4MSJuMoiNZjzn-TWw%3Dw1440-l80-sg-rj-c0xffffff&tcbbc=https%3A%2F%2Fwww.google.com%2F&ts=1663337065&utm1=tcb&utm2=746462914-1&utm3=195-21720-0&utm4=0-9039295-14&type=impression&isr= HTTP/1.1
Host: vs.javcosplay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://promotion-doctor.xyz
Connection: keep-alive
Referer: https://promotion-doctor.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 16 Sep 2022 14:04:27 GMT
content-type: application/json
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 1077.0=1; expires=Sat, 17 Sep 2022 14:04:27 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 91dad4479f7dcb623266cf0dcfef5875
9fcf1f0e16c17a43021ab8fb01089d2d9c9f1d3a
0dc4f9c3ecdccb7e1b7a651c72ee63acc06482b362f060547534c3196e561412
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.google.com/url?sa=D&q=https://www.youtube.com/embed/OZO_VC9x6Kk%3Fenablejsapi%3D1%26origin%3D*%26playsinline%3D1%26autoplay%3D1%26mute%3D1
142.250.74.164200 OK 603 B URL HTTP/2 www.google.com/url?sa=D&q=https://www.youtube.com/embed/OZO_VC9x6Kk%3Fenablejsapi%3D1%26origin%3D*%26playsinline%3D1%26autoplay%3D1%26mute%3D1
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF, LF line terminators
Hash ab8796995e935f85ddfd591673a170c7
1d95e71164277d755f81607eafc1cfe48e183694
900191c87d16aa999949ec4c85be41388e747ea89619f413de6615c730f8bf7b
GET /url?sa=D&q=https://www.youtube.com/embed/OZO_VC9x6Kk%3Fenablejsapi%3D1%26origin%3D*%26playsinline%3D1%26autoplay%3D1%26mute%3D1 HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://promotion-doctor.xyz/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
location: https://www.youtube.com/embed/OZO_VC9x6Kk?enablejsapi=1&origin=*&playsinline=1&autoplay=1&mute=1
cache-control: private
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=31536000
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
date: Fri, 16 Sep 2022 14:04:27 GMT
server: gws
content-length: 603
x-xss-protection: 0
expires: Fri, 16 Sep 2022 14:04:27 GMT
set-cookie: __Secure-ENID=7.SE=RbD4MuGrlX88UIkFHOtXXJZ5K2Dsuti7IMVjO53vQeyalZ6i_QyPzUV1LZ-ncz3QCP6zB6s6I5rDbZFb5uDXjNpNCeg9zqNkSMs-HsvXCKtoEJc3is4owEXpX-gs853e2JdbQJk9dS4xlwk-H8k4WjDgrotOMfvxb7QzQHaOL2s; expires=Tue, 17-Oct-2023 06:22:45 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
CONSENT=PENDING+250; expires=Sun, 15-Sep-2024 14:04:27 GMT; path=/; domain=.google.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 1.2 kB IP 142.250.74.3:0
Hash c609f5e848e2e2f9102434aaf0f45038
3defc6c3b467bdc629e4949359312476092f159c
97f8ae1026700e8f35a5153634f0289c476980d6e8c551ef44fb65a4a5b49fb0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 8ff1c0d8a380ce4a561609526d995bf5
135ecd7e71ea2823d39f8c1efcb2121618ed8167
f7228281af8d6de222aa47b3a78a627f85315244e65a8956fa2c0c7dff1bb7ad
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:27 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/s/player/a97e97de/www-player.css
142.250.74.14200 OK 49 kB URL HTTP/2 www.youtube.com/s/player/a97e97de/www-player.css
IP 142.250.74.14:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 3a057d9fa48ad6b735e91c1f7fd7909a
e6a67ab82ccccef2ff9c2a9675549db921d86a4d
62ace094defa260545fd5dad61759df34fe0ae1a8dc1f0cf40a70d28a04ea905
GET /s/player/a97e97de/www-player.css HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/OZO_VC9x6Kk?enablejsapi=1&origin=*&playsinline=1&autoplay=1&mute=1
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 49363
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Sep 2022 03:04:35 GMT
expires: Sat, 16 Sep 2023 03:04:35 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 15 Sep 2022 21:54:27 GMT
content-type: text/css
age: 39592
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/a97e97de/www-embed-player.vflset/www-embed-player.js
142.250.74.14200 OK 98 kB URL HTTP/2 www.youtube.com/s/player/a97e97de/www-embed-player.vflset/www-embed-player.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (570)
Hash 66779b8011cd9ebfa3cb7a6de301d00d
a85da451fc25564d8b0a7287ea67e644790d1a3e
75228478dd647670e9d3aeae17d741abd5f5a07d739127dfbfeded437927d7fa
GET /s/player/a97e97de/www-embed-player.vflset/www-embed-player.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/OZO_VC9x6Kk?enablejsapi=1&origin=*&playsinline=1&autoplay=1&mute=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 97939
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Sep 2022 03:04:35 GMT
expires: Sat, 16 Sep 2023 03:04:35 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 15 Sep 2022 21:54:27 GMT
content-type: text/javascript
age: 39592
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/a97e97de/fetch-polyfill.vflset/fetch-polyfill.js
142.250.74.14200 OK 2.8 kB URL HTTP/2 www.youtube.com/s/player/a97e97de/fetch-polyfill.vflset/fetch-polyfill.js
IP 142.250.74.14:0
File type Algol 68 source text\012- Pascal source, ASCII text, with very long lines (555)
Hash 80fe2d229007996c8397073b00755dc7
121f82c77bcf2a297a1085e3b092415c463fcafe
033dfa8941482c82d4f1aaa4a9172fb379b9e46a02d5b36297c5476bbbfdea2c
GET /s/player/a97e97de/fetch-polyfill.vflset/fetch-polyfill.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/OZO_VC9x6Kk?enablejsapi=1&origin=*&playsinline=1&autoplay=1&mute=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding, Origin
content-encoding: br
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 2786
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Sep 2022 03:04:35 GMT
expires: Sat, 16 Sep 2023 03:04:35 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 15 Sep 2022 21:54:27 GMT
content-type: text/javascript
age: 39592
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.youtube.com/s/player/a97e97de/player_ias.vflset/en_US/base.js
142.250.74.14200 OK 590 kB URL HTTP/2 www.youtube.com/s/player/a97e97de/player_ias.vflset/en_US/base.js
IP 142.250.74.14:0
File type ASCII text, with very long lines (554)
Size 590 kB (589794 bytes)
Hash 2cf72d6908c8dfac7e8c8c5debe1bba0
69aef6123882a5df7a9460f8b69e16ef4312d757
b2beac7d81227b7916417f65959a82092770b53ab9f3add4d2603fbcf6838375
GET /s/player/a97e97de/player_ias.vflset/en_US/base.js HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/embed/OZO_VC9x6Kk?enablejsapi=1&origin=*&playsinline=1&autoplay=1&mute=1
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
vary: Accept-Encoding, Origin
content-encoding: br
accept-ranges: bytes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-length: 589794
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Sep 2022 03:13:47 GMT
expires: Sat, 16 Sep 2023 03:13:47 GMT
cache-control: public, max-age=31536000
last-modified: Thu, 15 Sep 2022 21:54:27 GMT
content-type: text/javascript
age: 39040
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7df27d4646e6e1cd358f0997ad604ea9
bf0c3feb55312e00ed8aa718458cc1e932903ac2
ba7ebd5b66156d280c46a2e492c5830f67e114711498b405b4e57ee1f45f4905
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 15 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15344, version 1.0\012- data
Hash 5d4aeb4e5f5ef754e307d7ffaef688bd
06db651cdf354c64a7383ea9c77024ef4fb4cef8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
GET /s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15344
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 10 Sep 2022 12:31:58 GMT
expires: Sun, 10 Sep 2023 12:31:58 GMT
cache-control: public, max-age=31536000
age: 523950
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7df27d4646e6e1cd358f0997ad604ea9
bf0c3feb55312e00ed8aa718458cc1e932903ac2
ba7ebd5b66156d280c46a2e492c5830f67e114711498b405b4e57ee1f45f4905
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5cb573d3c9bcfd0aca93d5064638773c
8389db960285c5b7a5a3beaa026b0ece6b362d8a
618e5bc351dfee8d072d1357971e52a5891de7d89e8cfc57affc7ddc55082e8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 848674a3bc6b0d4d6cba22b140c574bc
ec95f08f3a5b022c3753f78e30f71d03e2895d78
069aaae82ec20e5bbcc694f9603bded464798891e5e2abc27baadeace22f6a05
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.doubleclick.net/instream/ad_status.js
216.58.207.230200 OK 29 B URL HTTP/2 static.doubleclick.net/instream/ad_status.js
IP 216.58.207.230:0
Hash 1fa71744db23d0f8df9cce6719defcb7
e4be9b7136697942a036f97cf26ebaf703ad2067
eed0dc1fdb5d97ed188ae16fd5e1024a5bb744af47340346be2146300a6c54b9
GET /instream/ad_status.js HTTP/1.1
Host: static.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
timing-allow-origin: *
content-length: 29
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 16 Sep 2022 13:59:23 GMT
expires: Fri, 16 Sep 2022 14:14:23 GMT
cache-control: public, max-age=900
age: 305
last-modified: Thu, 12 Dec 2013 23:40:16 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/id
142.250.74.130302 Found 0 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id
IP 142.250.74.130:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /pagead/id HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
location: https://googleads.g.doubleclick.net/pagead/id?slf_rd=1
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
date: Fri, 16 Sep 2022 14:04:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
x-content-type-options: nosniff
server: cafe
content-length: 0
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7975b33417f675d21a178b997288d616
1d2e957c46d45d6cb2f44389f3dcc66c880b6065
daffff63daade8bb0c2fd63570229df8502c563dd079b4da4103f6ee89fa67e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7975b33417f675d21a178b997288d616
1d2e957c46d45d6cb2f44389f3dcc66c880b6065
daffff63daade8bb0c2fd63570229df8502c563dd079b4da4103f6ee89fa67e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.youtube.com/embed/OZO_VC9x6Kk?enablejsapi=1&origin=*&playsinline=1&autoplay=1&mute=1
142.250.74.14200 OK 36 kB URL HTTP/2 www.youtube.com/embed/OZO_VC9x6Kk?enablejsapi=1&origin=*&playsinline=1&autoplay=1&mute=1
IP 142.250.74.14:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (60299)
Hash 788d9f159847e102106d2cc782aac76b
aa54ee9e82d9b418419923065a97da2c89cf2c36
42b60a48cc3159faa7ccc2907f7592ddf434d363de6fb16a397acabb8d760059
GET /embed/OZO_VC9x6Kk?enablejsapi=1&origin=*&playsinline=1&autoplay=1&mute=1 HTTP/1.1
Host: www.youtube.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.google.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/html; charset=utf-8
x-content-type-options: nosniff
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 16 Sep 2022 14:04:27 GMT
strict-transport-security: max-age=31536000
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-platform=*, ch-ua-platform-version=*
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
content-encoding: br
server: ESF
x-xss-protection: 0
set-cookie: YSC=9lvciWnQ1Us; Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none
VISITOR_INFO1_LIVE=VUSVAiaatC4; Domain=.youtube.com; Expires=Wed, 15-Mar-2023 14:04:27 GMT; Path=/; Secure; HttpOnly; SameSite=none
CONSENT=PENDING+704; expires=Sun, 15-Sep-2024 14:04:27 GMT; path=/; domain=.youtube.com; Secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 848674a3bc6b0d4d6cba22b140c574bc
ec95f08f3a5b022c3753f78e30f71d03e2895d78
069aaae82ec20e5bbcc694f9603bded464798891e5e2abc27baadeace22f6a05
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 5cb573d3c9bcfd0aca93d5064638773c
8389db960285c5b7a5a3beaa026b0ece6b362d8a
618e5bc351dfee8d072d1357971e52a5891de7d89e8cfc57affc7ddc55082e8f
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
googleads.g.doubleclick.net/pagead/id?slf_rd=1
142.250.74.130200 OK 120 B URL HTTP/2 googleads.g.doubleclick.net/pagead/id?slf_rd=1
IP 142.250.74.130:0
Hash 5f13edb71da2284de0601f08ab45be6b
38f30df0c6ad47920bf5cec42971052450d24a4f
50516015445fa372ca1e7eb4307d26ae09c3c3217f0c71f304294942fa725ade
GET /pagead/id?slf_rd=1 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://www.youtube.com
Referer: https://www.youtube.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin: https://www.youtube.com
content-type: application/json; charset=UTF-8
date: Fri, 16 Sep 2022 14:04:28 GMT
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 120
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.170200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Fri, 16 Sep 2022 14:04:28 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
yt3.ggpht.com/NQ9XE-Jbo8HKdvr3Yck_SFLaWqWS7Xhi92pZmSpDxzSOlNrk6NkRLq50zmFyTIQq0yj7IL0C=s68-c-k-c0x00ffffff-no-rj
142.250.74.161200 OK 1.5 kB URL HTTP/2 yt3.ggpht.com/NQ9XE-Jbo8HKdvr3Yck_SFLaWqWS7Xhi92pZmSpDxzSOlNrk6NkRLq50zmFyTIQq0yj7IL0C=s68-c-k-c0x00ffffff-no-rj
IP 142.250.74.161:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 68x68, components 3\012- data
Hash e83eb44b1657d497400864915bd538c2
78664beb3616cb0d540bcfcced68ff845c51a24b
43fce6521288fd2691b6aeb4b7a0b02d0c8c5f09e52cc61cdbc1858ba88a6995
GET /NQ9XE-Jbo8HKdvr3Yck_SFLaWqWS7Xhi92pZmSpDxzSOlNrk6NkRLq50zmFyTIQq0yj7IL0C=s68-c-k-c0x00ffffff-no-rj HTTP/1.1
Host: yt3.ggpht.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="channels4_profile.jpg"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 1468
x-xss-protection: 0
date: Fri, 16 Sep 2022 13:30:48 GMT
expires: Sat, 17 Sep 2022 13:30:48 GMT
cache-control: public, max-age=86400, no-transform
etag: "v1"
content-type: image/jpeg
age: 2020
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
142.250.74.170200 OK 31 kB URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/Create
IP 142.250.74.170:0
File type JSON data\012- , ASCII text, with very long lines (65536), with no line terminators
Hash a0c49a8927263aba97ab76730b3c65fe
80ec0239ab52b41390138610e5d2d248d9f3c345
9ac43696d9db7bb7a02b576b08b5be6505c789d698e2dc409e96b480fe86d84b
POST /$rpc/google.internal.waa.v1.Waa/Create HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 24
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 16 Sep 2022 14:04:28 GMT
server: ESF
cache-control: private
content-length: 30593
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 7975b33417f675d21a178b997288d616
1d2e957c46d45d6cb2f44389f3dcc66c880b6065
daffff63daade8bb0c2fd63570229df8502c563dd079b4da4103f6ee89fa67e1
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Fri, 16 Sep 2022 14:04:28 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
vs.javcosplay.com/sts/?eu=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3DD%26q%3Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FOZO_VC9x6Kk%253Fenablejsapi%253D1%2526origin%253D%2A%2526playsinline%253D1%2526autoplay%253D1%2526mute%253D1&ee=https%3A%2F%2Fvs.javcosplay.com%2Fsts%2F&pid=60807&p=0.0100&oid=2330423&sp=0.004235&spp=1000&se=impression&ru=https%3A%2F%2Ftb.baimgfroggd.site%2Fin%2F1816%2F%3Fkatds_norep%3D1%26katds_nothrottle%3D1%26katds_nocountuniq%3D1%26katds_response%3Dpix&ab=1663337584&vi=OZO_VC9x6Kk&tcbbi=https%3A%2F%2Flh3.googleusercontent.com%2FVpAJU4nVm9mzKA2H5GVcUR7qJ8aGQhXPg-KaKDSZQDcdDgIpwGLY0b7HgluLUDFh82djR2OUm9hSwC6r4qt8s4MSJuMoiNZjzn-TWw%3Dw1440-l80-sg-rj-c0xffffff&tcbbc=https%3A%2F%2Fwww.google.com%2F&ts=1663337065&utm1=tcb&utm2=746462914-1&utm3=195-21720-0&utm4=0-9039295-14&type=error
109.206.163.112200 OK 2 B URL HTTP/2 vs.javcosplay.com/sts/?eu=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3DD%26q%3Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FOZO_VC9x6Kk%253Fenablejsapi%253D1%2526origin%253D%2A%2526playsinline%253D1%2526autoplay%253D1%2526mute%253D1&ee=https%3A%2F%2Fvs.javcosplay.com%2Fsts%2F&pid=60807&p=0.0100&oid=2330423&sp=0.004235&spp=1000&se=impression&ru=https%3A%2F%2Ftb.baimgfroggd.site%2Fin%2F1816%2F%3Fkatds_norep%3D1%26katds_nothrottle%3D1%26katds_nocountuniq%3D1%26katds_response%3Dpix&ab=1663337584&vi=OZO_VC9x6Kk&tcbbi=https%3A%2F%2Flh3.googleusercontent.com%2FVpAJU4nVm9mzKA2H5GVcUR7qJ8aGQhXPg-KaKDSZQDcdDgIpwGLY0b7HgluLUDFh82djR2OUm9hSwC6r4qt8s4MSJuMoiNZjzn-TWw%3Dw1440-l80-sg-rj-c0xffffff&tcbbc=https%3A%2F%2Fwww.google.com%2F&ts=1663337065&utm1=tcb&utm2=746462914-1&utm3=195-21720-0&utm4=0-9039295-14&type=error
IP 109.206.163.112:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 99914b932bd37a50b983c5e7c90ae93b
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
GET /sts/?eu=https%3A%2F%2Fwww.google.com%2Furl%3Fsa%3DD%26q%3Dhttps%3A%2F%2Fwww.youtube.com%2Fembed%2FOZO_VC9x6Kk%253Fenablejsapi%253D1%2526origin%253D%2A%2526playsinline%253D1%2526autoplay%253D1%2526mute%253D1&ee=https%3A%2F%2Fvs.javcosplay.com%2Fsts%2F&pid=60807&p=0.0100&oid=2330423&sp=0.004235&spp=1000&se=impression&ru=https%3A%2F%2Ftb.baimgfroggd.site%2Fin%2F1816%2F%3Fkatds_norep%3D1%26katds_nothrottle%3D1%26katds_nocountuniq%3D1%26katds_response%3Dpix&ab=1663337584&vi=OZO_VC9x6Kk&tcbbi=https%3A%2F%2Flh3.googleusercontent.com%2FVpAJU4nVm9mzKA2H5GVcUR7qJ8aGQhXPg-KaKDSZQDcdDgIpwGLY0b7HgluLUDFh82djR2OUm9hSwC6r4qt8s4MSJuMoiNZjzn-TWw%3Dw1440-l80-sg-rj-c0xffffff&tcbbc=https%3A%2F%2Fwww.google.com%2F&ts=1663337065&utm1=tcb&utm2=746462914-1&utm3=195-21720-0&utm4=0-9039295-14&type=error HTTP/1.1
Host: vs.javcosplay.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://promotion-doctor.xyz
Connection: keep-alive
Referer: https://promotion-doctor.xyz/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 16 Sep 2022 14:04:28 GMT
content-type: application/json
content-length: 2
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
set-cookie: 1077.0=1; expires=Sat, 17 Sep 2022 14:04:28 GMT; path=/; secure; SameSite=None
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.170200 OK 0 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.170:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-goog-api-key,x-user-agent
Referer: https://www.youtube.com/
Origin: https://www.youtube.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
access-control-allow-origin: https://www.youtube.com
vary: origin, referer, x-origin
access-control-allow-credentials: true
access-control-allow-methods: DELETE,GET,HEAD,OPTIONS,PATCH,POST,PUT
access-control-allow-headers: content-type,x-goog-api-key,x-user-agent
access-control-max-age: 3600
date: Fri, 16 Sep 2022 14:04:28 GMT
content-type: text/html
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
142.250.74.170200 OK 110 B URL HTTP/2 jnn-pa.googleapis.com/$rpc/google.internal.waa.v1.Waa/GenerateIT
IP 142.250.74.170:0
File type JSON data\012- , ASCII text, with no line terminators
Hash b9127998ecae97b812cdd6753bfb131f
7abccc148c57c7592d71ffd57e8758c5c88fd707
2fb89c98b3b8a7dcdff717e2e2fec1957ebdc7bee4efae534aa43450d6649851
POST /$rpc/google.internal.waa.v1.Waa/GenerateIT HTTP/1.1
Host: jnn-pa.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Goog-Api-Key: AIzaSyDyT5W0Jh49F30Pqqtyfdf7pDLFKLJoAnw
Content-Type: application/json+protobuf
X-User-Agent: grpc-web-javascript/0.1
Content-Length: 1008
Origin: https://www.youtube.com
Connection: keep-alive
Referer: https://www.youtube.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-type: application/json+protobuf; charset=UTF-8
vary: Origin, X-Origin, Referer
content-encoding: gzip
date: Fri, 16 Sep 2022 14:04:28 GMT
server: ESF
cache-control: private
content-length: 110
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
access-control-allow-origin: https://www.youtube.com
access-control-allow-credentials: true
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
sw.wpu.sh/npc/sdk/common/service-worker.js
45.133.44.24200 OK 0 B URL HTTP/2 sw.wpu.sh/npc/sdk/common/service-worker.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/common/service-worker.js HTTP/1.1
Host: sw.wpu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:23 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 14 Sep 2022 10:35:27 GMT
etag: W/"6321ae6f-158c"
content-encoding: gzip
expires: Fri, 16 Sep 2022 14:09:23 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
hdzog.tube/
172.67.178.132200 OK 0 B IP 172.67.178.132:0
GET / HTTP/1.1
Host: hdzog.tube
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:21 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.2.34
access-control-allow-origin: *
set-cookie: tccloak=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=hdzog.tube
kt_lang=en; expires=Mon, 11-Sep-2023 14:04:23 GMT; Max-Age=31104000; path=/; domain=.hdzog.tube
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dGR8RerGW4yXIDo6Q4iWUrh2JxPSKzGcHtuf7Hyeoel6kZF%2BqZZlCY01D9fBhbeNoBOaVoxv7eov7itAa0bsIRfN8hi8tlrvkOs2IYKdP3MLUXoLKfrGIXzOXD%2FI"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74ba2699afe31c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/common/core.js
45.133.44.24200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/common/core.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/common/core.js HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://hdzog.tube/
Origin: https://hdzog.tube
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:23 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 14 Sep 2022 10:35:27 GMT
etag: W/"6321ae6f-1b6cb"
content-encoding: gzip
expires: Fri, 16 Sep 2022 14:09:23 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
sw.wpu.sh/npc/sdk/common/service-worker.js
45.133.44.24200 OK 0 B URL HTTP/2 sw.wpu.sh/npc/sdk/common/service-worker.js
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/common/service-worker.js HTTP/1.1
Host: sw.wpu.sh
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Service-Worker: script
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:24 GMT
content-type: application/javascript; charset=utf-8
server: nginx/1.18.0
last-modified: Wed, 14 Sep 2022 10:35:27 GMT
etag: W/"6321ae6f-158c"
content-encoding: gzip
expires: Fri, 16 Sep 2022 14:09:24 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2
btds.zog.link/in/dl/?screen_resolution=1280x1024&dt=1663337046127&ad_sub=0&mo=&ve=&katds_labels=&site_id=33008259&p=https%3A//hdzog.tube/&zone=hdz_hardlink&utm1=&utm2=&utm3=&utm4=&ad_tags=straight&title=&katds_rcc=2
109.206.161.16200 OK 0 B URL HTTP/2 btds.zog.link/in/dl/?screen_resolution=1280x1024&dt=1663337046127&ad_sub=0&mo=&ve=&katds_labels=&site_id=33008259&p=https%3A//hdzog.tube/&zone=hdz_hardlink&utm1=&utm2=&utm3=&utm4=&ad_tags=straight&title=&katds_rcc=2
IP 109.206.161.16:0
GET /in/dl/?screen_resolution=1280x1024&dt=1663337046127&ad_sub=0&mo=&ve=&katds_labels=&site_id=33008259&p=https%3A//hdzog.tube/&zone=hdz_hardlink&utm1=&utm2=&utm3=&utm4=&ad_tags=straight&title=&katds_rcc=2 HTTP/1.1
Host: btds.zog.link
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hdzog.tube
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx/1.20.1
date: Fri, 16 Sep 2022 14:04:22 GMT
content-type: application/json
vary: Accept-Encoding
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
set-cookie: 953.73385=1; expires=Sat, 17 Sep 2022 14:04:22 GMT; path=/; secure; SameSite=None
content-encoding: gzip
X-Firefox-Spdy: h2
js.wpshsdk.com/npc/sdk/push/styles.css
45.133.44.24200 OK 0 B URL HTTP/2 js.wpshsdk.com/npc/sdk/push/styles.css
IP 45.133.44.24:0
ASN #39572 DataWeb Global Group B.V.
GET /npc/sdk/push/styles.css HTTP/1.1
Host: js.wpshsdk.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hdzog.tube/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Fri, 16 Sep 2022 14:04:24 GMT
content-type: text/css
server: nginx/1.18.0
last-modified: Tue, 30 Aug 2022 09:15:33 GMT
etag: W/"630dd535-10f4"
content-encoding: gzip
expires: Fri, 16 Sep 2022 14:09:24 GMT
cache-control: max-age=300
x-proxy-cache: HIT
access-control-allow-origin: *
X-Firefox-Spdy: h2