vivud.com/video/1262950/
104.21.92.169301 Moved Permanently 0 B IP 104.21.92.169:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /video/1262950/ HTTP/1.1
Host: vivud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Tue, 13 Sep 2022 11:22:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Tue, 13 Sep 2022 12:22:02 GMT
Location: https://vivud.com/video/1262950/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oY1OVWpuY2cVCIGoa2ZPn9lEc8e0qTZ75IX8VqY9XaM%2BCHf3u8DZ17LlKtLyAv2f1QP2hzhtwk%2FvpH65VkB%2BE22MZkzXYJtIPHsnPbchwsXmSGUB17LWsSXd6FM%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74a080b4ca54b500-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/
143.204.55.27200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 99b7d23c1748d0526782b9ff9ea45f09
eadd801a3ba2aa00632c6fb52e1f9125bd6d5b4f
48f81668f76955320480b484138aebdad5d03c471036b4449c737aca1ecab08e
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Type, Content-Length, Backoff, Retry-After, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Tue, 13 Sep 2022 11:08:43 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 aac54e3fe9825ce24d51e0204433c2c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: t_Cuhf50uzk5zTtnIfv-wwVg5fwnrQjODLvPP2LCan_dOQeuNu0Z2w==
Age: 799
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash be88d3e043e3b95b52e41812e50fb634
0318ba1ce487817ea7cba61dd9413bed29213800
b5f178d23e633283f226cca7a9ae79b01e6cab2299ff7065c980d3a9953212fd
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B5F178D23E633283F226CCA7A9AE79B01E6CAB2299FF7065C980D3A9953212FD"
Last-Modified: Tue, 13 Sep 2022 06:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4457
Expires: Tue, 13 Sep 2022 12:36:19 GMT
Date: Tue, 13 Sep 2022 11:22:02 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
143.204.55.110200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain
IP 143.204.55.110:0
File type PEM certificate\012- , ASCII text
Hash 742edb4038f38bc533514982f3d2e861
cc3a20c8dc2a8c632ef9387a2744253f1e3fdef1
b6bfa49d3d135035701231db2fffc0c0643444394009a94c6a1b4d829d6b8345
GET /chains/remote-settings.content-signature.mozilla.org-2022-10-09-23-18-04.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: binary/octet-stream
content-length: 5348
last-modified: Sat, 20 Aug 2022 23:18:05 GMT
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
date: Tue, 13 Sep 2022 07:17:13 GMT
etag: "742edb4038f38bc533514982f3d2e861"
x-cache: Hit from cloudfront
via: 1.1 4f01f770085624552bc30a98954f963a.cloudfront.net (CloudFront)
x-amz-cf-pop: OSL50-C1
x-amz-cf-id: vwITiEhOv40DUW8ex6hVCDsXOE_eWX2uWk2LYGzfbb9f0bhHpDpU8Q==
age: 24408
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 11:22:02 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
143.204.55.27200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 143.204.55.27:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: ETag, Expires, Content-Length, Cache-Control, Pragma, Content-Type, Alert, Backoff, Last-Modified, Retry-After
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Cache-Control: max-age=3600
Date: Tue, 13 Sep 2022 11:03:22 GMT
Expires: Tue, 13 Sep 2022 11:50:13 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 5de23153ac267c206221751e1cccb6e8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: NnNDqA76g9EqZ17W99Y6Elvi4k31Mue5kWKDFjX8UEPbC1S3pPptCA==
Age: 1121
ocsp.digicert.com/
93.184.220.29200 OK 114 kB IP 93.184.220.29:0
Size 114 kB (113909 bytes)
Hash 588516df711a7c49babce7dd8a22af81
3bd40d72fea756ddf446f6039a74ebbe2bc3dfb3
d629161eff4e3c961a9116f6211240fc96e4101c245c4d24e2cd6103bdb339d0
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 6197
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:03 GMT
Last-Modified: Tue, 13 Sep 2022 09:38:46 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
push.services.mozilla.com/
44.236.232.139101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.236.232.139:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: PS/90mf8Dp8CZfYGbIu6+w==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: i3Ccn2dta1kJjxceqW7/VOTnbF4=
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 99ac58e31823e14c61344b1186f0a99b
1fe1d7a8d8eab5609700db58c1e1e3ef5b3158ef
eb59131dd4c749959de788468f66b293ef7327a73bf2c030813ace3b52e2e80e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB59131DD4C749959DE788468F66B293EF7327A73BF2C030813ACE3B52E2E80E"
Last-Modified: Mon, 12 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11922
Expires: Tue, 13 Sep 2022 14:40:45 GMT
Date: Tue, 13 Sep 2022 11:22:03 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 99ac58e31823e14c61344b1186f0a99b
1fe1d7a8d8eab5609700db58c1e1e3ef5b3158ef
eb59131dd4c749959de788468f66b293ef7327a73bf2c030813ace3b52e2e80e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EB59131DD4C749959DE788468F66B293EF7327A73BF2C030813ACE3B52E2E80E"
Last-Modified: Mon, 12 Sep 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11883
Expires: Tue, 13 Sep 2022 14:40:06 GMT
Date: Tue, 13 Sep 2022 11:22:03 GMT
Connection: keep-alive
crisistuesdayartillery.com/b8/7f/75/b87f75bdc1aa1522b4120b0ac9406b1d.js
192.243.61.227200 OK 20 kB URL HTTP/1.1 crisistuesdayartillery.com/b8/7f/75/b87f75bdc1aa1522b4120b0ac9406b1d.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (59147)
Hash ec0e73175aebb5664c3ad1e12a04854d
dcbf540c5c3584f25686154aee6c09a025722469
76b308faa625b85c4ec26f68c55722df725bccf579a7530aeb48d3d82c98c75c
GET /b8/7f/75/b87f75bdc1aa1522b4120b0ac9406b1d.js HTTP/1.1
Host: crisistuesdayartillery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 13 Sep 2022 11:22:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Set-Cookie: 4b4e7ab587d59b22ad7bcd2439afc363_hd28118=0; expires=Wed, 21 Sep 2022 11:22:03 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 15fda88b82f8fa99b5e39cff80e49242
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
crisistuesdayartillery.com/36/7f/42/367f420de7c0141ff3c8b701a6a2b135.js
192.243.61.227200 OK 13 kB URL HTTP/1.1 crisistuesdayartillery.com/36/7f/42/367f420de7c0141ff3c8b701a6a2b135.js
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (37175), with no line terminators
Hash 8d2beb801b912095236e1f0559ecca74
b87dd610658b52a124309a7c604566b19f7878fb
b188817044044ad1a1534261878c87b5c4f1626cd5b19201e59752cabfc3bd28
GET /36/7f/42/367f420de7c0141ff3c8b701a6a2b135.js HTTP/1.1
Host: crisistuesdayartillery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 13 Sep 2022 11:22:03 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: d69c0861dd0db8c080e4082499636af2
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.33.119.27200 OK 416 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash ffbed42029c16fc5f3e37665a1bfb7d1
ebe6e8b9e685ca4810e0a15fb553d20d777766ad
ca5a261ea921867b2851e2f68536ab0c55c82893e7580497f5e82b86177b94df
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EAD4DDAD3BB0B9034FE33C6D03EC1AAE7F08D11610EA797BA61E01EB9A53745E"
Last-Modified: Mon, 12 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11171
Expires: Tue, 13 Sep 2022 14:28:14 GMT
Date: Tue, 13 Sep 2022 11:22:03 GMT
Connection: keep-alive
cdn.o333o.com/asg_embed.js
205.185.216.42200 OK 34 kB URL HTTP/1.1 cdn.o333o.com/asg_embed.js
IP 205.185.216.42:0
File type Unicode text, UTF-8 text, with very long lines (37787), with NEL line terminators
Hash d8fdc76a5dd33ac3190ab73914c02bea
7f1fc36aae54753d2812c23e5fec79d6479cd4f5
0b2961675123d94e9b55ff2587fc3a28d65a4e41d6d5a46e9fc92e7d5b71f9d3
GET /asg_embed.js HTTP/1.1
Host: cdn.o333o.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 13 Sep 2022 11:22:03 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 34388
Content-Type: application/javascript
Last-Modified: Mon, 12 Sep 2022 15:23:48 GMT
Accept-Ranges: bytes
Server: nginx
ETag: "631f4f04-8654"
Cache-Control: max-age=315360000, public
X-HW: 1663068123.dop229.sk1.t,1663068123.cds003.sk1.shn,1663068123.dop229.sk1.t,1663068123.cds255.sk1.c
Access-Control-Allow-Origin: *
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 349efb77dc286c5653310b0358a6221c
b943ed167db03fc167d8811af5b227b2a9fb9191
4f24854f12c2afa74b77b523fa34a78cc756ead857140680c1e76eb7668305a7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 13 Sep 2022 11:22:03 GMT
Last-Modified: Tue, 13 Sep 2022 09:33:45 GMT
Server: ECS (nyb/1D0D)
X-Cache: Miss from cloudfront
Via: 1.1 6480520a5e02f3163410e3134bd77baa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: 0YputVDknLtbOUii40soq_Z66ZVIzqiDiyAShK_0NSdD_Cdjl63c6A==
Age: 6499
ocsp.sca1b.amazontrust.com/
143.204.42.88200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 143.204.42.88:0
Hash 349efb77dc286c5653310b0358a6221c
b943ed167db03fc167d8811af5b227b2a9fb9191
4f24854f12c2afa74b77b523fa34a78cc756ead857140680c1e76eb7668305a7
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Tue, 13 Sep 2022 11:22:03 GMT
Last-Modified: Tue, 13 Sep 2022 09:47:27 GMT
Server: ECS (nyb/1D0E)
X-Cache: Miss from cloudfront
Via: 1.1 057fdebf738f5915bf38a78949190758.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-C1
X-Amz-Cf-Id: nrxTrF1T1keQgYCfpywxjs1soYK02AYdNTbSezdElxTLnMnXyA3V5A==
Age: 5676
simplewebanalysis.com/stats
52.59.153.168200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.59.153.168:0
File type ASCII text, with no line terminators
Hash 265b850fbeb957c3f990dacb236fb5f0
fb9eefd45dd3a0bf9816a9d3ba37a03b9d2291c8
64ff07459b7f37e1ffb107165984f5b1e5b12004548db288d90fd4c86236d1d8
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:03 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://vivud.com
access-control-allow-credentials: true
set-cookie: uid_id2=fe6a3bcd-c63a-4d53-b676-767e4f64c605:2:1; expires=Fri, 10 Sep 2032 11:22:03 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.59.153.168200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.59.153.168:0
File type ASCII text, with no line terminators
Hash be55d2cfb228b207b5542a2548bc9aec
a37285a56ab3cfe1015e8e480903ede69a55730f
a576202d5121e511b690b1d1745c381afa645a2c6c639f826069c83376ca8b74
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:03 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://vivud.com
access-control-allow-credentials: true
set-cookie: uid_id2=9e9f2a04-2095-4a58-83e4-b618acbdfedf:1:1; expires=Fri, 10 Sep 2032 11:22:03 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 345 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 2d6891616af65aebebfd5277681cbb99
fc8dd4dfa4b3245c2d9f3d2469306ba3ce03c599
ead4ddad3bb0b9034fe33c6d03ec1aae7f08d11610ea797ba61e01eb9a53745e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "EAD4DDAD3BB0B9034FE33C6D03EC1AAE7F08D11610EA797BA61E01EB9A53745E"
Last-Modified: Mon, 12 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11171
Expires: Tue, 13 Sep 2022 14:28:14 GMT
Date: Tue, 13 Sep 2022 11:22:03 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 5b9b4d6ebd285073c7ce3b2835db39ea
745b91aa039ff4c49f2292fe8e01426c98228712
1aef2a34cc645153f1e4c683cf0375ab26e4835769da81ae2b8e0f7e09af9254
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "1AEF2A34CC645153F1E4C683CF0375AB26E4835769DA81AE2B8E0F7E09AF9254"
Last-Modified: Mon, 12 Sep 2022 13:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16658
Expires: Tue, 13 Sep 2022 15:59:42 GMT
Date: Tue, 13 Sep 2022 11:22:04 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 503237177a3d86d83f4c970effc37833
e2c733d5fe37ec941521578d5bdcf0bcad00d7e5
16380371ae5fc51ca985271a1fccdcd8e203b4af6134e8ffbe4e957a04180764
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "16380371AE5FC51CA985271A1FCCDCD8E203B4AF6134E8FFBE4E957A04180764"
Last-Modified: Sun, 11 Sep 2022 03:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8700
Expires: Tue, 13 Sep 2022 13:47:04 GMT
Date: Tue, 13 Sep 2022 11:22:04 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7c85e22b75dd559a6c65736bae63c5bd
eb57470991666108a01b8ee0adf707e1c1dc8642
bd05cc5dfc5ddd554cc9ac5395035ce302b0b74343d199a64b2dbdcac0070944
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.googletagservices.com/tag/js/gpt.js
142.250.74.162200 OK 29 kB URL HTTP/2 www.googletagservices.com/tag/js/gpt.js
IP 142.250.74.162:0
File type ASCII text, with very long lines (45046)
Hash 0e4c6106ecfbb8404e60bb0a4a790ef3
598daf445a579ab59ce61f5f55daba3e307851f8
c62b3eeb0c6b6ad2ef5b9bb42145f3c998d914c51d71309bee1c4f55c14abcde
GET /tag/js/gpt.js HTTP/1.1
Host: www.googletagservices.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 28695
date: Tue, 13 Sep 2022 11:22:04 GMT
expires: Tue, 13 Sep 2022 11:22:04 GMT
cache-control: private, max-age=900, stale-while-revalidate=3600
etag: "1332 / 988 of 1000 / last-modified: 1663067144"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
refutationtiptoe.com/pixel/purst?dl=0&th=0&sc=0&rs=1343&rd=1343&fd=827&bv=22.9.v.1&tmpl=70
173.233.137.44200 OK 0 B URL HTTP/1.1 refutationtiptoe.com/pixel/purst?dl=0&th=0&sc=0&rs=1343&rd=1343&fd=827&bv=22.9.v.1&tmpl=70
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1343&rd=1343&fd=827&bv=22.9.v.1&tmpl=70 HTTP/1.1
Host: refutationtiptoe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 13 Sep 2022 11:22:04 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7c85e22b75dd559a6c65736bae63c5bd
eb57470991666108a01b8ee0adf707e1c1dc8642
bd05cc5dfc5ddd554cc9ac5395035ce302b0b74343d199a64b2dbdcac0070944
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 75bed4d80cb3dab43e249f315bde2c7d
5fcb3cc68a361891777674cde60b99507dadcddb
1990f16373a47dee14e19f0852866afe4086bc8c8ab66e38b7ee36a4dcd983b0
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 13 Sep 2022 11:22:04 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sat, 17 Sep 2022 09:41:33 GMT
ETag: "5fcb3cc68a361891777674cde60b99507dadcddb"
Last-Modified: Tue, 13 Sep 2022 09:41:34 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 794
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74a080c0e85db523-OSL
banquetunarmedgrater.com/advertisers.js
192.243.59.20200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Tue, 13 Sep 2022 11:22:04 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 6f9464d2e757f983ee54abb9a11e3e62
Strict-Transport-Security: max-age=0; includeSubdomains
securepubads.g.doubleclick.net/pagead/ppub_config?ippd=vivud.com
142.250.74.66200 OK 45 B URL HTTP/2 securepubads.g.doubleclick.net/pagead/ppub_config?ippd=vivud.com
IP 142.250.74.66:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 13c430a61f52ba15dae7efe3489c983f
9fe06bf09115214f3f273d82a2fee54b37ef285e
c2502df4ce33e790090c18d7519e16a7bf00cfe1bc4efe1d4425e829a3b804b0
GET /pagead/ppub_config?ippd=vivud.com HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
date: Tue, 13 Sep 2022 11:22:04 GMT
expires: Tue, 13 Sep 2022 11:22:04 GMT
cache-control: private, max-age=3600, stale-while-revalidate=3600
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
server: cafe
content-length: 45
x-xss-protection: 0
set-cookie: test_cookie=CheckForPermission; expires=Tue, 13-Sep-2022 11:37:04 GMT; path=/; domain=.doubleclick.net; Secure; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
securepubads.g.doubleclick.net/gpt/pubads_impl_2022090801.js
142.250.74.66200 OK 133 kB URL HTTP/2 securepubads.g.doubleclick.net/gpt/pubads_impl_2022090801.js
IP 142.250.74.66:0
File type ASCII text, with very long lines (65439)
Size 133 kB (133090 bytes)
Hash dc454f46d595dd65e710b0e1c9812bc0
ffcecb021fcdacbd617eb7f6a579b85e0613df03
42c80df63fb3cc5709cbd4b450b5698c23cb2bc730742c21fadbdcfebc9071ef
GET /gpt/pubads_impl_2022090801.js HTTP/1.1
Host: securepubads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 133090
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Sep 2022 10:31:33 GMT
expires: Fri, 08 Sep 2023 10:31:33 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Thu, 08 Sep 2022 08:35:47 GMT
content-type: text/javascript
age: 435031
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/watch.js
87.250.250.119200 OK 57 kB URL HTTP/2 mc.yandex.ru/metrika/watch.js
IP 87.250.250.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (557)
Hash 1d55754e516a64479901a61dc8a0d136
7c47529b53f613bb2ffac7a32530e8fd594c194b
b4e7cd831347d3faeebe62c6e8595fc01804895f0bb5e30a5ceae7b400318649
GET /metrika/watch.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 57251
date: Tue, 13 Sep 2022 11:22:04 GMT
access-control-allow-origin: *
etag: "631f3e5d-dfa3"
expires: Tue, 13 Sep 2022 12:22:04 GMT
last-modified: Mon, 12 Sep 2022 17:12:45 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 279e23966ec0a262edc36219bb30ee6c
147d0e5f83e627e5a8e09247bef080fadedeadd0
295d242f1b8c87609e303484b44114b2d21fdf4f8de8539f0876081eddd29231
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "295D242F1B8C87609E303484B44114B2D21FDF4F8DE8539F0876081EDDD29231"
Last-Modified: Sun, 11 Sep 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2863
Expires: Tue, 13 Sep 2022 12:09:47 GMT
Date: Tue, 13 Sep 2022 11:22:04 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2588
Expires: Tue, 13 Sep 2022 12:05:12 GMT
Date: Tue, 13 Sep 2022 11:22:04 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2588
Expires: Tue, 13 Sep 2022 12:05:12 GMT
Date: Tue, 13 Sep 2022 11:22:04 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2588
Expires: Tue, 13 Sep 2022 12:05:12 GMT
Date: Tue, 13 Sep 2022 11:22:04 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2588
Expires: Tue, 13 Sep 2022 12:05:12 GMT
Date: Tue, 13 Sep 2022 11:22:04 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash fe792a43fbfd72d158215bb5fa087c19
5b28cebdebfdd33871fa4982f39a89f5ce3cbf99
ec9ddd9d47e4cd14bd7471042ce3060c1d119038dac5d1f02a4040c617228b0d
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "EC9DDD9D47E4CD14BD7471042CE3060C1D119038DAC5D1F02A4040C617228B0D"
Last-Modified: Mon, 12 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2588
Expires: Tue, 13 Sep 2022 12:05:12 GMT
Date: Tue, 13 Sep 2022 11:22:04 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106eeeca-4365-4ffc-b701-f952d0b09dcb.jpeg
34.120.237.76200 OK 8.0 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106eeeca-4365-4ffc-b701-f952d0b09dcb.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 47e1f64348aa12d707bf070f39877c7e
7a1f13d32de956fd50fccba0f813fb71bda79f63
9b3cee8039a2adb1291006a9ad55cd5032a2a6c10de3c5f57222692b02c0faac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F106eeeca-4365-4ffc-b701-f952d0b09dcb.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7965
x-amzn-requestid: c0ddd7c6-9709-4251-8e7b-4a551f9a7d2f
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YBro8EjxIAMFi0g=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6316f305-26023e0714937dca063dcbfa;Sampled=0
x-amzn-remapped-date: Tue, 06 Sep 2022 07:13:09 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: M8hApWUPiRtGNRAjsaGnjo2w9myX6knC1Rk0-reejbUO7aVqYPttRw==
via: 1.1 000f4a2f631bace380a0afa747a82482.cloudfront.net (CloudFront), 1.1 9c675215120a4ade8754c4357ef2f3ea.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 23:23:42 GMT
age: 43102
etag: "7a1f13d32de956fd50fccba0f813fb71bda79f63"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9a2dff5-4864-4430-8c54-6b68d2bbd35a.jpeg
34.120.237.76200 OK 11 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9a2dff5-4864-4430-8c54-6b68d2bbd35a.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 838f709437b2dfbede4ee15307afe217
2ab2ee20e720b78be6deb55f967ac0d8b7dad048
a3b47ce595b475f2aab6f7378888d15ba3e98453d6c8a3d88946efc5d65eedba
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fc9a2dff5-4864-4430-8c54-6b68d2bbd35a.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10849
x-amzn-requestid: 722d8d75-0911-4b59-af65-2b408bc09d80
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YXbx6E9-oAMFT8w=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631fa672-74ea9343619d4a1865e34818;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 21:36:50 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TeasWs7Qh6T3oV8vJsu5JM_EApUJEGGWIvUC6Pfd41u18v8RlcPQpg==
via: 1.1 1b0911478686968732f973d6e5e31d10.cloudfront.net (CloudFront), 1.1 cd858042f70b416ca05e042acf3908a4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:57:19 GMT
age: 48285
etag: "2ab2ee20e720b78be6deb55f967ac0d8b7dad048"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.59.153.168200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.59.153.168:0
File type ASCII text, with no line terminators
Hash be55d2cfb228b207b5542a2548bc9aec
a37285a56ab3cfe1015e8e480903ede69a55730f
a576202d5121e511b690b1d1745c381afa645a2c6c639f826069c83376ca8b74
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Cookie: uid_id2=9e9f2a04-2095-4a58-83e4-b618acbdfedf:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:04 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://vivud.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.59.153.168200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.59.153.168:0
File type ASCII text, with no line terminators
Hash be55d2cfb228b207b5542a2548bc9aec
a37285a56ab3cfe1015e8e480903ede69a55730f
a576202d5121e511b690b1d1745c381afa645a2c6c639f826069c83376ca8b74
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Cookie: uid_id2=9e9f2a04-2095-4a58-83e4-b618acbdfedf:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:04 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://vivud.com
access-control-allow-credentials: true
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77296a12-991a-4ab6-9ce0-05b3a82d6664.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77296a12-991a-4ab6-9ce0-05b3a82d6664.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 8c1314c7778ea0d32e8c69dae0c38b6d
c4772b9b182f9f905fead84f3761fe296073ca65
5fc8dc23f9b4d150b834aa69b358edd9f9f5f449607df07d579df66098d8aac6
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F77296a12-991a-4ab6-9ce0-05b3a82d6664.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10366
x-amzn-requestid: e4d41ba8-41c5-4350-bacb-850136434eaa
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YEw28GD7IAMFjCQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-63182e92-4098031d1475d45f4899654b;Sampled=0
x-amzn-remapped-date: Wed, 07 Sep 2022 05:39:30 GMT
x-amz-cf-pop: SEA73-P2, SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: TPtgXtWkeCrsnGE_G-_MZj1U046kUiGsRaoGg-xCCavcQqt7p6jdwg==
via: 1.1 7d01bcfcfe27ce0b8979cf621dd081de.cloudfront.net (CloudFront), 1.1 02d90bf99fd6253b329a53c82f19e224.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:56:25 GMT
age: 48339
etag: "c4772b9b182f9f905fead84f3761fe296073ca65"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
creepingbrings.com/sfp.js
104.21.234.233200 OK 32 kB URL HTTP/2 creepingbrings.com/sfp.js
IP 104.21.234.233:0
File type Unicode text, UTF-8 text, with very long lines (65529), with no line terminators
Hash 9e022b62125e3d5f21113599e03324df
19f1a106fae770ca149bb3548703e2c9e1fc4974
048b6c67c39226c07fb0295740735f99e8824721c70dc5481e5997f29a38a6f7
GET /sfp.js HTTP/1.1
Host: creepingbrings.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:03 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: 8d6330fbf5276a2a39366963512e774a
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 13 Sep 2022 11:22:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MgM4Uw4NeELi2MFvbgvx3aiI%2B4msanbtJKqIroMBZIk09T%2Bf9sshYy6vc8viUCKAcAXpyztbCCPy8Zkg9sDdGZTQ4m8UnBwLZqIUn9gsoWL%2FkMmMNcCT1t2Nu%2BGxJSWBqLW97z8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74a080bd6a19f3df-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb9bab12-4fd5-4be7-b453-25dfb0d4c606.jpeg
34.120.237.76200 OK 9.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb9bab12-4fd5-4be7-b453-25dfb0d4c606.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 6c824a7db30839607b01c7a164f6f6ec
bbab791971056750a46dd6ed9c5d7c8e12ab457e
872262a28a383a9eafd1f453014a3edfde4872160b772874271be6358a47449f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fcb9bab12-4fd5-4be7-b453-25dfb0d4c606.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 9606
x-amzn-requestid: bf72ce8c-1272-42df-8958-d392210106c5
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YIR7NFh2oAMFXIQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631996ad-4646091a428db21e2dce1a61;Sampled=0
x-amzn-remapped-date: Thu, 08 Sep 2022 07:15:58 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 4skZVE5BinFMAJV196j5-qtDez6m26DtU8NZvU6K2VuhFnC7E1zXWw==
via: 1.1 0bb842bd5868b86440983b936bb0adee.cloudfront.net (CloudFront), 1.1 91356d2137f5a7345e93da4516c49ec4.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 22:49:29 GMT
age: 45155
etag: "bbab791971056750a46dd6ed9c5d7c8e12ab457e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23d4b64c-6112-465a-8c57-47176235f38c.jpeg
34.120.237.76200 OK 7.4 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23d4b64c-6112-465a-8c57-47176235f38c.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 00203b01614ba1204d46986be83342ab
0b431fbd0f7382cb7648335f7e8390a37394771e
cc9bf1aa5f9858440300b8bac4f4069c5b4af1f91ee2c066324db81a57399765
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23d4b64c-6112-465a-8c57-47176235f38c.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7399
x-amzn-requestid: 3f1c5097-3db7-40a7-821f-75341226b56b
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YUIxzHh-IAMFcFQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631e54d8-3346061d670aa4d46eec144f;Sampled=0
x-amzn-remapped-date: Sun, 11 Sep 2022 21:36:24 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: e6Nj5wxUpqqs9WSyJv-lhtnucvwLaR2B3h3uNNZv5HgH510ficVnEw==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 1481cc55c02c3a782ad420b6bac2cb32.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 22:13:10 GMT
age: 47334
etag: "0b431fbd0f7382cb7648335f7e8390a37394771e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4fd53df42280409cd83e9f2cbd753bb6
c7879abb078bdc6dfd363f72509d1f36e5a8a622
c6eecc725ec5cf4376f99fafaf029eaa6f207dceefb09c09f1e8aaaa1fa1b5f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ad439cab56126bcc402ee9f92365a209
a4b48a9a733c53cbc7020e190b8c787e1f80f55a
d0e2e52b66a8dec8c57092ec332f452a7348941d778d7b4686ca32696aabd065
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
adservice.google.no/adsid/integrator.js?domain=vivud.com
142.250.74.34200 OK 100 B URL HTTP/2 adservice.google.no/adsid/integrator.js?domain=vivud.com
IP 142.250.74.34:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=vivud.com HTTP/1.1
Host: adservice.google.no
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 13 Sep 2022 11:22:04 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
adservice.google.com/adsid/integrator.js?domain=vivud.com
142.250.74.162200 OK 100 B URL HTTP/2 adservice.google.com/adsid/integrator.js?domain=vivud.com
IP 142.250.74.162:0
File type ASCII text, with no line terminators
Hash 917951a58be8c6c6f3680159550ba3c2
21cd25c2a4eb9ec7e0f37021ce7b69e852dab4b4
cd8c45d9a0d98ca2e23d967483ec538bcafa246afdcf434bf60c8257acfacfac
GET /adsid/integrator.js?domain=vivud.com HTTP/1.1
Host: adservice.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
cache-control: private, no-cache, no-store
content-type: application/javascript; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 13 Sep 2022 11:22:04 GMT
server: cafe
content-length: 100
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 4fd53df42280409cd83e9f2cbd753bb6
c7879abb078bdc6dfd363f72509d1f36e5a8a622
c6eecc725ec5cf4376f99fafaf029eaa6f207dceefb09c09f1e8aaaa1fa1b5f0
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:04 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2997.weednewspro.com/iCBCCIQ3PAjiZtdxoUWUMWYX08kOuMeEf_pQOcKTIJgVNJ6Jo9dM9MnrU9dpedaRl45st8mGLM2XjoSAiuYkIfGOOQ?_=1663068110128
88.208.59.102200 OK 6.4 kB URL HTTP/2 2997.weednewspro.com/iCBCCIQ3PAjiZtdxoUWUMWYX08kOuMeEf_pQOcKTIJgVNJ6Jo9dM9MnrU9dpedaRl45st8mGLM2XjoSAiuYkIfGOOQ?_=1663068110128
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
Hash 401ffe1eff0d0faa7c49c259aa58e1ac
91157e0ebd38b3bbab1fa96d289cf20a16538081
b1d3ead06b130c0a37dc19cc8ac2319d0b87b17a45988e8b9b7ca0d06a5b43f8
GET /iCBCCIQ3PAjiZtdxoUWUMWYX08kOuMeEf_pQOcKTIJgVNJ6Jo9dM9MnrU9dpedaRl45st8mGLM2XjoSAiuYkIfGOOQ?_=1663068110128 HTTP/1.1
Host: 2997.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 11:22:04 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2
graduatewonderentreaty.com/sbar.json?key=367f420de7c0141ff3c8b701a6a2b135
173.233.137.52200 OK 5.0 kB URL HTTP/1.1 graduatewonderentreaty.com/sbar.json?key=367f420de7c0141ff3c8b701a6a2b135
IP 173.233.137.52:0
File type JSON data\012- , Unicode text, UTF-8 text, with very long lines (6967), with no line terminators
Hash 39fec345bfbeef09857a3c521b905571
628a253bb6e3bea12ebb3c2cb980e3391a96438c
d402fd1747ffb82bad019fa9462e2cd6106da8237b9145a4de1850c38d86e10f
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=367f420de7c0141ff3c8b701a6a2b135 HTTP/1.1
Host: graduatewonderentreaty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 13 Sep 2022 11:22:04 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://vivud.com
Access-Control-Allow-Origin: https://vivud.com
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15736095; expires=Wed, 14 Sep 2022 11:22:04 GMT; secure; SameSite=None
pdhtkv=true; expires=Wed, 14 Sep 2022 11:22:04 GMT; secure; SameSite=None
uncs=1; expires=Wed, 14 Sep 2022 11:22:04 GMT; secure; SameSite=None
pdhtkv29=true; expires=Wed, 14 Sep 2022 11:22:04 GMT; secure; SameSite=None
uncs29=1; expires=Wed, 14 Sep 2022 11:22:04 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 4d9c937cbc504803ba83558043033934
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
88e6ace71a039345b3a6bafd87b51fc8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
142.250.74.65200 OK 3.1 kB URL HTTP/2 88e6ace71a039345b3a6bafd87b51fc8.safeframe.googlesyndication.com/safeframe/1-0-38/html/container.html
IP 142.250.74.65:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (5835)
Hash 3fa5e95a358d660ddb3c45769ae1357f
5f6164fbaf8cfbccfd061b00ae48dedfc16bbcd9
d32f4b680031c0e11222eb17385aa9d3b11d2903b05bff34c3d4eb6292631137
GET /safeframe/1-0-38/html/container.html HTTP/1.1
Host: 88e6ace71a039345b3a6bafd87b51fc8.safeframe.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/html
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
timing-allow-origin: *
content-length: 3108
date: Tue, 13 Sep 2022 11:22:05 GMT
expires: Wed, 13 Sep 2023 11:22:05 GMT
cache-control: public, immutable, max-age=31536000
last-modified: Tue, 02 Mar 2021 20:17:03 GMT
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
4.upsetmilitary.com/preview/1262950/medium@2x/1.jpg
104.21.56.152200 OK 33 kB URL HTTP/2 4.upsetmilitary.com/preview/1262950/medium@2x/1.jpg
IP 104.21.56.152:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 406x405, segment length 16, comment: "Lavc56.26.100", baseline, precision 8, 744x420, components 3\012- data
Hash 487c488eda40ac49120c61e7f16a91af
2cb383ce0ba0060b1d1cdca69caa9dc24be770d0
0a3f708965c31eb13e94fa3d4d8787e2376b296cc879eb2f59b0d3b029ab6e61
GET /preview/1262950/medium@2x/1.jpg HTTP/1.1
Host: 4.upsetmilitary.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:05 GMT
content-type: image/jpeg
content-length: 32923
last-modified: Tue, 03 Mar 2020 11:03:16 GMT
etag: "5e5e3974-809b"
expires: Tue, 28 Apr 2020 11:03:16 GMT
cache-control: public, max-age=172800, must-revalidate
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xiCgVJoZuCcAS0R8hTMQwoNisTJAKl52cjCjbpGTY26styhz8xl9lm8jKDq2y5sXi%2BXDdrzgZBb0H5dJ3onIDL5zB7aA%2BwmrsBrH0z6p0vwJKpbgsLsZSUZKeJb8M7NBXPYNfIgr"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74a080c4bcc80b55-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
refutationtiptoe.com/pixel/pure
173.233.137.44204 No Content 0 B URL HTTP/1.1 refutationtiptoe.com/pixel/pure
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: refutationtiptoe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://vivud.com/
Origin: https://vivud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.19.5
Date: Tue, 13 Sep 2022 11:22:05 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 63bbc34536c822a0bf277dcfb6051319
81a334baf2afc295e8b5f098a03f6452d02fe8ad
529d82dc4174b39ddaa0a088f07c930dadf30e9d6d539a4c7dbef290a8610697
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "529D82DC4174B39DDAA0A088F07C930DADF30E9D6D539A4C7DBEF290A8610697"
Last-Modified: Mon, 12 Sep 2022 16:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11888
Expires: Tue, 13 Sep 2022 14:40:13 GMT
Date: Tue, 13 Sep 2022 11:22:05 GMT
Connection: keep-alive
refutationtiptoe.com/pixel/pure
173.233.137.44204 No Content 0 B URL HTTP/1.1 refutationtiptoe.com/pixel/pure
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: refutationtiptoe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://vivud.com/
Origin: https://vivud.com
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.19.5
Date: Tue, 13 Sep 2022 11:22:05 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
vids.vivud.com/key=XqUN68uOAnOCfxm6E9wq-Q,end=1663158122/speed=1.1/buffer=3.0/video/mp4/62095/360m.mp4
88.208.31.18302 Found 0 B URL HTTP/2 vids.vivud.com/key=XqUN68uOAnOCfxm6E9wq-Q,end=1663158122/speed=1.1/buffer=3.0/video/mp4/62095/360m.mp4
IP 88.208.31.18:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /key=XqUN68uOAnOCfxm6E9wq-Q,end=1663158122/speed=1.1/buffer=3.0/video/mp4/62095/360m.mp4 HTTP/1.1
Host: vids.vivud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://vivud.com/
Cookie: _ym_uid=1663068112647407579; _ym_d=1663068112
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/2 302 Found
server: nginx/1.20.1
date: Tue, 13 Sep 2022 11:22:05 GMT
content-length: 0
location: https://ip222733911.ahcdn.com/key=3PTUHJLFRAklDQthIUR4Ug,s=,end=1663158122/state=YyBnW1oq/buffer=207384:1705084,1808.8/speed=69128/reftag=056864060/31/178/7/58769987/vivud/video/mp4/62095/360m.mp4
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Origin, Accept, Range, Cache-Control
access-control-allow-methods: HEAD, GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Date, Etag, Cache-Control, Last-Modified
cache-control: private, max-age=300
expires: Tue, 13 Sep 2022 11:27:05 GMT
X-Firefox-Spdy: h2
mc.yandex.ru/watch/33879989?wmode=7&page-url=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A62hj1rf2ym17zxi6fwm9k%3Afp%3A754%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A893%3Acn%3A1%3Adp%3A0%3Als%3A323576846592%3Ahid%3A225810876%3Az%3A0%3Ai%3A20220913112151%3Aet%3A1663068112%3Ac%3A1%3Arn%3A366343800%3Arqn%3A1%3Au%3A1663068112647407579%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663068109417%3Aco%3A0%3Ads%3A0%2C21%2C204%2C0%2C213%2C0%2C%2C925%2C4%2C%2C%2C%2C1393%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663068112%3At%3ACharming%20experienced%20female%20is%20having%20some%20lesbian%20fun&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
87.250.250.119302 Found 151 B URL HTTP/2 mc.yandex.ru/watch/33879989?wmode=7&page-url=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A62hj1rf2ym17zxi6fwm9k%3Afp%3A754%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A893%3Acn%3A1%3Adp%3A0%3Als%3A323576846592%3Ahid%3A225810876%3Az%3A0%3Ai%3A20220913112151%3Aet%3A1663068112%3Ac%3A1%3Arn%3A366343800%3Arqn%3A1%3Au%3A1663068112647407579%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663068109417%3Aco%3A0%3Ads%3A0%2C21%2C204%2C0%2C213%2C0%2C%2C925%2C4%2C%2C%2C%2C1393%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663068112%3At%3ACharming%20experienced%20female%20is%20having%20some%20lesbian%20fun&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 87.250.250.119:0
Hash d78efc548ac6f066be7611b0c33e7420
06792d5bd567f9ab4ad2887db12a86aa2300d466
5ee18f5c088fc16e0577665808ede1f9f6a61125b0c3fe0e279a35ea2676bdda
GET /watch/33879989?wmode=7&page-url=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A62hj1rf2ym17zxi6fwm9k%3Afp%3A754%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A893%3Acn%3A1%3Adp%3A0%3Als%3A323576846592%3Ahid%3A225810876%3Az%3A0%3Ai%3A20220913112151%3Aet%3A1663068112%3Ac%3A1%3Arn%3A366343800%3Arqn%3A1%3Au%3A1663068112647407579%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663068109417%3Aco%3A0%3Ads%3A0%2C21%2C204%2C0%2C213%2C0%2C%2C925%2C4%2C%2C%2C%2C1393%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663068112%3At%3ACharming%20experienced%20female%20is%20having%20some%20lesbian%20fun&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/33879989/1?wmode=7&page-url=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A62hj1rf2ym17zxi6fwm9k%3Afp%3A754%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A893%3Acn%3A1%3Adp%3A0%3Als%3A323576846592%3Ahid%3A225810876%3Az%3A0%3Ai%3A20220913112151%3Aet%3A1663068112%3Ac%3A1%3Arn%3A366343800%3Arqn%3A1%3Au%3A1663068112647407579%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663068109417%3Aco%3A0%3Ads%3A0%2C21%2C204%2C0%2C213%2C0%2C%2C925%2C4%2C%2C%2C%2C1393%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663068112%3At%3ACharming%20experienced%20female%20is%20having%20some%20lesbian%20fun&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Tue, 13 Sep 2022 11:22:04 GMT
access-control-allow-origin: https://vivud.com
set-cookie: yandexuid=3890559391663068124; Expires=Wed, 13-Sep-2023 11:22:04 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=3890559391663068124; Expires=Wed, 13-Sep-2023 11:22:04 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1339481131663068124; Path=/; SameSite=None; Secure
i=PKFd+16sT0bXSV5KgVinEHuwnjQo6T8hbpdgMS/we82Za4w+2Svav3smCO97A2gI+eB3d2g38/iYhMBfy4uoVCAy8D4=; Expires=Fri, 10-Sep-2032 11:22:03 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1694604124.yrts.1663068124#1694604124.yrtsi.1663068124; Expires=Wed, 13-Sep-2023 11:22:04 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 13-Sep-2022 11:22:04 GMT
last-modified: Tue, 13-Sep-2022 11:22:04 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
refutationtiptoe.com/pixel/pure
173.233.137.44200 OK 20 kB URL HTTP/1.1 refutationtiptoe.com/pixel/pure
IP 173.233.137.44:0
Hash 6a7823e73bc68d3741c4e7d409c61c21
cb7b0cd7c4b5deb4a960d3a105b2e32a06782253
98b5fbbca77ec0c4c31b213bb9f06555235616c624690beb56a7724c0d2108d3
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: refutationtiptoe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 72
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 13 Sep 2022 11:22:05 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
refutationtiptoe.com/pixel/pure
173.233.137.44200 OK 0 B URL HTTP/1.1 refutationtiptoe.com/pixel/pure
IP 173.233.137.44:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: refutationtiptoe.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 72
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 13 Sep 2022 11:22:05 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash fbac9c4ebd60c798ae6f1319489c601f
e6e7d47337a8137b8186b5228fe4e987f1789a82
94b9a03ed1db9c1493a9938961551ad33c2a190d040f1ed321cca676e6211055
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4721
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:05 GMT
Last-Modified: Tue, 13 Sep 2022 10:03:24 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 312
ocsp.digicert.com/
93.184.220.29200 OK 312 B IP 93.184.220.29:0
Hash fbac9c4ebd60c798ae6f1319489c601f
e6e7d47337a8137b8186b5228fe4e987f1789a82
94b9a03ed1db9c1493a9938961551ad33c2a190d040f1ed321cca676e6211055
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4721
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:05 GMT
Last-Modified: Tue, 13 Sep 2022 10:03:24 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 312
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash c234726a3d5da8649aa22b28d54c0b27
5a43e53452c412a8d20a02c6eaa99f50f539d8ea
61b3a9e35540544087489993ac1a95c0b9c43c2db2c9ecdf5953b57b79268909
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "61B3A9E35540544087489993AC1A95C0B9C43C2DB2C9ECDF5953B57B79268909"
Last-Modified: Mon, 12 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=11993
Expires: Tue, 13 Sep 2022 14:41:58 GMT
Date: Tue, 13 Sep 2022 11:22:05 GMT
Connection: keep-alive
hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
209.197.3.25200 OK 17 kB URL HTTP/1.1 hw-cdn2.adtng.com/delivery/intersection_observer/IntersectionObserver.js
IP 209.197.3.25:0
File type ASCII text, with very long lines (16885), with no line terminators
Hash 48c80c7c28b5b00a8b4ff94a22b72fe3
d57303c2ad2fd5cedc5cb20f264a6965a7819cee
6e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
GET /delivery/intersection_observer/IntersectionObserver.js HTTP/1.1
Host: hw-cdn2.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
HTTP/1.1 200 OK
Date: Tue, 13 Sep 2022 11:22:05 GMT
Connection: Keep-Alive
ETag: "1649192094"
Content-Length: 16885
Content-Type: application/javascript
Last-Modified: Tue, 05 Apr 2022 20:54:54 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10661532
X-HW: 1663068125.dop221.sk1.t,1663068125.cds243.sk1.shn,1663068125.cds243.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
205.185.208.20200 OK 5.0 kB URL HTTP/1.1 hw-cdn2.ang-content.com/delivery/vortex/vortex-simple-1.0.0.js
IP 205.185.208.20:0
File type ASCII text, with very long lines (5027), with no line terminators
Hash 5e5817bcf4c82c7c85d1d88636d221ce
b5c32cc6c931c33c1297884016e13d3b9a5bf261
6f0e50ac39121175ca0427c4e87cdfa2520b526c8497e23cffbca726eb6ca42c
GET /delivery/vortex/vortex-simple-1.0.0.js HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 13 Sep 2022 11:22:05 GMT
Connection: Keep-Alive
ETag: "1541168231"
Content-Length: 5027
Content-Type: application/javascript
Last-Modified: Fri, 02 Nov 2018 14:17:11 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10380799
X-HW: 1663068125.dop017.sk1.t,1663068125.cds248.sk1.shn,1663068125.cds248.sk1.c
Access-Control-Allow-Origin: *
hw-cdn2.ang-content.com/a7/creatives/1/1322/813444/1014746/1014746_logo.png
205.185.208.20200 OK 3.3 kB URL HTTP/1.1 hw-cdn2.ang-content.com/a7/creatives/1/1322/813444/1014746/1014746_logo.png
IP 205.185.208.20:0
File type PNG image data, 300 x 250, 8-bit/color RGBA, non-interlaced\012- data
Hash 4c992f93419cff2c1c149dfc70e710c6
ea1808199ce5bb59a63edea6fd39bbbf5e7511d7
ba89161f62c517bdd776996943f3e26ed2b92d749178f1c24da07c8db904e27c
GET /a7/creatives/1/1322/813444/1014746/1014746_logo.png HTTP/1.1
Host: hw-cdn2.ang-content.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 13 Sep 2022 11:22:05 GMT
Connection: Keep-Alive
ETag: "1637092833"
Content-Length: 3346
Content-Type: image/png
Last-Modified: Tue, 16 Nov 2021 20:00:33 GMT
Accept-Ranges: bytes
Cache-Control: max-age=10794930
X-HW: 1663068125.dop066.sk1.t,1663068125.cds012.sk1.shn,1663068125.dop066.sk1.t,1663068125.cds218.sk1.c
Access-Control-Allow-Origin: *
ocsp.usertrust.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash fd82f9f98c004f1a78225b9c4385452d
596d2cdba350590956b176a3bd32d9e857bb9c2e
c658614bb0b6a42020f8ecc02f94125ca085c1a379532a8029337b11e51a9e1b
POST / HTTP/1.1
Host: ocsp.usertrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Tue, 13 Sep 2022 11:22:05 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 12 Sep 2022 13:22:31 GMT
Expires: Mon, 19 Sep 2022 13:22:30 GMT
Etag: "596d2cdba350590956b176a3bd32d9e857bb9c2e"
Cache-Control: max-age=600790,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: HIT
Age: 1019
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 74a080c82a71b512-OSL
a.adtng.com/get/10009669?time=1583523947617
66.254.114.171200 OK 12 kB URL HTTP/2 a.adtng.com/get/10009669?time=1583523947617
IP 66.254.114.171:0
Hash 16e2412c4ca33ed3ac1cd6aa254e5681
5a3acda6c5a5a442f0b9ff4418c60b51d0708ebd
cf0e0658c6432e593ccd8723ebf83fcb63acf4c2243241d85d642cbd46b809a1
GET /get/10009669?time=1583523947617 HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: openresty
date: Tue, 13 Sep 2022 11:22:05 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KHmMgZ90xbXdYsBW7Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded7078; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 632067DD-42FE72AB01BBC2C2-2014A8E
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 172647e6d49f4c9371eed4810f281b75
641fb454b48c22e4dcf47bd3d7c6f4f81228e9cb
6c77330a2c7a5c75c626c74c73e6bfc85f2f9f0ef969fc22c67d58988cf7dd87
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6C77330A2C7A5C75C626C74C73E6BFC85F2F9F0EF969FC22C67D58988CF7DD87"
Last-Modified: Mon, 12 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8402
Expires: Tue, 13 Sep 2022 13:42:07 GMT
Date: Tue, 13 Sep 2022 11:22:05 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 172647e6d49f4c9371eed4810f281b75
641fb454b48c22e4dcf47bd3d7c6f4f81228e9cb
6c77330a2c7a5c75c626c74c73e6bfc85f2f9f0ef969fc22c67d58988cf7dd87
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6C77330A2C7A5C75C626C74C73E6BFC85F2F9F0EF969FC22C67D58988CF7DD87"
Last-Modified: Mon, 12 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8402
Expires: Tue, 13 Sep 2022 13:42:07 GMT
Date: Tue, 13 Sep 2022 11:22:05 GMT
Connection: keep-alive
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 172647e6d49f4c9371eed4810f281b75
641fb454b48c22e4dcf47bd3d7c6f4f81228e9cb
6c77330a2c7a5c75c626c74c73e6bfc85f2f9f0ef969fc22c67d58988cf7dd87
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6C77330A2C7A5C75C626C74C73E6BFC85F2F9F0EF969FC22C67D58988CF7DD87"
Last-Modified: Mon, 12 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8402
Expires: Tue, 13 Sep 2022 13:42:07 GMT
Date: Tue, 13 Sep 2022 11:22:05 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 090a097732f15b625208ab10faeea110
33b4fbb528d5b24e6edeebec3887e9b92bed4272
dd912cb8f4b18a02f086446af981c96af8de389bb8872f8bb6dd76cb5b018194
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DD912CB8F4B18A02F086446AF981C96AF8DE389BB8872F8BB6DD76CB5B018194"
Last-Modified: Sat, 10 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2214
Expires: Tue, 13 Sep 2022 11:58:59 GMT
Date: Tue, 13 Sep 2022 11:22:05 GMT
Connection: keep-alive
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 090a097732f15b625208ab10faeea110
33b4fbb528d5b24e6edeebec3887e9b92bed4272
dd912cb8f4b18a02f086446af981c96af8de389bb8872f8bb6dd76cb5b018194
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "DD912CB8F4B18A02F086446AF981C96AF8DE389BB8872F8BB6DD76CB5B018194"
Last-Modified: Sat, 10 Sep 2022 20:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2214
Expires: Tue, 13 Sep 2022 11:58:59 GMT
Date: Tue, 13 Sep 2022 11:22:05 GMT
Connection: keep-alive
graduatewonderentreaty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Findex.html&l=1255&fd=317
173.233.137.52200 OK 0 B URL HTTP/1.1 graduatewonderentreaty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Findex.html&l=1255&fd=317
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.barscreative1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Findex.html&l=1255&fd=317 HTTP/1.1
Host: graduatewonderentreaty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Cookie: u_pl=15736095; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 13 Sep 2022 11:22:05 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
e1.o.lencr.org/
23.33.119.27200 OK 344 B IP 23.33.119.27:0
ASN #20940 Akamai International B.V.
Hash 172647e6d49f4c9371eed4810f281b75
641fb454b48c22e4dcf47bd3d7c6f4f81228e9cb
6c77330a2c7a5c75c626c74c73e6bfc85f2f9f0ef969fc22c67d58988cf7dd87
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "6C77330A2C7A5C75C626C74C73E6BFC85F2F9F0EF969FC22C67D58988CF7DD87"
Last-Modified: Mon, 12 Sep 2022 12:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8402
Expires: Tue, 13 Sep 2022 13:42:07 GMT
Date: Tue, 13 Sep 2022 11:22:05 GMT
Connection: keep-alive
cdn.sb4you1.com/sb/notifications/rtb/mac/2/img/close.png
104.21.51.177200 OK 6.0 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/rtb/mac/2/img/close.png
IP 104.21.51.177:0
File type PNG image data, 522 x 391, 8-bit/color RGBA, non-interlaced\012- data
Hash c489ce2c491a22ee37a55e26a92dfd73
2fa588ab09e94dd902e5bd24b48f98ad1949c9d6
1eed147c7d5de6291c25fbc5274830c12d5549262fb144271576d4e15966e5bd
GET /sb/notifications/rtb/mac/2/img/close.png HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:05 GMT
content-type: image/png
content-length: 5982
last-modified: Mon, 17 May 2021 12:14:41 GMT
etag: "60a25e31-175e"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 3547071
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xDH2c20%2Bnu8SXKHFrwSFrB11ZsGX2wKgUgjRbVd%2BvwZ71huUvu2%2BwupJwgigvaQeCeRvw6ea5F1SIM%2BWMgKuALtS4Y4dy4xFb9arU1pSV4eeR56QtX9Fb3of2%2BhOxYZ%2BbLM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74a080c8afe4b50c-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.adtng.com/track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiMTMyMiIsInNpZCI6IjEwMDA5NjY5IiwibmlkcyI6IjUyMjE1IiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMDE0NTQ2Iiwic3YiOiI0NzciLCJyZWZfZG1uIjoidml2dWQuY29tIiwiZXh0X2NpZCI6IiIsInRzbmFtZSI6IkFGRiIsImNyYyI6IjYiLCJjbiI6IjMwMFgyNTBfVE9QX0FEU19KUzIxX1YyIiwibmlkIjoiNTIyMTUiLCJleHRfcHViIjoiIiwiY3JwIjoiNDkuMDIiLCJ0aWQiOiIyIiwiaXQiOiIxM1wvU2VwXC8yMDIyOjExOjIyOjA1ICswMDAwIiwiY2MiOiIxIiwic25jaWQiOiI5ODQ5OCIsImNpZCI6IjM2NDAwIiwiZXh0X3VpZCI6IiIsImNwIjoiMTAwIiwic25jY2lkIjoiMTc0ODE1MSIsImlpZCI6ImVjNmY2NDk2MzIzZTZhZjE1MjUxZGZjYTQxNTE4Y2ZmIiwiZXh0X2lpZCI6IiJ9?unique_view=1
66.254.114.171200 OK 492 B URL HTTP/2 a.adtng.com/track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiMTMyMiIsInNpZCI6IjEwMDA5NjY5IiwibmlkcyI6IjUyMjE1IiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMDE0NTQ2Iiwic3YiOiI0NzciLCJyZWZfZG1uIjoidml2dWQuY29tIiwiZXh0X2NpZCI6IiIsInRzbmFtZSI6IkFGRiIsImNyYyI6IjYiLCJjbiI6IjMwMFgyNTBfVE9QX0FEU19KUzIxX1YyIiwibmlkIjoiNTIyMTUiLCJleHRfcHViIjoiIiwiY3JwIjoiNDkuMDIiLCJ0aWQiOiIyIiwiaXQiOiIxM1wvU2VwXC8yMDIyOjExOjIyOjA1ICswMDAwIiwiY2MiOiIxIiwic25jaWQiOiI5ODQ5OCIsImNpZCI6IjM2NDAwIiwiZXh0X3VpZCI6IiIsImNwIjoiMTAwIiwic25jY2lkIjoiMTc0ODE1MSIsImlpZCI6ImVjNmY2NDk2MzIzZTZhZjE1MjUxZGZjYTQxNTE4Y2ZmIiwiZXh0X2lpZCI6IiJ9?unique_view=1
IP 66.254.114.171:0
Hash 73900173b37eb7892c9309cabd04250b
a5e84bd478584be5391286ca125f1ef5f63cc05f
5ddef5e18e3a6dc5b766d85a373ce0d11a7b27e7127295ad38ba90c7545a5411
GET /track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiMTMyMiIsInNpZCI6IjEwMDA5NjY5IiwibmlkcyI6IjUyMjE1IiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMDE0NTQ2Iiwic3YiOiI0NzciLCJyZWZfZG1uIjoidml2dWQuY29tIiwiZXh0X2NpZCI6IiIsInRzbmFtZSI6IkFGRiIsImNyYyI6IjYiLCJjbiI6IjMwMFgyNTBfVE9QX0FEU19KUzIxX1YyIiwibmlkIjoiNTIyMTUiLCJleHRfcHViIjoiIiwiY3JwIjoiNDkuMDIiLCJ0aWQiOiIyIiwiaXQiOiIxM1wvU2VwXC8yMDIyOjExOjIyOjA1ICswMDAwIiwiY2MiOiIxIiwic25jaWQiOiI5ODQ5OCIsImNpZCI6IjM2NDAwIiwiZXh0X3VpZCI6IiIsImNwIjoiMTAwIiwic25jY2lkIjoiMTc0ODE1MSIsImlpZCI6ImVjNmY2NDk2MzIzZTZhZjE1MjUxZGZjYTQxNTE4Y2ZmIiwiZXh0X2lpZCI6IiJ9?unique_view=1 HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/get/10009669?time=1583523947617
Cookie: adtool_guid=Ch5KEmMgZ91AMlMPI6azAg==; RNLBSERVERID=ded7041
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 13 Sep 2022 11:22:05 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
x-request-id: 632067DD-42FE72AB01BBC2C2-2014AC7
X-Firefox-Spdy: h2
graduatewonderentreaty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Fjs%2Fscript.js&l=373&fd=87
173.233.137.52200 OK 0 B URL HTTP/1.1 graduatewonderentreaty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Fjs%2Fscript.js&l=373&fd=87
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Fjs%2Fscript.js&l=373&fd=87 HTTP/1.1
Host: graduatewonderentreaty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Cookie: u_pl=15736095; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 13 Sep 2022 11:22:05 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash 6526c70eb74c821b7a95487ad9a4e13d
0b8c610a7755437ab815b845f52cbb27e6c95008
059d15ca6ac7cb1830286ae635731e03b56c01d7d050291dabe2b3f3db866c9a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
graduatewonderentreaty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Fcss%2Fmagic.css&l=45250&fd=90
173.233.137.52200 OK 0 B URL HTTP/1.1 graduatewonderentreaty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Fcss%2Fmagic.css&l=45250&fd=90
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Fcss%2Fmagic.css&l=45250&fd=90 HTTP/1.1
Host: graduatewonderentreaty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Cookie: u_pl=15736095; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 13 Sep 2022 11:22:05 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
unseenreport.com/pxf.gif?uuid=9e9f2a04-2095-4a58-83e4-b618acbdfedf&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=b87f75bdc1aa1522b4120b0ac9406b1d&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=9e9f2a04-2095-4a58-83e4-b618acbdfedf&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=b87f75bdc1aa1522b4120b0ac9406b1d&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=9e9f2a04-2095-4a58-83e4-b618acbdfedf&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=b87f75bdc1aa1522b4120b0ac9406b1d&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 13 Sep 2022 11:22:05 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c43650688553f6330dd483c4844aeac7
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=9e9f2a04-2095-4a58-83e4-b618acbdfedf&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=367f420de7c0141ff3c8b701a6a2b135&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
192.243.61.227200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=9e9f2a04-2095-4a58-83e4-b618acbdfedf&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=367f420de7c0141ff3c8b701a6a2b135&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11
IP 192.243.61.227:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=9e9f2a04-2095-4a58-83e4-b618acbdfedf&eb=da08d6844107154a138edda4653a0f4b&te=f6ce28b9ffd697cd2ee52a12f20448bb&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=13.31&b_frame=0&pk=367f420de7c0141ff3c8b701a6a2b135&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=11 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Tue, 13 Sep 2022 11:22:05 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 8cce04106de3041da4045ba8bba02367
Strict-Transport-Security: max-age=0; includeSubdomains
a.adtng.com/get/10009669?time=1583523947617
66.254.114.171200 OK 13 kB URL HTTP/2 a.adtng.com/get/10009669?time=1583523947617
IP 66.254.114.171:0
Hash ef89e755200bc05ad24acf1af6260e45
d4e32cbac6e6d659e617e313381b3963117c3809
3baf3ffc49ae46b08ef49e955fd95d53733e55804145f0390b0d03823b074ee9
GET /get/10009669?time=1583523947617 HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 13 Sep 2022 11:22:05 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
set-cookie: adtool_guid=Ch5KEmMgZ91AMlMPI6azAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/; Secure; HTTPOnly; SameSite=None;
RNLBSERVERID=ded7041; path=/; HttpOnly; Secure; SameSite=None
x-request-id: 632067DD-42FE72AB01BBC2C2-2014A9B
X-Firefox-Spdy: h2
graduatewonderentreaty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Fcss%2Fstyle.css&l=4309&fd=98
173.233.137.52200 OK 0 B URL HTTP/1.1 graduatewonderentreaty.com/pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Fcss%2Fstyle.css&l=4309&fd=98
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbls?bv=22.33.5038&tmpl=482&u=https%3A%2F%2Fcdn.sb4you1.com%2Fsb%2Fnotifications%2Frtb%2Fmac%2F2%2Fcss%2Fstyle.css&l=4309&fd=98 HTTP/1.1
Host: graduatewonderentreaty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Cookie: u_pl=15736095; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 13 Sep 2022 11:22:05 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
twinrdsrv.com/Redirect.eng?MediaSegmentId=43038&dcid=3_ctx_184df212-ef4c-4722-86c5-53eb8d7220d3&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=JNxUOctMeI4xkzBapxrkekgxKNLNQfCoFImAPWXXKHqSQhegR_yL0nt1nrkhMmGRyy9EUtowP9uWLjgAaZFSZo2MUVehCA_CUfpJGuVVIur-Yd4OWge18JMvOhtOrtvmZTM5uqwKBQf5TQfaQxtIByxhCDx3oSm7aOUKhTLVYAn3G66BAligUXEO5gHhy6M8ibsu3D-KWl9XU-O6BY8VE0-mlV8aAnpzNCXuQdigQuGoxgvvr8QrjShHNzPtC4bjZ3oFuAKUcPC_hN20mpSKM-7rdh1IxkOmqVoQLwsEbIDV-2x8uyRIB2rK1i3JLChEFRG9Cbw7mzT7y3RmVH2tncbIwBj1advN4n6OkJuI9QbC8O9ycN4WCKmw5N3sOE02WF5EGWJ_GXLNqtOZPbLcIYHFQVVE5_Tcj9CtxMkxjIeZF6_QoTrm-j0oeBVKy3CMp-nIvjzQdQhyFcBVDIYWcmaeoM9tp8uOITRYTMHTjAhzwMrTBhoefpTFiPVIOob3cecIWTKAK-ntSHhW59LBsuXS6JGRtvr0agpR4PcwmMHtlMb0pS0zCBSKKJl9UqEp4hGPHetpDCdzxtxTMHeDu8ADg3RlTcKbJEUIvCF6hlfTiA41qzZxmL5PFkMI5uZmPJSQDN8LOe0gHyPnlMfFmE_s8eYjKUfueMgWKvynJMdTnJbl7Z5DROBrBhW1smPxeYGMbn_9X_u9ZFVPt6BSYxDJi-2CT1VS0GKdfROniL88fapr8MvHU2UKjDeLmcqqu8ONekN0G0UzI4j72nzfG74dSg1sIfEJT_ZE9F7uRI1Ese4n1R3HxAM-IXUq0VOMx5uYm6GJ_fDzkZZsF37Y7d367hYYKNk7hahRYlUA5QkbdC-nGl8Jgy0nbs44M3YB2cPuOF628IpKb6cQw7DmQw2&kw=&mw=1024&mh=768
172.66.40.197200 OK 372 B URL HTTP/2 twinrdsrv.com/Redirect.eng?MediaSegmentId=43038&dcid=3_ctx_184df212-ef4c-4722-86c5-53eb8d7220d3&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=JNxUOctMeI4xkzBapxrkekgxKNLNQfCoFImAPWXXKHqSQhegR_yL0nt1nrkhMmGRyy9EUtowP9uWLjgAaZFSZo2MUVehCA_CUfpJGuVVIur-Yd4OWge18JMvOhtOrtvmZTM5uqwKBQf5TQfaQxtIByxhCDx3oSm7aOUKhTLVYAn3G66BAligUXEO5gHhy6M8ibsu3D-KWl9XU-O6BY8VE0-mlV8aAnpzNCXuQdigQuGoxgvvr8QrjShHNzPtC4bjZ3oFuAKUcPC_hN20mpSKM-7rdh1IxkOmqVoQLwsEbIDV-2x8uyRIB2rK1i3JLChEFRG9Cbw7mzT7y3RmVH2tncbIwBj1advN4n6OkJuI9QbC8O9ycN4WCKmw5N3sOE02WF5EGWJ_GXLNqtOZPbLcIYHFQVVE5_Tcj9CtxMkxjIeZF6_QoTrm-j0oeBVKy3CMp-nIvjzQdQhyFcBVDIYWcmaeoM9tp8uOITRYTMHTjAhzwMrTBhoefpTFiPVIOob3cecIWTKAK-ntSHhW59LBsuXS6JGRtvr0agpR4PcwmMHtlMb0pS0zCBSKKJl9UqEp4hGPHetpDCdzxtxTMHeDu8ADg3RlTcKbJEUIvCF6hlfTiA41qzZxmL5PFkMI5uZmPJSQDN8LOe0gHyPnlMfFmE_s8eYjKUfueMgWKvynJMdTnJbl7Z5DROBrBhW1smPxeYGMbn_9X_u9ZFVPt6BSYxDJi-2CT1VS0GKdfROniL88fapr8MvHU2UKjDeLmcqqu8ONekN0G0UzI4j72nzfG74dSg1sIfEJT_ZE9F7uRI1Ese4n1R3HxAM-IXUq0VOMx5uYm6GJ_fDzkZZsF37Y7d367hYYKNk7hahRYlUA5QkbdC-nGl8Jgy0nbs44M3YB2cPuOF628IpKb6cQw7DmQw2&kw=&mw=1024&mh=768
IP 172.66.40.197:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with CRLF line terminators
Hash 0653790e3ed9cf152f477aa8f8a5085c
00bddbfef5b2b996b580e188f5911c887d9da442
a0ec627bfec2e1fe70e7828884fe51661df472ad4d5db16a0b962454a6d725c4
GET /Redirect.eng?MediaSegmentId=43038&dcid=3_ctx_184df212-ef4c-4722-86c5-53eb8d7220d3&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=JNxUOctMeI4xkzBapxrkekgxKNLNQfCoFImAPWXXKHqSQhegR_yL0nt1nrkhMmGRyy9EUtowP9uWLjgAaZFSZo2MUVehCA_CUfpJGuVVIur-Yd4OWge18JMvOhtOrtvmZTM5uqwKBQf5TQfaQxtIByxhCDx3oSm7aOUKhTLVYAn3G66BAligUXEO5gHhy6M8ibsu3D-KWl9XU-O6BY8VE0-mlV8aAnpzNCXuQdigQuGoxgvvr8QrjShHNzPtC4bjZ3oFuAKUcPC_hN20mpSKM-7rdh1IxkOmqVoQLwsEbIDV-2x8uyRIB2rK1i3JLChEFRG9Cbw7mzT7y3RmVH2tncbIwBj1advN4n6OkJuI9QbC8O9ycN4WCKmw5N3sOE02WF5EGWJ_GXLNqtOZPbLcIYHFQVVE5_Tcj9CtxMkxjIeZF6_QoTrm-j0oeBVKy3CMp-nIvjzQdQhyFcBVDIYWcmaeoM9tp8uOITRYTMHTjAhzwMrTBhoefpTFiPVIOob3cecIWTKAK-ntSHhW59LBsuXS6JGRtvr0agpR4PcwmMHtlMb0pS0zCBSKKJl9UqEp4hGPHetpDCdzxtxTMHeDu8ADg3RlTcKbJEUIvCF6hlfTiA41qzZxmL5PFkMI5uZmPJSQDN8LOe0gHyPnlMfFmE_s8eYjKUfueMgWKvynJMdTnJbl7Z5DROBrBhW1smPxeYGMbn_9X_u9ZFVPt6BSYxDJi-2CT1VS0GKdfROniL88fapr8MvHU2UKjDeLmcqqu8ONekN0G0UzI4j72nzfG74dSg1sIfEJT_ZE9F7uRI1Ese4n1R3HxAM-IXUq0VOMx5uYm6GJ_fDzkZZsF37Y7d367hYYKNk7hahRYlUA5QkbdC-nGl8Jgy0nbs44M3YB2cPuOF628IpKb6cQw7DmQw2&kw=&mw=1024&mh=768 HTTP/1.1
Host: twinrdsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://a.shukriya90.com/
Connection: keep-alive
Cookie: IKSR={}; INF_DFL8=false; IUID=a0faeeeb-9636-4d8e-b272-7017667acf3b; ISSH=65E9CD; VMI=; IPLH=#{}; IPLH_Q=#[]; CHN=#[]; MSSH=#{}; MSRH=#{}; ILP=null; ILPLU=#1/1/0001 12:00:00 AM; ILEALC=#1/1/0001 12:00:00 AM; ILMPF=#False; IPMPLU=#; IPMUID=#; BSWUID=#; IBL=#[]; IPLSH=#{}; IPLSH_Q=#[]; IZH=#{}; IZH_Q=#[]; IMCH=#{}; IMCH_Q=#[]; IMH=#{}; IMH_Q=#[]; ISH=#{"6997":[{"SId":"65E9CD","D":"22/9/13T4:29:32"}]}; ISH_Q=#[6997]; ISPH=#{}; ISPH_Q=#[]; ICH=#{}; ICH_Q=#[]
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:05 GMT
content-type: text/html; charset=utf-8
content-length: 372
cache-control: private, no-transform
content-encoding: gzip
vary: Accept-Encoding
access-control-allow-origin: *
x-powered-by: ASP.NET
p3p: CP="CAO PSA OUR IND"
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=a0faeeeb-9636-4d8e-b272-7017667acf3b; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure
ISSH=65E9CD; path=/; SameSite=None; secure
VMI=4d6700d5-098b-4164-8d0e-0bfe071bca49; path=/; SameSite=None; secure
IPLH=#{"54948":[{"SId":"65E9CD","D":"22/9/13T4:29:33"}]}; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[54948]; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{"43038":1}; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Tue, 13-Sep-2022 15:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{"37952":[{"SId":"65E9CD","D":"22/9/13T4:29:33"}]}; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[37952]; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{"74651":[{"SId":"65E9CD","D":"22/9/13T4:29:33"}]}; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[74651]; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{"6997":[{"SId":"65E9CD","D":"22/9/13T4:29:32"}]}; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[6997]; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{"6997":[{"SId":"65E9CD","D":"22/9/13T4:29:33"}]}; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[6997]; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{"30853":[{"SId":"65E9CD","D":"22/9/13T4:29:33"}]}; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[30853]; expires=Mon, 13-Sep-2032 11:29:33 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n6bXDRLICuPLjA4e9F1R1qhibU1MLrdXyfDwPq3%2BiX3zI4nhELVGOKnjGE0hcK6q6uCeODTUKMY0ENQvUklwlD2rISMgE5H2ratFqLJdi%2F97Xcw10CHgoOVDW1mpfK0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74a080c97adf0b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 167378beef2e1b0dafefbdc6210752c2
afbdff67a5647b04de65499da7d2d00cc21eb808
1dfe3c3aa34673799955912c86f82ccf81a1110cd82058241e2e85fb84e5caa7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 489
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:05 GMT
Last-Modified: Tue, 13 Sep 2022 11:13:57 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
cdn.barscreative1.com/sb/notifications/rtb/mac/2/index.html
45.133.44.4200 OK 918 B URL HTTP/2 cdn.barscreative1.com/sb/notifications/rtb/mac/2/index.html
IP 45.133.44.4:0
ASN #39572 DataWeb Global Group B.V.
Hash b41fb84d6fa0c6b0b4f6cbcfd27a06f5
0736dfde5f37b6c24ba933c78b275eb370606347
20b27f9ca1cdf5374b73da6c1b27a0ebf01bb114a19010d2853e80389350335a
Analyzer Verdict Alert fortinet Phishing
GET /sb/notifications/rtb/mac/2/index.html HTTP/1.1
Host: cdn.barscreative1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:05 GMT
content-type: text/html; charset=utf-8
server: nginx/1.17.6
last-modified: Sat, 07 May 2022 03:21:27 GMT
etag: W/"6275e5b7-4e7"
cache-control: max-age=3600
access-control-allow-origin: *
access-control-expose-headers: Date
content-encoding: gzip
expires: Tue, 13 Sep 2022 12:22:05 GMT
x-proxy-cache: HIT
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022090801&st=env
142.250.74.162200 OK 11 kB URL HTTP/2 pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=2022090801&st=env
IP 142.250.74.162:0
File type JSON data\012- , ASCII text, with very long lines (14554), with no line terminators
Hash 96ddc393828711d8890f2b92af42f54d
d69ba7392a1028409bc23cbc2d12d0fde11826b9
50c54886d490b1cd1b1c1fa22446008f9a1b9f9cd59bd481f1e9fc66006205df
GET /getconfig/sodar?sv=200&tid=gpt&tv=2022090801&st=env HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
content-type: application/json; charset=UTF-8
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: gzip
date: Tue, 13 Sep 2022 11:22:05 GMT
server: cafe
cache-control: private
content-length: 11053
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
www.google-analytics.com/analytics.js
142.250.74.174200 OK 20 kB URL HTTP/2 www.google-analytics.com/analytics.js
IP 142.250.74.174:0
File type ASCII text, with very long lines (1325)
Hash 56f5d7f608e25d64207135f045f988cb
901eb59372ae330ae85e1384da93479b21ae1082
1910daea79e5a9d04829a91e432dfa56f45a80a3e14a8cf667fec73af9fd3d29
GET /analytics.js HTTP/1.1
Host: www.google-analytics.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
vary: Accept-Encoding
content-encoding: gzip
cross-origin-resource-policy: cross-origin
server: Golfe2
content-length: 20006
date: Tue, 13 Sep 2022 10:41:12 GMT
expires: Tue, 13 Sep 2022 12:41:12 GMT
cache-control: public, max-age=7200
age: 2453
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
content-type: text/javascript
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mc.yandex.ru/metrika/advert.gif
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 13 Sep 2022 11:22:05 GMT
access-control-allow-origin: *
etag: "631f3e5d-2b"
expires: Tue, 13 Sep 2022 12:22:05 GMT
accept-ranges: bytes
last-modified: Mon, 12 Sep 2022 17:12:45 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
xml.realtime-bid.com/thumbnail?i=vIxRNrqpc6o_0&imgt=icon
198.134.116.29302 Found 0 B URL HTTP/1.1 xml.realtime-bid.com/thumbnail?i=vIxRNrqpc6o_0&imgt=icon
IP 198.134.116.29:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /thumbnail?i=vIxRNrqpc6o_0&imgt=icon HTTP/1.1
Host: xml.realtime-bid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 13 Sep 2022 11:22:05 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://static.realtime-bid.com/n337/ad/300x300_mlrC2tLgOw3p3m5g8vS1.jpeg
Pragma: no-cache
mc.yandex.ru/watch/33879989/1?wmode=7&page-url=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A62hj1rf2ym17zxi6fwm9k%3Afp%3A754%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A893%3Acn%3A1%3Adp%3A0%3Als%3A323576846592%3Ahid%3A225810876%3Az%3A0%3Ai%3A20220913112151%3Aet%3A1663068112%3Ac%3A1%3Arn%3A366343800%3Arqn%3A1%3Au%3A1663068112647407579%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663068109417%3Aco%3A0%3Ads%3A0%2C21%2C204%2C0%2C213%2C0%2C%2C925%2C4%2C%2C%2C%2C1393%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663068112%3At%3ACharming%20experienced%20female%20is%20having%20some%20lesbian%20fun&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
87.250.250.119200 OK 434 B URL HTTP/2 mc.yandex.ru/watch/33879989/1?wmode=7&page-url=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A62hj1rf2ym17zxi6fwm9k%3Afp%3A754%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A893%3Acn%3A1%3Adp%3A0%3Als%3A323576846592%3Ahid%3A225810876%3Az%3A0%3Ai%3A20220913112151%3Aet%3A1663068112%3Ac%3A1%3Arn%3A366343800%3Arqn%3A1%3Au%3A1663068112647407579%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663068109417%3Aco%3A0%3Ads%3A0%2C21%2C204%2C0%2C213%2C0%2C%2C925%2C4%2C%2C%2C%2C1393%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663068112%3At%3ACharming%20experienced%20female%20is%20having%20some%20lesbian%20fun&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
IP 87.250.250.119:0
File type JSON data\012- , ASCII text, with very long lines (434), with no line terminators
Hash 9e4dd5bd0aec4a486f827ba1da8fd7a3
e8b92439ce48bf695a7fd2b00fc9e77624723fd4
69451b121f06a5f692db86409c02730c931051f30f235a6ff623d59fe7ea2bf3
GET /watch/33879989/1?wmode=7&page-url=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3A62hj1rf2ym17zxi6fwm9k%3Afp%3A754%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A893%3Acn%3A1%3Adp%3A0%3Als%3A323576846592%3Ahid%3A225810876%3Az%3A0%3Ai%3A20220913112151%3Aet%3A1663068112%3Ac%3A1%3Arn%3A366343800%3Arqn%3A1%3Au%3A1663068112647407579%3Aw%3A1280x939%3As%3A1280x1024x24%3Ask%3A1%3Ans%3A1663068109417%3Aco%3A0%3Ads%3A0%2C21%2C204%2C0%2C213%2C0%2C%2C925%2C4%2C%2C%2C%2C1393%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-c6d7b47b2dcff33f80cab17f3a360d0b-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1663068112%3At%3ACharming%20experienced%20female%20is%20having%20some%20lesbian%20fun&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29 HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivud.com
Referer: https://vivud.com/
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 434
date: Tue, 13 Sep 2022 11:22:05 GMT
x-content-type-options: nosniff
access-control-allow-origin: https://vivud.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 13-Sep-2022 11:22:05 GMT
last-modified: Tue, 13-Sep-2022 11:22:05 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: application/json; charset=utf-8
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
voluum.prom-xcams.com/2ef365e2-3c6a-4e02-9b75-24aa2a5d0830?campid=30853&placeid=54948&domain=&keyword=&sitename=vivud&sideid=6997&country=NO&cost=0.0002&s2sParam={s2sparam}
18.184.38.55302 Found 0 B URL HTTP/2 voluum.prom-xcams.com/2ef365e2-3c6a-4e02-9b75-24aa2a5d0830?campid=30853&placeid=54948&domain=&keyword=&sitename=vivud&sideid=6997&country=NO&cost=0.0002&s2sParam={s2sparam}
IP 18.184.38.55:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /2ef365e2-3c6a-4e02-9b75-24aa2a5d0830?campid=30853&placeid=54948&domain=&keyword=&sitename=vivud&sideid=6997&country=NO&cost=0.0002&s2sParam={s2sparam} HTTP/1.1
Host: voluum.prom-xcams.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://twinrdsrv.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Tue, 13 Sep 2022 11:22:05 GMT
content-length: 0
cache-control: no-store, no-cache, pre-check=0, post-check=0
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://ptp.prom-xcams.com/ct/registration-d-v1/index.php/?comfrom=1020726&cf2=voluum&cfsa2=wl2n2pbrdgpivr0ji8cnvnio&cfsa1=vivud;TwinRed;voluum.prom-xcams.com
pragma: no-cache
set-cookie: 2ef365e2-3c6a-4e02-9b75-24aa2a5d0830-v4=l2q58kaBTE4W--wmUrWGGoDC8ptx_ArXSBq-lHXjRbQ; Max-Age=86400; Expires=Wed, 14-Sep-2022 11:22:05 GMT; Domain=voluum.prom-xcams.com; Path=/; Secure; HttpOnly;SameSite=None
cc-v4=Y5OnFQzK0mvRn09yON8K%2BxFAKsY4yMnDw67FtvqpB%2Bw5QCt5NiE9vcImK67tGvO3%2BVNk23el3rUffUCiEhqMOOJ7Us5hU8Ixyr0vIL1%2Bf%2Fh5EeFnLrSYCqnmDyZk00AYZ2XbdF59MaAMFtbc0PchoA%3D%3D; Max-Age=31536000; Expires=Wed, 13-Sep-2023 11:22:05 GMT; Domain=voluum.prom-xcams.com; Path=/; Secure; HttpOnly;SameSite=None
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:05 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15744, version 1.0\012- data
Hash 15d9f621c3bd1599f0169dcf0bd5e63e
7ca9c5967f3bb8bffeab24b639b49c1e7d03fa52
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
GET /s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://vivud.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15744
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 488878
last-modified: Wed, 11 May 2022 19:24:48 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 472 B IP 142.250.74.3:0
Hash ec7a5bb8e310f5c9c992cf85832d5445
e32b8e200a79da9008985e8e6c272f35b02581c5
6391e4c68631e272509ade559b8f568b03dd88be1956906332ae584f9faee00a
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 472
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
graduatewonderentreaty.com/impr.gif?sid=H4sIAAAAAAAC%2F5yS72scVRfH7%2FTJi4fnAbHSNxWqA4ulBd2d2d3sJi1lbfOLpWlSk%2FiDvil37r2zue6de6f3zuxs4ptiSykoJe1roZOzadNfpBZEKmiVTUFwQcj6alED%2FQ%2Bqhb6W3QaLCgoeGM6Z%2BR7O%2BZwz58JqvI0ciHFv%2FIRa5kLg3HDWsQ%2B857qH7Wku46bdHCmdLhUP27pxaLSUdQ7aU4zUVS7vuI7jOq49yTXzVTPXF4GHd0bd7KiTLeaz7nARmvqP7ya2wGALaGMbvQScdoceWnuAkzbI4NNxZuqRCl%2BfCGKBI6WhQdfflnWpEgnB89DXFvhyfScblNmafABKXhvggmr8nujxLrK%2BfQCeXN%2BBBK%2BxNuD0BDAJHv0%2FJI02MNEGjttA1DngdAsBEAozsyCD6zNKJ3jpmYr7ahcNPX0CPOmioZ%2F3gAw2jgnetOeViCOupIGmnwJvtoHX2hDGmxAt7wKebAKJPgROv0e5p9Mgg7VZIxRwmg5m57wN3G%2BDYCuAjQVx%2F%2BEWxL4FcWhBQHs2cV237FCCnZFRQgq0zLwSdVxc9l3sOqURiEkfbwWicAWIWAGiz0Koz0KdX96qfA06%2FgbMYgqGWmCiLrLeOgsNmkLCECQGQYIRJBxBEiFIGuk1KkzepNepMLHn7vj8ji%2BkLRXVVvE1FdWYRKvhNto9WM3jfa9CnfXsQqnsF%2FMOZWXiuEXX9wtkxCs7Li7hvOcWhsHwFLjZNZh2mXfRro11CPnW7tvg4U0wYhMIfxFwvA9w0irnHcCLreKIA8vyVqi0rKksUQFQlUIYDUG0ZK2KbbR3wJB%2F8h0w0qls%2FG%2Fx0mdf5IDoFEKdwvv8IYKauNiaUwlam1OJQfdmw4gHfBn3f918hCOGbh1nS4nStDpuVm4eJX2hH95ZYCaaxpJyWTPo9jFOKdOTShOGvqqad5l3MjaLx2It43D65NhkNQg1M4Yr2QbMt069AIR30X8%2Fvz%2B4yZfHfgWuN0HHvfxiFIXmUC7XDERWMywiHrA3PE778%2BWI4KRe4Uca1ebcjD4TkpI67UAQdyr3Hl1t37jwCXDVBhKev5HJVMdmZzKZ3pt%2FWzBajANPYi7%2BXHQ%2FD2rREU6UvJnJLFQXpicymd5rj69e%2BXieNX2lmQk372vDhO1rbFdljWn7gJMt1YODdzOZ8Yn5sbnqyYXqAGH%2FO1zYNLbrMhaC2QGr2dymuFax5%2BuaN%2FofHl%2B98tHdTGb66NzUxOnqiaNT%2FXalf4cOJuygHQOjEGjRqVz6Jf3xzN4yeKEFyT%2BtOeRN9peyLZ33OpXjF%2BTYraUvQfAuKp86CIJ1KueXH01t7PkAsJeCYc97e8%2FjVXMRavoVwNE5kEEKDZ1CQ6SAxQqY%2BD%2BtKNSdyg%2BFgYEnrJYntLXmCS0uPztgw3t2waFlj%2Fms7LHicNFnhHrDw55DfOIV6MgIgch0iV376TcAAAD%2F%2FwEAAP%2F%2FBNCZkcQFAAA%3D
173.233.137.52200 OK 7 B URL HTTP/1.1 graduatewonderentreaty.com/impr.gif?sid=H4sIAAAAAAAC%2F5yS72scVRfH7%2FTJi4fnAbHSNxWqA4ulBd2d2d3sJi1lbfOLpWlSk%2FiDvil37r2zue6de6f3zuxs4ptiSykoJe1roZOzadNfpBZEKmiVTUFwQcj6alED%2FQ%2Bqhb6W3QaLCgoeGM6Z%2BR7O%2BZwz58JqvI0ciHFv%2FIRa5kLg3HDWsQ%2B857qH7Wku46bdHCmdLhUP27pxaLSUdQ7aU4zUVS7vuI7jOq49yTXzVTPXF4GHd0bd7KiTLeaz7nARmvqP7ya2wGALaGMbvQScdoceWnuAkzbI4NNxZuqRCl%2BfCGKBI6WhQdfflnWpEgnB89DXFvhyfScblNmafABKXhvggmr8nujxLrK%2BfQCeXN%2BBBK%2BxNuD0BDAJHv0%2FJI02MNEGjttA1DngdAsBEAozsyCD6zNKJ3jpmYr7ahcNPX0CPOmioZ%2F3gAw2jgnetOeViCOupIGmnwJvtoHX2hDGmxAt7wKebAKJPgROv0e5p9Mgg7VZIxRwmg5m57wN3G%2BDYCuAjQVx%2F%2BEWxL4FcWhBQHs2cV237FCCnZFRQgq0zLwSdVxc9l3sOqURiEkfbwWicAWIWAGiz0Koz0KdX96qfA06%2FgbMYgqGWmCiLrLeOgsNmkLCECQGQYIRJBxBEiFIGuk1KkzepNepMLHn7vj8ji%2BkLRXVVvE1FdWYRKvhNto9WM3jfa9CnfXsQqnsF%2FMOZWXiuEXX9wtkxCs7Li7hvOcWhsHwFLjZNZh2mXfRro11CPnW7tvg4U0wYhMIfxFwvA9w0irnHcCLreKIA8vyVqi0rKksUQFQlUIYDUG0ZK2KbbR3wJB%2F8h0w0qls%2FG%2Fx0mdf5IDoFEKdwvv8IYKauNiaUwlam1OJQfdmw4gHfBn3f918hCOGbh1nS4nStDpuVm4eJX2hH95ZYCaaxpJyWTPo9jFOKdOTShOGvqqad5l3MjaLx2It43D65NhkNQg1M4Yr2QbMt069AIR30X8%2Fvz%2B4yZfHfgWuN0HHvfxiFIXmUC7XDERWMywiHrA3PE778%2BWI4KRe4Uca1ebcjD4TkpI67UAQdyr3Hl1t37jwCXDVBhKev5HJVMdmZzKZ3pt%2FWzBajANPYi7%2BXHQ%2FD2rREU6UvJnJLFQXpicymd5rj69e%2BXieNX2lmQk372vDhO1rbFdljWn7gJMt1YODdzOZ8Yn5sbnqyYXqAGH%2FO1zYNLbrMhaC2QGr2dymuFax5%2BuaN%2FofHl%2B98tHdTGb66NzUxOnqiaNT%2FXalf4cOJuygHQOjEGjRqVz6Jf3xzN4yeKEFyT%2BtOeRN9peyLZ33OpXjF%2BTYraUvQfAuKp86CIJ1KueXH01t7PkAsJeCYc97e8%2FjVXMRavoVwNE5kEEKDZ1CQ6SAxQqY%2BD%2BtKNSdyg%2BFgYEnrJYntLXmCS0uPztgw3t2waFlj%2Fms7LHicNFnhHrDw55DfOIV6MgIgch0iV376TcAAAD%2F%2FwEAAP%2F%2FBNCZkcQFAAA%3D
IP 173.233.137.52:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F5yS72scVRfH7%2FTJi4fnAbHSNxWqA4ulBd2d2d3sJi1lbfOLpWlSk%2FiDvil37r2zue6de6f3zuxs4ptiSykoJe1roZOzadNfpBZEKmiVTUFwQcj6alED%2FQ%2Bqhb6W3QaLCgoeGM6Z%2BR7O%2BZwz58JqvI0ciHFv%2FIRa5kLg3HDWsQ%2B857qH7Wku46bdHCmdLhUP27pxaLSUdQ7aU4zUVS7vuI7jOq49yTXzVTPXF4GHd0bd7KiTLeaz7nARmvqP7ya2wGALaGMbvQScdoceWnuAkzbI4NNxZuqRCl%2BfCGKBI6WhQdfflnWpEgnB89DXFvhyfScblNmafABKXhvggmr8nujxLrK%2BfQCeXN%2BBBK%2BxNuD0BDAJHv0%2FJI02MNEGjttA1DngdAsBEAozsyCD6zNKJ3jpmYr7ahcNPX0CPOmioZ%2F3gAw2jgnetOeViCOupIGmnwJvtoHX2hDGmxAt7wKebAKJPgROv0e5p9Mgg7VZIxRwmg5m57wN3G%2BDYCuAjQVx%2F%2BEWxL4FcWhBQHs2cV237FCCnZFRQgq0zLwSdVxc9l3sOqURiEkfbwWicAWIWAGiz0Koz0KdX96qfA06%2FgbMYgqGWmCiLrLeOgsNmkLCECQGQYIRJBxBEiFIGuk1KkzepNepMLHn7vj8ji%2BkLRXVVvE1FdWYRKvhNto9WM3jfa9CnfXsQqnsF%2FMOZWXiuEXX9wtkxCs7Li7hvOcWhsHwFLjZNZh2mXfRro11CPnW7tvg4U0wYhMIfxFwvA9w0irnHcCLreKIA8vyVqi0rKksUQFQlUIYDUG0ZK2KbbR3wJB%2F8h0w0qls%2FG%2Fx0mdf5IDoFEKdwvv8IYKauNiaUwlam1OJQfdmw4gHfBn3f918hCOGbh1nS4nStDpuVm4eJX2hH95ZYCaaxpJyWTPo9jFOKdOTShOGvqqad5l3MjaLx2It43D65NhkNQg1M4Yr2QbMt069AIR30X8%2Fvz%2B4yZfHfgWuN0HHvfxiFIXmUC7XDERWMywiHrA3PE778%2BWI4KRe4Uca1ebcjD4TkpI67UAQdyr3Hl1t37jwCXDVBhKev5HJVMdmZzKZ3pt%2FWzBajANPYi7%2BXHQ%2FD2rREU6UvJnJLFQXpicymd5rj69e%2BXieNX2lmQk372vDhO1rbFdljWn7gJMt1YODdzOZ8Yn5sbnqyYXqAGH%2FO1zYNLbrMhaC2QGr2dymuFax5%2BuaN%2FofHl%2B98tHdTGb66NzUxOnqiaNT%2FXalf4cOJuygHQOjEGjRqVz6Jf3xzN4yeKEFyT%2BtOeRN9peyLZ33OpXjF%2BTYraUvQfAuKp86CIJ1KueXH01t7PkAsJeCYc97e8%2FjVXMRavoVwNE5kEEKDZ1CQ6SAxQqY%2BD%2BtKNSdyg%2BFgYEnrJYntLXmCS0uPztgw3t2waFlj%2Fms7LHicNFnhHrDw55DfOIV6MgIgch0iV376TcAAAD%2F%2FwEAAP%2F%2FBNCZkcQFAAA%3D HTTP/1.1
Host: graduatewonderentreaty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Cookie: u_pl=15736095; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 13 Sep 2022 11:22:05 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: c759d76ce9fb53e6d28104235c47b7e4
Strict-Transport-Security: max-age=0; includeSubdomains
graduatewonderentreaty.com/pixel/sbs?c=1
173.233.137.52200 OK 0 B URL HTTP/1.1 graduatewonderentreaty.com/pixel/sbs?c=1
IP 173.233.137.52:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: graduatewonderentreaty.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Cookie: u_pl=15736095; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Tue, 13 Sep 2022 11:22:05 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
142.250.74.163200 OK 16 kB URL HTTP/2 fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
IP 142.250.74.163:0
File type Web Open Font Format (Version 2), TrueType, length 15860, version 1.0\012- data
Hash e9f5aaf547f165386cd313b995dddd8e
acdef5603c2387b0e5bffd744b679a24a8bc1968
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
GET /s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://vivud.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 15860
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Wed, 07 Sep 2022 19:34:08 GMT
expires: Thu, 07 Sep 2023 19:34:08 GMT
cache-control: public, max-age=31536000
age: 488878
last-modified: Wed, 11 May 2022 19:24:42 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash bd7b5eb635d48acf1428c326eaa892a1
ba9f6c0db831a88b7d6dbdd98f19e76b4b501258
557466a3b642e90e352898073ff23f6a034c3b233e8aee0f0f69cd6ca83d49f4
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
static.realtime-bid.com/n337/ad/300x300_mlrC2tLgOw3p3m5g8vS1.jpeg
151.139.128.11200 OK 12 kB URL HTTP/2 static.realtime-bid.com/n337/ad/300x300_mlrC2tLgOw3p3m5g8vS1.jpeg
IP 151.139.128.11:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3\012- data
Hash ea4d0542fa4cd96f6863e7a8b5c9a460
b8a72ede5a93fd3d79496f37a36fa8caac27117a
f7ff188bf898910340242c7395163b4152d8350e9626b7e9b8a635fd67f03840
GET /n337/ad/300x300_mlrC2tLgOw3p3m5g8vS1.jpeg HTTP/1.1
Host: static.realtime-bid.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-length: 11483
content-type: image/jpeg
last-modified: Fri, 27 Aug 2021 12:28:46 GMT
accept-ranges: bytes
server: nginx
etag: "6128da7e-2cdb"
cache-control: max-age=86400
x-hw: 1663068126.cds071.sk1.hn,1663068126.cds018.sk1.c
access-control-allow-origin: *
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 535d274bda0c065485a534026ab497a4
0ee92c6de28c6999632b924ba226c3c449ad2e40
14dd3a50213e32e5768046e3e99cd8fc302a94f6b8f9763bbd51d8605ebd16fe
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
157.240.200.35200 OK 44 kB URL HTTP/2 www.facebook.com/login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp
IP 157.240.200.35:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, Unicode text, UTF-8 text, with very long lines (30173)
Hash 6d4dd641080c4347db2493accb9aeb5c
51fc601c36f6e205e89ff44d93bfa881b09eb780
d18652b95ea21ca6ced64fa1bf59f60a596601d0fac6255892d272fecfbd0b55
GET /login.php?next=https%3A%2F%2Fwww.facebook.com%2Ffavicon.ico%3F_rdr%3Dp HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-encoding: br
pragma: no-cache
cache-control: private, no-cache, no-store, must-revalidate
expires: Sat, 01 Jan 2000 00:00:00 GMT
content-security-policy-report-only: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":3600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}],"group":"network-errors"}
nel: {"report_to":"network-errors","max_age":3600,"failure_fraction":0.01}
x-frame-options: DENY
x-content-type-options: nosniff
x-xss-protection: 0
cross-origin-opener-policy: same-origin-allow-popups
vary: Sec-Fetch-Site, Sec-Fetch-Mode, Accept-Encoding
strict-transport-security: max-age=15552000; preload
content-type: text/html; charset="utf-8"
x-fb-debug: Ynku2mvceUFGJHn/dpb5hBP355krfZlGAyByGvPydHjIKxLWfYSnRw49WpwkBGjn+AEHs9AWDwbwH6WHCmPQeA==
date: Tue, 13 Sep 2022 11:22:06 GMT
priority: u=3,i
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 167378beef2e1b0dafefbdc6210752c2
afbdff67a5647b04de65499da7d2d00cc21eb808
1dfe3c3aa34673799955912c86f82ccf81a1110cd82058241e2e85fb84e5caa7
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 490
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:06 GMT
Last-Modified: Tue, 13 Sep 2022 11:13:57 GMT
Server: ECS (ska/F71C)
X-Cache: HIT
Content-Length: 471
tpc.googlesyndication.com/sodar/sodar2.js
142.250.74.33200 OK 6.4 kB URL HTTP/2 tpc.googlesyndication.com/sodar/sodar2.js
IP 142.250.74.33:0
File type ASCII text, with very long lines (1321)
Hash ac906814ed812c4ecdbb624a3bd2f6c3
8e4547eaffaa66a1ee61b36028dbcd7091d0e7de
8ab8cef6156022c4547455defd8252b48b6bcb8b734072849345bb99758705fe
GET /sodar/sodar2.js HTTP/1.1
Host: tpc.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
content-type: text/javascript
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-length: 6386
date: Tue, 13 Sep 2022 11:22:06 GMT
expires: Tue, 13 Sep 2022 11:22:06 GMT
cache-control: private, max-age=3000
etag: "1637097310169751"
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash 2d5989889613244940d7d66146e9fab4
5c92ca98351f75dbf71df8442531e84c8ec2cb8b
b7cfe8af8ffc533903dd24530306123fb802d132ce1b0d1cd3fba5d8184bb356
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B7CFE8AF8FFC533903DD24530306123FB802D132CE1B0D1CD3FBA5D8184BB356"
Last-Modified: Sun, 11 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=19370
Expires: Tue, 13 Sep 2022 16:44:56 GMT
Date: Tue, 13 Sep 2022 11:22:06 GMT
Connection: keep-alive
galleryn3.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df7216/a35c680be786ed09c6996c0aa6fc4010.jpg?pstool=421_1&psid=vivudgsm
93.93.51.190200 OK 10 kB URL HTTP/2 galleryn3.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df7216/a35c680be786ed09c6996c0aa6fc4010.jpg?pstool=421_1&psid=vivudgsm
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash e69297964d5c97c17243ab110b6623ad
613f900fbb683ab1cce32bce663c0a7d9b135a45
d1a326b304ee9d04fe16ab715d8ae04529365efdec98bb0e782d481e7dc92a22
GET /74cfb35aec71f4e2a7bc4cbbdcc5df7216/a35c680be786ed09c6996c0aa6fc4010.jpg?pstool=421_1&psid=vivudgsm HTTP/1.1
Host: galleryn3.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: image/jpeg
content-length: 10443
last-modified: Mon, 24 Jun 2019 09:09:50 GMT
etag: "e69297964d5c97c17243ab110b6623ad"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 27 Sep 2022 11:22:06 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn3.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df721d/d6935becb96cf99a15acab343b0f0efb.jpg?pstool=421_1&psid=vivudgsm
93.93.51.190200 OK 17 kB URL HTTP/2 galleryn3.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df721d/d6935becb96cf99a15acab343b0f0efb.jpg?pstool=421_1&psid=vivudgsm
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash 87f74c24f5e2131e7b8d13b69a1c7400
a1f4c0f8391520bfa8a6daf5386c9ecb768b11e6
7c44ad351aa665828c81f8eee6186c7e825bf173e9d7b7f02c5c570f9914e425
GET /74cfb35aec71f4e2a7bc4cbbdcc5df721d/d6935becb96cf99a15acab343b0f0efb.jpg?pstool=421_1&psid=vivudgsm HTTP/1.1
Host: galleryn3.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: image/jpeg
content-length: 16779
last-modified: Thu, 16 Dec 2021 11:59:25 GMT
etag: "87f74c24f5e2131e7b8d13b69a1c7400"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 27 Sep 2022 11:22:06 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn0.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df7212/fc82379b46f5eabb02f4ee078955b9ee.jpg?pstool=421_1&psid=vivudgsm
93.93.51.190200 OK 26 kB URL HTTP/2 galleryn0.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df7212/fc82379b46f5eabb02f4ee078955b9ee.jpg?pstool=421_1&psid=vivudgsm
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash 5740fb0e005ae9d3cf24aaade4816889
4511aa5ea0d6fbcfdac63b1a38151aa42a256087
6b46953fe69fd4af91ccfd55b6386e66124584f8f146f156132812ffcf608439
GET /74cfb35aec71f4e2a7bc4cbbdcc5df7212/fc82379b46f5eabb02f4ee078955b9ee.jpg?pstool=421_1&psid=vivudgsm HTTP/1.1
Host: galleryn0.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: image/jpeg
content-length: 25793
last-modified: Mon, 09 Dec 2019 10:26:51 GMT
etag: "5740fb0e005ae9d3cf24aaade4816889"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 27 Sep 2022 11:22:06 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn0.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df721c/7cac380ee005de6e6b5eb7c7096b04f6.jpg?pstool=421_1&psid=vivudgsm
93.93.51.190200 OK 22 kB URL HTTP/2 galleryn0.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df721c/7cac380ee005de6e6b5eb7c7096b04f6.jpg?pstool=421_1&psid=vivudgsm
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash e75e0535b99f08eb9bc3fddeacdd66dd
4eb4dc1b80a3dade3576c2d85fffb2837f279637
0af6abb8e409edd3b4d3d31fec31a5cf72043bde47b5cc25753fcbe49171cc9d
GET /74cfb35aec71f4e2a7bc4cbbdcc5df721c/7cac380ee005de6e6b5eb7c7096b04f6.jpg?pstool=421_1&psid=vivudgsm HTTP/1.1
Host: galleryn0.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: image/jpeg
content-length: 22288
last-modified: Thu, 21 Nov 2019 16:24:28 GMT
etag: "e75e0535b99f08eb9bc3fddeacdd66dd"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 27 Sep 2022 11:22:06 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn1.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df721a/aab3189165d1488c5e88823f73b03e1a.jpg?pstool=421_1&psid=vivudgsm
93.93.51.190200 OK 9.3 kB URL HTTP/2 galleryn1.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df721a/aab3189165d1488c5e88823f73b03e1a.jpg?pstool=421_1&psid=vivudgsm
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash e0782be0151ced4d587275b9e2f18d53
d8d4f4652a15f492247c17f65577a8fdf0e17a60
2d9417a44702416ff5849773cd957f442e84cb791e2776af40d919e0858daf90
GET /74cfb35aec71f4e2a7bc4cbbdcc5df721a/aab3189165d1488c5e88823f73b03e1a.jpg?pstool=421_1&psid=vivudgsm HTTP/1.1
Host: galleryn1.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: image/jpeg
content-length: 9296
last-modified: Tue, 02 Jul 2019 10:16:53 GMT
etag: "e0782be0151ced4d587275b9e2f18d53"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 27 Sep 2022 11:22:06 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn1.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df721f/fd98a1cd41acab38e9b5246c2340816b.jpg?pstool=421_1&psid=vivudgsm
93.93.51.190200 OK 20 kB URL HTTP/2 galleryn1.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df721f/fd98a1cd41acab38e9b5246c2340816b.jpg?pstool=421_1&psid=vivudgsm
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash 51ae722aba1cf52f487abeb8133d144d
57569ce9a8a0e54f86b14b40fcadec03a9c125a3
6b2e9734bfa6085de5224826c902c3a5c8d13f625e090285736fe14a3d59a6fd
GET /74cfb35aec71f4e2a7bc4cbbdcc5df721f/fd98a1cd41acab38e9b5246c2340816b.jpg?pstool=421_1&psid=vivudgsm HTTP/1.1
Host: galleryn1.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: image/jpeg
content-length: 20471
last-modified: Thu, 04 Nov 2021 10:21:28 GMT
etag: "51ae722aba1cf52f487abeb8133d144d"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 27 Sep 2022 11:22:06 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn2.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df7217/0a9c3732f67ed5fefe3541848870a50a.jpg?pstool=421_1&psid=vivudgsm
93.93.51.190200 OK 24 kB URL HTTP/2 galleryn2.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df7217/0a9c3732f67ed5fefe3541848870a50a.jpg?pstool=421_1&psid=vivudgsm
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 72x72, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash 0e14c38163f768549b2c061d9bdc6fe9
38c654b690720bdda306eb25c2b443bb595a9eb0
c691e4867b3de1de5bfde7e376082784351bc12762ce16ad47ac256f79164fbc
GET /74cfb35aec71f4e2a7bc4cbbdcc5df7217/0a9c3732f67ed5fefe3541848870a50a.jpg?pstool=421_1&psid=vivudgsm HTTP/1.1
Host: galleryn2.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: image/jpeg
content-length: 24192
last-modified: Thu, 09 Jun 2022 13:21:48 GMT
etag: "0e14c38163f768549b2c061d9bdc6fe9"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 27 Sep 2022 11:22:06 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn1.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df7216/2c7236821b174a695c978f69fff7c7d2.jpg?pstool=421_1&psid=vivudgsm
93.93.51.190200 OK 17 kB URL HTTP/2 galleryn1.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df7216/2c7236821b174a695c978f69fff7c7d2.jpg?pstool=421_1&psid=vivudgsm
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash 1ef1e1d3e3697996b087715409d796c7
90894ae9d640e1671ae3df5c058cb7479921faf7
95936a35615d86ee53c5da4337f7e141c61201a037b98f05e049ce0c14aa30bf
GET /74cfb35aec71f4e2a7bc4cbbdcc5df7216/2c7236821b174a695c978f69fff7c7d2.jpg?pstool=421_1&psid=vivudgsm HTTP/1.1
Host: galleryn1.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: image/jpeg
content-length: 16567
last-modified: Mon, 22 Jul 2019 14:46:41 GMT
etag: "1ef1e1d3e3697996b087715409d796c7"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 27 Sep 2022 11:22:06 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn0.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df7215/449a760332d288bbb6e1370503818184.jpg?pstool=421_1&psid=vivudgsm
93.93.51.190200 OK 31 kB URL HTTP/2 galleryn0.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df7215/449a760332d288bbb6e1370503818184.jpg?pstool=421_1&psid=vivudgsm
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
Hash 24dc110ce60313579d417ecdd7b85a5f
ef719e04b6eeb87197145feb16fc6bafac669a3a
44867cfbf5321afb17b34269c912979001ef0d38bc9096ecfda79052845bc714
GET /74cfb35aec71f4e2a7bc4cbbdcc5df7215/449a760332d288bbb6e1370503818184.jpg?pstool=421_1&psid=vivudgsm HTTP/1.1
Host: galleryn0.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: image/jpeg
content-length: 19332
last-modified: Mon, 22 Mar 2021 08:52:12 GMT
etag: "a1e45a21f5e607de9e3c730d97ff823b"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 27 Sep 2022 11:22:06 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
galleryn1.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df7217/0150e7abbf1ab0e85a5be95013bdf881.jpg?pstool=421_1&psid=vivudgsm
93.93.51.190200 OK 9.9 kB URL HTTP/2 galleryn1.awemdia.com/74cfb35aec71f4e2a7bc4cbbdcc5df7217/0150e7abbf1ab0e85a5be95013bdf881.jpg?pstool=421_1&psid=vivudgsm
IP 93.93.51.190:0
ASN #34655 DuoDecad IT Services Luxembourg S.a r.l.
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 300x169, components 3\012- data
Hash 2179020dd6ee32c5a921f1bdfe01c0bc
74e6b7a2a5b0d3848707230bd0be0070425d2870
f783574cb40a12a8dcc35e12da611452f908b90cf297c6865c88b43e4cb2c530
GET /74cfb35aec71f4e2a7bc4cbbdcc5df7217/0150e7abbf1ab0e85a5be95013bdf881.jpg?pstool=421_1&psid=vivudgsm HTTP/1.1
Host: galleryn1.awemdia.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: image/jpeg
content-length: 9856
last-modified: Wed, 03 Jul 2019 13:24:00 GMT
etag: "2179020dd6ee32c5a921f1bdfe01c0bc"
access-control-allow-origin: *
x-content-type-options: nosniff
x-cache-source: Origin
x-cache-status: R-HIT
expires: Tue, 27 Sep 2022 11:22:06 GMT
server: unknown
x-cdn-node: sesto
cache-control: max-age=1209600
x-real-source: -
accept-ranges: bytes
X-Firefox-Spdy: h2
a.realsrv.com/nativeads-v2.js?_=1663068110129
205.185.216.10200 OK 16 kB URL HTTP/1.1 a.realsrv.com/nativeads-v2.js?_=1663068110129
IP 205.185.216.10:0
File type C source, ASCII text, with very long lines (58917), with no line terminators
Hash 4fed24b05715a4123ff52b5bc128522b
6a3a08eb3da52fb6e303b9f1a33a56db987df4aa
f1bf20f90647fd8743e606ed47ea1ee6c191b93f54860e0b86597761b1b520c1
GET /nativeads-v2.js?_=1663068110129 HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Tue, 13 Sep 2022 11:22:06 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 16534
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"24dfeeaabc29e5aaefc73f319e2"
X-HW: 1663068126.dop017.sk1.t,1663068126.cds215.sk1.shn,1663068126.cds215.sk1.c
Access-Control-Allow-Origin: *, *
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 7faa6a78f896de4528c8cc9ed35bfa11
199ad87495595163d7d16b1eddb9506c8ddb4918
7effc4afbb7417799d0ecbb32fce2a94cba732e488fd4ce81ba5a77f4d7c13ca
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Tue, 13 Sep 2022 11:22:06 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ptp.prom-xcams.com/ct/registration-d-v1/index.php/?comfrom=1020726&cf2=voluum&cfsa2=wl2n2pbrdgpivr0ji8cnvnio&cfsa1=vivud;TwinRed;voluum.prom-xcams.com
91.237.218.86200 OK 1.3 kB URL HTTP/2 ptp.prom-xcams.com/ct/registration-d-v1/index.php/?comfrom=1020726&cf2=voluum&cfsa2=wl2n2pbrdgpivr0ji8cnvnio&cfsa1=vivud;TwinRed;voluum.prom-xcams.com
IP 91.237.218.86:0
ASN #212882 dnx network sarl
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783)
Hash d6236d785a8268ce19611a17f4ad1b86
ce0e128bc2c1d3da1d84d7369c2e79587665ba70
6a518397453e630d38ffa7ff19011f39faea7a9e28ec21f065df0267d98ee690
GET /ct/registration-d-v1/index.php/?comfrom=1020726&cf2=voluum&cfsa2=wl2n2pbrdgpivr0ji8cnvnio&cfsa1=vivud;TwinRed;voluum.prom-xcams.com HTTP/1.1
Host: ptp.prom-xcams.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://twinrdsrv.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: text/html; charset=UTF-8
content-length: 1278
vary: Accept-Encoding
content-encoding: gzip
server: TurboProxy
x-forwarded-proto: https
X-Firefox-Spdy: h2
www.google.com/recaptcha/api2/aframe
142.250.74.164200 OK 513 B URL HTTP/2 www.google.com/recaptcha/api2/aframe
IP 142.250.74.164:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (783), with no line terminators
Hash 89b97a0aec8e5d1d0eb5abe85c6f758c
3526a596673b6c7652e6fef617d8c01397b5d25c
2e236985bd4e00bf126c9b172e9a2dc06ec012146142b6b1b7e1145e68545f04
GET /recaptcha/api2/aframe HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
cross-origin-resource-policy: cross-origin
cross-origin-embedder-policy: require-corp
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
expires: Tue, 13 Sep 2022 11:22:06 GMT
date: Tue, 13 Sep 2022 11:22:06 GMT
cache-control: private, max-age=300
content-type: text/html; charset=utf-8
content-security-policy: script-src 'nonce-a4dvUipxzUIeV5-rT0yGFA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding: gzip
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 513
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?native-settings=1&idzone=4356930&cookieconsent=true&p=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F
95.211.229.245200 OK 4.6 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4356930&cookieconsent=true&p=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (8668), with no line terminators
Hash ac0331031b6a67f8e5f1574060ac9cd3
6d360c51fca621bff7a6daf41d5d8e3e3ffb54b5
1e7acabfb1cf1a54d1480fa43c25bb7dcc66e9d9841393125132c13a5b2d2214
GET /splash.php?native-settings=1&idzone=4356930&cookieconsent=true&p=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 13 Sep 2022 11:22:06 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://vivud.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22632067de9c7453.899876713834285933%22%3B%7D; expires=Thu, 12 Sep 2024 11:22:06 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=mxmssbsanxgxaraaxosbageicxbmsboenxgxaaseabxoageialeblerenxgxarmeomobrgeimxmbasacnxgxaraaoasaageicxbmsbcenxgxaaserreocgeialeblecenxgxaralsbsaxgeimxmbasmbnxgxaraaolroageioslmrxbrnxgxaasescsrmgeicxbmsbocnxgxaasecablmgeimsclxcabnxgxaramcssbcgeicxbmsbxcnxgxaaolmooxmgeialbserxenxgxaaolmecsogeioslmrxlrnxgxaaseelbbrgeimscamxrbnxgxaramxrbclgeimsclxreenxgxaramcssbcgeimxmssbrenxgxaramcsmccgeicraxcrebnxgxarmcrsxcxgeislsarosxnxgxaaolmooxmgeicmexsleonxgxarabcxolegeioslmrxbmnxgxaaseclebbgeirsxcecsenxgxarabbcraxgeialbserebnxgxaaoomcaccgeioslmroemnxgxaaserreocgeicmexsblcnxgxarmrcmolageiaaoboxbonxgxaralmcosrgeiamxmbxbonxgxaralsbsolgeimscamxccnxgxaralsbsaxgeiaaoabboonxgxarmeomobrgeislsaroornxgxaaobbmllageimooxbxeanxgxarmescrbbgeirsxcecsbnxgxarmelblebgeicmexslxcnxgxarmcbccrbgeicraxcrocnxgxarmsoerxxgeicraxcclanxgxarmxmcmmcgeicmexslecnxgxarmsembabgeicraxcreanxgxarmaarabageirsxcecccnxgxarmoocmexgeicraxcrxanxgxarmarlrxmgeialbserxonxgxaaoobreargeimcelelronxgxarbsrmlaageirsxcecxanxgxarbccmbcsgeirbabxabbnxgxaaoleroccgeicmeecrxcnxgxarmbexrmogeicmeecclonxgxarmorasemgeialbsereanxgxaaxsosbblgeicmexslxonxgxarmcxcaregeicaxsscmbnxgxaaoblroaegeicmeexcaenxgxarmcxsxcageimcelelrcnxgxarmcxsxcageimcelelcenxgxarmcxsxcageimcoexclonxgxarmcxsxcageialbserecnxgxaaocxaaalgeicmeeccbcnxgxarmcarxemgeicmexsblenxgxarmarlrxmgeimcoexaabnxgxaaeosmmecgeimcoexasbnxgxaaeosmmecgeicmeecrecnxgxarmrxsamageicraxcroonxgxarmrasloageicmexrxxonxgxarmaarabageimcoexaxonxgxarbblarblgeicaormbbenxgxarlexsrrageimcebllronxgxarmarlrxmgeirbabxalenxgxarmabbsmmgeicraxcroenxgxarmbexrmogeirsxcecsonxgxarmbrrcsegeimcoexxlonxgxarbsasblxgeimcoexasanxgxaaoecxelogeiroeaablbnxgxarlrlxmeegeimcoexarenxgxarlcbxlxageimcoexabbnxgxarbxeocasgeimcoexrlonxgxarbblarblgeimooxbelbnxgxarbexxealgeirsxcecebnxgxarbsasblxgeimcoexrlcnxgxarlcbxlxageimcoexaaanxgxarlcbxlxageirsxcecxenxgxarbxxxolxgeiraaoxbbcnxgxarbellsrxgeimcelelcanxgxaaxarbxxegeioslmrxlsnxgxaasecablmgeicaormbmanxgxaaxxlcxbmgeicaormlxcnxgxarbobbbbmgeicaormbbanxgxaaeoxexsxgeicaormlxanxgxaaoaaxmbcgeimcelelranxgxarbsrmlaageimcersrocnxgxarbsasblxgeimcoexaxcnxgxarbcslxbcgeisaeeasslnxgxaaoomsarogeimcersxbenxgxaaxacacesgeimcersxacnxgxarbroammrgeicaormloenxgxaaeoxexsxgeimcersoeenxgxarbroammrgeimcelelaanxgxarbrboxregeimcelelbenxgxarbrboxregeimcoexaxbnxgxaaoecxelogeimcoexamenxgxarbblarblgeimcoexabanxgxarbblarblgeimcoexacanxgxarbblarblgeimcoexaoonxgxarblslrsxgeimcclsxbcnxgxaaeosmmecgeimcclsoeonxgxaaoblaceageicaormleanxgxaaxxemrecgeimcclsebcnxgxarlexorssgeimcclsxmenxgxaaeoaolesgeimcclossbnxgxaasescsrmgeimcclsxlenxgxaaoblroaegeimcclsxsonxgxaaexxllbrgeimcclsxxcnxgxaaosrmroegeimcclsxlanxgxaaemmeambgeimcclsxscnxgxaasescsrmgeicaormbmbnxgxaaemaolsbgeimcclselcnxgxarleomllegeimccloscenxgxaaorormsbgeimcclsxaanxgxarlesreebgeimcclselanxgxaaebsleobgeimcclsebbnxgxarlcbxlxageicaormbmcnxgxarloeaexageicaormlxonxgxarlmbxoosgeiclsmrrrenxgxarloalasrgeiclsmarcanxgxarloalasrgeiclsmrbronxgxarloalasrgeimcclsxronxgxaasescsrmgeimcclsxmanxgxaaexxsoasgeimcclossanxgxaaexxllbrgeimcclsxaonxgxaasescsrmgeimcoexasonxgxarlcbxlxageimcclsxabnxgxarlreooaageimcclosscnxgxaaoxbsallgeimcclsxlbnxgxaaomexxrcgeimcclsxbbnxgxarlalasssgeicaormbbonxgxaaeoxexsxgeimcclsxcanxgxaaxxcmeaegeimcclsxmbnxgxaaeebrxsegeimcclsxxonxgxaaxobsolageimcclsxsbnxgxaaomexxrcgeimcclsxcbnxgxaaexxllbrgeimcclsxmonxgxaaexoembogeimcclsxconxgxaaomcaobegeimcclselenxgxaaesmsscageimcclsxmcnxgxaaeosmmecgeimcoexacbnxgxaaoecxelogeimcclsxbanxgxaaeoaolesgeimcclsebanxgxaaesobbblgeimcclsxxanxgxaaesalmmsgeimcclsxacnxgxaaxlcabocgeimcoexcccnxgxaaecebcslgeimcclsxocnxgxaaesmsscageimcclsxbenxgxaaesalmlageimcclsxsenxgxaaeassbmlgeimcclsxrenxgxaaesmsscageimcclosccnxgxaaobxmbecgeimcclsxobnxgxaaorocbaogeimcelelsanxgxaaecebcslgeimcelelmanxgxaaecebcslgeimcclsxlonxgxaaoxbsallgeimcclsxlcnxgxaaolmecsogeimcclosconxgxaaoaassosgeimrerbboanxgxaaemsosmogeicaormlxenxgxaaoamecaegeicaormbbcnxgxaaoamecaegeimrscomecnxgxaaxeeaxaegeimcclsxsanxgxaaosrmxxbgeimcrxsbobnxgxaaosxbcmogeimcoexsacnxgxaaxxcmeaegeimrscomeenxgxaaxsbxmrcgeimrcrbrxenxgxaaxrxelsbgeimcersxlbnxgxaaxacacesgeimcelelrenxgxaaxarbxxegeimrerbbsbnxgxaaoxasxrcgeimrerbbccnxgxaaoeemarogeimrerbmlenxgxaaxlocooageimccloscanxgxaaomcaobegeimrerbmlanxgxaaoeemarogeiclsmrbocnxgxaaooxbxsrgeiclsmrrccnxgxaaooxbxsrgeiclsmrmocnxgxaaooxbxsrgeiccmblmmonxgxaaseclebbgeiccmblmmbnxgxaaolmecsogeiccmblmmanxgxaaseabxoageimcoexaebnxgxaaosrmxxbgeimcclsxoanxgxaaosrmroegeircsxcxscnxgxaaoslesrogeiccmblmmcnxgxaaolscxasgeimreaobscnxgxaaoroaslegeimreaobeanxgxaaoroaslegeimreaoboonxgxaaoroaslegeimrerbbxenxgxaaoaxomcxgeimraeecxbnxgxaaolboaomgxcceimraeelabnxgxaaolbommbgxcceirrmlllronxgxaaolbommbgxcceimrcaoxbanxgxaaolbsabxgxcceialrexexbnogxaaolbcsmogxcceimcoaxmxoncgxaaolbcsmogxcceimraeelaanxgxaaolbcsmogxcceimxomsmsbnxgxaaolblaxagxcceimxomosbcnxgxaaolblaxmgxcceimxomoxronxgxaaolblaxmgxcceimxlbmxlonogxaaolblaxbgxcceimxcbrxaonxgxaaollxsexgxcceimxcbrxscnxgxaaollxsexgxcceicxxolxlmnxgxaaollxseogxcceicxxoloesnxgxaaollxseogxcceialoxxalenogxaaollsormgxcceimrrascaonogxaaollbocagxcceicloaxxobnxgxaaseeemalgxcceimellboscnxgxaaseeemmogxcceimellboxcnxgxaaseeemmogxcceimxcbrxlonxgxaaseeemmogxcceimrrcrrlencgxaaseeemmogxcceimrrcrrbanxgxaaseeemmogxcceimrmxraobnxgxaaseeemmogxcceimrmxraoanxgxaaseeemmogxcceimrmxraoonxgxaaseeemmogxcceimrmxraocnxgxaaseeemmogxcceimrrcrrlonxgxaaseeemmogxcceimxxerreanxgxaaseeemmogxcceimxxerreonxgxaaseeemmogxcceimrcmxlaanxgxaaseeemmogxcceimramxoxcnogxaaseexmrbgxcceimrmoemsenbgxaaseexmrbgxcceimrmoemsonxsgxaaseexmrbgxcceimrxrxsaenagxaaseexmrbgxcceimrmoxooonsgxaaseesrlcgxcceimxcbrxbenxgxaaseesrlcgxcceimxomorranxgxaaseebbclgxcceimrrascmbnxgxaaseebbclgxcceimxeoxsbensgxaaseebbclgxcceimrmcmmcanxgxaaseelbbrgxcceimrrascmenxgxaaseelbbrgxcceimrsreamonsgxaasexeomrgxcceimrcaeesbnrgxaasexcombgxcceimxlbmoscnogxaasexcombgxcceimrrascaanxgxaasexmcobgxcceimxlbmoconogxaasexbcobgxcceimrsreaabnxgxaasexlraogxcceimrrasxbenxgxaasexlbeegxcceimrmcxbconrgxaasexlbeegxcceimrrasxmonxgxaasexlbesgxcceimxomsmsanxgxaasexlbesgxcceimrrasxmcnxgxaaseoossbgxcceimrrasxmanxgxaaseoossbgxcceimrmbxmxonsgxaaseocebogxcceimocolrocnxgxaaseorrrmgxcceimrcaoaoanrgxaaseorrrmgxcceimxlbmxlcnxgxaaseorrrbgxcceimrrascmanxgxaaseorrrbgxcceimocbmmacnxgxaasescermgxcceimocbmmbenxgxaasescermgxcceimxlbmosenogxaasescsrmgxcceimrrascmonxgxaasescsrmgxcceimxeoxsacnxgxaasescsrmgxcceimxxerrecnxgxaasescsrmgxcceimcclsoeenxgxaasescsrmgeimrsreamensgxaasesaosogxcceimrsreamcnsgxaasesarmrgxcceimrsreamanxgxaasesarmrgxcceicloaxxaanxgxaasesbbxogxcceimrsreabonogxaaseslarogxcceimrmaxasanxgxaaseslarogxcceimrmaxascnxgxaasecesosgxcceimrmaxasenxgxaasecxeasgxcceimcoaxmxcnagxaasecxcmmgxcceiaaxcabaonxgxaasecorlagxcceicloaecoenxgxaasecccbxgxcceimrxccosonxgxaasecccbxgxcceimcssmlronsgxaasecablmgxcceimxxerrxenxgxaasecablmgxcceimxlbmosanogxaasecablmgxcceimxxerrebnxgxaasecablmgxcceimclsaoxbncgxaasecablmgxcceialbbebsbnxgxaasecbasegxcceimemlxbocnxgxaasecbasegxcceimxcbrxabnxgxaasecbasegxcceimcssmlrenogxaasecbasegxcceialbbebsanxgxaasecbasegxcceimxreaomcnxgxaaseclebmgxcceixaoosscrnxgxaaseclebbgxcceimrceboxanxgxaasecllcogxcceicloaecocnxgxaasecllcogxcceimsacexoonxgxaaserreocgxcceimrrascabnxgxaaseaerbrgxcceimrrascaenxgxaaseaerbrgxcceirreacmsbnxgxaaseaerbrgxcceimxcbrxmbnxgxaaseaerbrgxcceixaoossalnxgxaaseaxlomgxcceimrrasxbonxgxaaseaxlomgxcceimxlbmoobnxgxaaseaxlomgxcceimxlbmosonxgxaaseabxoagxcceimrrascacnxgxaaseabxoagxcceimcssmlrcnxgxaaseabxoagxcce; expires=Wed, 14 Sep 2022 11:22:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4356930%7C71987232%7C100644%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C52d383e5edb7c5ded7ebd587de1d7f26%7C0%7Cvivud.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Wed, 14 Sep 2022 11:22:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4356930%7C41873820%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C52d383e5edb7c5ded7ebd587de1d7f26%7C0%7Cvivud.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Wed, 14 Sep 2022 11:22:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4356930%7C75563464%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C52d383e5edb7c5ded7ebd587de1d7f26%7C0%7Cvivud.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Wed, 14 Sep 2022 11:22:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4356930%7C74337954%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C52d383e5edb7c5ded7ebd587de1d7f26%7C0%7Cvivud.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Wed, 14 Sep 2022 11:22:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4356930%7C44789776%7C0%7C%7C508%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C0%7C0%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C52d383e5edb7c5ded7ebd587de1d7f26%7C0%7Cvivud.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Wed, 14 Sep 2022 11:22:06 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
ptp.prom-xcams.com/assets/ct/registration-d-v1/css/main.css
91.237.218.86200 OK 1.2 kB URL HTTP/2 ptp.prom-xcams.com/assets/ct/registration-d-v1/css/main.css
IP 91.237.218.86:0
ASN #212882 dnx network sarl
Hash 3f4cc7eb391cf249b7aff38386497317
c65490b57c1189421bb71adb41a979360ad0ea5d
919aaf06c6417470eed8ac10fd300006d9954958567b80fa09e47dfd1e232950
GET /assets/ct/registration-d-v1/css/main.css HTTP/1.1
Host: ptp.prom-xcams.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ptp.prom-xcams.com/ct/registration-d-v1/index.php/?comfrom=1020726&cf2=voluum&cfsa2=wl2n2pbrdgpivr0ji8cnvnio&cfsa1=vivud;TwinRed;voluum.prom-xcams.com
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: text/css
content-length: 1203
last-modified: Fri, 13 May 2022 07:57:57 GMT
etag: "fa6-5dee0085805c0-gzip"
vary: Accept-Encoding
content-encoding: gzip
server: TurboProxy
accept-ranges: bytes
X-Firefox-Spdy: h2
ptp.prom-xcams.com/assets/ct/registration-d-v1/js/main.js
91.237.218.86200 OK 303 B URL HTTP/2 ptp.prom-xcams.com/assets/ct/registration-d-v1/js/main.js
IP 91.237.218.86:0
ASN #212882 dnx network sarl
Hash 76489511ce5f0647b8d749a6737e31e9
5b01f9aa2cd3d0b2b48e4379a38ce2c8cd53649d
fd93c3dad79827335cab4a47261d09d1d48cfdf2c1755165c3852f3baadc8a5e
GET /assets/ct/registration-d-v1/js/main.js HTTP/1.1
Host: ptp.prom-xcams.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ptp.prom-xcams.com/ct/registration-d-v1/index.php/?comfrom=1020726&cf2=voluum&cfsa2=wl2n2pbrdgpivr0ji8cnvnio&cfsa1=vivud;TwinRed;voluum.prom-xcams.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: application/javascript
content-length: 303
last-modified: Fri, 13 May 2022 07:57:57 GMT
etag: "2bb-5dee008581560-gzip"
vary: Accept-Encoding
content-encoding: gzip
server: TurboProxy
accept-ranges: bytes
X-Firefox-Spdy: h2
ptp.prom-xcams.com/assets/ct/chat-d-v1/images/logo.png
91.237.218.86200 OK 4.8 kB URL HTTP/2 ptp.prom-xcams.com/assets/ct/chat-d-v1/images/logo.png
IP 91.237.218.86:0
ASN #212882 dnx network sarl
File type PNG image data, 145 x 30, 8-bit/color RGBA, non-interlaced\012- data
Hash a119c7cdd7d2de9e8171a0fc5d689670
5510eb82fa94a6d3e6af0856931a0ecafeafef67
4ccde783cc752fa1723f430699d91a0b4bd0be7b4bde19c5e0769bd499d68367
GET /assets/ct/chat-d-v1/images/logo.png HTTP/1.1
Host: ptp.prom-xcams.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ptp.prom-xcams.com/ct/registration-d-v1/index.php/?comfrom=1020726&cf2=voluum&cfsa2=wl2n2pbrdgpivr0ji8cnvnio&cfsa1=vivud;TwinRed;voluum.prom-xcams.com
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: image/png
content-length: 4818
last-modified: Fri, 13 May 2022 07:57:57 GMT
etag: "12d2-5dee008594879"
server: TurboProxy
accept-ranges: bytes
X-Firefox-Spdy: h2
ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
142.250.74.138200 OK 30 kB URL HTTP/2 ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
IP 142.250.74.138:0
File type ASCII text, with very long lines (32061)
Hash b90b3d2618cce9d766152cd3092b5c27
496339457cd00caab8118e2e1f30ea18dc05b9f4
b7b155aa8c6b5db28f9a6b41e88c96e9462c196c700add426f8ef32c9ce1ed41
GET /ajax/libs/jquery/2.1.1/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ptp.prom-xcams.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
vary: Accept-Encoding
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 29671
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Thu, 08 Sep 2022 09:02:32 GMT
expires: Fri, 08 Sep 2023 09:02:32 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 440374
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/623611/08383e72ee30f54920b69f036aa7050b9906cf65.webp
185.76.9.24200 OK 10 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/623611/08383e72ee30f54920b69f036aa7050b9906cf65.webp
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e456e1fcd5b9782e95a8a4beafdaa6f7
08383e72ee30f54920b69f036aa7050b9906cf65
652ef2a4170f9f3331fa3efbbf4f76a170be4d96c0b22a8ad23b490ccab9b534
GET /library/623611/08383e72ee30f54920b69f036aa7050b9906cf65.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: image/webp
content-length: 10274
last-modified: Wed, 03 Nov 2021 19:29:43 GMT
etag: "6182e327-2822"
expires: Fri, 30 Jun 2023 11:10:59 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195228
server: CDN77-Turbo
x-77-nzt: AblMCRRYhYf/wsphAA
x-77-nzt-ray: oK7W48x5pzQ
x-cache: HIT
x-age: 6408898
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/676799/668a15a067a69eed70a6572b59d942a51fdf020b.webp
185.76.9.24200 OK 9.3 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/676799/668a15a067a69eed70a6572b59d942a51fdf020b.webp
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 4ff7c4443b9dc9269cfb1ffa458fddc1
668a15a067a69eed70a6572b59d942a51fdf020b
1048f4dccd8db1bda50a6c7060551ed00252df4b483238458408e35e14a0e268
GET /library/676799/668a15a067a69eed70a6572b59d942a51fdf020b.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: image/webp
content-length: 9274
last-modified: Thu, 04 Nov 2021 09:51:20 GMT
etag: "6183ad18-243a"
expires: Fri, 30 Jun 2023 11:21:48 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195411
server: CDN77-Turbo
x-77-nzt: AblMCRRarl7/C8phAA
x-77-nzt-ray: 983oJSI/Wu0
x-cache: HIT
x-age: 6408715
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg
185.76.9.24200 OK 25 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", baseline, precision 8, 300x300, components 3\012- data
Hash dbe31828ea0277ab9845bf67aa749927
cc7211683ae26562c2df637755f311868f37c8ea
6499cca4ce115e6dcb44a71342a5c705f938fbffbe5c410b55e60051a417b917
GET /library/475567/cc7211683ae26562c2df637755f311868f37c8ea.jpg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: image/jpeg
content-length: 25056
last-modified: Thu, 30 Mar 2017 09:55:25 GMT
etag: "58dcd60d-61e0"
expires: Fri, 30 Jun 2023 14:29:46 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195219
server: CDN77-Turbo
x-77-nzt: AblMCRRd5zn/y8phAA
x-77-nzt-ray: LqOF2Cxx36M
x-cache: HIT
x-age: 6408907
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
104.18.11.207200 OK 14 kB URL HTTP/2 stackpath.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
IP 104.18.11.207:0
File type ASCII text, with very long lines (30837)
Hash 223fa8c2f5aa9b82ad3f4c97d908ba3a
cfc6e66bfb5e9c3e04d61dbf9f9fd9768af0c48f
d5672027b42ba0da55c059d679548082279ddcd7bbc258c2771590bd28f038de
GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1
Host: stackpath.bootstrapcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://ptp.prom-xcams.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
cdn-pullzone: 252412
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestcountrycode: DE
access-control-allow-origin: *
cache-control: public, max-age=31919000
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-cachedat: 11/15/2021 21:49:00
cdn-proxyver: 1.0
cdn-requestpullcode: 200
cdn-requestpullsuccess: True
cdn-edgestorageid: 723
cdn-status: 200
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
cdn-requestid: 2729ae8f2fc6c761bdc17d91cc795f58
cdn-cache: HIT
cf-cache-status: HIT
age: 8514880
strict-transport-security: max-age=31536000; includeSubDomains; preload
server: cloudflare
cf-ray: 74a080d03a03b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/692514/d62e0d8783013d0874e3ad572e9170093500395e.webp
185.76.9.24200 OK 5.9 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/692514/d62e0d8783013d0874e3ad572e9170093500395e.webp
IP 185.76.9.24:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 642d381f662d670c471074e0e580bfaf
d62e0d8783013d0874e3ad572e9170093500395e
e1a81991b1ecab2e8b84bcd20fb6880df301b857f93d280f70e60ef07a0128a7
GET /library/692514/d62e0d8783013d0874e3ad572e9170093500395e.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:06 GMT
content-type: image/webp
content-length: 5946
last-modified: Wed, 03 Nov 2021 21:07:03 GMT
etag: "6182f9f7-173a"
expires: Wed, 30 Aug 2023 17:11:34 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1693417035
server: CDN77-Turbo
x-77-nzt: AblMCRQuimb/Ex0SAA
x-77-nzt-ray: jhDvwRWolwo
x-cache: HIT
x-age: 1187091
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
r3.o.lencr.org/
95.101.11.115200 OK 503 B IP 95.101.11.115:0
ASN #20940 Akamai International B.V.
Hash e7983efec45348ea5ae96b97ab21fa99
77a69d708c8268e3d2c915202917bddabf483fc2
f5db6faf21e9f3c0445eb1ecccb03b663a9622b26ee68112492e2719abbd3e4e
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "F5DB6FAF21E9F3C0445EB1ECCCB03B663A9622B26EE68112492E2719ABBD3E4E"
Last-Modified: Mon, 12 Sep 2022 23:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=12269
Expires: Tue, 13 Sep 2022 14:46:36 GMT
Date: Tue, 13 Sep 2022 11:22:07 GMT
Connection: keep-alive
img.media-rendering2.com/market2/livecams/custom/videos/3/NinaVerbeek_3.mp4
91.237.218.88206 Partial Content 33 kB URL HTTP/2 img.media-rendering2.com/market2/livecams/custom/videos/3/NinaVerbeek_3.mp4
IP 91.237.218.88:0
ASN #212882 dnx network sarl
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash b8622f4c7ca11ba7a2cc7dbc22e745b3
f4ed109242381f83ca9b877d878b5cb9fc434f12
e67e1030c76610d4e12873a38fccf7e907480c3b6f6643df51d1789110699f86
GET /market2/livecams/custom/videos/3/NinaVerbeek_3.mp4 HTTP/1.1
Host: img.media-rendering2.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Connection: keep-alive
Referer: https://ptp.prom-xcams.com/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
date: Tue, 13 Sep 2022 11:22:07 GMT
content-type: video/mp4
content-length: 2703225
last-modified: Tue, 08 Feb 2022 10:07:04 GMT
etag: "620240c8-293f79"
x-processed-by: marketcdn01.dnx.lu
server: TurboProxy
content-range: bytes 0-2703224/2703225
X-Firefox-Spdy: h2
2997.weednewspro.com/hiVDDYEyPQ7lZtdxoEWUMWYX08lV_9uCefFYfo_FTpdDNJ6c8o1X9cmPVIBlfYbIlNgDdvJwjvy6Q-rmGO-8NC6VmqTDpLmJbQAWLrwlJHhnv85Orlvxc6-8VxaOXs8_yheDySc?kws=charming%2Cexperienced%2Cfemale%2Chaving%2Csome%2Clesbian%2Cfun&abl=0&fsb=0&pageUri=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221280%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Tue%20Sep%2013%202022%2011%3A21%3A52%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1
88.208.59.102307 Temporary Redirect 0 B URL HTTP/2 2997.weednewspro.com/hiVDDYEyPQ7lZtdxoEWUMWYX08lV_9uCefFYfo_FTpdDNJ6c8o1X9cmPVIBlfYbIlNgDdvJwjvy6Q-rmGO-8NC6VmqTDpLmJbQAWLrwlJHhnv85Orlvxc6-8VxaOXs8_yheDySc?kws=charming%2Cexperienced%2Cfemale%2Chaving%2Csome%2Clesbian%2Cfun&abl=0&fsb=0&pageUri=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221280%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Tue%20Sep%2013%202022%2011%3A21%3A52%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /hiVDDYEyPQ7lZtdxoEWUMWYX08lV_9uCefFYfo_FTpdDNJ6c8o1X9cmPVIBlfYbIlNgDdvJwjvy6Q-rmGO-8NC6VmqTDpLmJbQAWLrwlJHhnv85Orlvxc6-8VxaOXs8_yheDySc?kws=charming%2Cexperienced%2Cfemale%2Chaving%2Csome%2Clesbian%2Cfun&abl=0&fsb=0&pageUri=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221280%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Tue%20Sep%2013%202022%2011%3A21%3A52%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1 HTTP/1.1
Host: 2997.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 307 Temporary Redirect
server: nginx
date: Tue, 13 Sep 2022 11:22:08 GMT
content-type: text/plain; charset=UTF-8
content-length: 0
access-control-allow-origin: https://vivud.com
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
location: /hiVDDYEyPQ7lZtdxoEWUMWYX08lV_9uCefFYfo_FTpdDNJ6c8o1X9cmPVIBlfYbIlNgDdvJwjvy6Q-rmGO-8NC6VmqTDpLmJbQAWLrwlJHhnv85Orlvxc6-8VxaOXs8_yheDySc?kws=charming%2Cexperienced%2Cfemale%2Chaving%2Csome%2Clesbian%2Cfun&abl=0&fsb=0&pageUri=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221280%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Tue%20Sep%2013%202022%2011%3A21%3A52%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1&_h=accept%3A+%2A%2F%2A%0Aaccept-language%3A+en-US%2Cen%3Bq%3D0.5%0Aaccept-encoding%3A+gzip%2C+deflate%2C+br%0Aorigin%3A+https%3A%2F%2Fvivud.com%0Asec-fetch-dest%3A+empty%0Asec-fetch-mode%3A+cors%0Asec-fetch-site%3A+cross-site%0A%0A
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Tue, 13 Sep 2022 11:22:08 UTC
expires: Tue, 13 Sep 2022 11:22:08 UTC
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2830e2cb-8887-441e-8c0c-906b8fbb2366.jpeg
34.120.237.76200 OK 9.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2830e2cb-8887-441e-8c0c-906b8fbb2366.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash c9ab2ec10c79b91d15edb1d1e3dc763c
744fee4a0baa22ba3aa352d60620a916972b47dd
f7bb66f5bb572d73f936fc74823f51ede1f2c4e309a939b39d9529ff8f757fbe
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F2830e2cb-8887-441e-8c0c-906b8fbb2366.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
content-length: 9945
x-amzn-requestid: a347749f-a63a-4533-a274-7151b9f235ff
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: YXcX8HAKoAMF5EQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-631fa765-56cff18515b2a5b3397231df;Sampled=0
x-amzn-remapped-date: Mon, 12 Sep 2022 21:40:53 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: 43wWNADffkA0e8T-SYvAMjp266nAE5hrDjNMQQsuYeT0i6xQt7wLVg==
via: 1.1 d1151317ba32afe0e6370fd69fed222e.cloudfront.net (CloudFront), 1.1 35575576af8067e30cfb17c6b9fde8e2.cloudfront.net (CloudFront), 1.1 google
date: Mon, 12 Sep 2022 21:55:34 GMT
age: 48397
etag: "744fee4a0baa22ba3aa352d60620a916972b47dd"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
mc.yandex.ru/webvisor/33879989?wv-check=36009&wv-type=0&wmode=0&wv-part=1&wv-hit=225810876&page-url=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&rn=587821304&browser-info=gdpr%3A14%3Aet%3A1663068119%3Aw%3A1268x898%3Av%3A893%3Az%3A0%3Ai%3A20220913112158%3Au%3A1663068112647407579%3Avf%3A62hj1rf2ym17zxi6fwm9k%3Ast%3A1663068119&t=gdpr(14)ti(2)
87.250.250.119200 OK 43 B URL HTTP/2 mc.yandex.ru/webvisor/33879989?wv-check=36009&wv-type=0&wmode=0&wv-part=1&wv-hit=225810876&page-url=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&rn=587821304&browser-info=gdpr%3A14%3Aet%3A1663068119%3Aw%3A1268x898%3Av%3A893%3Az%3A0%3Ai%3A20220913112158%3Au%3A1663068112647407579%3Avf%3A62hj1rf2ym17zxi6fwm9k%3Ast%3A1663068119&t=gdpr(14)ti(2)
IP 87.250.250.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
POST /webvisor/33879989?wv-check=36009&wv-type=0&wmode=0&wv-part=1&wv-hit=225810876&page-url=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&rn=587821304&browser-info=gdpr%3A14%3Aet%3A1663068119%3Aw%3A1268x898%3Av%3A893%3Az%3A0%3Ai%3A20220913112158%3Au%3A1663068112647407579%3Avf%3A62hj1rf2ym17zxi6fwm9k%3Ast%3A1663068119&t=gdpr(14)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 84
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Tue, 13 Sep 2022 11:22:11 GMT
access-control-allow-origin: https://vivud.com
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Tue, 13-Sep-2022 11:22:11 GMT
last-modified: Tue, 13-Sep-2022 11:22:11 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
a.adtng.com/track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiMTMyMiIsInNpZCI6IjEwMDA5NjY5IiwibmlkcyI6IjUyMjE1IiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMDE0NzQ2Iiwic3YiOiI0NzciLCJyZWZfZG1uIjoidml2dWQuY29tIiwiZXh0X2NpZCI6IiIsInRzbmFtZSI6IkFGRiIsImNyYyI6IjYiLCJjbiI6IjMwMFgyNTBfVE9QX0FEU19KUzIxX1YyIiwibmlkIjoiNTIyMTUiLCJleHRfcHViIjoiIiwiY3JwIjoiNDkuMDIiLCJ0aWQiOiIyIiwiaXQiOiIxM1wvU2VwXC8yMDIyOjExOjIyOjA1ICswMDAwIiwiY2MiOiIxIiwic25jaWQiOiI5ODQ5OCIsImNpZCI6IjM2NDAwIiwiZXh0X3VpZCI6IiIsImNwIjoiMTAwIiwic25jY2lkIjoiMTc0ODE2NSIsImlpZCI6ImIyZTExZjI4ZjYyNzFmOTJkMGYzZjhkZTUyNTdhYmYzIiwiZXh0X2lpZCI6IiJ9?unique_view=1
66.254.114.171200 OK 0 B URL HTTP/2 a.adtng.com/track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiMTMyMiIsInNpZCI6IjEwMDA5NjY5IiwibmlkcyI6IjUyMjE1IiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMDE0NzQ2Iiwic3YiOiI0NzciLCJyZWZfZG1uIjoidml2dWQuY29tIiwiZXh0X2NpZCI6IiIsInRzbmFtZSI6IkFGRiIsImNyYyI6IjYiLCJjbiI6IjMwMFgyNTBfVE9QX0FEU19KUzIxX1YyIiwibmlkIjoiNTIyMTUiLCJleHRfcHViIjoiIiwiY3JwIjoiNDkuMDIiLCJ0aWQiOiIyIiwiaXQiOiIxM1wvU2VwXC8yMDIyOjExOjIyOjA1ICswMDAwIiwiY2MiOiIxIiwic25jaWQiOiI5ODQ5OCIsImNpZCI6IjM2NDAwIiwiZXh0X3VpZCI6IiIsImNwIjoiMTAwIiwic25jY2lkIjoiMTc0ODE2NSIsImlpZCI6ImIyZTExZjI4ZjYyNzFmOTJkMGYzZjhkZTUyNTdhYmYzIiwiZXh0X2lpZCI6IiJ9?unique_view=1
IP 66.254.114.171:0
GET /track/adviews/eyJleHRfemlkIjoiIiwiZXh0X2MiOiIiLCJleHRfYWlkIjoiIiwicGlkIjoiMTMyMiIsInNpZCI6IjEwMDA5NjY5IiwibmlkcyI6IjUyMjE1IiwiZHluX2RtbiI6IiIsImNyaWQiOiIxMDE0NzQ2Iiwic3YiOiI0NzciLCJyZWZfZG1uIjoidml2dWQuY29tIiwiZXh0X2NpZCI6IiIsInRzbmFtZSI6IkFGRiIsImNyYyI6IjYiLCJjbiI6IjMwMFgyNTBfVE9QX0FEU19KUzIxX1YyIiwibmlkIjoiNTIyMTUiLCJleHRfcHViIjoiIiwiY3JwIjoiNDkuMDIiLCJ0aWQiOiIyIiwiaXQiOiIxM1wvU2VwXC8yMDIyOjExOjIyOjA1ICswMDAwIiwiY2MiOiIxIiwic25jaWQiOiI5ODQ5OCIsImNpZCI6IjM2NDAwIiwiZXh0X3VpZCI6IiIsImNwIjoiMTAwIiwic25jY2lkIjoiMTc0ODE2NSIsImlpZCI6ImIyZTExZjI4ZjYyNzFmOTJkMGYzZjhkZTUyNTdhYmYzIiwiZXh0X2lpZCI6IiJ9?unique_view=1 HTTP/1.1
Host: a.adtng.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.adtng.com/get/10009669?time=1583523947617
Cookie: adtool_guid=Ch5KEmMgZ91AMlMPI6azAg==; RNLBSERVERID=ded7041
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: openresty
date: Tue, 13 Sep 2022 11:22:05 GMT
content-type: text/html
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-headers: Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Requested-With
content-encoding: gzip
x-request-id: 632067DD-42FE72AB01BBC2C2-2014AD5
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/rtb/mac/2/js/script.js
104.21.51.177200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/rtb/mac/2/js/script.js
IP 104.21.51.177:0
GET /sb/notifications/rtb/mac/2/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:05 GMT
content-type: application/javascript
last-modified: Mon, 17 May 2021 12:14:43 GMT
etag: W/"60a25e33-175"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2482164
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YLhW4ZeGK3Lph3utd0Cu5o5HAyE28f9VEpbYt8YN0D6lEvVwU%2Bln68b2FfvM7KyZ%2FFGAW0fkDBpU4HZIkCWusfVJK%2BUYOrtfMzCgtNZoirfG149CI%2FvV2moFIvIh37x%2F9xM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74a080c86f83b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pgonews.pro/iCFGDYEwNA3hZtdxoUWUMX8L1ckOuMeBfPBROsXaQ85AaZHS-ooEqtTJCJV-P4HIz7cEI_JymvzlXeiweue7axaVkKbC0-T38XNuNKS4NDP2F0Nt1DA?_=1663068110127
88.208.59.102200 OK 0 B URL HTTP/2 pgonews.pro/iCFGDYEwNA3hZtdxoUWUMX8L1ckOuMeBfPBROsXaQ85AaZHS-ooEqtTJCJV-P4HIz7cEI_JymvzlXeiweue7axaVkKbC0-T38XNuNKS4NDP2F0Nt1DA?_=1663068110127
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
GET /iCFGDYEwNA3hZtdxoUWUMX8L1ckOuMeBfPBROsXaQ85AaZHS-ooEqtTJCJV-P4HIz7cEI_JymvzlXeiweue7axaVkKbC0-T38XNuNKS4NDP2F0Nt1DA?_=1663068110127 HTTP/1.1
Host: pgonews.pro
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 11:22:04 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
content-encoding: gzip
X-Firefox-Spdy: h2
2997.weednewspro.com/hiVDDYEyPQ7lZtdxoEWUMWYX08lV_9uCefFYfo_FTpdDNJ6c8o1X9cmPVIBlfYbIlNgDdvJwjvy6Q-rmGO-8NC6VmqTDpLmJbQAWLrwlJHhnv85Orlvxc6-8VxaOXs8_yheDySc?kws=charming%2Cexperienced%2Cfemale%2Chaving%2Csome%2Clesbian%2Cfun&abl=0&fsb=0&pageUri=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221280%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Tue%20Sep%2013%202022%2011%3A21%3A52%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1&_h=accept%3A+%2A%2F%2A%0Aaccept-language%3A+en-US%2Cen%3Bq%3D0.5%0Aaccept-encoding%3A+gzip%2C+deflate%2C+br%0Aorigin%3A+https%3A%2F%2Fvivud.com%0Asec-fetch-dest%3A+empty%0Asec-fetch-mode%3A+cors%0Asec-fetch-site%3A+cross-site%0A%0A
88.208.59.102200 OK 0 B URL HTTP/2 2997.weednewspro.com/hiVDDYEyPQ7lZtdxoEWUMWYX08lV_9uCefFYfo_FTpdDNJ6c8o1X9cmPVIBlfYbIlNgDdvJwjvy6Q-rmGO-8NC6VmqTDpLmJbQAWLrwlJHhnv85Orlvxc6-8VxaOXs8_yheDySc?kws=charming%2Cexperienced%2Cfemale%2Chaving%2Csome%2Clesbian%2Cfun&abl=0&fsb=0&pageUri=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221280%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Tue%20Sep%2013%202022%2011%3A21%3A52%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1&_h=accept%3A+%2A%2F%2A%0Aaccept-language%3A+en-US%2Cen%3Bq%3D0.5%0Aaccept-encoding%3A+gzip%2C+deflate%2C+br%0Aorigin%3A+https%3A%2F%2Fvivud.com%0Asec-fetch-dest%3A+empty%0Asec-fetch-mode%3A+cors%0Asec-fetch-site%3A+cross-site%0A%0A
IP 88.208.59.102:0
ASN #39572 DataWeb Global Group B.V.
GET /hiVDDYEyPQ7lZtdxoEWUMWYX08lV_9uCefFYfo_FTpdDNJ6c8o1X9cmPVIBlfYbIlNgDdvJwjvy6Q-rmGO-8NC6VmqTDpLmJbQAWLrwlJHhnv85Orlvxc6-8VxaOXs8_yheDySc?kws=charming%2Cexperienced%2Cfemale%2Chaving%2Csome%2Clesbian%2Cfun&abl=0&fsb=0&pageUri=https%3A%2F%2Fvivud.com%2Fvideo%2F1262950%2F&referer=&bdd=%5B%22Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0%22%2C%22false%22%2C%22Linux%20x86_64%22%2C%22%22%2C%22%22%2C%22%22%2C%22%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221002%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%22939%22%2C%221280%22%2C%22939%22%2C%22false%22%2C%221%22%2C%2216%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Tue%20Sep%2013%202022%2011%3A21%3A52%20GMT%2B0000%20(Coordinated%20Universal%20Time)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22false%22%2C%22781877177%22%2C%222697903995%22%2C%221%22%2C%22false%22%2C%22%5B%5D%22%5D&prsl=1&_h=accept%3A+%2A%2F%2A%0Aaccept-language%3A+en-US%2Cen%3Bq%3D0.5%0Aaccept-encoding%3A+gzip%2C+deflate%2C+br%0Aorigin%3A+https%3A%2F%2Fvivud.com%0Asec-fetch-dest%3A+empty%0Asec-fetch-mode%3A+cors%0Asec-fetch-site%3A+cross-site%0A%0A HTTP/1.1
Host: 2997.weednewspro.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 11:22:08 GMT
content-type: text/plain; charset=UTF-8
vary: Accept-Encoding
access-control-allow-origin: https://vivud.com
access-control-allow-credentials: true
access-control-max-age: 86400
referrer-policy: unsafe-url
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory
accept-ch-lifetime: 31536000
p3p: CP="NOI DEVa TAIa OUR BUS UNI STA"
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
pragma: no-cache
last-modified: Tue, 13 Sep 2022 11:22:08 UTC
expires: Tue, 13 Sep 2022 11:22:08 UTC
content-encoding: gzip
X-Firefox-Spdy: h2
ip222733911.ahcdn.com/key=3PTUHJLFRAklDQthIUR4Ug,s=,end=1663158122/state=YyBnW1oq/buffer=207384:1705084,1808.8/speed=69128/reftag=056864060/31/178/7/58769987/vivud/video/mp4/62095/360m.mp4
93.114.135.170206 Partial Content 0 B URL HTTP/2 ip222733911.ahcdn.com/key=3PTUHJLFRAklDQthIUR4Ug,s=,end=1663158122/state=YyBnW1oq/buffer=207384:1705084,1808.8/speed=69128/reftag=056864060/31/178/7/58769987/vivud/video/mp4/62095/360m.mp4
IP 93.114.135.170:0
ASN #39572 DataWeb Global Group B.V.
GET /key=3PTUHJLFRAklDQthIUR4Ug,s=,end=1663158122/state=YyBnW1oq/buffer=207384:1705084,1808.8/speed=69128/reftag=056864060/31/178/7/58769987/vivud/video/mp4/62095/360m.mp4 HTTP/1.1
Host: ip222733911.ahcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Range: bytes=0-
Referer: https://vivud.com/
Connection: keep-alive
Sec-Fetch-Dest: video
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 206 Partial Content
server: nginx/1.20.1
date: Tue, 13 Sep 2022 11:22:05 GMT
content-type: video/mp4
content-length: 113672284
last-modified: Thu, 03 Aug 2017 03:15:45 GMT
access-control-allow-credentials: true
access-control-allow-headers: Content-Type, Origin, Accept, Range, Cache-Control
access-control-allow-methods: HEAD, GET, POST, OPTIONS
access-control-allow-origin: *
access-control-expose-headers: Content-Range, Date, Etag, Cache-Control, Last-Modified
etag: "59829561-6c6805c"
expires: Tue, 13 Sep 2022 13:22:05 GMT
cache-control: max-age=7200, private
content-range: bytes 0-113672283/113672284
X-Firefox-Spdy: h2
vivud.com/video/1262950/
104.21.92.169200 OK 0 B IP 104.21.92.169:0
GET /video/1262950/ HTTP/1.1
Host: vivud.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:02 GMT
content-type: text/html; charset=UTF-8
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: max-age=43200, must-revalidate, post-check=0, pre-check=0
pragma: no-cache
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
cf-cache-status: MISS
last-modified: Tue, 13 Sep 2022 11:22:02 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A0WqbxBByHy2FyUxtEiMgdP3ScMwatPZ6dPCOgzT9i%2FKNsPzii%2FYDUeEd4ufmXqDwCuwmnXruBCQWsLkfXeTMs82jFUwBy6LNI7JdAUeeG3ZW%2BCiXP5Eu%2BYUggw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74a080b61e370b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
a.shukriya90.com/api/click/6795776982074700095?s1=%25subid1%25&t=5&ab=0&keywords=&w=1280&h=1024&domain=vivud.com&rnd=0.9164318356974406
135.181.208.216200 OK 0 B URL HTTP/2 a.shukriya90.com/api/click/6795776982074700095?s1=%25subid1%25&t=5&ab=0&keywords=&w=1280&h=1024&domain=vivud.com&rnd=0.9164318356974406
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/click/6795776982074700095?s1=%25subid1%25&t=5&ab=0&keywords=&w=1280&h=1024&domain=vivud.com&rnd=0.9164318356974406 HTTP/1.1
Host: a.shukriya90.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Cookie: nauid=DRnuiqEse4cuuFOHg0YH
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 11:22:04 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
a.shukriya90.com/api/spots/309164?host=vivud.com&ev=196&wh=939&ww=1280&s1=%25subid1%25
135.181.208.216200 OK 0 B URL HTTP/2 a.shukriya90.com/api/spots/309164?host=vivud.com&ev=196&wh=939&ww=1280&s1=%25subid1%25
IP 135.181.208.216:0
ASN #24940 Hetzner Online GmbH
GET /api/spots/309164?host=vivud.com&ev=196&wh=939&ww=1280&s1=%25subid1%25 HTTP/1.1
Host: a.shukriya90.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Tue, 13 Sep 2022 11:22:04 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
set-cookie: nauid=DRnuiqEse4cuuFOHg0YH; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None
cache-control: private
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/rtb/mac/2/css/style.css
104.21.51.177200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/rtb/mac/2/css/style.css
IP 104.21.51.177:0
GET /sb/notifications/rtb/mac/2/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://vivud.com
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:05 GMT
content-type: text/css
last-modified: Mon, 17 May 2021 12:30:23 GMT
etag: W/"60a261df-10d5"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 2482164
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TyjtWCAXWXetPAgWuN%2B2FDLdcOJ1asNtzqF7A1THXZRTZ930%2FLf3HYk%2ByaBYIH3cfUAVVZIG%2Fw5A1u2TWwAaVteT%2BWzpKiYyALiTo48y48%2Fc4UJUQgBGk4tyLypPJ4XWREE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74a080c87f96b50c-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto:300,400,700&display=swap
IP 142.250.74.10:0
GET /css?family=Roboto:300,400,700&display=swap HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Tue, 13 Sep 2022 11:22:05 GMT
date: Tue, 13 Sep 2022 11:22:05 GMT
cache-control: private, max-age=86400
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
twinrdsrv.com/link.engine?z=37952&guid=a0fbc3a7-820c-46c7-81a7-dfdfa7fa10c3&kw=
172.66.40.197302 Found 0 B URL HTTP/2 twinrdsrv.com/link.engine?z=37952&guid=a0fbc3a7-820c-46c7-81a7-dfdfa7fa10c3&kw=
IP 172.66.40.197:0
GET /link.engine?z=37952&guid=a0fbc3a7-820c-46c7-81a7-dfdfa7fa10c3&kw= HTTP/1.1
Host: twinrdsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://a.shukriya90.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Tue, 13 Sep 2022 11:22:05 GMT
content-type: text/html; charset=utf-8
location: https://twinrdsrv.com/Redirect.eng?MediaSegmentId=43038&dcid=3_ctx_184df212-ef4c-4722-86c5-53eb8d7220d3&vmId=00000000-0000-0000-0000-000000000000&abr=false&timeZoneOffset=&v=JNxUOctMeI4xkzBapxrkekgxKNLNQfCoFImAPWXXKHqSQhegR_yL0nt1nrkhMmGRyy9EUtowP9uWLjgAaZFSZo2MUVehCA_CUfpJGuVVIur-Yd4OWge18JMvOhtOrtvmZTM5uqwKBQf5TQfaQxtIByxhCDx3oSm7aOUKhTLVYAn3G66BAligUXEO5gHhy6M8ibsu3D-KWl9XU-O6BY8VE0-mlV8aAnpzNCXuQdigQuGoxgvvr8QrjShHNzPtC4bjZ3oFuAKUcPC_hN20mpSKM-7rdh1IxkOmqVoQLwsEbIDV-2x8uyRIB2rK1i3JLChEFRG9Cbw7mzT7y3RmVH2tncbIwBj1advN4n6OkJuI9QbC8O9ycN4WCKmw5N3sOE02WF5EGWJ_GXLNqtOZPbLcIYHFQVVE5_Tcj9CtxMkxjIeZF6_QoTrm-j0oeBVKy3CMp-nIvjzQdQhyFcBVDIYWcmaeoM9tp8uOITRYTMHTjAhzwMrTBhoefpTFiPVIOob3cecIWTKAK-ntSHhW59LBsuXS6JGRtvr0agpR4PcwmMHtlMb0pS0zCBSKKJl9UqEp4hGPHetpDCdzxtxTMHeDu8ADg3RlTcKbJEUIvCF6hlfTiA41qzZxmL5PFkMI5uZmPJSQDN8LOe0gHyPnlMfFmE_s8eYjKUfueMgWKvynJMdTnJbl7Z5DROBrBhW1smPxeYGMbn_9X_u9ZFVPt6BSYxDJi-2CT1VS0GKdfROniL88fapr8MvHU2UKjDeLmcqqu8ONekN0G0UzI4j72nzfG74dSg1sIfEJT_ZE9F7uRI1Ese4n1R3HxAM-IXUq0VOMx5uYm6GJ_fDzkZZsF37Y7d367hYYKNk7hahRYlUA5QkbdC-nGl8Jgy0nbs44M3YB2cPuOF628IpKb6cQw7DmQw2&kw=&mw=1024&mh=768
vary: Accept-Encoding
cache-control: private, no-transform
content-encoding: gzip
p3p: CP="CAO PSA OUR IND"
access-control-allow-origin: *
x-powered-by: ASP.NET
set-cookie: IKSR={}; path=/; SameSite=None; secure
INF_DFL8=false; path=/; SameSite=None; secure
IUID=a0faeeeb-9636-4d8e-b272-7017667acf3b; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure
ISSH=65E9CD; path=/; SameSite=None; secure
VMI=; path=/; SameSite=None; secure
IPLH=#{}; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
IPLH_Q=#[]; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
CHN=#[]; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
MSSH=#{}; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
MSRH=#{}; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
ILP=null; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure
ILPLU=#1/1/0001 12:00:00 AM; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
ILEALC=#1/1/0001 12:00:00 AM; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
ILMPF=#False; expires=Tue, 13-Sep-2022 15:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
IPMPLU=#; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
IPMUID=#; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
BSWUID=#; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
IKSR={}; path=/; SameSite=None; secure
IBL=#[]; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH=#{}; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
IPLSH_Q=#[]; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
IZH=#{}; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
IZH_Q=#[]; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH=#{}; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
IMCH_Q=#[]; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
IMH=#{}; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
IMH_Q=#[]; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
ISH=#{"6997":[{"SId":"65E9CD","D":"22/9/13T4:29:32"}]}; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
ISH_Q=#[6997]; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH=#{}; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
ISPH_Q=#[]; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
ICH=#{}; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
ICH_Q=#[]; expires=Mon, 13-Sep-2032 11:29:32 GMT; path=/; SameSite=None; secure; HttpOnly
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6c7jJX5zc8sgWVAj5qtgOj%2BTLU7yxFtxxLNzZfykR5crwz5%2F11QQ99ocvAW83PVmmKjYgJLUYW58ypqSRVtLYJUZVYE8kl7WhBU9LG51tyYGiHOTkaXeuepeglMxR9A%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 74a080c6af880b39-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
104.21.234.254200 OK 0 B URL HTTP/2 addresseepaper.com/sfp.js
IP 104.21.234.254:0
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://vivud.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Tue, 13 Sep 2022 11:22:03 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: c97d3557ecfa963fe37bbbaa2bcde87f
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Tue, 13 Sep 2022 11:22:03 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HMV4NC9Ps%2BKLOqBVolcRGe3w9qM91e5HAq4GZb8UaLFEpZ4dM61gxw%2BHzYEunTEEr6htmw40Lz82NL5sYwNOKd9Wn6soNaRKyaSeqdimpV60xDoISehBT%2BXMRc%2FNpwmi8tA6RXE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 74a080bd5ef80639-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2