r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 282f6e1328452c1cb41f6a6272fff757
20b9ff1b5f4f81b645769bd4b4cf7bf7dfc16262
6a8070ebe51259cb11db68cca2c81f3c7408fad481d8c14cc1c38912442c63f4
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "6A8070EBE51259CB11DB68CCA2C81F3C7408FAD481D8C14CC1C38912442C63F4"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4709
Expires: Wed, 05 Oct 2022 22:40:06 GMT
Date: Wed, 05 Oct 2022 21:21:37 GMT
Connection: keep-alive
firefox.settings.services.mozilla.com/v1/
54.230.111.118200 OK 939 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/
IP 54.230.111.118:0
File type JSON data\012- , ASCII text, with very long lines (939), with no line terminators
Hash 2d12f67fe57a87e7366b662d153a5582
d7b02d81cc74f24a251d9363e0f4b0a149264ec1
73c273c0b5a2de3cb970b8e8c187999d3b55e760dc7766dab4bb76428d19b551
GET /v1/ HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 939
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Length, Backoff, Content-Type, Retry-After, Alert
Cache-Control: max-age=259200
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Date: Wed, 05 Oct 2022 15:47:18 GMT
X-Content-Type-Options: nosniff
X-Cache: Hit from cloudfront
Via: 1.1 193a8c13b6e0a6b90db7172f6358335e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: U36DVqYtOl3gx1ETv_i46A1sbh1wB1ZyFXDrI0e6nkSdIaqnX0dehA==
Age: 20059
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a1073a68ed38c8e3575e889224db944c
ee2a7a3e2da77a8540131f9ffaa0a20d4dd486bd
a9fb1f7ade7c8a79d2ee83e9b7215e66dc89ac733b11079297a8f4b9aceae1f5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9FB1F7ADE7C8A79D2EE83E9B7215E66DC89AC733B11079297A8F4B9ACEAE1F5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5862
Expires: Wed, 05 Oct 2022 22:59:19 GMT
Date: Wed, 05 Oct 2022 21:21:37 GMT
Connection: keep-alive
content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
34.160.144.191200 OK 5.3 kB URL HTTP/2 content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain
IP 34.160.144.191:0
File type PEM certificate\012- , ASCII text
Hash 67d5a988edcda47bc3b3b3f65d32b4b6
d4f0e0da8b3690cc7da925026d3414b68c7d954f
55e4848e3ec682e808ce7ee70950f86179c43af4f81926d826a95edfda395a78
GET /chains/remote-settings.content-signature.mozilla.org-2022-11-19-18-50-54.chain HTTP/1.1
Host: content-signature-2.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
x-amz-id-2: QZPmu7dh9ZoHpyvx8WG4oKHTcU3kbxrRo79TRIXDsINNDLPPdyyvyCnzyQToAUmaY0p7MG2XwHc=
x-amz-request-id: RREA74NQ2G0ZT49A
content-disposition: attachment
accept-ranges: bytes
server: AmazonS3
content-length: 5348
via: 1.1 google
date: Wed, 05 Oct 2022 20:58:26 GMT
age: 1391
last-modified: Fri, 30 Sep 2022 18:50:55 GMT
etag: "67d5a988edcda47bc3b3b3f65d32b4b6"
content-type: binary/octet-stream
cache-control: public,max-age=3600
alt-svc: clear
X-Firefox-Spdy: h2
contile.services.mozilla.com/v1/tiles
34.117.237.239200 OK 12 B URL HTTP/2 contile.services.mozilla.com/v1/tiles
IP 34.117.237.239:0
File type JSON data\012- , ASCII text, with no line terminators
Hash 23e88fb7b99543fb33315b29b1fad9d6
a48926c4ec03c7c8a4e8dffcd31e5a6cdda417ce
7d8f1de8b7de7bc21dfb546a1d0c51bf31f16eee5fad49dbceae1e76da38e5c3
GET /v1/tiles HTTP/1.1
Host: contile.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:37 GMT
content-type: application/json
content-length: 12
strict-transport-security: max-age=31536000
via: 1.1 google
alt-svc: clear
X-Firefox-Spdy: h2
gaypornhdfree.com/mochi-mochi-mochimochisosweet/
104.21.89.7301 Moved Permanently 0 B URL HTTP/1.1 gaypornhdfree.com/mochi-mochi-mochimochisosweet/
IP 104.21.89.7:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /mochi-mochi-mochimochisosweet/ HTTP/1.1
Host: gaypornhdfree.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Upgrade-Insecure-Requests: 1
HTTP/1.1 301 Moved Permanently
Date: Wed, 05 Oct 2022 21:21:38 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-pingback: http://gaypornhdfree.com/xmlrpc.php
x-redirect-by: WordPress
location: https://gaypornhdfree.com/mochi-mochi-mochimochisosweet/
x-litespeed-cache: miss
x-turbo-charged-by: LiteSpeed
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eAEAWdTMBgEXGVefxQpD0ESUIDdcyroCDvOpRnT782A0HY87p2AtskffZeKtBpsRcoIXuIAcZgdQ3W0iOsrW%2FrX8H6i6wwUXhiSI3ZuJzoPQYeZLBfj1uXZjwve6YL0%2Ff%2BzTdA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 75593542a94ab518-OSL
alt-svc: h2=":443"; ma=60
firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
54.230.111.118200 OK 329 B URL HTTP/1.1 firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US
IP 54.230.111.118:0
File type JSON data\012- , ASCII text, with very long lines (329), with no line terminators
Hash 0333b0655111aa68de771adfcc4db243
63f295a144ac87a7c8e23417626724eeca68a7eb
60636eb1dc67c9ed000fe0b49f03777ad6f549cb1d2b9ff010cf198465ae6300
GET /v1/buckets/main/collections/ms-language-packs/records/cfr-v1-en-US HTTP/1.1
Host: firefox.settings.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 329
Connection: keep-alive
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Pragma, Content-Length, Backoff, Last-Modified, Cache-Control, Content-Type, Retry-After, ETag, Expires, Alert
Content-Security-Policy: default-src 'none'; frame-ancestors 'none'; base-uri 'none';
Last-Modified: Fri, 25 Mar 2022 17:45:46 GMT
X-Content-Type-Options: nosniff
Date: Wed, 05 Oct 2022 20:32:19 GMT
Cache-Control: max-age=3600, max-age=3600
Expires: Wed, 05 Oct 2022 20:54:26 GMT
ETag: "1648230346554"
X-Cache: Hit from cloudfront
Via: 1.1 9d4a908d41124cba1276d6cef8f00c60.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: zqWeCB3v5wlUrxpXIXJZT6tbAJIFtEh0_-8wdOHCut8Pl2sbBhGLvQ==
Age: 3125
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash 1561c6be7c89d1357a80d12de47b6e74
9a705277922ecca583c867af58b3efce099f83bd
e33dc034dbf4b3b627cd3c1af2d942e2ca5704ec9a4aad5c46ad39eb070e82ab
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3599
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 21:21:38 GMT
Last-Modified: Wed, 05 Oct 2022 20:21:40 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
a.realsrv.com/nativeads-v2.js
205.185.216.42200 OK 16 kB URL HTTP/1.1 a.realsrv.com/nativeads-v2.js
IP 205.185.216.42:0
File type C source, ASCII text, with very long lines (58899), with no line terminators
Hash 5b86684f9134faf92b79b62658dbac0f
7e202065a4186ca1383f644a2032263f7e0bb75d
63e678de1e957dd29c9ddd9abe85553b6c63d3640914e34e2aff780b580caaa3
GET /nativeads-v2.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 21:21:38 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 16524
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"5573ab9c54ae8fcb8c5f0205e02"
X-HW: 1665004898.dop202.sk1.t,1665004898.cds217.sk1.shn,1665004898.cds217.sk1.c
Access-Control-Allow-Origin: *, *
a.realsrv.com/popunder1000.js
205.185.216.42200 OK 40 kB URL HTTP/1.1 a.realsrv.com/popunder1000.js
IP 205.185.216.42:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash ecf59349935e274ee2cb03e357d71158
7aa74be5d4c9e213b0692eaa0ac6a78e5d74b9e1
64603c3d15d7d1fdf05fd5ef4e582ec4766635797f974cc08f3d6e79c7725d31
GET /popunder1000.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 21:21:38 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 39969
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"1063790cabf57ffff66ecc0cab2"
X-HW: 1665004898.dop002.sk1.t,1665004898.cds212.sk1.shn,1665004898.cds212.sk1.c
Access-Control-Allow-Origin: *, *
a.realsrv.com/ad-provider.js
205.185.216.42200 OK 24 kB URL HTTP/1.1 a.realsrv.com/ad-provider.js
IP 205.185.216.42:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 5ed9c35e690aa450445a48ddb532e13e
7066e4b5e5ca2a7f473a050483770384e07fa4e7
cef1db226f71ef69960df557ced8619b3d6e589f0cc8316c7a3f6026943cee10
GET /ad-provider.js HTTP/1.1
Host: a.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 21:21:38 GMT
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 23795
Content-Type: application/javascript
Accept-Ranges: bytes
Cache-Control: max-age=10800
Server: nginx
etag: W/"7a6fef28e10ffbf7c5d56577798"
X-HW: 1665004898.dop069.sk1.t,1665004898.cds071.sk1.shn,1665004898.cds071.sk1.c
Access-Control-Allow-Origin: *, *
gphd-cdn.com/wp-content/uploads/2022/10/YI8796060.jpg
104.21.1.154200 OK 44 kB URL HTTP/2 gphd-cdn.com/wp-content/uploads/2022/10/YI8796060.jpg
IP 104.21.1.154:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Hash c87c7676f533d397a98789ed8690b232
3f30caed8b5e97b58c07df9ddd0158c2fe6248fd
63bd5bc4fb4a833e471e46f8ea34a5173d9b761af24432f86c4bb84e7573ac41
GET /wp-content/uploads/2022/10/YI8796060.jpg HTTP/1.1
Host: gphd-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:38 GMT
content-type: image/jpeg
content-length: 43715
cache-control: public, max-age=604800
expires: Wed, 12 Oct 2022 01:39:14 GMT
last-modified: Tue, 04 Oct 2022 22:43:39 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 70944
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zpnXq5HqAbm6pzXlk5z%2FyyzMg1LhhaGJeXiOg7kippX7U7QcRt%2FaQdqYccv1qa%2FWyXohL4P98JVeBJzHv5J%2BUsWJlF%2BKPj9ZznK0H9ltNQdFNTFSiFshXEk2CsFPC0I%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75593548d8b1b4f7-OSL
X-Firefox-Spdy: h2
gphd-cdn.com/wp-content/uploads/2022/10/YI9679679760.jpg
104.21.1.154200 OK 62 kB URL HTTP/2 gphd-cdn.com/wp-content/uploads/2022/10/YI9679679760.jpg
IP 104.21.1.154:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Hash 678925c3868bc81ebcd91d07c3edc5df
ab23bd581daa65c1cfa8816f97592e71988ca2c1
81c34729a1c9c47905b302e2b02a9c04c33a41573e80fd14028b723858f17674
GET /wp-content/uploads/2022/10/YI9679679760.jpg HTTP/1.1
Host: gphd-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:38 GMT
content-type: image/jpeg
content-length: 61733
cache-control: public, max-age=604800
expires: Wed, 12 Oct 2022 01:39:14 GMT
last-modified: Tue, 04 Oct 2022 22:40:56 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 70944
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=K5riHsYU0IzS20UM6r3Ez%2BQBekyD3IQSe%2BZK61y87%2BWHOBmghjbdZt99mVo1r%2Bh89vQ2FLHlSI5pqN4MAtgoAx9b%2Blt1UPSJkcvqmQH%2FtS0TGGJBgQuHMir3bRpAwBY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75593548d8b7b4f7-OSL
X-Firefox-Spdy: h2
gphd-cdn.com/wp-content/uploads/2022/10/I8679679660.jpg
104.21.1.154200 OK 62 kB URL HTTP/2 gphd-cdn.com/wp-content/uploads/2022/10/I8679679660.jpg
IP 104.21.1.154:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Hash 123f1ef4354128b2475006c38a3c13bf
976c7244b0e951ff1d997ac256071b252f1ece99
72bd2474966870a05a8f9d0d6a8df1bacdc19ed32922ec5cf46d69daa11a430d
GET /wp-content/uploads/2022/10/I8679679660.jpg HTTP/1.1
Host: gphd-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:38 GMT
content-type: image/jpeg
content-length: 61511
cache-control: public, max-age=604800
expires: Wed, 12 Oct 2022 01:39:14 GMT
last-modified: Tue, 04 Oct 2022 22:40:20 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 70944
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x8hEMHDiZtPOuZLa%2F4tM5Wzb3as1IErg2SCXQfP0LCBnuBX4zdn5F7Rkrn4JfPpB82osHNwQExxhX6BeMDfaFx%2FzNZvPoLOsdNgDmXKZfubsh%2BrWFiJNMTm5n4MT3aE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75593548d8b5b4f7-OSL
X-Firefox-Spdy: h2
gphd-cdn.com/wp-content/uploads/2022/10/I679769606.jpg
104.21.1.154200 OK 72 kB URL HTTP/2 gphd-cdn.com/wp-content/uploads/2022/10/I679769606.jpg
IP 104.21.1.154:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Hash 936f38fad2d024db78bea87fdf5cadee
2ddafd0f8d45b712c12499ba6f196f2336dc2da5
8b2c2807914e5c8db292ca28b5a20e1848f14129380a6be5be950a76003131d4
GET /wp-content/uploads/2022/10/I679769606.jpg HTTP/1.1
Host: gphd-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:38 GMT
content-type: image/jpeg
content-length: 71734
cache-control: public, max-age=604800
expires: Wed, 12 Oct 2022 01:39:14 GMT
last-modified: Tue, 04 Oct 2022 22:39:36 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 70944
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qA%2FYRjfqgMG%2B69utXgERzE1hko9MBzR%2F3%2F3FEgQCWX00aYugIc8n%2FxI2ZgsU2Cr1prx7Wv2ll7puDx83Am855AcaSWEbNrj4MhPEyuqNdpLrizT5yGWq%2BT9fbw3na2U%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75593548c8adb4f7-OSL
X-Firefox-Spdy: h2
gphd-cdn.com/wp-content/uploads/2022/10/9696606-.jpg
104.21.1.154200 OK 56 kB URL HTTP/2 gphd-cdn.com/wp-content/uploads/2022/10/9696606-.jpg
IP 104.21.1.154:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Hash 68c2c16830be189b8d29bf54fbff6276
37517f423662ffcf153164e1b52c3df3d7c0549e
61b2bc6c049ec076396790f0bba7e6487e5ac4f2eab7af4c168a357db6ebe334
GET /wp-content/uploads/2022/10/9696606-.jpg HTTP/1.1
Host: gphd-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:38 GMT
content-type: image/jpeg
content-length: 56477
cache-control: public, max-age=604800
expires: Wed, 12 Oct 2022 01:39:14 GMT
last-modified: Tue, 04 Oct 2022 22:44:19 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 70944
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3OVqDvrf0o5%2FHEHzpzw72RLvfskyEhexm93zd%2FH7xHFx5Iu2OW5xddjRd6nBIQ1PZsUMgz62T9G55NfXAojIXaHZA7CCRRSCfeHlcVxpjORl%2FaHvONregOSJW66lrU4%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75593548d8b9b4f7-OSL
X-Firefox-Spdy: h2
gphd-cdn.com/wp-content/uploads/2022/10/I66797696.jpg
104.21.1.154200 OK 84 kB URL HTTP/2 gphd-cdn.com/wp-content/uploads/2022/10/I66797696.jpg
IP 104.21.1.154:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Hash 852d1f2dde94f6974ed83629635505c2
b21d1e9113ac0d03d18d14df1cf97d778e2f795c
9333718a73c2062949d29022bcede77cdda0ef250ea607dc810dfe05046344fe
GET /wp-content/uploads/2022/10/I66797696.jpg HTTP/1.1
Host: gphd-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:38 GMT
content-type: image/jpeg
content-length: 83882
cache-control: public, max-age=604800
expires: Wed, 12 Oct 2022 01:39:14 GMT
last-modified: Tue, 04 Oct 2022 22:43:02 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 70944
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R8GQR9nopTciV3EyqTU1r%2BYEWqN87B1MrYl3J8%2F3ZkDSbYw6bNkX4eIatpvFBW3L98oG9apV1uQoc1plLBC01kBq2kDoxKgpSfBTLrSk9IS0Jflxfu5RZn%2FFZEG3pyY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75593548d8bab4f7-OSL
X-Firefox-Spdy: h2
gphd-cdn.com/wp-content/uploads/2022/10/IK79O67606-.jpg
104.21.1.154200 OK 70 kB URL HTTP/2 gphd-cdn.com/wp-content/uploads/2022/10/IK79O67606-.jpg
IP 104.21.1.154:0
File type JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3\012- data
Hash 2b2d499546f9d641bfbd80f44d62f8a2
5c333c4fe87050e32d20b0f099c78325f3463148
566170166f0130917b896d34d864c32fe6185f099bacca4d42d44030810f9b5b
GET /wp-content/uploads/2022/10/IK79O67606-.jpg HTTP/1.1
Host: gphd-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:38 GMT
content-type: image/jpeg
content-length: 70082
cache-control: public, max-age=604800
expires: Wed, 12 Oct 2022 01:39:14 GMT
last-modified: Tue, 04 Oct 2022 22:41:40 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 70944
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fxslKvTDRbwACH0utVrAc0be2gGkOfN0l7u3y0VnZ8SbS4lO6eUc3AcSa55fQxydPVx1H4zhXBe4kA1JbiEkIbPqzXnQAJxwHrp6fmLAeC5TwKkULMBf0HkwxlZ90Gc%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75593548d8b3b4f7-OSL
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b0e8a79f3e381ab34a44278947ac7c7e
70d01e6fdc8565c661b6ae8c5a043ddf2da16530
885a8c234fca85e6f6bb3e8fcab6672b9a9742b5d3f74681b17a330fa295d549
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 21:21:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash b0e8a79f3e381ab34a44278947ac7c7e
70d01e6fdc8565c661b6ae8c5a043ddf2da16530
885a8c234fca85e6f6bb3e8fcab6672b9a9742b5d3f74681b17a330fa295d549
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 21:21:38 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
push.services.mozilla.com/
44.242.32.27101 Switching Protocols 0 B URL HTTP/1.1 push.services.mozilla.com/
IP 44.242.32.27:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: push.services.mozilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Sec-WebSocket-Version: 13
Origin: wss://push.services.mozilla.com/
Sec-WebSocket-Protocol: push-notification
Sec-WebSocket-Extensions: permessage-deflate
Sec-WebSocket-Key: 2+vjJGxpA2WKtLqNgeR2FQ==
Connection: keep-alive, Upgrade
Sec-Fetch-Dest: websocket
Sec-Fetch-Mode: websocket
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
Upgrade: websocket
HTTP/1.1 101 Switching Protocols
Connection: Upgrade
Upgrade: websocket
Sec-WebSocket-Accept: pHUlc5qyfJ/qZg7TgQ97PBEdUzs=
r3.o.lencr.org/
23.36.77.32200 OK 958 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 8310bff73b9f1aec7ac28c456155e221
70addade977e8121d87842aeb8f3de3ef11e2a8a
56ae40e3bb7411053b0b2e8594f7256d936659ffa79f204aae06d9ae97cb9621
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "0F6FA24049C300E785B8063EA0F74B058EA9B0F122E1A8E1912DF9EC84AA786C"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=13154
Expires: Thu, 06 Oct 2022 01:00:53 GMT
Date: Wed, 05 Oct 2022 21:21:39 GMT
Connection: keep-alive
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 22 kB IP 142.250.74.3:0
Hash 59afd0515de451735c1a435832d40017
ce42e44222aa98278cf70baeba1f1a2c0d4b2ca4
f7e7b76cd6526e7665171d4f832290bc3c4da594105a425945634e205819692c
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 21:21:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
fonts.googleapis.com/css?family=Open+Sans:400,400italic,600,600italic,300,300italic,700,700italic
142.250.74.10200 OK 55 kB URL HTTP/2 fonts.googleapis.com/css?family=Open+Sans:400,400italic,600,600italic,300,300italic,700,700italic
IP 142.250.74.10:0
Hash 32a3f0da5eef5fd1bcea92b77f1d0a5f
eb7003285c0189adf8192f091a1634c94f0107fc
448446a5ab22595e463148bb10565dfc2a62e71a9ad4ab66296ec51421edef77
GET /css?family=Open+Sans:400,400italic,600,600italic,300,300italic,700,700italic HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 05 Oct 2022 21:21:38 GMT
date: Wed, 05 Oct 2022 21:21:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 2.6 kB IP 142.250.74.3:0
Hash c834b49a4d737aceb884794d1bcc798a
28c3e64e1a7acf78e4409980b90f2349f878ce77
a948bf1fff3ef02c27845c3b9d0d2f0be2387fe7393cdab8fe42abc7f02bbc00
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 21:21:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
2.bp.blogspot.com/-KkjdNHzDqsc/WWLvKIuTWyI/AAAAAAAAmBE/4pOeO6sy87o-p9oWHELgAaHaDfw3Xe7SgCLcBGAs/s1600/overlay-play.png
142.250.74.161200 OK 43 kB URL HTTP/2 2.bp.blogspot.com/-KkjdNHzDqsc/WWLvKIuTWyI/AAAAAAAAmBE/4pOeO6sy87o-p9oWHELgAaHaDfw3Xe7SgCLcBGAs/s1600/overlay-play.png
IP 142.250.74.161:0
Hash 88be9053c6bfcd94895a7a8fc109000b
dd854b63922249dc1a2d0d0ccff022f942d4d232
14145ecfe36a248229942f3839863e0e39ccd8d81073d3d18ca7977cf21a5725
GET /-KkjdNHzDqsc/WWLvKIuTWyI/AAAAAAAAmBE/4pOeO6sy87o-p9oWHELgAaHaDfw3Xe7SgCLcBGAs/s1600/overlay-play.png HTTP/1.1
Host: 2.bp.blogspot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-expose-headers: Content-Length
content-disposition: inline;filename="overlay-play.png"
vary: Origin
access-control-allow-origin: *
timing-allow-origin: *
x-content-type-options: nosniff
server: fife
content-length: 2495
x-xss-protection: 0
date: Wed, 05 Oct 2022 19:13:12 GMT
expires: Wed, 17 Nov 2021 17:26:54 GMT
cache-control: public, max-age=86400, no-transform
age: 7707
etag: "v9815"
content-type: image/png
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
syndication.realsrv.com/splash.php?native-settings=1&idzone=4746716&cookieconsent=true&p=https%3A%2F%2Fgaypornhdfree.com%2Fmochi-mochi-mochimochisosweet%2F
95.211.229.245200 OK 3.1 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4746716&cookieconsent=true&p=https%3A%2F%2Fgaypornhdfree.com%2Fmochi-mochi-mochimochisosweet%2F
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (6043), with no line terminators
Hash 587a62ea0831dfe2156e435fe71ba0ec
cddd64f22f7ffb0fecc5481ccd3144c12a932dec
782f4336f0b975a4d139732c934916ea08350c79e461b303daedf89ccbdb963a
GET /splash.php?native-settings=1&idzone=4746716&cookieconsent=true&p=https%3A%2F%2Fgaypornhdfree.com%2Fmochi-mochi-mochimochisosweet%2F HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gaypornhdfree.com
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 21:21:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://gaypornhdfree.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633df5631472d3.542278131410307863%22%3B%7D; expires=Fri, 04 Oct 2024 21:21:39 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmroemnxgxaacllaxbogeicxbmsbocnxgxaaclllesmgeioslmrxbrnxgxaacbmrobbgeicxbmsbxcnxgxaaclllercgeicxbmsbcenxgxaaclllercgeislsaroornxgxaacmobexrgeicxbmsboenxgxaareecbllgeimreaomxcnxgxaasaoabsrgeimreaobsonxgxaasaoabsrgeioslmrxbmnxgxaacllrobbgeimcclsoeenxgxaasamsoccgeimcclosconxgxaacobbxcxgeimrblelmonxgxaasamsoccgeimrblxembnxgxaasamsoccgeimrblxeecnxgxaasamsoccgeimrblxemcnxgxaasamsoccgeialbserecnxgxaacxeermsgeioslmrxlsnxgxaaclllercgeicaormbbonxgxaareecbllgeioslmrxlrnxgxaacmremaxgeimcclsxscnxgxaacsxbrblgeimrerbmbbnxgxaasmeceesgeialbsereanxgxaacsxbrblgeialbserebnxgxaasborcsogeiccmblmmcnxgxaaclllesmgeimrblelxcnxgxaasblsoxxgeimcclsxoanxgxaacmobexrgeimrblelmbnxgxaasblsoxxgeimcclossanxgxaacmobexrgeimcclselenxgxaasblsoxxgeimcclsoeonxgxaacllaxbogeimccloscenxgxaaslcsrobgeimcclsxacnxgxaaslcsrobgeicaormlebnxgxaacxeermsgeimcersxranxgxaacxeermsgeisaeeasslnxgxaacxeermsgeimcersxacnxgxaacxeermsgeimcersxrenxgxaacxeermsgeiccmblmmbnxgxaaclllesmgeiccmblmmanxgxaacbmcxxrgeislsarosxnxgxaacsremoegeiabeocmsbnxgxaacmobeeageimcclsxcanxgxaacmobexrgeimaecobxanxgxaacmobexrgeimcclsxsbnxgxaacmcrlolgeiccmblmmonxgxaaclllercgeialbserxonxgxaacmremaxgeimcclossbnxgxaacbmrobbgeimaelrlmanxgxaaclmelxogxcceimrsreaabnogxaaclmlsrrgxcceimrsreamcnogxaacllexergxcceimxlbmosanrgxaacllsxbxgxcceimrcaoaoanrgxaacllsxbxgxcceimxlbmoscnsgxaacllsxbxgxcceialxosmbanxgxaacllsxbxgxcceimxlbmoobnogxaacllsxbxgxcceimxxrecsanxgxaacllslcagxcceiaaxcabeonxgxaacllslcagxcceialrexeoonxgxaacllcxbsgxcceimrcaeesbnsgxaacllcaorgxcceixaoosscrnxgxaacllcaorgxcceixaoossalnxgxaacllcaorgxcceimeembecenxgxaacllcaorgxcceimeembesonxgxaacllcaorgxcceialrexexbnxgxaacllcmcrgxcceimcoaxmxonmgxaacllcmcrgxcceialaroxrcnxgxaacllcmcrgxcceialbbebsbnxgxaacllrobbgxcceimxlbmosenogxaacllrobbgxcceimxcbrxbenxgxaacllrobbgxcceimcssmlronsgxaacllrobbgxcceimxlbmosonogxaacllroblgxcceimclsaoxbncgxaacllrsccgxcceimcoaxmxcncgxaacllrsccgxcceimcssmlrcnsgxaacllrscrgxcceimsacexoonxgxaacllrscrgxcceimxeoxsacnrgxaacllrscrgxcceicaormlxbnxgxaacllrsrlgeimcrxeoocnxgxaacllrcoegxcceimcrxeoranxgxaacllrcoegxcceimcclsxobnxgxaacllaxbogeimcclsxbcnxgxaacllaxbogeimrblelxanxgxaacllaxbogeimaecsxccnxgxaacllaxbogeimaecsxcanxgxaacllaxbogeimrblxeeanxgxaacllaxbogeimcssmlrensgxaacllaoregxcceimrmbbrcbnxgxaacllaoregxcceimxlbmxlonxgxaacllascegxcceimxomorronxgxaacllascegxcceirrmlllronxgxaacllascegxcceialbbebsanxgxaacllascegxcceimxreaomcnxgxaacllaaeegxcceimclxlloanxgxaacllaaeegxcceimrcscosbnxgxaacllaaeegxcceimccoarcbnxgxaacllaaeegxcceiceecmorsnxgxaacllaaacgxcceimexexabbnxgxaacllaaargxcceimrxccoscnxgxaacllalbagxcceimrxccosonsgxaacllalbagxcceimrxccosenogxaacllalbagxcceimrxccosanogxaacllalbagxcceimxlbalscnxgxaacllmsaegxcceimemlxbocnxgxaacllmcccgxcceimeembeconxgxaacllmcccgxcceicxmecmcanxgxaacllmcccgxcceimeembescnxgxaacllbecxgxcceimrbxmxmanogxaacllbacxgxcceimrracorbnxgxaacllbblmgxcceimxeemleenxgxaacllbblmgxcceicmarxbbonagxaacllbblmgxcceimxcbrxscnxgxaaclllesmgxcceimxeoxsbenmgxaaclllercgxcceimxcbrxronxgxaaclllercgxcceialbbebrenxgxaaclllxomgxcceimxomsmconxgxaareexocrgxcceimcrxeobenxgxaareeocorgxcceimrcscrsanxgxaareeobslgxcceimcrxeocanxgxaareesebsgxcceimrmaobxanogxaareesxcrgxcceimrmaoboenogxaareesxcrgxcceimrmaobxbnxgxaareesxcrgxcceialcaercenxgxaareecssagxcceimrracoranxgxaareecssagxcceircleeobonxgxaareecrbsgxcceimrxccosbnxgxaareecrbsgxcceimocbmmmanxgxaareecbllgxcce; expires=Thu, 06 Oct 2022 21:21:39 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4746716%7C41873820%7C0%7C%7C118%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C96f86769e2c0ada26ff426ad42fe7c60%7C0%7Cgaypornhdfree.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 06 Oct 2022 21:21:39 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4746716%7C46257882%7C92448%7C%7C118%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C96f86769e2c0ada26ff426ad42fe7c60%7C0%7Cgaypornhdfree.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 06 Oct 2022 21:21:39 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4746716%7C72487776%7C0%7C%7C118%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C96f86769e2c0ada26ff426ad42fe7c60%7C0%7Cgaypornhdfree.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 06 Oct 2022 21:21:39 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
216.58.207.195200 OK 45 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
IP 216.58.207.195:0
File type Web Open Font Format (Version 2), TrueType, length 44856, version 1.0\012- data
Hash 565ce506190ad3af920b40baf1794cec
ad3cba5d06100e09449a864d3b5e58403b478b3d
8778e9af2422858d7052ff9a0f3c12c08ae976bdd6e0316db144cd5579cd97db
GET /s/opensans/v34/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gaypornhdfree.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 44856
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Sat, 01 Oct 2022 03:08:55 GMT
expires: Sun, 01 Oct 2023 03:08:55 GMT
cache-control: public, max-age=31536000
last-modified: Mon, 15 Aug 2022 18:20:18 GMT
content-type: font/woff2
age: 411164
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
216.58.207.195200 OK 52 kB URL HTTP/2 fonts.gstatic.com/s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2
IP 216.58.207.195:0
Hash de0843accfb479221fa9947b2b791250
0c581616777fab3ac66f3518326577cf73de0e3f
eb281a024fe052bf2ec8c6ced760bd07978431c37d8448157e7ebcda390bcde0
GET /s/opensans/v34/memtYaGs126MiZpBA-UFUIcVXSCEkx2cmqvXlWqWuU6F.woff2 HTTP/1.1
Host: fonts.gstatic.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: identity
Origin: https://gaypornhdfree.com
Connection: keep-alive
Referer: https://fonts.googleapis.com/
Sec-Fetch-Dest: font
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
timing-allow-origin: *
content-length: 47952
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Mon, 03 Oct 2022 18:59:14 GMT
expires: Tue, 03 Oct 2023 18:59:14 GMT
cache-control: public, max-age=31536000
age: 181345
last-modified: Mon, 15 Aug 2022 18:22:41 GMT
content-type: font/woff2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash 36b1ec1ebfdbe3367fc1fde546d47281
a12333d6fdf5f29a25fcac13b21e4a4f45ca5ba6
c95cde94d5b12b299aecb89ed8b9a8ad30e46e4704a30ab8329742a396e00090
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 21:21:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
syndication.realsrv.com/splash.php?native-settings=1&idzone=4747562&cookieconsent=true&p=https%3A%2F%2Fgaypornhdfree.com%2Fmochi-mochi-mochimochisosweet%2F
95.211.229.245200 OK 3.6 kB URL HTTP/1.1 syndication.realsrv.com/splash.php?native-settings=1&idzone=4747562&cookieconsent=true&p=https%3A%2F%2Fgaypornhdfree.com%2Fmochi-mochi-mochimochisosweet%2F
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (7229), with no line terminators
Hash bb1183b260d1f24c8c2c96f82c6acf18
16decc9b4abac55a6bc45aec1184ef2ad9f57492
a2363c67919ae0557a52e7f440e8957ec678c8d7773454fe6b7f010575bcaadd
GET /splash.php?native-settings=1&idzone=4747562&cookieconsent=true&p=https%3A%2F%2Fgaypornhdfree.com%2Fmochi-mochi-mochimochisosweet%2F HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gaypornhdfree.com
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 21:21:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://gaypornhdfree.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633df563248121.354682443423923439%22%3B%7D; expires=Fri, 04 Oct 2024 21:21:39 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
impressions=oslmroemnxgxaacllaxbogeicxbmsbocnxgxaaclllesmgeioslmrxbrnxgxaacbmrobbgeicxbmsbxcnxgxaareecbllgeicxbmsbcenxgxaaclllercgeislsaroornxgxaacmobexrgeicxbmsboenxgxaareecbllgeimreaomxcnxgxaasaoabsrgeimreaobsonxgxaasaoabsrgeioslmrxbmnxgxaacllrobbgeimcclsoeenxgxaasamsoccgeimcclosconxgxaacobbxcxgeimrblelmonxgxaasamsoccgeimrblxembnxgxaasamsoccgeimrblxeecnxgxaasamsoccgeimrblxemcnxgxaasamsoccgeialbserecnxgxaacxeermsgeioslmrxlsnxgxaaclllercgeicaormbbonxgxaareecbllgeioslmrxlrnxgxaacmremaxgeimcclsxscnxgxaacsxbrblgeimrerbmbbnxgxaasmeceesgeialbsereanxgxaacsxbrblgeialbserebnxgxaasborcsogeiccmblmmcnxgxaaclllesmgeimrblelxcnxgxaasblsoxxgeimcclsxoanxgxaacmobexrgeimrblelmbnxgxaasblsoxxgeimcclossanxgxaacmobexrgeimcclselenxgxaasblsoxxgeimcclsoeonxgxaacllaxbogeimccloscenxgxaaslcsrobgeimcclsxacnxgxaaslcsrobgeicaormlebnxgxaacxeermsgeimcersxranxgxaacxeermsgeisaeeasslnxgxaacxeermsgeimcersxacnxgxaacxeermsgeimcersxrenxgxaacxeermsgeiccmblmmbnxgxaaclllesmgeiccmblmmanxgxaacbmcxxrgeislsarosxnxgxaacsremoegeiabeocmsbnxgxaacmobeeageimcclsxcanxgxaacmobexrgeimaecobxanxgxaacmobexrgeimcclsxsbnxgxaacmcrlolgeiccmblmmonxgxaaclllercgeialbserxonxgxaacmremaxgeimcclossbnxgxaacbmrobbgeimaelrlmanxgxaaclmelxogxcceimrsreaabnogxaaclmlsrrgxcceimrsreamcnogxaacllexergxcceimxlbmosanrgxaacllsxbxgxcceimrcaoaoanrgxaacllsxbxgxcceimxlbmoscnsgxaacllsxbxgxcceialxosmbanxgxaacllsxbxgxcceimxlbmoobnogxaacllsxbxgxcceimxxrecsanxgxaacllslcagxcceiaaxcabeonxgxaacllslcagxcceialrexeoonxgxaacllcxbsgxcceimrcaeesbnsgxaacllcaorgxcceixaoosscrnxgxaacllcaorgxcceixaoossalnxgxaacllcaorgxcceimeembecenxgxaacllcaorgxcceimeembesonxgxaacllcaorgxcceialrexexbnxgxaacllcmcrgxcceimcoaxmxonmgxaacllcmcrgxcceialaroxrcnxgxaacllcmcrgxcceialbbebsbnxgxaacllrobbgxcceimxlbmosenogxaacllrobbgxcceimxcbrxbenxgxaacllrobbgxcceimcssmlronsgxaacllrobbgxcceimxlbmosonogxaacllroblgxcceimclsaoxbncgxaacllrsccgxcceimcoaxmxcncgxaacllrsccgxcceimcssmlrcnsgxaacllrscrgxcceimsacexoonxgxaacllrscrgxcceimxeoxsacnrgxaacllrscrgxcceicaormlxbnxgxaareecbllgeimcrxeoocnxgxaacllrcoegxcceimcrxeoranxgxaacllrcoegxcceimcclsxobnxgxaacllaxbogeimcclsxbcnxgxaacllaxbogeimrblelxanxgxaacllaxbogeimaecsxccnxgxaacllaxbogeimaecsxcanxgxaacllaxbogeimrblxeeanxgxaacllaxbogeimcssmlrensgxaacllaoregxcceimrmbbrcbnxgxaacllaoregxcceimxlbmxlonxgxaacllascegxcceimxomorronxgxaacllascegxcceirrmlllronxgxaacllascegxcceialbbebsanxgxaacllascegxcceimxreaomcnxgxaacllaaeegxcceimclxlloanxgxaacllaaeegxcceimrcscosbnxgxaacllaaeegxcceimccoarcbnxgxaacllaaeegxcceiceecmorsnxgxaacllaaacgxcceimexexabbnxgxaacllaaargxcceimrxccoscnxgxaacllalbagxcceimrxccosonsgxaacllalbagxcceimrxccosenogxaacllalbagxcceimrxccosanogxaacllalbagxcceimxlbalscnxgxaacllmsaegxcceimemlxbocnxgxaacllmcccgxcceimeembeconxgxaacllmcccgxcceicxmecmcanxgxaacllmcccgxcceimeembescnxgxaacllbecxgxcceimrbxmxmanogxaacllbacxgxcceimrracorbnxgxaacllbblmgxcceimxeemleenxgxaacllbblmgxcceicmarxbbonagxaacllbblmgxcceimxcbrxscnxgxaaclllesmgxcceimxeoxsbenmgxaaclllercgxcceimxcbrxronxgxaaclllercgxcceialbbebrenxgxaaclllxomgxcceimxomsmconxgxaareexocrgxcceimcrxeobenxgxaareeocorgxcceimrcscrsanxgxaareeobslgxcceimcrxeocanxgxaareesebsgxcceimrmaobxanogxaareesxcrgxcceimrmaoboenogxaareesxcrgxcceimrmaobxbnxgxaareesxcrgxcceialcaercenxgxaareecssagxcceimrracoranxgxaareecssagxcceircleeobonxgxaareecrbsgxcceimrxccosbnxgxaareecrbsgxcceimocbmmmanxgxaareecbllgxcceimocbmmacnxgxaareecbllgxcceicaormbbcnxgxaareecbllge; expires=Thu, 06 Oct 2022 21:21:39 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4747562%7C72487764%7C0%7C%7C118%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C96f86769e2c0ada26ff426ad42fe7c60%7C0%7Cgaypornhdfree.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 06 Oct 2022 21:21:39 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4747562%7C46257918%7C92448%7C%7C118%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C96f86769e2c0ada26ff426ad42fe7c60%7C0%7Cgaypornhdfree.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 06 Oct 2022 21:21:39 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4747562%7C41873814%7C0%7C%7C118%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C96f86769e2c0ada26ff426ad42fe7c60%7C0%7Cgaypornhdfree.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 06 Oct 2022 21:21:39 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4747562%7C46257884%7C92446%7C%7C118%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C96f86769e2c0ada26ff426ad42fe7c60%7C0%7Cgaypornhdfree.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D; expires=Thu, 06 Oct 2022 21:21:39 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
dood.so/e/uarv5qu2r8v8k4sotskbmu4ngjv8vvl3
190.115.31.133302 Found 0 B URL HTTP/2 dood.so/e/uarv5qu2r8v8k4sotskbmu4ngjv8vvl3
IP 190.115.31.133:0
ASN #262254 DDOS-GUARD CORP.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /e/uarv5qu2r8v8k4sotskbmu4ngjv8vvl3 HTTP/1.1
Host: dood.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 05 Oct 2022 21:21:39 GMT
content-length: 0
set-cookie: __ddg1_=Rdxp51yzM8VjcfsJ2PpA; Domain=.dood.so; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:39 GMT
lang=1; domain=.dood.so; path=/
referer=; domain=.dood.so; path=/; expires=Wed, 05-Oct-2022 21:22:39 GMT
location: /e/djcuxf1ipslae6tryaxw0rgrb32nnje
X-Firefox-Spdy: h2
ocsp.pki.goog/gts1c3
142.250.74.3200 OK 471 B IP 142.250.74.3:0
Hash ff5f22aafa6751c60631736c305a4c7c
278b89e5c1a978e070be4b66bb780862894b8504
b501664d7591e6dfe95c8641e0020e04b76f16f5cb80a7fc0ee0b36af60a6382
POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 21:21:39 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
cdn.popcash.net/show.js
151.139.128.11200 OK 36 kB IP 151.139.128.11:0
File type ASCII text, with very long lines (65387)
Hash 67006a1f5f35b63343332cbfec97cd85
9d5be86bebf78c5bc3aee39e74ced6631939ab5c
f82f11a982dc0602cdef4bc9eccfd26637a8b9bdd504a456a93426a376fff60b
GET /show.js HTTP/1.1
Host: cdn.popcash.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:39 GMT
content-encoding: br
content-length: 36402
content-type: application/javascript
last-modified: Tue, 05 Jul 2022 13:28:20 GMT
accept-ranges: bytes
etag: W/"62c43c74-1b189"
cache-control: max-age=2592000, public
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aUwmSZ8jvagq9rT3laa5kdGAHTfTjtwSj%2BwydgCY8vz8Q2kuNQa0WJW0RlGhy%2BSc3FWh9O8omX33%2FtJFewrhiomS%2BLyvc9RfhLE64gY4AyMS2ld9GkMRNXLDVnwq"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 72f659fe7a21be38-CPH
vary: Accept-Encoding
x-hw: 1665004899.cds243.sk1.hn,1665004899.cds015.sk1.c
access-control-allow-origin: *
X-Firefox-Spdy: h2
dood.so/e/uarv5qu2r8v8k4sotskbmu4ngjv8vvl3
190.115.31.133302 Found 0 B URL HTTP/2 dood.so/e/uarv5qu2r8v8k4sotskbmu4ngjv8vvl3
IP 190.115.31.133:0
ASN #262254 DDOS-GUARD CORP.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /e/uarv5qu2r8v8k4sotskbmu4ngjv8vvl3 HTTP/1.1
Host: dood.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 05 Oct 2022 21:21:39 GMT
content-length: 0
set-cookie: __ddg1_=bkw1MkYoWNe61M0WEwZF; Domain=.dood.so; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:39 GMT
lang=1; domain=.dood.so; path=/
referer=; domain=.dood.so; path=/; expires=Wed, 05-Oct-2022 21:22:39 GMT
location: /e/eeyxdpnnlt5vylnu90ziykyc4zadvv2
X-Firefox-Spdy: h2
syndication.realsrv.com/v1/api.php
95.211.229.245200 OK 1.1 kB URL HTTP/1.1 syndication.realsrv.com/v1/api.php
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
File type JSON data\012- , ASCII text, with very long lines (1584), with no line terminators
Hash b4efcb4592bbbe569bb7a448a65efd4e
3c46a52d1a2cc081cd7fba1e444f66e5efdfc6f9
d9d358e203fcd0c4b0fc1414c5ee8011e2703b6f8f90bf2beca503309f0f60f3
POST /v1/api.php HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain
Content-Length: 272
Origin: https://gaypornhdfree.com
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633df563248121.354682443423923439%22%3B%7D; impressions=oslmroemnxgxaacllaxbogeicxbmsbocnxgxaaclllesmgeioslmrxbrnxgxaacbmrobbgeicxbmsbxcnxgxaareecbllgeicxbmsbcenxgxaaclllercgeislsaroornxgxaacmobexrgeicxbmsboenxgxaareecbllgeimreaomxcnxgxaasaoabsrgeimreaobsonxgxaasaoabsrgeioslmrxbmnxgxaacllrobbgeimcclsoeenxgxaasamsoccgeimcclosconxgxaacobbxcxgeimrblelmonxgxaasamsoccgeimrblxembnxgxaasamsoccgeimrblxeecnxgxaasamsoccgeimrblxemcnxgxaasamsoccgeialbserecnxgxaacxeermsgeioslmrxlsnxgxaaclllercgeicaormbbonxgxaareecbllgeioslmrxlrnxgxaacmremaxgeimcclsxscnxgxaacsxbrblgeimrerbmbbnxgxaasmeceesgeialbsereanxgxaacsxbrblgeialbserebnxgxaasborcsogeiccmblmmcnxgxaaclllesmgeimrblelxcnxgxaasblsoxxgeimcclsxoanxgxaacmobexrgeimrblelmbnxgxaasblsoxxgeimcclossanxgxaacmobexrgeimcclselenxgxaasblsoxxgeimcclsoeonxgxaacllaxbogeimccloscenxgxaaslcsrobgeimcclsxacnxgxaaslcsrobgeicaormlebnxgxaacxeermsgeimcersxranxgxaacxeermsgeisaeeasslnxgxaacxeermsgeimcersxacnxgxaacxeermsgeimcersxrenxgxaacxeermsgeiccmblmmbnxgxaaclllesmgeiccmblmmanxgxaacbmcxxrgeislsarosxnxgxaacsremoegeiabeocmsbnxgxaacmobeeageimcclsxcanxgxaacmobexrgeimaecobxanxgxaacmobexrgeimcclsxsbnxgxaacmcrlolgeiccmblmmonxgxaaclllercgeialbserxonxgxaacmremaxgeimcclossbnxgxaacbmrobbgeimaelrlmanxgxaaclmelxogxcceimrsreaabnogxaaclmlsrrgxcceimrsreamcnogxaacllexergxcceimxlbmosanrgxaacllsxbxgxcceimrcaoaoanrgxaacllsxbxgxcceimxlbmoscnsgxaacllsxbxgxcceialxosmbanxgxaacllsxbxgxcceimxlbmoobnogxaacllsxbxgxcceimxxrecsanxgxaacllslcagxcceiaaxcabeonxgxaacllslcagxcceialrexeoonxgxaacllcxbsgxcceimrcaeesbnsgxaacllcaorgxcceixaoosscrnxgxaacllcaorgxcceixaoossalnxgxaacllcaorgxcceimeembecenxgxaacllcaorgxcceimeembesonxgxaacllcaorgxcceialrexexbnxgxaacllcmcrgxcceimcoaxmxonmgxaacllcmcrgxcceialaroxrcnxgxaacllcmcrgxcceialbbebsbnxgxaacllrobbgxcceimxlbmosenogxaacllrobbgxcceimxcbrxbenxgxaacllrobbgxcceimcssmlronsgxaacllrobbgxcceimxlbmosonogxaacllroblgxcceimclsaoxbncgxaacllrsccgxcceimcoaxmxcncgxaacllrsccgxcceimcssmlrcnsgxaacllrscrgxcceimsacexoonxgxaacllrscrgxcceimxeoxsacnrgxaacllrscrgxcceicaormlxbnxgxaareecbllgeimcrxeoocnxgxaacllrcoegxcceimcrxeoranxgxaacllrcoegxcceimcclsxobnxgxaacllaxbogeimcclsxbcnxgxaacllaxbogeimrblelxanxgxaacllaxbogeimaecsxccnxgxaacllaxbogeimaecsxcanxgxaacllaxbogeimrblxeeanxgxaacllaxbogeimcssmlrensgxaacllaoregxcceimrmbbrcbnxgxaacllaoregxcceimxlbmxlonxgxaacllascegxcceimxomorronxgxaacllascegxcceirrmlllronxgxaacllascegxcceialbbebsanxgxaacllascegxcceimxreaomcnxgxaacllaaeegxcceimclxlloanxgxaacllaaeegxcceimrcscosbnxgxaacllaaeegxcceimccoarcbnxgxaacllaaeegxcceiceecmorsnxgxaacllaaacgxcceimexexabbnxgxaacllaaargxcceimrxccoscnxgxaacllalbagxcceimrxccosonsgxaacllalbagxcceimrxccosenogxaacllalbagxcceimrxccosanogxaacllalbagxcceimxlbalscnxgxaacllmsaegxcceimemlxbocnxgxaacllmcccgxcceimeembeconxgxaacllmcccgxcceicxmecmcanxgxaacllmcccgxcceimeembescnxgxaacllbecxgxcceimrbxmxmanogxaacllbacxgxcceimrracorbnxgxaacllbblmgxcceimxeemleenxgxaacllbblmgxcceicmarxbbonagxaacllbblmgxcceimxcbrxscnxgxaaclllesmgxcceimxeoxsbenmgxaaclllercgxcceimxcbrxronxgxaaclllercgxcceialbbebrenxgxaaclllxomgxcceimxomsmconxgxaareexocrgxcceimcrxeobenxgxaareeocorgxcceimrcscrsanxgxaareeobslgxcceimcrxeocanxgxaareesebsgxcceimrmaobxanogxaareesxcrgxcceimrmaoboenogxaareesxcrgxcceimrmaobxbnxgxaareesxcrgxcceialcaercenxgxaareecssagxcceimrracoranxgxaareecssagxcceircleeobonxgxaareecrbsgxcceimrxccosbnxgxaareecrbsgxcceimocbmmmanxgxaareecbllgxcceimocbmmacnxgxaareecbllgxcceicaormbbcnxgxaareecbllge; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4747562%7C46257884%7C92446%7C%7C118%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C96f86769e2c0ada26ff426ad42fe7c60%7C0%7Cgaypornhdfree.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 21:21:39 GMT
Content-Type: application/json
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://gaypornhdfree.com
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Request-Method: POST
Access-Control-Allow-Credentials: true
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
104.17.25.14200 OK 28 kB URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (65451)
Hash 4b5f47439b640180cc3450f7de05d0d8
5a0dc9bcab80ddc409dd35fcb00a88fe6846fee2
1f85e8b327f42c17c025d69849914068536d9aa95412fe473ae90ffb2f4ebd82
GET /ajax/libs/jquery/3.5.1/jquery.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 27958
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb09ed3-15d84"
last-modified: Mon, 04 May 2020 23:01:39 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
cf-cache-status: HIT
age: 10448603
expires: Mon, 25 Sep 2023 21:21:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UEOdYuhe8ZT1Y2pn1sNepYSiZLbqpQ%2BnL%2FxS1VpvyA1ou8wzQYZjEFzZV%2FBzUGAdNkqcr7TFPknBR3E01tock0jNicjgymcftZ5YPeopJy5%2BUXF4RMKLMjww%2FYreg3OM%2FhEtGj4q"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7559354e2dddb4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c5640ee29dd8ad4db1d80814b949041a
d2c92fd345d54d9743c97076db2891cb94d79f69
6bd4256b008a6bbcc880a2a7a6df7ba561bb5db896c5aa12c16bd76ada584a3f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6BD4256B008A6BBCC880A2A7A6DF7BA561BB5DB896C5AA12C16BD76ADA584A3F"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16104
Expires: Thu, 06 Oct 2022 01:50:03 GMT
Date: Wed, 05 Oct 2022 21:21:39 GMT
Connection: keep-alive
cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
104.17.25.14200 OK 591 B URL HTTP/2 cdnjs.cloudflare.com/ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js
IP 104.17.25.14:0
File type ASCII text, with very long lines (1266)
Hash 414869f16aa77a65b4928a018f7f1abb
cea521f7a2958a50239526ed6b068f0937527653
afee364ce513c6517247b81cce5eb5eadb1dbbb35e439eb3fa97bbc15fac2cd3
GET /ajax/libs/jquery-cookie/1.4.1/jquery.cookie.min.js HTTP/1.1
Host: cdnjs.cloudflare.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: application/javascript; charset=utf-8
content-length: 591
access-control-allow-origin: *
cache-control: public, max-age=30672000
content-encoding: br
etag: "5eb03ec1-514"
last-modified: Mon, 04 May 2020 16:11:45 GMT
cf-cdnjs-via: cfworker/kv
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: HIT
age: 2821880
expires: Mon, 25 Sep 2023 21:21:39 GMT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ed%2B98xvdUCLfuNzI5H4VtbkJy%2BBmk5wC2LGroqG2xqVziOPcOlfREAUGUgWtTBn6erbEYgrrpP083yT6dTFA%2FSrixjZq0Wv%2BF0jfSYs%2FG0YGy9zGku0jh7iOCp3zZeAL92QP2Hxa"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15780000
server: cloudflare
cf-ray: 7559354e2dd3b4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c5640ee29dd8ad4db1d80814b949041a
d2c92fd345d54d9743c97076db2891cb94d79f69
6bd4256b008a6bbcc880a2a7a6df7ba561bb5db896c5aa12c16bd76ada584a3f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6BD4256B008A6BBCC880A2A7A6DF7BA561BB5DB896C5AA12C16BD76ADA584A3F"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16104
Expires: Thu, 06 Oct 2022 01:50:03 GMT
Date: Wed, 05 Oct 2022 21:21:39 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c5640ee29dd8ad4db1d80814b949041a
d2c92fd345d54d9743c97076db2891cb94d79f69
6bd4256b008a6bbcc880a2a7a6df7ba561bb5db896c5aa12c16bd76ada584a3f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6BD4256B008A6BBCC880A2A7A6DF7BA561BB5DB896C5AA12C16BD76ADA584A3F"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16104
Expires: Thu, 06 Oct 2022 01:50:03 GMT
Date: Wed, 05 Oct 2022 21:21:39 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c5640ee29dd8ad4db1d80814b949041a
d2c92fd345d54d9743c97076db2891cb94d79f69
6bd4256b008a6bbcc880a2a7a6df7ba561bb5db896c5aa12c16bd76ada584a3f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6BD4256B008A6BBCC880A2A7A6DF7BA561BB5DB896C5AA12C16BD76ADA584A3F"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16104
Expires: Thu, 06 Oct 2022 01:50:03 GMT
Date: Wed, 05 Oct 2022 21:21:39 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c5640ee29dd8ad4db1d80814b949041a
d2c92fd345d54d9743c97076db2891cb94d79f69
6bd4256b008a6bbcc880a2a7a6df7ba561bb5db896c5aa12c16bd76ada584a3f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6BD4256B008A6BBCC880A2A7A6DF7BA561BB5DB896C5AA12C16BD76ADA584A3F"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16104
Expires: Thu, 06 Oct 2022 01:50:03 GMT
Date: Wed, 05 Oct 2022 21:21:39 GMT
Connection: keep-alive
i.doodcdn.co/img/no_video_3.svg
104.26.7.74200 OK 2.8 kB URL HTTP/2 i.doodcdn.co/img/no_video_3.svg
IP 104.26.7.74:0
File type SVG Scalable Vector Graphics image\012- XML 1.0 document text\012- XML document, ASCII text, with very long lines (2789)
Hash 077bfdaa49ae4877a42611b739ec4752
a2f9e1222b7af9abc05122411ab8902efcc08ead
70d6a17097a8c27edfaad6740e11359d9363f3f04bff1b93483e29c25609fa6c
GET /img/no_video_3.svg HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: image/svg+xml
content-length: 2812
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
etag: "61d3187c-afc"
expires: Thu, 03 Nov 2022 08:08:01 GMT
cache-control: public, max-age=2592000, no-transform
access-control-allow-origin: *
cf-cache-status: HIT
age: 85747
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=S58As%2BbSGdedjQBcqoyFmEcNkfh1w%2BJ8Y4LhsNbQIM67cZ8wfZLynzAhnLNwFT5vMLAgNkcbaZmqq2OL39Q3kbTB7mhfZ0cjvXTDZmjHXKGHpJFFw8oWvE3Kzh3oNw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559354ea9f7b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/ads/ad.js
104.26.7.74200 OK 18 B IP 104.26.7.74:0
File type ASCII text, with no line terminators
Hash 071c641b229d2bfadd243b8fa2a9c88d
4048ed3ad506f9bb9052c23283912d0cfea8bcc6
3716878d3ceb2042b22c092b31c6f43cc862f8464e92ddde416a49624b32716e
GET /ads/ad.js HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: application/javascript
content-length: 18
access-control-allow-origin: *
cache-control: public, max-age=2592000
cf-bgj: minify
cf-polished: origSize=20
expires: Wed, 04 Oct 2023 08:04:45 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
vary: User-Agent,Accept-Encoding
cf-cache-status: HIT
age: 76260
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=itnd71kslgoCR7xnhmZzY56oB08acaVDFwBdSA9sQ3pRp7h79U1XwlQ4lL2c94kZIxu9fOkI6jnZmrIibsJNAk10YDd53M3Dk3FV8bEkJ3RvWn%2B5noaQkAH0vvoxYw%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559354eaa04b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 6c23d9e67394a07a0e6739f15bbb4da6
300223a40a6e04e01bc59585b83aa1ef847c2ee4
37241ae3a733b19d93e78c58aca4a5e6bdd8cb559e4a1a8eb570732f9684fb16
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "37241AE3A733B19D93E78C58ACA4A5E6BDD8CB559E4A1A8EB570732F9684FB16"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5884
Expires: Wed, 05 Oct 2022 22:59:43 GMT
Date: Wed, 05 Oct 2022 21:21:39 GMT
Connection: keep-alive
i.doodcdn.co/js/embed2.js
104.26.7.74200 OK 339 kB URL HTTP/2 i.doodcdn.co/js/embed2.js
IP 104.26.7.74:0
File type Unicode text, UTF-8 text, with very long lines (65528), with no line terminators
Size 339 kB (339271 bytes)
Hash cac27d72c22014f70500e507a7a82231
edcac36287bfc654b2ee6c0fe0727cdc725a9fe5
01c49e02b98bc8a4275650b65787cdd100c362abc7e54e8b9e99396b6117c2c6
GET /js/embed2.js HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: application/javascript
content-length: 339271
access-control-allow-origin: *
cache-control: public, max-age=2592000, no-transform
cf-bgj: minify
cf-polished: origSize=339527
etag: "61d3187c-52e47"
expires: Thu, 03 Nov 2022 19:47:08 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
cf-cache-status: HIT
age: 76241
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6Cnt06qghzN9gS7FaudFbTpX9Z%2FNXDHFyCBxvp2FmKPsmvc1lKvK1znL2KhoO6Bg%2BLa8SEhX%2BmJTAOQzl0k6gKU0dGu63hS5wjQuGT9tr%2FEVFItEKGM%2BcaF7aAtwxA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559354eba0eb503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
i.doodcdn.co/css/embed.css
104.26.7.74200 OK 80 kB URL HTTP/2 i.doodcdn.co/css/embed.css
IP 104.26.7.74:0
File type Unicode text, UTF-8 text, with very long lines (65532), with no line terminators
Hash 010e9740f2148647b93ae896d452119c
888e44accbd7e78a0654fd4eaf7541269d95e4e9
d33d9d5fc2eef77dd7cda0770e9bc8213f058f2ead19b7d9b7ed731bcd081a47
GET /css/embed.css HTTP/1.1
Host: i.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: text/css
content-length: 79720
access-control-allow-origin: *
cache-control: public, max-age=2592000, no-transform
cf-bgj: minify
cf-polished: origSize=79890
etag: "61d3187c-13812"
expires: Thu, 03 Nov 2022 08:05:20 GMT
last-modified: Mon, 03 Jan 2022 15:38:36 GMT
cf-cache-status: HIT
age: 76241
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=G2fhn%2B0Gnv1%2F%2Fxh3CQtOOQGdnwZ3hyXvY9Z2guNqbMRkgRXwxpeeGdLJA2WI9Fr9r3Ius%2FMXsenamZlxq9Gw4nwEjixMPd8DemaIztf30ba1x7q02ex3BRAfXup%2FKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559354eca25b503-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp2.globalsign.com/gsalphasha2g2
104.18.20.226200 OK 1.4 kB URL HTTP/1.1 ocsp2.globalsign.com/gsalphasha2g2
IP 104.18.20.226:0
Hash 0f19f59323944d6d436d167efd618d11
a7d4d7ad6b231ec124c732b242d8c623fd247392
d87057e1c5847df324a7594e95145760a2e01ba2787ce98f3681255a00aedfb0
POST /gsalphasha2g2 HTTP/1.1
Host: ocsp2.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 21:21:39 GMT
Content-Type: application/ocsp-response
Content-Length: 1423
Connection: keep-alive
Expires: Sun, 09 Oct 2022 17:40:09 GMT
ETag: "a7d4d7ad6b231ec124c732b242d8c623fd247392"
Last-Modified: Wed, 05 Oct 2022 17:40:10 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1058
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7559354eebc9b4f9-OSL
s3t3d2y8.afcdn.net/library/623611/08383e72ee30f54920b69f036aa7050b9906cf65.webp
185.76.9.21200 OK 10 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/623611/08383e72ee30f54920b69f036aa7050b9906cf65.webp
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash e456e1fcd5b9782e95a8a4beafdaa6f7
08383e72ee30f54920b69f036aa7050b9906cf65
652ef2a4170f9f3331fa3efbbf4f76a170be4d96c0b22a8ad23b490ccab9b534
GET /library/623611/08383e72ee30f54920b69f036aa7050b9906cf65.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: image/webp
content-length: 10274
last-modified: Wed, 03 Nov 2021 19:29:43 GMT
etag: "6182e327-2822"
expires: Fri, 30 Jun 2023 11:10:59 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195228
server: CDN77-Turbo
x-77-nzt: AblMCRTzKOH/R1h/AA
x-77-nzt-ray: qlibqd8EBLY
x-cache: HIT
x-age: 8345671
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/256238/44e23873565d8ddbc01b8ab1727efc77f516c884.webp
185.76.9.21200 OK 12 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/256238/44e23873565d8ddbc01b8ab1727efc77f516c884.webp
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7d3236d5c82901ad7210ae85ba446f25
44e23873565d8ddbc01b8ab1727efc77f516c884
e16eedc198f417ffa4d501511beb48aa7ef1e449987450f2e252ad6423d10f42
GET /library/256238/44e23873565d8ddbc01b8ab1727efc77f516c884.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: image/webp
content-length: 12460
last-modified: Wed, 03 Nov 2021 21:49:57 GMT
etag: "61830405-30ac"
expires: Fri, 30 Jun 2023 18:47:08 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195425
server: CDN77-Turbo
x-77-nzt: AblMCRQO1cL/gld/AA
x-77-nzt-ray: HupUlAqzGBA
x-cache: HIT
x-age: 8345474
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/623611/26c94b1b9322fb1f2558083727af47e58151007e.webp
185.76.9.21200 OK 6.8 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/623611/26c94b1b9322fb1f2558083727af47e58151007e.webp
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash ac7f0a83b67d9661811c62d68cdd2074
26c94b1b9322fb1f2558083727af47e58151007e
24c3c958813cf663205712c9a41003d3c5f304d3a90301d63847ab46047fc66f
GET /library/623611/26c94b1b9322fb1f2558083727af47e58151007e.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: image/webp
content-length: 6782
last-modified: Wed, 03 Nov 2021 19:29:43 GMT
etag: "6182e327-1a7e"
expires: Fri, 30 Jun 2023 11:12:51 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195209
server: CDN77-Turbo
x-77-nzt: AblMCRQmZmv/Wlh/AA
x-77-nzt-ray: 391nzOwTRZU
x-cache: HIT
x-age: 8345690
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
img.doodcdn.co/splash/3z1jp2gxudsorelo.jpg
104.26.7.74200 OK 101 kB URL HTTP/2 img.doodcdn.co/splash/3z1jp2gxudsorelo.jpg
IP 104.26.7.74:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 1264x715, components 3\012- data
Size 101 kB (100592 bytes)
Hash 80729f1e1eef68ee9a40d32d6b37758e
b76b64dbca843f137b17a5ebc4feb39fd3febf0e
dccbb8d0a6890a811e138694de43ae04e6e48b7a7eb45d9682078bb054371689
GET /splash/3z1jp2gxudsorelo.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: image/jpeg
content-length: 100592
access-control-allow-origin: *
cache-control: max-age=1209600
cf-bgj: imgq:100,h2pri
cf-polished: origSize=101343, status=webp_bigger
etag: "63289fa3-18bdf"
expires: Tue, 18 Oct 2022 23:06:38 GMT
last-modified: Mon, 19 Sep 2022 16:58:11 GMT
cf-cache-status: HIT
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kzRS60GeXlYVe%2BA%2F%2BiuubGig8m0v0l9Nwi8e5BNBpBg2JAHl%2BVoY6yccDk5PwU60RUV%2BtvmO4aqGN3DWbadyYp80VGbVarhs0lb46Yn3mg8qPK5Z%2FR9goSAHoIP8mRa6"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559354eeea1b4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/256238/eed61115a0a8c42956f7559581856e5f5bb659ba.webp
185.76.9.21200 OK 19 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/256238/eed61115a0a8c42956f7559581856e5f5bb659ba.webp
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 47f589a29dcae8e22fc31bb67531eed8
eed61115a0a8c42956f7559581856e5f5bb659ba
12719b99f089d5e4551dddf31c960ed13564fb0958b8e1a2bd7158d8bbe6d51f
GET /library/256238/eed61115a0a8c42956f7559581856e5f5bb659ba.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: image/webp
content-length: 19320
last-modified: Wed, 03 Nov 2021 21:49:57 GMT
etag: "61830405-4b78"
expires: Fri, 30 Jun 2023 18:46:41 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195262
server: CDN77-Turbo
x-77-nzt: AblMCRQg6qH/JVh/AA
x-77-nzt-ray: UdXcE37gD1U
x-cache: HIT
x-age: 8345637
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/256238/eb67abb5c0147471220b391085319b9ad47fea48.webp
185.76.9.21200 OK 10 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/256238/eb67abb5c0147471220b391085319b9ad47fea48.webp
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash a8d404a221b92d82db0c2164fafd7795
eb67abb5c0147471220b391085319b9ad47fea48
ad61d9cd2ebbd5f70e7b6c6ec6beb4231e94f88b0addcca6bbb6211a0429f593
GET /library/256238/eb67abb5c0147471220b391085319b9ad47fea48.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: image/webp
content-length: 10478
last-modified: Wed, 03 Nov 2021 21:49:57 GMT
etag: "61830405-28ee"
expires: Fri, 30 Jun 2023 18:47:08 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195385
server: CDN77-Turbo
x-77-nzt: AblMCRRZCjz/qld/AA
x-77-nzt-ray: cAb+PbdMtlk
x-cache: HIT
x-age: 8345514
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/343282/9d5617c24290b065529e4a6863e85961f1ae4227.webp
185.76.9.21200 OK 7.5 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/343282/9d5617c24290b065529e4a6863e85961f1ae4227.webp
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 300x300, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 5b0aa195d3f5fbab89780d9443ffb1e1
9d5617c24290b065529e4a6863e85961f1ae4227
0a95433a81355b317ed5911f4a45e85c578f94e5162c2d9f0afbbf4ce73c62ae
GET /library/343282/9d5617c24290b065529e4a6863e85961f1ae4227.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: image/webp
content-length: 7530
last-modified: Wed, 03 Nov 2021 19:54:35 GMT
etag: "6182e8fb-1d6a"
expires: Fri, 30 Jun 2023 11:35:37 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688196165
server: CDN77-Turbo
x-77-nzt: AblMCRREECj/nlR/AA
x-77-nzt-ray: KOl9sLRP4fM
x-cache: HIT
x-age: 8344734
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash c5640ee29dd8ad4db1d80814b949041a
d2c92fd345d54d9743c97076db2891cb94d79f69
6bd4256b008a6bbcc880a2a7a6df7ba561bb5db896c5aa12c16bd76ada584a3f
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "6BD4256B008A6BBCC880A2A7A6DF7BA561BB5DB896C5AA12C16BD76ADA584A3F"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16104
Expires: Thu, 06 Oct 2022 01:50:03 GMT
Date: Wed, 05 Oct 2022 21:21:39 GMT
Connection: keep-alive
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b3791fae35fa0754166a153c17b4d33c
2416c0ebeb59a5dbb874c88a747242fa03e32bb6
6ed8a41c16f75035977b43d3574fc577c3473b46db106480c4a64ca72462458a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4393
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 21:21:39 GMT
Last-Modified: Wed, 05 Oct 2022 20:08:26 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
connect.facebook.net/vi_VN/sdk.js
31.13.72.12200 OK 1.7 kB URL HTTP/2 connect.facebook.net/vi_VN/sdk.js
IP 31.13.72.12:0
File type ASCII text, with very long lines (1961)
Hash 68bccefe0e880a3efb8c946e9624cddc
c011e65ea89ddebc8585541b8751ffa584c2788e
d6b07faeb79dcc5bfd139ba3eac98584c6f65471a1b99388d50a412565bba740
GET /vi_VN/sdk.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
vary: Accept-Encoding
content-encoding: gzip
access-control-expose-headers: X-FB-Content-MD5
x-fb-content-md5: 614c41880efb47cc78a0f0852fce3db9
etag: "e022945f672bc5114ac0b6b8c80ac9e7"
content-type: application/x-javascript; charset=utf-8
timing-allow-origin: *
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
expires: Wed, 05 Oct 2022 21:26:39 GMT
cache-control: public,max-age=1200,stale-while-revalidate=3600
document-policy: force-load-at-top
cross-origin-opener-policy: same-origin-allow-popups
x-content-type-options: nosniff
x-fb-rlafr: 0
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-md5: aLzO/g6ICj77jJRuliTN3A==
x-fb-debug: ncoTGu+JHoSAyfMV5E+s9ivWxA+qYE7d5stzW9R7YmrmG0I2Y3Da+QGLqv2yDOTk2X9blaneQP33GT08+NsCkw==
content-length: 1687
x-fb-trip-id: 1904183273
date: Wed, 05 Oct 2022 21:21:39 GMT
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dcba.popcash.net/znWaa3gu
3.219.99.78204 No Content 0 B URL HTTP/2 dcba.popcash.net/znWaa3gu
IP 3.219.99.78:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /znWaa3gu HTTP/1.1
Host: dcba.popcash.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gaypornhdfree.com
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 204 No Content
date: Wed, 05 Oct 2022 21:21:39 GMT
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
expires: 0
pragma: no-cache
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 471 B IP 93.184.220.29:0
Hash b3791fae35fa0754166a153c17b4d33c
2416c0ebeb59a5dbb874c88a747242fa03e32bb6
6ed8a41c16f75035977b43d3574fc577c3473b46db106480c4a64ca72462458a
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 4393
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 21:21:39 GMT
Last-Modified: Wed, 05 Oct 2022 20:08:26 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 471
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2d8ad187f4971fb784bc5c08aa65ecdd
38562ea760172c066c75e1ed2e9bb6eee2e690ac
a547ad5a018fc49ed91f1b074b0dabec40dfb5e54db446d7d693fa524b177f67
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A547AD5A018FC49ED91F1B074B0DABEC40DFB5E54DB446D7D693FA524B177F67"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17485
Expires: Thu, 06 Oct 2022 02:13:05 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 2d8ad187f4971fb784bc5c08aa65ecdd
38562ea760172c066c75e1ed2e9bb6eee2e690ac
a547ad5a018fc49ed91f1b074b0dabec40dfb5e54db446d7d693fa524b177f67
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "A547AD5A018FC49ED91F1B074B0DABEC40DFB5E54DB446D7D693FA524B177F67"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=17485
Expires: Thu, 06 Oct 2022 02:13:05 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bf1bd670031ad9a8061c8c8b3efaed61
d740dcef85a7b2818e281f9aabbacc91ba73ce88
73ae170424aab040d6feac08da52cb0cc61d8278261508fdbf40d43a06c31102
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73AE170424AAB040D6FEAC08DA52CB0CC61D8278261508FDBF40D43A06C31102"
Last-Modified: Mon, 03 Oct 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2370
Expires: Wed, 05 Oct 2022 22:01:10 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash bf1bd670031ad9a8061c8c8b3efaed61
d740dcef85a7b2818e281f9aabbacc91ba73ce88
73ae170424aab040d6feac08da52cb0cc61d8278261508fdbf40d43a06c31102
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "73AE170424AAB040D6FEAC08DA52CB0CC61D8278261508FDBF40D43A06C31102"
Last-Modified: Mon, 03 Oct 2022 19:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2370
Expires: Wed, 05 Oct 2022 22:01:10 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 532d06f6240426cfe36425ad44fc4397
816326f22f7428dc6a89814e3aedcc4aeb3cabc8
a9d2c04ab6560116feb8cae8d037fd41b97d5b2a7dc51739481be0680dacfd25
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9D2C04AB6560116FEB8CAE8D037FD41B97D5B2A7DC51739481BE0680DACFD25"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2787
Expires: Wed, 05 Oct 2022 22:08:07 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 532d06f6240426cfe36425ad44fc4397
816326f22f7428dc6a89814e3aedcc4aeb3cabc8
a9d2c04ab6560116feb8cae8d037fd41b97d5b2a7dc51739481be0680dacfd25
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A9D2C04AB6560116FEB8CAE8D037FD41B97D5B2A7DC51739481BE0680DACFD25"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=2787
Expires: Wed, 05 Oct 2022 22:08:07 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
dood.so/e/eeyxdpnnlt5vylnu90ziykyc4zadvv2
190.115.31.133403 Forbidden 0 B URL HTTP/2 dood.so/e/eeyxdpnnlt5vylnu90ziykyc4zadvv2
IP 190.115.31.133:0
ASN #262254 DDOS-GUARD CORP.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
HEAD /e/eeyxdpnnlt5vylnu90ziykyc4zadvv2 HTTP/1.1
Host: dood.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/e/eeyxdpnnlt5vylnu90ziykyc4zadvv2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 403 Forbidden
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=VyerKISTdWrlShuNgOJ1; Domain=.dood.so; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:40 GMT
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: text/html
content-length: 159
X-Firefox-Spdy: h2
img.doodcdn.co/splash/3z1jp2gxudsorelo.jpg
104.26.7.74200 OK 101 kB URL HTTP/2 img.doodcdn.co/splash/3z1jp2gxudsorelo.jpg
IP 104.26.7.74:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1264x715, components 3\012- data
Size 101 kB (101343 bytes)
Hash ab2e7aa6ae50d8c96c2898c831ef8539
7e494a9b74613dc6beba3ed73faad9f408fb487d
d503d034eb0a7ed5bc899ceec10edde6fb8f1cbe620f4be394b7ec8c3f8e32bb
GET /splash/3z1jp2gxudsorelo.jpg HTTP/1.1
Host: img.doodcdn.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: image/jpeg
content-length: 101343
last-modified: Mon, 19 Sep 2022 16:58:11 GMT
etag: "63289fa3-18bdf"
expires: Wed, 19 Oct 2022 21:21:40 GMT
cache-control: max-age=1209600
access-control-allow-origin: *
cf-cache-status: MISS
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qt28cBHn3jCaLCOlMar8CehTtHS6LcVU3SkhxANVJAQfrlfGvIS0XpFREDhc%2FMfjsnqDNQ6vxh26Fg%2BGT10WgzUWXceMgndIkoRO9nEYCgm1pHlWihan60%2Bsd9Iw4XLX"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75593550d93eb4f1-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dood.so/pass_md5/55084018-91-90-1665004899-78fdab22bf26fdd7d9a3a64f4fadd148/ixs4w91tk9e5sxuwbai3duo6
190.115.31.133200 OK 87 kB URL HTTP/2 dood.so/pass_md5/55084018-91-90-1665004899-78fdab22bf26fdd7d9a3a64f4fadd148/ixs4w91tk9e5sxuwbai3duo6
IP 190.115.31.133:0
ASN #262254 DDOS-GUARD CORP.
File type ASCII text, with no line terminators
Hash bd1dd12542f27e3d7aaee0674f875b94
0e0ae10633a492e3c11dbf3c35cb5bc57f0ab193
bc2f283c8914287159c20ddffb33db9b57ada967a68f2abc058b9a78a8f6fdd0
GET /pass_md5/55084018-91-90-1665004899-78fdab22bf26fdd7d9a3a64f4fadd148/ixs4w91tk9e5sxuwbai3duo6 HTTP/1.1
Host: dood.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://dood.so/e/eeyxdpnnlt5vylnu90ziykyc4zadvv2
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
set-cookie: __ddg1_=eYs39YDzo5O9svHcxZZB; Domain=.dood.so; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:39 GMT
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/library/754674/570ca8097d9a9db31ab70383eda1e403e03abe19.webp
185.76.9.21200 OK 4.8 kB URL HTTP/2 s3t3d2y8.afcdn.net/library/754674/570ca8097d9a9db31ab70383eda1e403e03abe19.webp
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
File type RIFF (little-endian) data, Web/P image, VP8 encoding, 192x192, Scaling: [none]x[none], YUV color, decoders should clamp\012- data
Hash 7f54534886fbc952ca10c6da1997f289
570ca8097d9a9db31ab70383eda1e403e03abe19
4663c2398b5f6f99bde3c951fbb86d69d8c9fe0a791e7f8e4e2bb1584b155623
GET /library/754674/570ca8097d9a9db31ab70383eda1e403e03abe19.webp HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: image/webp
content-length: 4778
last-modified: Thu, 04 Nov 2021 11:55:22 GMT
etag: "6183ca2a-12aa"
expires: Fri, 15 Sep 2023 21:11:16 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-robots-tag: noindex, follow
x-cache-op: HIT
x-accel-expires: @1694813009
server: CDN77-Turbo
x-77-nzt: AblMCRT80+//k10aAA
x-77-nzt-ray: ObbawnnmAec
x-cache: HIT
x-age: 1727891
x-77-pop: stockholmSE
x-77-cache: HIT
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash e9c09486997e1eb5e15075217b7bf4af
86ab9cc7057a3c6b9f04953b238f513cf4f99824
b5fe162abb3e3b36ba084121fbf49442898952dffc05bcff28294e7dcda1ab6d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "B5FE162ABB3E3B36BA084121FBF49442898952DFFC05BCFF28294E7DCDA1AB6D"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5717
Expires: Wed, 05 Oct 2022 22:56:57 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA22PTU4DMQyFr8IFZmQ/O39dswYJxAFCJoENLSqbVvLhcaaiK/JkJbY/2S8gYGFaKDxwOoAPUqzwWmhVrBzUnp5fTNk+6vX7dD5+buPc+9pOX5aCxqQmAnIsJCUW06ReV2POFpA1F3UQCTlm42Bi5EIQZ+Yrkb29Pu7BLoVxwcXDk7nZQHuDLpMuceSYYuloVLeKOIYi1k0xempxovSPU7ppBeAmDH8FE1aB71z4nqj5Idvb9ed6bGZ3/KawD3BTqvOS7l/uPgU1NH4XyiyjaxK3GdzlL4eQeethAQAA
95.211.229.245200 OK 20 B URL HTTP/1.1 syndication.realsrv.com/cimp.php?t=api&data=H4sIAAAAAAAAA22PTU4DMQyFr8IFZmQ/O39dswYJxAFCJoENLSqbVvLhcaaiK/JkJbY/2S8gYGFaKDxwOoAPUqzwWmhVrBzUnp5fTNk+6vX7dD5+buPc+9pOX5aCxqQmAnIsJCUW06ReV2POFpA1F3UQCTlm42Bi5EIQZ+Yrkb29Pu7BLoVxwcXDk7nZQHuDLpMuceSYYuloVLeKOIYi1k0xempxovSPU7ppBeAmDH8FE1aB71z4nqj5Idvb9ed6bGZ3/KawD3BTqvOS7l/uPgU1NH4XyiyjaxK3GdzlL4eQeethAQAA
IP 95.211.229.245:0
ASN #60781 LeaseWeb Netherlands B.V.
Hash a4745abc5e7fdb89cc6df3069f3c6e69
74789f7ddbebd5b7323f6f8174005b4bf8c1f1ed
d1111b245f685176180e6f1631e6dc49badf6672368e9ce260c71355165effdf
GET /cimp.php?t=api&data=H4sIAAAAAAAAA22PTU4DMQyFr8IFZmQ/O39dswYJxAFCJoENLSqbVvLhcaaiK/JkJbY/2S8gYGFaKDxwOoAPUqzwWmhVrBzUnp5fTNk+6vX7dD5+buPc+9pOX5aCxqQmAnIsJCUW06ReV2POFpA1F3UQCTlm42Bi5EIQZ+Yrkb29Pu7BLoVxwcXDk7nZQHuDLpMuceSYYuloVLeKOIYi1k0xempxovSPU7ppBeAmDH8FE1aB71z4nqj5Idvb9ed6bGZ3/KawD3BTqvOS7l/uPgU1NH4XyiyjaxK3GdzlL4eQeethAQAA HTTP/1.1
Host: syndication.realsrv.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gaypornhdfree.com
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633df563248121.354682443423923439%22%3B%7D; impressions=oslmroemnxgxaacllaxbogeicxbmsbocnxgxaaclllesmgeioslmrxbrnxgxaacbmrobbgeicxbmsbxcnxgxaareecbllgeicxbmsbcenxgxaaclllercgeislsaroornxgxaacmobexrgeicxbmsboenxgxaareecbllgeimreaomxcnxgxaasaoabsrgeimreaobsonxgxaasaoabsrgeioslmrxbmnxgxaacllrobbgeimcclsoeenxgxaasamsoccgeimcclosconxgxaacobbxcxgeimrblelmonxgxaasamsoccgeimrblxembnxgxaasamsoccgeimrblxeecnxgxaasamsoccgeimrblxemcnxgxaasamsoccgeialbserecnxgxaacxeermsgeioslmrxlsnxgxaaclllercgeicaormbbonxgxaareecbllgeioslmrxlrnxgxaacmremaxgeimcclsxscnxgxaacsxbrblgeimrerbmbbnxgxaasmeceesgeialbsereanxgxaacsxbrblgeialbserebnxgxaasborcsogeiccmblmmcnxgxaaclllesmgeimrblelxcnxgxaasblsoxxgeimcclsxoanxgxaacmobexrgeimrblelmbnxgxaasblsoxxgeimcclossanxgxaacmobexrgeimcclselenxgxaasblsoxxgeimcclsoeonxgxaacllaxbogeimccloscenxgxaaslcsrobgeimcclsxacnxgxaaslcsrobgeicaormlebnxgxaacxeermsgeimcersxranxgxaacxeermsgeisaeeasslnxgxaacxeermsgeimcersxacnxgxaacxeermsgeimcersxrenxgxaacxeermsgeiccmblmmbnxgxaaclllesmgeiccmblmmanxgxaacbmcxxrgeislsarosxnxgxaacsremoegeiabeocmsbnxgxaacmobeeageimcclsxcanxgxaacmobexrgeimaecobxanxgxaacmobexrgeimcclsxsbnxgxaacmcrlolgeiccmblmmonxgxaaclllercgeialbserxonxgxaacmremaxgeimcclossbnxgxaacbmrobbgeimaelrlmanxgxaaclmelxogxcceimrsreaabnogxaaclmlsrrgxcceimrsreamcnogxaacllexergxcceimxlbmosanrgxaacllsxbxgxcceimrcaoaoanrgxaacllsxbxgxcceimxlbmoscnsgxaacllsxbxgxcceialxosmbanxgxaacllsxbxgxcceimxlbmoobnogxaacllsxbxgxcceimxxrecsanxgxaacllslcagxcceiaaxcabeonxgxaacllslcagxcceialrexeoonxgxaacllcxbsgxcceimrcaeesbnsgxaacllcaorgxcceixaoosscrnxgxaacllcaorgxcceixaoossalnxgxaacllcaorgxcceimeembecenxgxaacllcaorgxcceimeembesonxgxaacllcaorgxcceialrexexbnxgxaacllcmcrgxcceimcoaxmxonmgxaacllcmcrgxcceialaroxrcnxgxaacllcmcrgxcceialbbebsbnxgxaacllrobbgxcceimxlbmosenogxaacllrobbgxcceimxcbrxbenxgxaacllrobbgxcceimcssmlronsgxaacllrobbgxcceimxlbmosonogxaacllroblgxcceimclsaoxbncgxaacllrsccgxcceimcoaxmxcncgxaacllrsccgxcceimcssmlrcnsgxaacllrscrgxcceimsacexoonxgxaacllrscrgxcceimxeoxsacnrgxaacllrscrgxcceicaormlxbnxgxaareecbllgeimcrxeoocnxgxaacllrcoegxcceimcrxeoranxgxaacllrcoegxcceimcclsxobnxgxaacllaxbogeimcclsxbcnxgxaacllaxbogeimrblelxanxgxaacllaxbogeimaecsxccnxgxaacllaxbogeimaecsxcanxgxaacllaxbogeimrblxeeanxgxaacllaxbogeimcssmlrensgxaacllaoregxcceimrmbbrcbnxgxaacllaoregxcceimxlbmxlonxgxaacllascegxcceimxomorronxgxaacllascegxcceirrmlllronxgxaacllascegxcceialbbebsanxgxaacllascegxcceimxreaomcnxgxaacllaaeegxcceimclxlloanxgxaacllaaeegxcceimrcscosbnxgxaacllaaeegxcceimccoarcbnxgxaacllaaeegxcceiceecmorsnxgxaacllaaacgxcceimexexabbnxgxaacllaaargxcceimrxccoscnxgxaacllalbagxcceimrxccosonsgxaacllalbagxcceimrxccosenogxaacllalbagxcceimrxccosanogxaacllalbagxcceimxlbalscnxgxaacllmsaegxcceimemlxbocnxgxaacllmcccgxcceimeembeconxgxaacllmcccgxcceicxmecmcanxgxaacllmcccgxcceimeembescnxgxaacllbecxgxcceimrbxmxmanogxaacllbacxgxcceimrracorbnxgxaacllbblmgxcceimxeemleenxgxaacllbblmgxcceicmarxbbonagxaacllbblmgxcceimxcbrxscnxgxaaclllesmgxcceimxeoxsbenmgxaaclllercgxcceimxcbrxronxgxaaclllercgxcceialbbebrenxgxaaclllxomgxcceimxomsmconxgxaareexocrgxcceimcrxeobenxgxaareeocorgxcceimrcscrsanxgxaareeobslgxcceimcrxeocanxgxaareesebsgxcceimrmaobxanogxaareesxcrgxcceimrmaoboenogxaareesxcrgxcceimrmaobxbnxgxaareesxcrgxcceialcaercenxgxaareecssagxcceimrracoranxgxaareecssagxcceircleeobonxgxaareecrbsgxcceimrxccosbnxgxaareecrbsgxcceimocbmmmanxgxaareecbllgxcceimocbmmacnxgxaareecbllgxcceicaormbbcnxgxaareecbllge; c-tag=%7B%22tag-banner%22%3A%22v3%7C%7CNOR%7C4747562%7C46257884%7C92446%7C%7C118%7C41%7C3%7C15%7C0%7C0%7C0%7C25344%7C3143242%7C3143244%7C0%7C1%7C0%7C0%7C0%7C0%7C1%7C0%7C0%7C1%7C%7C96f86769e2c0ada26ff426ad42fe7c60%7C0%7Cgaypornhdfree.com%7C%7C%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7C0%7Cok%22%7D
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 21:21:40 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: https://gaypornhdfree.com
Access-Control-Allow-Credentials: true
Set-Cookie: __uvt=a%3A1%3A%7Bi%3A0%3Bs%3A33%3A%22633df563248121.354682443423923439%22%3B%7D; expires=Fri, 04 Oct 2024 21:21:40 GMT; path=; domain=.realsrv.com; Secure; SameSite=none
__upt=%7B%22v%22%3A1%2C%22id%22%3A%22633df563248121.354682443423923439%22%2C%22pcma%22%3A%22%22%2C%22acma%22%3A%22118.0199%22%7D; expires=Fri, 04 Oct 2024 21:21:40 GMT; path=/; domain=.realsrv.com; Secure; SameSite=none
X-Robots-Tag: noindex, follow
Content-Encoding: gzip
cagothie.net/tag.min.js
139.45.197.238200 OK 23 kB IP 139.45.197.238:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 475fe72306987212afa61d6ddd01043f
7b82b5387d0dc1279ced204b3f181af417e68ea1
f187e1acfd027b65659d5d3173e9c5a834ebe34a25f98e68c3d3bad3a9b44d2c
GET /tag.min.js HTTP/1.1
Host: cagothie.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: text/javascript; charset=utf-8
content-length: 22987
content-encoding: br
x-trace-id: 77d58303c8a808f46af1fee7bc61102c
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
accept-ranges: bytes
last-modified: Wed, 05 Oct 2022 15:41:16 GMT
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
expires: Tue, 11 Jan 1994 10:00:00 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10280
Expires: Thu, 06 Oct 2022 00:13:00 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10280
Expires: Thu, 06 Oct 2022 00:13:00 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10280
Expires: Thu, 06 Oct 2022 00:13:00 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10280
Expires: Thu, 06 Oct 2022 00:13:00 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
passedofferundertake.com/ed/b8/70/edb8703573695076feb99cb156693613.js
192.243.59.20200 OK 11 kB URL HTTP/1.1 passedofferundertake.com/ed/b8/70/edb8703573695076feb99cb156693613.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (32088), with no line terminators
Hash 773244d077d08ed1672a5322db708a1f
51a3cb023374967a71ebbcd458c509164295ccc4
45646d62006ef06b20432b7409c5e626f7dcac7de3d2eb544dcde293a1ef7e51
Analyzer Verdict Alert quad9 Sinkholed
GET /ed/b8/70/edb8703573695076feb99cb156693613.js HTTP/1.1
Host: passedofferundertake.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 05 Oct 2022 21:21:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: fbf2a9ed80a97deeced91c304c2c2d83
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 55331c1dc7e7ebbf456220986278469d
d69a62ee47b03fde68db666512417dda2ae5ad13
a09c835aa140c7b4220194e940f54de09ca3b7ea470feb7c4c5be574643086d5
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A09C835AA140C7B4220194E940F54DE09CA3B7EA470FEB7C4C5BE574643086D5"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=10280
Expires: Thu, 06 Oct 2022 00:13:00 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg
34.120.237.76200 OK 5.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 3257b782efae9b64e6e18a547866ec50
4daf0c001e86af8477fb097e8ca932edb8e5f981
899f9692e86405aa288d88dd285a6fe26bedab1a2ca4693212476063890b01a5
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F23595c4d-609a-48f3-a52f-e88e478d7653.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 5832
x-amzn-requestid: c4427edd-3d71-47d0-a2d3-b3bfed089535
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1FuUoAMFhBA=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-46ddff150da4141d23fc0d8a;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: iR82CJ6A06dpqy_nm6JrmjeUJT-uhI5rr0dr6ZnhrQQo9Jqxh10qRQ==
via: 1.1 2dc111aa3ead15d061e41a423155a53a.cloudfront.net (CloudFront), 1.1 82ea95080f526df99896343fb7269b06.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:43:43 GMT
age: 85077
etag: "4daf0c001e86af8477fb097e8ca932edb8e5f981"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg
34.120.237.76200 OK 3.6 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 5d7d7df8d4c440f9db445c3d99e818d6
612b6dbd4ba895c167964ff7e6d9263013b52b0a
bf527a814c78f9e010cce4ba593c9146d54a2137d1f147f7a6250fbad81956ac
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fbb178720-854c-4c9e-85c1-58cb5419ca69.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 3585
x-amzn-requestid: 43c510d4-d87c-4665-a132-d798b836d415
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaJbLHEOoAMFfxQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a55e0-614faff31425ff183b7ca4dd;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 03:24:16 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: d1LCc44Gj_0Je8adu7Iv3I9MwkaDPgWqlNHI96UAtZub22l210J65A==
via: 1.1 f13aef0c4b52f6f681401f232d03eb68.cloudfront.net (CloudFront), 1.1 09331f0822fc98eebaf04130a83dbd44.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:53:07 GMT
age: 59313
etag: "612b6dbd4ba895c167964ff7e6d9263013b52b0a"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 4fc2ddd86450d64d3fb659ab4e78be58
bbe71936b78a8c34d03ab87948dc840b35c6948f
84a760397a5912bd05f61bc8a953c13a88a677e2d17fbbf74bdf7d7ff4d3942f
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F1ca20164-9b52-49c5-9e63-1fc0ae719f45.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 10158
x-amzn-requestid: def1fc7e-8008-466f-9271-20fa1ab0fa5a
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZaqZCH7doAMFcPQ=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633a8aa0-7fd2fb1249366f2277d719d6;Sampled=0
x-amzn-remapped-date: Mon, 03 Oct 2022 07:09:20 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: aeOU8fGkf5uHuYZ79k17EzxiFnwm0_z7SeZJElgwECzRyhR2N_SYJA==
via: 1.1 00f0a41f749793b9dd653153037c957e.cloudfront.net (CloudFront), 1.1 b8c4a4ca04bb1976e020396d211bc8dc.cloudfront.net (CloudFront), 1.1 google
date: Wed, 05 Oct 2022 04:06:09 GMT
age: 62131
etag: "bbe71936b78a8c34d03ab87948dc840b35c6948f"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg
34.120.237.76200 OK 10 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg
IP 34.120.237.76:0
Hash 7c38bbf2a3db1a01e6df5b2eaa8da1ff
1cda8e54f8072018e60592c6baa5b2b1a052f767
5c327bc49fe3d2787fccd6be1788768dff71ef48180f5d84b60d95a8b92de495
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2Fe8857940-5ca2-44ba-8a66-f396a605d5b4.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 7021
x-amzn-requestid: 2e30bdac-360e-4d0a-8bb7-c3144e074abe
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8ucHb1oAMFjYw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7f5-18ba6bc50cb32b1e14c882bd;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:39:01 GMT
x-amz-cf-pop: HIO50-C1, SEA73-P1
x-cache: Miss from cloudfront
x-amz-cf-id: UPEhTwAYEIRy-Cnb0ITefEotLyg3rFe_NaGy92xwWe_7hrdo6UQLwQ==
via: 1.1 efe54e8b68e074d39b2ecd249f85100a.cloudfront.net (CloudFront), 1.1 cd64decb1403270c914848213601a674.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:56:53 GMT
age: 84287
etag: "6b5db8fbfb56f083d54b13e7660d0e4bc866aa00"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78bf691d-76e8-4176-884d-dbc06604dded.jpeg
34.120.237.76200 OK 8.8 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78bf691d-76e8-4176-884d-dbc06604dded.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 100559d746bedd7c3802661c875c35ee
5261a6c2ee6d6cc87e91ee82e32d8be234db393e
ff06f31267ddcc9a0d84ddc68932872bfed29d072783c3a1dd3790d41c280aec
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F78bf691d-76e8-4176-884d-dbc06604dded.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8816
x-amzn-requestid: b9f3ec8a-f478-4405-b275-e21f2d7d89d4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: ZKK7gFPJIAMF-7Q=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-6333f1e3-250348e6140f3c74762263ea;Sampled=0
x-amzn-remapped-date: Wed, 28 Sep 2022 07:04:03 GMT
x-amz-cf-pop: SEA73-P1
x-cache: Hit from cloudfront
x-amz-cf-id: 8f83Wv7OrO7NOd1y1LXjfphRmJjdwrkcAxrxUN4A4qSgsEzIQMq81g==
via: 1.1 7f5e0d3b9ea85d0d75063a66c0ebc840.cloudfront.net (CloudFront), 1.1 73cb83fe6699afc2791b5c690c1ff8c6.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 22:38:40 GMT
age: 81780
etag: "5261a6c2ee6d6cc87e91ee82e32d8be234db393e"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg
34.120.237.76200 OK 8.9 kB URL HTTP/2 img-getpocket.cdn.mozilla.net/296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg
IP 34.120.237.76:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 296x148, components 3\012- data
Hash 1de7c17a0ba9295135e7f8b490b6a8d3
70e8d1589f3daf71378965dd197934e220fb6aa4
ee559ce3166479e2b930be7d18525f5c2d164aed8ca005302ddaf3bfe37eec24
GET /296x148/filters:format(jpeg):quality(60):no_upscale():strip_exif()/https%3A%2F%2Fs3.amazonaws.com%2Fpocket-curatedcorpusapi-prod-images%2F5704624d-eb81-4a5b-bcb7-08db5681c677.jpeg HTTP/1.1
Host: img-getpocket.cdn.mozilla.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: null
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
content-length: 8926
x-amzn-requestid: 27fc8976-af8d-40a3-b701-0642fa135ec4
x-xss-protection: 1; mode=block
access-control-allow-origin: *
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-frame-options: DENY
content-security-policy: default-src 'none'; img-src 'self'; script-src 'self'; style-src 'self'; object-src 'none'
x-amz-apigw-id: Zf8s1GSbIAMFTiw=
x-content-type-options: nosniff
x-amzn-trace-id: Root=1-633ca7eb-4d4c7837576e0fdb5828fe3b;Sampled=0
x-amzn-remapped-date: Tue, 04 Oct 2022 21:38:51 GMT
x-amz-cf-pop: HIO50-C1, SEA19-C2
x-cache: Hit from cloudfront
x-amz-cf-id: YzVofPSJC-YVU1Q1V9AnjNeQTa1BQEh6ZiH2HjSeeX5RygysFP7oAA==
via: 1.1 9c60d6224ac0b44e908b5c9dcf70e9a4.cloudfront.net (CloudFront), 1.1 aef00f14752da9aa504d392fd46eff94.cloudfront.net (CloudFront), 1.1 google
date: Tue, 04 Oct 2022 21:43:25 GMT
age: 85095
etag: "70e8d1589f3daf71378965dd197934e220fb6aa4"
content-type: image/jpeg
cache-control: max-age=3600,public,public
alt-svc: clear
X-Firefox-Spdy: h2
passedofferundertake.com/f0/6f/53/f06f53688194268edaf23d2b44a59e27.js
192.243.59.20200 OK 20 kB URL HTTP/1.1 passedofferundertake.com/f0/6f/53/f06f53688194268edaf23d2b44a59e27.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (59377), with no line terminators
Hash 99bec11e69fe693bfd3e8d4b2cfe3ab5
93a6fab1ab66fc8691419cad2cbb9a8882031cbd
31dcfa347d007c452121b1062837b409a6c3345e031f97e83c9325f6da26fda6
Analyzer Verdict Alert quad9 Sinkholed
GET /f0/6f/53/f06f53688194268edaf23d2b44a59e27.js HTTP/1.1
Host: passedofferundertake.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 05 Oct 2022 21:21:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 240b7fdbde01451aeb016b32aebddceb
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
e1.o.lencr.org/
23.36.76.226200 OK 344 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 61e5079a0e6812f78348c7a622279320
5295836d509d9eaee1c31bd129d08b65d0860a89
ff528b3e3551facb4aaf40f7c4befd70da4e707d5aed4bc9b49ca7905791f14d
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 344
ETag: "FF528B3E3551FACB4AAF40F7C4BEFD70DA4E707D5AED4BC9B49CA7905791F14D"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4230
Expires: Wed, 05 Oct 2022 22:32:10 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
ocsp.sectigo.com/
172.64.155.188200 OK 281 B IP 172.64.155.188:0
Hash 657d92af47f407aa6cc3e08da2abea33
387486c88a9b8c8505cb10fd315b2364559cc9e5
e0a15447d4e6fafcdeb3044e55c341e65fe6fd7645da21c7a2d32b0492a51530
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 21:21:40 GMT
Content-Type: application/ocsp-response
Content-Length: 281
Connection: keep-alive
Last-Modified: Tue, 04 Oct 2022 01:05:14 GMT
Expires: Tue, 11 Oct 2022 01:05:13 GMT
Etag: "387486c88a9b8c8505cb10fd315b2364559cc9e5"
Cache-Control: max-age=444812,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb2
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 755935551a24b4e8-OSL
h4ahsm.cfeucdn.com/video_short.mp4
84.16.243.193206 Partial Content 3.1 kB URL HTTP/1.1 h4ahsm.cfeucdn.com/video_short.mp4
IP 84.16.243.193:0
ASN #28753 Leaseweb Deutschland GmbH
File type ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]\012- data
Hash 639ec085afd48ff720cb1716bb09c075
04789db6677b1e59ae5b2c8c3b565f7ad8bf5c52
7e3c990c8c3e6ad1a07710e7032c1ff22975d6322937e80b0446a07de1b227cb
GET /video_short.mp4 HTTP/1.1
Host: h4ahsm.cfeucdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5
Accept-Language: en-US,en;q=0.5
Range: bytes=0-
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: video
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 206 Partial Content
Date: Wed, 05 Oct 2022 21:21:39 GMT
Content-Type: video/mp4
Content-Length: 3078
Last-Modified: Sat, 03 Apr 2021 21:17:34 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "6068db6e-c06"
server: YouTube Frontend Proxy
Expires: Fri, 04 Nov 2022 21:21:39 GMT
Cache-Control: max-age=2592000
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Origin,Range
Access-Control-Expose-Headers: Content-Range,Content-Length,ETag
Content-Range: bytes 0-3077/3078
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0f7e30750f0d3782e0b4ac91b8805e7e
b4844a2cf79fde289419e93bf849e9dbfbdf3a04
68558dc1fecb241726ff5aba02ebce492cafd03b098c1be8ca28b826112aba06
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "68558DC1FECB241726FF5ABA02EBCE492CAFD03B098C1BE8CA28B826112ABA06"
Last-Modified: Tue, 04 Oct 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4755
Expires: Wed, 05 Oct 2022 22:40:55 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash b2f846c37619c646c6164f4293aa696a
7f57a0e1eb799abad4d8f7dba2e023100de527e3
3823148e60eda2c18f8b59150fc70e9eb8a6afbd59f0b590a020c4a4ab53a6fc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 21:21:40 GMT
Last-Modified: Wed, 05 Oct 2022 19:40:46 GMT
Server: ECS (nyb/1D11)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: aVR5YoIdg0SUJHhGmfAs7vveLP4tzBPYT8yvweUqT19vbZHXLMgpWw==
Age: 6054
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash b2f846c37619c646c6164f4293aa696a
7f57a0e1eb799abad4d8f7dba2e023100de527e3
3823148e60eda2c18f8b59150fc70e9eb8a6afbd59f0b590a020c4a4ab53a6fc
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: max-age=145120
Date: Wed, 05 Oct 2022 21:21:40 GMT
Etag: "633d7900-1d7"
Expires: Fri, 07 Oct 2022 13:40:20 GMT
Last-Modified: Wed, 05 Oct 2022 12:30:56 GMT
Server: ECS (bsa/EB16)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: BE4i6wNS7vtVA5T5fgAMeL34EXEZXOVo6VPJfNiZtrpFZrfg8g765g==
Age: 4164
simplewebanalysis.com/stats
52.28.21.152200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.21.152:0
File type ASCII text, with no line terminators
Hash f160f8cee3e7d904ac0b7c17f95b34f7
4e14848fd65b40abdefc1e0e7a6c6981a796be59
407ab2cd0302d98cd7e07af1527844caacb5bb74310250e1281bc1593251270a
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dood.so
access-control-allow-credentials: true
set-cookie: uid_id2=f3ac84f2-d7c7-472f-befc-36b71cff9781:2:1; expires=Sat, 02 Oct 2032 21:21:40 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 3ba4559bf5aeec3e613adc2f515238b5
dbe370e4722496695582835cc417d3cde20bcc72
056f5709d2b63ae99de4997e1d53d8b7754f22227b8813e229271e13f3f7466f
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "056F5709D2B63AE99DE4997E1D53D8B7754F22227B8813E229271E13F3F7466F"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4697
Expires: Wed, 05 Oct 2022 22:39:57 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
simplewebanalysis.com/stats
52.28.21.152200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.21.152:0
File type ASCII text, with no line terminators
Hash 042a2accf85efaaa384bfbde4006ebb8
0be50026dd436c607eb895ace586a2f98bb53314
dfdac6a9d58566fd32ee78afb2d326fba3e0a35f6db79ebbdb27970fa9acf55c
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dood.so
access-control-allow-credentials: true
set-cookie: uid_id2=a85b65dc-8258-475b-9f64-cf3c251f3864:1:1; expires=Sat, 02 Oct 2032 21:21:40 GMT; secure; SameSite=None
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 0a25532c4133886e22a425cacca9c027
41a1b476967aed6ac227717098cd8be3209b45b3
f50b860d2b3b4d59df90ad6b36c84639141ca9dd9530a74e07fd79fd9387f52e
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 21:21:40 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 06:25:20 GMT
Expires: Mon, 10 Oct 2022 06:25:19 GMT
Etag: "41a1b476967aed6ac227717098cd8be3209b45b3"
Cache-Control: max-age=377618,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 755935561b4bb4e8-OSL
q324op.dood.video/favicon.ico?i
152.228.250.225200 OK 15 kB URL HTTP/1.1 q324op.dood.video/favicon.ico?i
IP 152.228.250.225:0
File type MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel\012- data
Hash 30d3656f43c817e38c3e7d70b2bfbdad
1aa43b43755e7cba5e145d0978517f7bedad7da6
a558a4796f60f07743027eec96b538b2e7758cca8c544ed796ff745837478555
GET /favicon.ico?i HTTP/1.1
Host: q324op.dood.video
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 05 Oct 2022 21:21:40 GMT
Content-Type: image/vnd.microsoft.icon
Content-Length: 15406
Connection: keep-alive
Last-Modified: Sat, 29 Feb 2020 09:26:04 GMT
ETag: "3c2e-59fb38b06e300"
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
my.rtmark.net/gid.js?userId=8cf80dae776d4d1cb594ff7a78953d18
139.45.195.8200 OK 65 B URL HTTP/2 my.rtmark.net/gid.js?userId=8cf80dae776d4d1cb594ff7a78953d18
IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 4bdaee49c976b7ca38cf5e38985944f4
0580d1c99ccb2260dbe59fd595278395e2da6736
d93d3ef799d6948adde7b1c02f7fdabe06cd58227907fbba2d546ce333fa4b07
GET /gid.js?userId=8cf80dae776d4d1cb594ff7a78953d18 HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://dood.so
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=8cf80dae776d4d1cb594ff7a78953d18; expires=Thu, 05 Oct 2023 21:21:40 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
prawnsimply.com/pixel/purst?dl=0&th=0&sc=0&rs=1269&rd=1269&fd=897&bv=22.8.v.1&tmpl=70
173.233.137.36200 OK 0 B URL HTTP/1.1 prawnsimply.com/pixel/purst?dl=0&th=0&sc=0&rs=1269&rd=1269&fd=897&bv=22.8.v.1&tmpl=70
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=1269&rd=1269&fd=897&bv=22.8.v.1&tmpl=70 HTTP/1.1
Host: prawnsimply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 05 Oct 2022 21:21:40 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tovanillitechan.com/1?z=3203051
139.45.197.239200 OK 3.9 kB URL HTTP/2 tovanillitechan.com/1?z=3203051
IP 139.45.197.239:0
Hash c8bb791f466a750ba117e6d271586a3f
49ceb8ff8b9a0077df5d3c7163a9569f99e912bf
7f1873e141f879db8bd157b8311ee1ac6f0a4b212409ecf1c21362c13e788dfd
Analyzer Verdict Alert quad9 Sinkholed
GET /1?z=3203051 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 9cd0749641dd41ef9b4e7763fbeb6b09
access-control-expose-headers: X-Sc
x-sc: 9V1h5VGfrmf5Ktr2ZdwKwS-Ej5bw4FtWPszi37hK68eERd2ckKBYp2j8XYFLYONCFJeLvBSqIFde3yWghqSCCP1QRc8=
set-cookie: scm=1; expires=Thu, 05 Oct 2023 21:21:40 GMT; secure; SameSite=None
OAID=1892729f2daf4a7ea0ad8c66b57c5aa3; expires=Thu, 05 Oct 2023 21:21:40 GMT; secure; SameSite=None
oaidts=1665004900; expires=Thu, 05 Oct 2023 21:21:40 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b10b0568e754d017c843441d3f0ad59a
ed3aaa9a2669091353a5a2c6363a9e878c41a9c7
7db1a695ee3348c6196fc7529633f272963294b20d39a1ee46b2c3775aabb048
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "7DB1A695EE3348C6196FC7529633F272963294B20D39A1EE46B2C3775AABB048"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5371
Expires: Wed, 05 Oct 2022 22:51:11 GMT
Date: Wed, 05 Oct 2022 21:21:40 GMT
Connection: keep-alive
6.adsco.re/
104.17.166.186200 OK 0 B IP 104.17.166.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET / HTTP/1.1
Host: 6.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: text/plain;charset=UTF-8
content-length: 0
access-control-allow-origin: https://dood.so
cache-control: private, max-age=10
access-control-allow-headers: Content-Type
access-control-allow-methods: GET, HEAD, OPTIONS
access-control-max-age: 2592000
vary: Accept-Encoding
server: cloudflare
cf-ray: 755935572c7eb4f3-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.globalsign.com/gseccovsslca2018
104.18.20.226200 OK 939 B URL HTTP/1.1 ocsp.globalsign.com/gseccovsslca2018
IP 104.18.20.226:0
Hash 943b2451050a3c9d2f44a397df27ec05
db6207c04e1a06d9cc540188d2e784d8fc6aa62b
fe5ebe52d92c6d5e9f653ba5f6aa9399c78c0de63d8888779c418305661ad07e
POST /gseccovsslca2018 HTTP/1.1
Host: ocsp.globalsign.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 79
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 21:21:40 GMT
Content-Type: application/ocsp-response
Content-Length: 939
Connection: keep-alive
Expires: Sun, 09 Oct 2022 19:22:31 GMT
ETag: "db6207c04e1a06d9cc540188d2e784d8fc6aa62b"
Last-Modified: Wed, 05 Oct 2022 19:22:32 GMT
Cache-Control: public, no-transform, must-revalidate, s-maxage=3600
CF-Cache-Status: HIT
Age: 1478
Accept-Ranges: bytes
Vary: Accept-Encoding
Server: cloudflare
CF-RAY: 7559355739b90b59-OSL
4.adsco.re/
162.252.214.5200 OK 62 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash adde5febc7b5b6c2c759ec735cce83a0
77ec17be8a9970ff04663294d41c590d0d24fde4
ce2b9f2e5005195de7add565505005be6f2ef0d37521771e15106d1e1b9260ff
GET / HTTP/1.1
Host: 4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 21:21:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Methods: GET, HEAD, OPTIONS
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Origin: https://dood.so
Access-Control-Max-Age: 2592000
Cache-Control: private, max-age=5
Content-Encoding: gzip
mc.yandex.ru/metrika/tag.js
87.250.251.119200 OK 72 kB URL HTTP/2 mc.yandex.ru/metrika/tag.js
IP 87.250.251.119:0
File type Unicode text, UTF-8 (with BOM) text, with very long lines (593)
Hash 7a68c8644032413981e4ba5bc0d66c4a
2d46ca8055e8577ae7138140e34a6e633434973c
e0573e9a9cbfc3f00a921fa64c50270f5941a1ebb253ab70af2cc0dac45cb0d5
GET /metrika/tag.js HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-length: 72341
date: Wed, 05 Oct 2022 21:21:41 GMT
access-control-allow-origin: *
etag: "633be002-11a95"
expires: Wed, 05 Oct 2022 22:21:41 GMT
last-modified: Tue, 04 Oct 2022 10:25:54 GMT
cache-control: max-age=3600
content-encoding: br
content-type: application/javascript
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
192.243.59.20200 OK 11 kB URL HTTP/1.1 alleviatepracticableaddicted.com/a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js
IP 192.243.59.20:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with very long lines (32120), with no line terminators
Hash a31dc11ab35b29235c67775a4936db87
8f6836f06a0be31330bdcaef325002e3a7ec19d0
75d1835824221488a4705fe82edc0bc459c1d28bdb85cb487b32ecdb953c49d0
Analyzer Verdict Alert quad9 Sinkholed
GET /a6/b0/b8/a6b0b8925d9b3a4154c035c24b4ed97e.js HTTP/1.1
Host: alleviatepracticableaddicted.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.9
Date: Wed, 05 Oct 2022 21:21:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 7252ae3772bd6010dc115226d1720249
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 0ca8a19b67c1e138d69c55f0e3a496ca
b7b476e425aadcfce607936d3d33558553ee203a
5166a734da8356a1295d45a38b27401ad091adb26b2c4f16ee2f3e9326a5cfd2
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "5166A734DA8356A1295D45A38B27401AD091ADB26B2C4F16EE2F3E9326A5CFD2"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=16936
Expires: Thu, 06 Oct 2022 02:03:57 GMT
Date: Wed, 05 Oct 2022 21:21:41 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash b9b05017ee3b1d5777e43b8ff38ce8a6
f5c8c4e975bf7eb7717d9a1bdb9e13ccb75c13e0
42859ad12d0da7f2ce87649a8ce65867cbb307470570e9f375ec7a1fe69ade52
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "42859AD12D0DA7F2CE87649A8CE65867CBB307470570E9F375EC7A1FE69ADE52"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1853
Expires: Wed, 05 Oct 2022 21:52:34 GMT
Date: Wed, 05 Oct 2022 21:21:41 GMT
Connection: keep-alive
tovanillitechan.com/42/38?z=3203051
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/42/38?z=3203051
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /42/38?z=3203051 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Cookie: scm=1; OAID=1892729f2daf4a7ea0ad8c66b57c5aa3; oaidts=1665004900
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:41 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: f17de45606060a1a2a3d596ee1d863e0
access-control-expose-headers: X-Sc
set-cookie: OAID=1892729f2daf4a7ea0ad8c66b57c5aa3; expires=Thu, 05 Oct 2023 21:21:41 GMT; secure; SameSite=None
oaidts=1665004900; expires=Thu, 05 Oct 2023 21:21:41 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 7bb6ac20f893e7d9660d472aff46ab81
8d40162a3bfda14eac9a717db86a40b598c551cd
3c377861ee40ea7b3aa43b03867f9abb11746e9fe1cacd37039899a717eb4695
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "3C377861EE40EA7B3AA43B03867F9ABB11746E9FE1CACD37039899A717EB4695"
Last-Modified: Tue, 04 Oct 2022 11:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5662
Expires: Wed, 05 Oct 2022 22:56:03 GMT
Date: Wed, 05 Oct 2022 21:21:41 GMT
Connection: keep-alive
c12n8tsd26cg.n4.adsco.re/
38.132.109.186200 OK 0 B URL HTTP/1.1 c12n8tsd26cg.n4.adsco.re/
IP 38.132.109.186:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: c12n8tsd26cg.n4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 21:21:41 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:32:42 GMT
Connection: close
ETag: "5b5f2f9a-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
upgulpinon.com/1?z=5030496
139.45.197.242200 OK 3.6 kB URL HTTP/2 upgulpinon.com/1?z=5030496
IP 139.45.197.242:0
Hash d322431f917ab74eb7fa3825b8a82388
3f8c09ea711bcd738a29ad701fcb4b90beb67e98
288f644853c103baf27953d7c4ea3c2c1627ed941996f1db75d2bcc5d6413a1e
Analyzer Verdict Alert fortinet Malware
GET /1?z=5030496 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:41 GMT
content-type: text/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: c95df26e8614f0e13de49da590281c08
access-control-expose-headers: X-Sc
x-sc: S-Vs8i-nhRhol5saED7M1vl4X6QIIYO10uoo7ROpbrr-_7oOrC_e-jmhT4WFGb5W1NcaBruwJKEbOlyEduqtPJXwKg8=
set-cookie: scm=1; expires=Thu, 05 Oct 2023 21:21:41 GMT; secure; SameSite=None
OAID=ec66a3f64df64c73856bfcc6e0248db0; expires=Thu, 05 Oct 2023 21:21:41 GMT; secure; SameSite=None
oaidts=1665004901; expires=Thu, 05 Oct 2023 21:21:41 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
banquetunarmedgrater.com/advertisers.js
173.233.137.60200 OK 0 B URL HTTP/1.1 banquetunarmedgrater.com/advertisers.js
IP 173.233.137.60:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /advertisers.js HTTP/1.1
Host: banquetunarmedgrater.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 05 Oct 2022 21:21:41 GMT
Content-Type: application/javascript
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f84326427ddb20029a2b3d06d797118f
Strict-Transport-Security: max-age=0; includeSubdomains
upgulpinon.com/42/38?z=5030496
139.45.197.242200 OK 0 B URL HTTP/2 upgulpinon.com/42/38?z=5030496
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /42/38?z=5030496 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Cookie: scm=1; OAID=ec66a3f64df64c73856bfcc6e0248db0; oaidts=1665004901
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:41 GMT
content-length: 0
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: 3e61ca19912f8a6ef9b91b2f18d0a409
access-control-expose-headers: X-Sc
set-cookie: OAID=ec66a3f64df64c73856bfcc6e0248db0; expires=Thu, 05 Oct 2023 21:21:41 GMT; secure; SameSite=None
oaidts=1665004901; expires=Thu, 05 Oct 2023 21:21:41 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
mc.yandex.ru/watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fplayer%2Fembed_player.php%3Fvid%3D259229259205265273269254264234225276194271217271255%26autoplay%3Dnone%26hash_from%3Dafd56fe43c75ac2d9c7decc24819fcb6&page-ref=https%3A%2F%2Fgaypornhdfree.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A801%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A101198472998%3Ahid%3A128805785%3Az%3A0%3Ai%3A20221005212141%3Aet%3A1665004901%3Arn%3A945097440%3Arqn%3A1%3Au%3A1665004901354468012%3Aw%3A734x413%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C2%2C0%2C%2C671%2C1%2C%2C%2C%2C1041%3Ans%3A1665004899449%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665004901%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
87.250.251.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fplayer%2Fembed_player.php%3Fvid%3D259229259205265273269254264234225276194271217271255%26autoplay%3Dnone%26hash_from%3Dafd56fe43c75ac2d9c7decc24819fcb6&page-ref=https%3A%2F%2Fgaypornhdfree.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A801%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A101198472998%3Ahid%3A128805785%3Az%3A0%3Ai%3A20221005212141%3Aet%3A1665004901%3Arn%3A945097440%3Arqn%3A1%3Au%3A1665004901354468012%3Aw%3A734x413%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C2%2C0%2C%2C671%2C1%2C%2C%2C%2C1041%3Ans%3A1665004899449%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665004901%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 87.250.251.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash b52c83449fb505b34c55cb4d1b2b6d3c
92826b17fedef42223025b47248b39d06c59de9a
278018517ac378b481e580c55f050f60cddf3d9caccbdbe5fcd7b6d9e6dbe715
GET /watch/48329336?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fplayer%2Fembed_player.php%3Fvid%3D259229259205265273269254264234225276194271217271255%26autoplay%3Dnone%26hash_from%3Dafd56fe43c75ac2d9c7decc24819fcb6&page-ref=https%3A%2F%2Fgaypornhdfree.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A801%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A101198472998%3Ahid%3A128805785%3Az%3A0%3Ai%3A20221005212141%3Aet%3A1665004901%3Arn%3A945097440%3Arqn%3A1%3Au%3A1665004901354468012%3Aw%3A734x413%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C2%2C0%2C%2C671%2C1%2C%2C%2C%2C1041%3Ans%3A1665004899449%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665004901%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/48329336/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fplayer%2Fembed_player.php%3Fvid%3D259229259205265273269254264234225276194271217271255%26autoplay%3Dnone%26hash_from%3Dafd56fe43c75ac2d9c7decc24819fcb6&page-ref=https%3A%2F%2Fgaypornhdfree.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A801%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A101198472998%3Ahid%3A128805785%3Az%3A0%3Ai%3A20221005212141%3Aet%3A1665004901%3Arn%3A945097440%3Arqn%3A1%3Au%3A1665004901354468012%3Aw%3A734x413%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C2%2C0%2C%2C671%2C1%2C%2C%2C%2C1041%3Ans%3A1665004899449%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665004901%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Wed, 05 Oct 2022 21:21:41 GMT
access-control-allow-origin: https://hqq.to
set-cookie: yandexuid=2385243141665004901; Expires=Thu, 05-Oct-2023 21:21:41 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=2385243141665004901; Expires=Thu, 05-Oct-2023 21:21:41 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=1499945981665004901; Path=/; SameSite=None; Secure
i=VGX89kFRLJNimM2hkChXomVfbGG67fqUH3xTDHQuA1e8uXyb/8jnByiGVjrAkO1/fQtdOp9h5apfB4eqSAK6z9DNMl0=; Expires=Sat, 02-Oct-2032 21:21:35 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696540901.yrts.1665004901#1696540901.yrtsi.1665004901; Expires=Thu, 05-Oct-2023 21:21:41 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 05-Oct-2022 21:21:41 GMT
last-modified: Wed, 05-Oct-2022 21:21:41 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
adsco.re/p
162.252.214.5200 OK 171 B IP 162.252.214.5:0
File type ASCII text, with no line terminators
Hash 58c35d71edf45e0e7aa39d6ff43e2d66
453df5adcd5b538b6097ab305ad0130d23dc1333
ab07d2d2fda1d33160ff227ba325cac41361ab306bb6403016e797c848a6d5dc
POST /p HTTP/1.1
Host: adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 1354
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 21:21:41 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
AS-P-1: OK lon123
AS-P-2: OK
AS-P-3: OK
Access-Control-Max-Age: 2592000
Cache-Control: no-transform
Access-Control-Allow-Origin: https://dood.so
Access-Control-Allow-Credentials: true
Content-Encoding: gzip
tovanillitechan.com/9?z=3203051&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&wy=0&wx=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=4&sah=1002&drf=https%3A%2F%2Fgaypornhdfree.com%2F&hil=1&ist=0&oaid=8cf80dae776d4d1cb594ff7a78953d18
139.45.197.239204 No Content 0 B URL HTTP/2 tovanillitechan.com/9?z=3203051&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&wy=0&wx=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=4&sah=1002&drf=https%3A%2F%2Fgaypornhdfree.com%2F&hil=1&ist=0&oaid=8cf80dae776d4d1cb594ff7a78953d18
IP 139.45.197.239:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /9?z=3203051&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&wy=0&wx=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=4&sah=1002&drf=https%3A%2F%2Fgaypornhdfree.com%2F&hil=1&ist=0&oaid=8cf80dae776d4d1cb594ff7a78953d18 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dood.so/
Origin: https://dood.so
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 05 Oct 2022 21:21:41 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://dood.so
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 1fb3b6eda62a0c340a025908a3439a2d
1911115b4cf3fc74dcd1d183685a01f0d977fc3f
65eb0f861de76368c59652dfa4e6a471a0cbe8c4b78bda278165bd941a3b596c
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "65EB0F861DE76368C59652DFA4E6A471A0CBE8C4B78BDA278165BD941A3B596C"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4153
Expires: Wed, 05 Oct 2022 22:30:54 GMT
Date: Wed, 05 Oct 2022 21:21:41 GMT
Connection: keep-alive
mc.yandex.ru/metrika/advert.gif
87.250.251.119200 OK 43 B URL HTTP/2 mc.yandex.ru/metrika/advert.gif
IP 87.250.251.119:0
File type GIF image data, version 89a, 1 x 1\012- data
Hash df3e567d6f16d040326c7a0ea29a4f41
ea7df583983133b62712b5e73bffbcd45cc53736
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
GET /metrika/advert.gif HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
content-length: 43
date: Wed, 05 Oct 2022 21:21:41 GMT
access-control-allow-origin: *
etag: "633be002-2b"
expires: Wed, 05 Oct 2022 22:21:41 GMT
accept-ranges: bytes
last-modified: Tue, 04 Oct 2022 10:25:54 GMT
cache-control: max-age=3600
content-type: image/gif
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash 46a6aef7fb6315e55a967540e76c0f4f
cf998c504c275980c63c2f1eafe55d3d515d9adc
225f90e84c0c598c7416b187986db857737c583865279c73715edd05e31a6384
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "225F90E84C0C598C7416B187986DB857737C583865279C73715EDD05E31A6384"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6020
Expires: Wed, 05 Oct 2022 23:02:01 GMT
Date: Wed, 05 Oct 2022 21:21:41 GMT
Connection: keep-alive
simplewebanalysis.com/stats
52.28.21.152200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.21.152:0
File type ASCII text, with no line terminators
Hash 042a2accf85efaaa384bfbde4006ebb8
0be50026dd436c607eb895ace586a2f98bb53314
dfdac6a9d58566fd32ee78afb2d326fba3e0a35f6db79ebbdb27970fa9acf55c
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Cookie: uid_id2=a85b65dc-8258-475b-9f64-cf3c251f3864:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:41 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dood.so
access-control-allow-credentials: true
X-Firefox-Spdy: h2
simplewebanalysis.com/stats
52.28.21.152200 OK 40 B URL HTTP/2 simplewebanalysis.com/stats
IP 52.28.21.152:0
File type ASCII text, with no line terminators
Hash 042a2accf85efaaa384bfbde4006ebb8
0be50026dd436c607eb895ace586a2f98bb53314
dfdac6a9d58566fd32ee78afb2d326fba3e0a35f6db79ebbdb27970fa9acf55c
GET /stats HTTP/1.1
Host: simplewebanalysis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Cookie: uid_id2=a85b65dc-8258-475b-9f64-cf3c251f3864:1:1
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:41 GMT
content-type: text/html; charset=UTF-8
content-length: 40
server: fasthttp
access-control-allow-origin: https://dood.so
access-control-allow-credentials: true
X-Firefox-Spdy: h2
upgulpinon.com/9?z=5030496&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&wy=0&wx=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=3&sah=1002&drf=https%3A%2F%2Fgaypornhdfree.com%2F&hil=1&ist=0&oaid=8cf80dae776d4d1cb594ff7a78953d18
139.45.197.242204 No Content 0 B URL HTTP/2 upgulpinon.com/9?z=5030496&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&wy=0&wx=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=3&sah=1002&drf=https%3A%2F%2Fgaypornhdfree.com%2F&hil=1&ist=0&oaid=8cf80dae776d4d1cb594ff7a78953d18
IP 139.45.197.242:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /9?z=5030496&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&wy=0&wx=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=3&sah=1002&drf=https%3A%2F%2Fgaypornhdfree.com%2F&hil=1&ist=0&oaid=8cf80dae776d4d1cb594ff7a78953d18 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dood.so/
Origin: https://dood.so
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 05 Oct 2022 21:21:41 GMT
access-control-allow-credentials: true
access-control-allow-origin: https://dood.so
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
X-Firefox-Spdy: h2
upgulpinon.com/9?z=5030496&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&wy=0&wx=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=3&sah=1002&drf=https%3A%2F%2Fgaypornhdfree.com%2F&hil=1&ist=0&oaid=8cf80dae776d4d1cb594ff7a78953d18
139.45.197.242200 OK 2.4 kB URL HTTP/2 upgulpinon.com/9?z=5030496&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&wy=0&wx=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=3&sah=1002&drf=https%3A%2F%2Fgaypornhdfree.com%2F&hil=1&ist=0&oaid=8cf80dae776d4d1cb594ff7a78953d18
IP 139.45.197.242:0
File type JSON data\012- , ASCII text, with very long lines (6189), with no line terminators
Hash 6e7df982dded4b64dfa8f1863c403b83
6e5c330c37d34aef5941320138dbc03d7fd69252
082dd0c25b11734944cf7306078fbbae96b8f19e7f98f8e37f6105650aac20d0
POST /9?z=5030496&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&wy=0&wx=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=3&sah=1002&drf=https%3A%2F%2Fgaypornhdfree.com%2F&hil=1&ist=0&oaid=8cf80dae776d4d1cb594ff7a78953d18 HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 85
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Cookie: scm=1; OAID=ec66a3f64df64c73856bfcc6e0248db0; oaidts=1665004901
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:41 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://dood.so
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: bc8df9bd175735a8fd9eb4841ca02a9a
access-control-expose-headers: X-Sc
set-cookie: OAID=8cf80dae776d4d1cb594ff7a78953d18; expires=Thu, 05 Oct 2023 21:21:41 GMT; secure; SameSite=None
oaidts=1665004901; expires=Thu, 05 Oct 2023 21:21:41 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
upgulpinon.com/27/450b06a884c3c0c41762684f20f35afe
139.45.197.242200 OK 124 kB URL HTTP/2 upgulpinon.com/27/450b06a884c3c0c41762684f20f35afe
IP 139.45.197.242:0
Size 124 kB (123742 bytes)
Hash 056fcf68f1dcb2324d746ecbfa4eded8
326e87bbf990f54d16aad101915670e6e1bb6b67
d4cf620c0c7bd32929ff81d274f6d0dc6e40d114bba68a1de616616cb07783fe
Analyzer Verdict Alert fortinet Malware
GET /27/450b06a884c3c0c41762684f20f35afe HTTP/1.1
Host: upgulpinon.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Cookie: scm=1; OAID=ec66a3f64df64c73856bfcc6e0248db0; oaidts=1665004901
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:41 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Wed, 05 Oct 2022 03:09:39 GMT
expires: Wed, 04 Nov 2082 03:09:39 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
content-encoding: gzip
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c43e2d1ee473c67bb44c16703c3df83a
86a07329d73728dc638ad18ca66058dc45f5dca3
9cff5dcd6fa98eec71b95656771419f21b0966acc6d5fbf53c9f0bb575286259
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "9CFF5DCD6FA98EEC71B95656771419F21B0966ACC6D5FBF53C9F0BB575286259"
Last-Modified: Tue, 04 Oct 2022 01:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8130
Expires: Wed, 05 Oct 2022 23:37:11 GMT
Date: Wed, 05 Oct 2022 21:21:41 GMT
Connection: keep-alive
dictatepantry.com/sbar.json?key=edb8703573695076feb99cb156693613
173.233.137.60200 OK 3.9 kB URL HTTP/1.1 dictatepantry.com/sbar.json?key=edb8703573695076feb99cb156693613
IP 173.233.137.60:0
File type JSON data\012- , ASCII text, with very long lines (5547), with no line terminators
Hash 54ecf45a4c658d64afa8b816b0e88f20
f5418ab2237c7a9045d7d7226297003ef5f4424e
000d145d3c0129671e95426030575b97a565e255bd6c06eb95aa2c85787d562f
Analyzer Verdict Alert quad9 Sinkholed
GET /sbar.json?key=edb8703573695076feb99cb156693613 HTTP/1.1
Host: dictatepantry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 05 Oct 2022 21:21:41 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Custom-Referer: https://dood.so
Access-Control-Allow-Origin: https://dood.so
Access-Control-Allow-Credentials: true
Set-Cookie: u_pl=15754608; expires=Thu, 06 Oct 2022 21:21:41 GMT; secure; SameSite=None
pdhtkv=true; expires=Thu, 06 Oct 2022 21:21:41 GMT; secure; SameSite=None
uncs=1; expires=Thu, 06 Oct 2022 21:21:41 GMT; secure; SameSite=None
pdhtkv29=true; expires=Thu, 06 Oct 2022 21:21:41 GMT; secure; SameSite=None
uncs29=1; expires=Thu, 06 Oct 2022 21:21:41 GMT; secure; SameSite=None
slecedb8703573695076feb99cb156693613=[3396716]; expires=Wed, 05 Oct 2022 21:21:46 GMT; secure; SameSite=None
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ecd4019cf15b1acebe4e602623f383f9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
prawnsimply.com/pixel/pure
173.233.137.36204 No Content 0 B URL HTTP/1.1 prawnsimply.com/pixel/pure
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: prawnsimply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dood.so/
Origin: https://dood.so
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.19.5
Date: Wed, 05 Oct 2022 21:21:41 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
prawnsimply.com/pixel/pure
173.233.137.36204 No Content 0 B URL HTTP/1.1 prawnsimply.com/pixel/pure
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
OPTIONS /pixel/pure HTTP/1.1
Host: prawnsimply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Referer: https://dood.so/
Origin: https://dood.so
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 204 No Content
Server: nginx/1.19.5
Date: Wed, 05 Oct 2022 21:21:41 GMT
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Allow-Credentials: true
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Content-Length: 0
zap.buzz/vqlWwD8
104.21.53.136302 Found 754 B IP 104.21.53.136:0
Hash 95046bfdad55644358587c0e4063ac19
cdcfc50d0341144ba2c95840fb9c2cd92a915eec
46548f2d4824d0d68ef96f5f39bd11b7328314588d484cda3b400c55b42fb4ba
GET /vqlWwD8 HTTP/1.1
Host: zap.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 05 Oct 2022 21:21:41 GMT
content-type: text/html; charset=utf-8
location: https://q.xmlrtb.com/r?fid=k2mHN2AHw88
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.Yz31ZQ.ibkDv-YlxvXB5FitGrhfM81RRzA; Expires=Wed, 05 Oct 2022 21:51:41 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qYtVhQuUKfka%2FtzR9%2FZUqxgo%2FomBHR6rNdv9VqAgJTzUaF5KfL%2FP53V9rJz%2FnbVTa4LLQRtXbEUk1Ltrfx9I9UnPT1xu7Mlt6Rqw1LY%2FhqHKO6qiI%2BKA3Wf%2FrQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559355b0f911bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash 227b8ba491a969bb395ffb89f18c9967
a01b448bdf8efbd05bb8e317152408e6d0354744
1bbd0d90e1db599d6e9e561b291504560d48c7104f92ca5e4de893bb6ea6f72f
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 21:21:41 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Mon, 03 Oct 2022 00:52:19 GMT
Expires: Mon, 10 Oct 2022 00:52:18 GMT
Etag: "a01b448bdf8efbd05bb8e317152408e6d0354744"
Cache-Control: max-age=357636,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb3
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7559355d1bdefac0-OSL
prawnsimply.com/pixel/pure
173.233.137.36200 OK 0 B URL HTTP/1.1 prawnsimply.com/pixel/pure
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: prawnsimply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 72
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 05 Oct 2022 21:21:41 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
dozubatan.com/500/4245378?excludes=&oaid=8cf80dae776d4d1cb594ff7a78953d18&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=2&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&drf=https%3A%2F%2Fgaypornhdfree.com%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4245378?excludes=&oaid=8cf80dae776d4d1cb594ff7a78953d18&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=2&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&drf=https%3A%2F%2Fgaypornhdfree.com%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false
IP 139.45.197.237:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
OPTIONS /500/4245378?excludes=&oaid=8cf80dae776d4d1cb594ff7a78953d18&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=2&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&drf=https%3A%2F%2Fgaypornhdfree.com%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type
Referer: https://dood.so/
Origin: https://dood.so
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:42 GMT
content-length: 0
allow: GET, OPTIONS
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
access-control-allow-origin: https://dood.so
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-allow-credentials: true
access-control-max-age: 600
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
X-Firefox-Spdy: h2
prawnsimply.com/pixel/pure
173.233.137.36200 OK 0 B URL HTTP/1.1 prawnsimply.com/pixel/pure
IP 173.233.137.36:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /pixel/pure HTTP/1.1
Host: prawnsimply.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 72
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 05 Oct 2022 21:21:41 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
139.45.195.254200 OK 12 B URL HTTP/1.1 fleraprt.com/log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f
IP 139.45.195.254:0
File type JSON data\012- , ASCII text, with no line terminators
Hash adb4650bfc9d2a73d4dd69583b0ceb14
1ce399d6e936232aaf2192cd7903a279c5015f22
21c1f682de27109caabcca9016511974defcec217c0441fd3f1b50ecdf8247ed
Analyzer Verdict Alert quad9 Sinkholed
POST /log/add?cid=1db9169f-90f4-4b2d-b517-bc47aab19c1f HTTP/1.1
Host: fleraprt.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dood.so/
Content-Type: text/plain;charset=UTF-8
Origin: https://dood.so
Content-Length: 1561
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.10
Date: Wed, 05 Oct 2022 21:22:04 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 12
Connection: keep-alive
Access-Control-Allow-Origin: https://dood.so
Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, X-Forwarded-For, If-None-Match
Access-Control-Allow-Credentials: true
ocsp.sectigo.com/
172.64.155.188200 OK 472 B IP 172.64.155.188:0
Hash ebe1325e2882e526f65529210fe4815b
2771ff8b78fb0a0a619c4a7ca4686df27bee58c7
847d6a022aa34aa2519975c725ea4b77690cfd07d9a41f900792ad69ba346939
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 84
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 21:21:42 GMT
Content-Type: application/ocsp-response
Content-Length: 472
Connection: keep-alive
Last-Modified: Tue, 04 Oct 2022 13:50:03 GMT
Expires: Tue, 11 Oct 2022 13:50:02 GMT
Etag: "2771ff8b78fb0a0a619c4a7ca4686df27bee58c7"
Cache-Control: max-age=490699,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 7559355cabb3b4e8-OSL
blockadsnot.com/EpmJcZ.html?_=BAYAYz31ZQFjPfVlgAGBAsAAIPwftY37JELRiJIIZuL56UvIj_JXWGPPtr41rJK-W-Z4wQBIMEYCIQCmfBqfTftmNBjub5XAZnR9YBe3cbDOxzwfKU9TgJNJjgIhALhgUjOH4U2IJRBZKJ2qRcwlYyO437casZLGGgc6e1X8&v=4&UHCXuxSJ=4091021&lZGyjoiO=&tAiSKvcE=0,0&hOrZHxPF=&doUZSIya=https%3A%2F%2Fgaypornhdfree.com%2F&s=1280,1024,1,1280,1024,1
208.95.112.254200 OK 833 B URL HTTP/2 blockadsnot.com/EpmJcZ.html?_=BAYAYz31ZQFjPfVlgAGBAsAAIPwftY37JELRiJIIZuL56UvIj_JXWGPPtr41rJK-W-Z4wQBIMEYCIQCmfBqfTftmNBjub5XAZnR9YBe3cbDOxzwfKU9TgJNJjgIhALhgUjOH4U2IJRBZKJ2qRcwlYyO437casZLGGgc6e1X8&v=4&UHCXuxSJ=4091021&lZGyjoiO=&tAiSKvcE=0,0&hOrZHxPF=&doUZSIya=https%3A%2F%2Fgaypornhdfree.com%2F&s=1280,1024,1,1280,1024,1
IP 208.95.112.254:0
File type ASCII text, with very long lines (1167), with no line terminators
Hash 04f20959b3cc47eb4afbd82526c08c13
da5a8c401faab1f559110c00754014f527cc8a5a
e0e6be9f38d6e8b214c14fec717901fa81c127df5e301667f3755bb4b4ada5de
GET /EpmJcZ.html?_=BAYAYz31ZQFjPfVlgAGBAsAAIPwftY37JELRiJIIZuL56UvIj_JXWGPPtr41rJK-W-Z4wQBIMEYCIQCmfBqfTftmNBjub5XAZnR9YBe3cbDOxzwfKU9TgJNJjgIhALhgUjOH4U2IJRBZKJ2qRcwlYyO437casZLGGgc6e1X8&v=4&UHCXuxSJ=4091021&lZGyjoiO=&tAiSKvcE=0,0&hOrZHxPF=&doUZSIya=https%3A%2F%2Fgaypornhdfree.com%2F&s=1280,1024,1,1280,1024,1 HTTP/1.1
Host: blockadsnot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
access-control-allow-origin: *
asf: 6
cache-control: private, no-store, no-cache, must-revalidate, no-transform, max-age=0
pragma: no-cache
content-type: application/javascript; charset=utf-8
set-cookie: PP_CV=yes; expires=Wed, 05-Oct-2022 22:21:41 GMT; Max-Age=3600
fraudcheck=a3df565f17e1a0251b57f8ff0b151a07; expires=Fri, 04-Nov-2022 21:21:41 GMT; Max-Age=2592000; path=/; domain=.popads.net
PopAds_CF_Pass=1; expires=Thu, 06-Oct-2022 03:21:42 GMT; Max-Age=21600
link: <https://free-cosmetics-online.com>;rel=preconnect
content-length: 833
content-encoding: br
vary: Accept-Encoding
date: Wed, 05 Oct 2022 21:21:42 GMT
X-Firefox-Spdy: h2
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/audible.png
172.67.10.98200 OK 3.4 kB URL HTTP/2 littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/audible.png
IP 172.67.10.98:0
File type PNG image data, 310 x 310, 8-bit colormap, non-interlaced\012- data
Hash fa7659c35b21a530a21e39afd7faac93
de6a35506a3b227efee27bcc509c3525776761ee
871975b8040629c7b43de81b1a0878f40991ec2f49caddd6441b5d1f8322aeed
GET /interstital/templates/inapp/Players/_gen-carousel-3d/images/audible.png HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-08.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: image/png
content-length: 3429
last-modified: Wed, 05 Oct 2022 16:07:13 GMT
etag: "633dabb1-d65"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 4725
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559355e2bf0b521-OSL
X-Firefox-Spdy: h2
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/player.png
172.67.10.98200 OK 28 kB URL HTTP/2 littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/player.png
IP 172.67.10.98:0
File type PNG image data, 438 x 76, 8-bit/color RGBA, interlaced\012- data
Hash 7e3028aa1c664dafbb6e7d771f1c68ca
663519d6441d284fa385666c2aac590f5dbcc116
d1eb8cf889202f439bb6bd1a03049b2e71953c7c0a5aadddde498cbea9bcadac
GET /interstital/templates/inapp/Players/_gen-carousel-3d/images/player.png HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-08.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: image/png
content-length: 28527
last-modified: Wed, 05 Oct 2022 16:07:13 GMT
etag: "633dabb1-6f6f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 6301
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559355e3c00b521-OSL
X-Firefox-Spdy: h2
interstitial-08.com/contents/s/2d/3f/7f/35d1f144fa688a67ba834d0931/0100657458245.jpeg
139.45.197.151200 OK 54 kB URL HTTP/2 interstitial-08.com/contents/s/2d/3f/7f/35d1f144fa688a67ba834d0931/0100657458245.jpeg
IP 139.45.197.151:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash 79e35a7cc99858ca5e078ba86e64e13d
83a654fef8ed228e595386b451804ec1666eab2a
be88718a0eb175ebc4385600fe4168853a2ba705d814d2f9887ca7aa8cbd9238
Analyzer Verdict Alert quad9 Sinkholed
GET /contents/s/2d/3f/7f/35d1f144fa688a67ba834d0931/0100657458245.jpeg HTTP/1.1
Host: interstitial-08.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D3499257240%26z%3D3203051%26b%3D5363098%26c%3D2752952%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3Dut4xjdI1uz2MAuJxPs4ZPrWJwJuX_0yn1kMVg26FmD7q2LLDmDofJrh7o-Wo5FyiqSPPYDlrVpp1SPVBAYSUWduvOWwkLb9cHA7DhMi9ACrjw7y7T-z0slsInKRpkvAiRC70MP2J5pneUNhUcwkNY7ilQJsjjhiQGyQVY5WlysapgiKBae9_duC780Ivp6KwQn7GTsMrG3ENqhzlevt_6iFxTaXyAx6mkwKkFruINfUPuukge1oNBmHupcNA1KZmHKJ9YODxOxUTiF9ap2vSbYF88wrEFVWVq0D7SPfZyy34JNvUu6WrLg%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D400b9f3f-4db2-4c79-bfc8-a2686e539879%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fdood.so%252Fe%252Feeyxdpnnlt5vylnu90ziykyc4zadvv2%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D734%26wiw%3D734%26wih%3D413%26wfc%3D4%26sah%3D1002%26drf%3Dhttps%253A%252F%252Fgaypornhdfree.com%252F%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: image/jpeg
content-length: 53472
last-modified: Thu, 31 Jan 2019 11:14:34 GMT
etag: "5c52d89a-d0e0"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
c12n8tsd26cg.s4.adsco.re/
185.200.116.90200 OK 0 B URL HTTP/1.1 c12n8tsd26cg.s4.adsco.re/
IP 185.200.116.90:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
POST / HTTP/1.1
Host: c12n8tsd26cg.s4.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: text/plain;charset=UTF-8
Content-Length: 0
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 21:21:42 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Mon, 30 Jul 2018 15:38:01 GMT
Connection: close
ETag: "5b5f30d9-0"
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
Accept-Ranges: bytes
interstitial-08.com/contents/s/54/58/11/b0a815692a6ca16dd9a46924ab/0933414948049.jpeg
139.45.197.151200 OK 15 kB URL HTTP/2 interstitial-08.com/contents/s/54/58/11/b0a815692a6ca16dd9a46924ab/0933414948049.jpeg
IP 139.45.197.151:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 355x355, components 3\012- data
Hash 545811b0a815692a6ca16dd9a46924ab
0ad596f3f23312b129a505ced277af9ff83ca7fc
f710c2b11df9cadcb3a6d25a9dc8306172c04ff1d2fa8d96d4019d70833f695d
Analyzer Verdict Alert quad9 Sinkholed
GET /contents/s/54/58/11/b0a815692a6ca16dd9a46924ab/0933414948049.jpeg HTTP/1.1
Host: interstitial-08.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D3499257240%26z%3D3203051%26b%3D5363098%26c%3D2752952%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3Dut4xjdI1uz2MAuJxPs4ZPrWJwJuX_0yn1kMVg26FmD7q2LLDmDofJrh7o-Wo5FyiqSPPYDlrVpp1SPVBAYSUWduvOWwkLb9cHA7DhMi9ACrjw7y7T-z0slsInKRpkvAiRC70MP2J5pneUNhUcwkNY7ilQJsjjhiQGyQVY5WlysapgiKBae9_duC780Ivp6KwQn7GTsMrG3ENqhzlevt_6iFxTaXyAx6mkwKkFruINfUPuukge1oNBmHupcNA1KZmHKJ9YODxOxUTiF9ap2vSbYF88wrEFVWVq0D7SPfZyy34JNvUu6WrLg%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D400b9f3f-4db2-4c79-bfc8-a2686e539879%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fdood.so%252Fe%252Feeyxdpnnlt5vylnu90ziykyc4zadvv2%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D734%26wiw%3D734%26wih%3D413%26wfc%3D4%26sah%3D1002%26drf%3Dhttps%253A%252F%252Fgaypornhdfree.com%252F%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: image/jpeg
content-length: 14651
last-modified: Wed, 15 Aug 2018 10:56:50 GMT
etag: "5b7406f2-393b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
q.xmlrtb.com/r?fid=k2mHN2AHw88
172.64.174.5302 Found 0 B URL HTTP/2 q.xmlrtb.com/r?fid=k2mHN2AHw88
IP 172.64.174.5:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /r?fid=k2mHN2AHw88 HTTP/1.1
Host: q.xmlrtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 05 Oct 2022 21:21:42 GMT
location: https://popxperts.com/w3ar3w1n
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fQD%2FGcquXvp9a%2BBdOdQvap%2Fw%2F7SsGSuAyC0RidItzD%2BT2GbaR3gQZgNA65xc95%2FX76DD%2BdpWSjUCGwjGwZLs5q4PDov3MRFVd30PKgpMbVX4ZjtqtDKhmDD8NVa0rTE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559355bb8ba75a1-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
interstitial-08.com/contents/s/4e/61/84/4a7532ee6d30450abd6bb2a1da/0350025199145.jpeg
139.45.197.151200 OK 36 kB URL HTTP/2 interstitial-08.com/contents/s/4e/61/84/4a7532ee6d30450abd6bb2a1da/0350025199145.jpeg
IP 139.45.197.151:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 500x500, components 3\012- data
Hash 4e61844a7532ee6d30450abd6bb2a1da
e11bad4f8ba1f610713318feddcbfe6a0faf50a0
01a91cef52f9849703fb84a945f9fb51b9debf7ac36730043d097c3865550e8c
Analyzer Verdict Alert quad9 Sinkholed
GET /contents/s/4e/61/84/4a7532ee6d30450abd6bb2a1da/0350025199145.jpeg HTTP/1.1
Host: interstitial-08.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D3499257240%26z%3D3203051%26b%3D5363098%26c%3D2752952%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3Dut4xjdI1uz2MAuJxPs4ZPrWJwJuX_0yn1kMVg26FmD7q2LLDmDofJrh7o-Wo5FyiqSPPYDlrVpp1SPVBAYSUWduvOWwkLb9cHA7DhMi9ACrjw7y7T-z0slsInKRpkvAiRC70MP2J5pneUNhUcwkNY7ilQJsjjhiQGyQVY5WlysapgiKBae9_duC780Ivp6KwQn7GTsMrG3ENqhzlevt_6iFxTaXyAx6mkwKkFruINfUPuukge1oNBmHupcNA1KZmHKJ9YODxOxUTiF9ap2vSbYF88wrEFVWVq0D7SPfZyy34JNvUu6WrLg%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D400b9f3f-4db2-4c79-bfc8-a2686e539879%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fdood.so%252Fe%252Feeyxdpnnlt5vylnu90ziykyc4zadvv2%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D734%26wiw%3D734%26wih%3D413%26wfc%3D4%26sah%3D1002%26drf%3Dhttps%253A%252F%252Fgaypornhdfree.com%252F%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: image/jpeg
content-length: 35607
last-modified: Tue, 17 Jul 2018 10:46:08 GMT
etag: "5b4dc8f0-8b17"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 5c0f797485e378667db9125b9ec74702
57738a42829239327e18a307110559a75d3ec6b4
0327e49198bfa1d52b428b18c280333e00851baed05ef4e714fc71f072a1a29b
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "0327E49198BFA1D52B428B18C280333E00851BAED05EF4E714FC71F072A1A29B"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=8508
Expires: Wed, 05 Oct 2022 23:43:30 GMT
Date: Wed, 05 Oct 2022 21:21:42 GMT
Connection: keep-alive
tovanillitechan.com/9?z=3203051&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&wy=0&wx=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=4&sah=1002&drf=https%3A%2F%2Fgaypornhdfree.com%2F&hil=1&ist=0&oaid=8cf80dae776d4d1cb594ff7a78953d18
139.45.197.239200 OK 3.0 kB URL HTTP/2 tovanillitechan.com/9?z=3203051&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&wy=0&wx=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=4&sah=1002&drf=https%3A%2F%2Fgaypornhdfree.com%2F&hil=1&ist=0&oaid=8cf80dae776d4d1cb594ff7a78953d18
IP 139.45.197.239:0
Hash c9c26d8cb9ee50653df0d0b857225822
3e05107732aa77685db9d96d684afbc0f855d414
24eee7103ac8e508520719d12db4c221016b47108f9ca2dd67f0865014074db1
Analyzer Verdict Alert quad9 Sinkholed
POST /9?z=3203051&ng=1&ix=1&pt=0&np=1&gp=-1&bp=-1&nw=1&nb=1&sw=1280&sh=1024&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&wy=0&wx=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=4&sah=1002&drf=https%3A%2F%2Fgaypornhdfree.com%2F&hil=1&ist=0&oaid=8cf80dae776d4d1cb594ff7a78953d18 HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Content-Length: 85
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Cookie: scm=1; OAID=1892729f2daf4a7ea0ad8c66b57c5aa3; oaidts=1665004900
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:41 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-origin: https://dood.so
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
x-trace-id: d9a374c778df827f5982da913408e285
access-control-expose-headers: X-Sc
set-cookie: OAID=8cf80dae776d4d1cb594ff7a78953d18; expires=Thu, 05 Oct 2023 21:21:41 GMT; secure; SameSite=None
oaidts=1665004900; expires=Thu, 05 Oct 2023 21:21:41 GMT; secure; SameSite=None
pragma: no-cache
cache-control: no-store, no-cache, must-revalidate, max-age=0
expires: Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
ocsp.digicert.com/
93.184.220.29200 OK 279 B IP 93.184.220.29:0
Hash d0597a5e98092de15ca6f20d0f8454d5
e7261e87a8606fbbe8712526e5fbe9fb21417afd
93b3a37060323cd1dbf941510cb60124e6f2b302d254b8a479a398066be9b67e
POST / HTTP/1.1
Host: ocsp.digicert.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 2593
Cache-Control: 'max-age=158059'
Content-Type: application/ocsp-response
Date: Wed, 05 Oct 2022 21:21:42 GMT
Last-Modified: Wed, 05 Oct 2022 20:38:29 GMT
Server: ECS (ska/F717)
X-Cache: HIT
Content-Length: 279
interstitial-08.com/contents/s/aa/5b/71/730bd1c1e09e51bf17160def9a/01289039865190.jpeg
139.45.197.151200 OK 50 kB URL HTTP/2 interstitial-08.com/contents/s/aa/5b/71/730bd1c1e09e51bf17160def9a/01289039865190.jpeg
IP 139.45.197.151:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 500x500, components 3\012- data
Hash c34fd1b2c76b7a71b5b5784ab60b6368
9cb4e8986542d42cafe0bfc1377bfc928929cfc5
89d93e12a15f6a5d57b5f8aca8bd1e6984dc4c8c5dec7840a8c8e8c8274c1568
Analyzer Verdict Alert quad9 Sinkholed
GET /contents/s/aa/5b/71/730bd1c1e09e51bf17160def9a/01289039865190.jpeg HTTP/1.1
Host: interstitial-08.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D3499257240%26z%3D3203051%26b%3D5363098%26c%3D2752952%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3Dut4xjdI1uz2MAuJxPs4ZPrWJwJuX_0yn1kMVg26FmD7q2LLDmDofJrh7o-Wo5FyiqSPPYDlrVpp1SPVBAYSUWduvOWwkLb9cHA7DhMi9ACrjw7y7T-z0slsInKRpkvAiRC70MP2J5pneUNhUcwkNY7ilQJsjjhiQGyQVY5WlysapgiKBae9_duC780Ivp6KwQn7GTsMrG3ENqhzlevt_6iFxTaXyAx6mkwKkFruINfUPuukge1oNBmHupcNA1KZmHKJ9YODxOxUTiF9ap2vSbYF88wrEFVWVq0D7SPfZyy34JNvUu6WrLg%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D400b9f3f-4db2-4c79-bfc8-a2686e539879%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fdood.so%252Fe%252Feeyxdpnnlt5vylnu90ziykyc4zadvv2%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D734%26wiw%3D734%26wih%3D413%26wfc%3D4%26sah%3D1002%26drf%3Dhttps%253A%252F%252Fgaypornhdfree.com%252F%26hil%3D1%26ist%3D0%26tbc%3D0
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: image/jpeg
content-length: 50434
last-modified: Thu, 31 Jan 2019 11:14:34 GMT
etag: "5c52d89a-c502"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
accept-ranges: bytes
X-Firefox-Spdy: h2
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/js/script.js?v=1518177503494
172.67.10.98200 OK 473 B URL HTTP/2 littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/js/script.js?v=1518177503494
IP 172.67.10.98:0
File type ASCII text, with very long lines (1419), with no line terminators
Hash 8a0b630edb16a84b3a7387a0387c314b
607a25fe20a1167d09dfba7fad73b885e3342b65
1f8f506fa74be7547c8c33f21b14b5d7072f544b054a0d61f76c763e6c896256
GET /interstital/templates/inapp/Players/_gen-carousel-3d/js/script.js?v=1518177503494 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-08.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: application/javascript
last-modified: Wed, 05 Oct 2022 16:07:13 GMT
vary: Accept-Encoding
etag: W/"633dabb1-58b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 4725
server: cloudflare
cf-ray: 7559355e3c03b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a7395fbf71381e7b99a8f2dc723aeca6
1c17cde68b62dde4c2871178e45274c60f666d16
b3df570e2fbb53547e0b3722e77b0f31e6abbf27b9c27834411e6bd70884e067
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3DF570E2FBB53547E0B3722E77B0F31E6ABBF27B9C27834411E6BD70884E067"
Last-Modified: Mon, 03 Oct 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5654
Expires: Wed, 05 Oct 2022 22:55:56 GMT
Date: Wed, 05 Oct 2022 21:21:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash a7395fbf71381e7b99a8f2dc723aeca6
1c17cde68b62dde4c2871178e45274c60f666d16
b3df570e2fbb53547e0b3722e77b0f31e6abbf27b9c27834411e6bd70884e067
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "B3DF570E2FBB53547E0B3722E77B0F31E6ABBF27B9C27834411E6BD70884E067"
Last-Modified: Mon, 03 Oct 2022 08:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=5654
Expires: Wed, 05 Oct 2022 22:55:56 GMT
Date: Wed, 05 Oct 2022 21:21:42 GMT
Connection: keep-alive
popxperts.com/w3ar3w1n
172.67.145.76200 OK 309 B IP 172.67.145.76:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 13cd91998894ad7ceca68926924feccb
6f5e04f1416ec2043a2d23d903b40eecd2b673e1
b4003db2349d6ca19f5334d2ffa7670630e24bf4fa2e2c67dcb2971256e1bb95
GET /w3ar3w1n HTTP/1.1
Host: popxperts.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: text/html; charset=utf-8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9qq1rlKsf1dQ6xqPEK1qHYRpzGa8%2BleDmh3Ueejj95qPi38zXluIN4XQA98zaSt3ReQZeJy4mns13rZewEX628KflpSACrLYKk%2BLvHJAqHDYDZ%2Ffb7nW0rgQeDfpqvCp"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559355e8d15b505-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/js/script.js?v=1518177503494
172.67.10.98304 Not Modified 0 B URL HTTP/2 littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/js/script.js?v=1518177503494
IP 172.67.10.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /interstital/templates/inapp/Players/_gen-carousel-3d/js/script.js?v=1518177503494 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-08.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 05 Oct 2022 16:07:13 GMT
If-None-Match: W/"633dabb1-58b"
TE: trailers
HTTP/2 304 Not Modified
date: Wed, 05 Oct 2022 21:21:42 GMT
last-modified: Wed, 05 Oct 2022 16:07:13 GMT
vary: Accept-Encoding
etag: W/"633dabb1-58b"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 4725
server: cloudflare
cf-ray: 7559355f3d3bb521-OSL
X-Firefox-Spdy: h2
unphionetor.com/fv.js?t=72747&cb=1819691568
139.45.197.236200 OK 2.5 kB URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=1819691568
IP 139.45.197.236:0
Hash 8b6c261e1d66d72d972fb36fa258633a
2c8eb94dd99d4083044a9eeae711a54a37ecb539
f9b9a338248a9db4b8016551e05e0b6d19f43bec7891fcbe587b2cd306f7d7fb
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=72747&cb=1819691568 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-08.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 128753941df3c70b66b1cbaf876f0915
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
offerimage.com/www/images/ef8a0b125b361178801c5d137989a038.jpeg
104.22.33.172200 OK 12 kB URL HTTP/2 offerimage.com/www/images/ef8a0b125b361178801c5d137989a038.jpeg
IP 104.22.33.172:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3\012- data
Hash ef8a0b125b361178801c5d137989a038
f857feec46f0887b2f261303190565c18fff10fe
df5222371efc322bb3315e348b31f57794770571ecad396698742d21999c00f4
GET /www/images/ef8a0b125b361178801c5d137989a038.jpeg HTTP/1.1
Host: offerimage.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: image/jpeg
content-length: 12022
cache-control: max-age=86400
cf-bgj: h2pri
etag: "6246afd7-2ef6"
expires: Thu, 06 Oct 2022 04:51:10 GMT
last-modified: Fri, 01 Apr 2022 07:55:03 GMT
timing-allow-origin: *
cf-cache-status: HIT
age: 59432
accept-ranges: bytes
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559355f9bef15e4-ARN
X-Firefox-Spdy: h2
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/player.png
172.67.10.98304 Not Modified 0 B URL HTTP/2 littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/player.png
IP 172.67.10.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /interstital/templates/inapp/Players/_gen-carousel-3d/images/player.png HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-08.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 05 Oct 2022 16:07:13 GMT
If-None-Match: "633dabb1-6f6f"
TE: trailers
HTTP/2 304 Not Modified
date: Wed, 05 Oct 2022 21:21:42 GMT
last-modified: Wed, 05 Oct 2022 16:07:13 GMT
etag: "633dabb1-6f6f"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 6301
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559355fbdeab521-OSL
X-Firefox-Spdy: h2
unphionetor.com/vctx?t=72747
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=72747
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-08.com
Connection: keep-alive
Referer: https://interstitial-08.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 05 Oct 2022 21:21:42 GMT
access-control-allow-origin: https://interstitial-08.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 8c496e11a9a04b4c0f6f885020c6f151
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/audible.png
172.67.10.98304 Not Modified 0 B URL HTTP/2 littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/images/audible.png
IP 172.67.10.98:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /interstital/templates/inapp/Players/_gen-carousel-3d/images/audible.png HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-08.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
If-Modified-Since: Wed, 05 Oct 2022 16:07:13 GMT
If-None-Match: "633dabb1-d65"
TE: trailers
HTTP/2 304 Not Modified
date: Wed, 05 Oct 2022 21:21:42 GMT
last-modified: Wed, 05 Oct 2022 16:07:13 GMT
etag: "633dabb1-d65"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 4725
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559355fbde9b521-OSL
X-Firefox-Spdy: h2
unphionetor.com/vctx?t=72747
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vctx?t=72747
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /vctx?t=72747 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-08.com
Connection: keep-alive
Referer: https://interstitial-08.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 05 Oct 2022 21:21:42 GMT
access-control-allow-origin: https://interstitial-08.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: abe63d9f9a4c2bad926c0f697b54f2f9
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
oblongseller.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js
192.243.59.12200 OK 29 kB URL HTTP/1.1 oblongseller.com/0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with very long lines (65536), with no line terminators
Hash ec9d893e4bc974de40da16a5136848c4
2d1127da34d6d4853dca939d17012466f1b0fb99
ce029b4cb21e38d8d247246cc7600bc8cd61e18ed10074b737703b86909e011f
Analyzer Verdict Alert quad9 Sinkholed
GET /0a/6e/9a/0a6e9a96058c7f39edbf4999920d05a3.js HTTP/1.1
Host: oblongseller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 05 Oct 2022 21:21:42 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f266e9ea3e20db1a9cb08b97169d28d9
Strict-Transport-Security: max-age=0; includeSubdomains
Content-Encoding: gzip
i.doodcdn.com/theme_2/img/loader.svg
104.21.34.210301 Moved Permanently 4.3 kB URL HTTP/2 i.doodcdn.com/theme_2/img/loader.svg
IP 104.21.34.210:0
Hash c93f57688be014092aa2205fc43914b1
8c1b8bc141b455dacd21dda5c9a62fe0f1a681e8
6ba568d745490374315ee4be632e775328d14cd054cb6d4fc165f31f0ad08c29
GET /theme_2/img/loader.svg HTTP/1.1
Host: i.doodcdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://i.doodcdn.co/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 05 Oct 2022 21:21:40 GMT
location: https://i.doodcdn.co/theme_2/img/loader.svg
cache-control: max-age=3600
expires: Wed, 05 Oct 2022 22:21:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R8ZfH7GE0no78CX4MrOygjUkYHOfbYLzqHkD%2FTsbkhemgdGeyRlgQNgSg0qXJmYcqFvFKg0eVX7mmvzxjDwyUYWdBIDuPFeORQDo2ryuqCTA0YmomnBSjDNkNp%2BfntqE"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 755935515b550afa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash da32fcedc22c3f8071079610e24227d2
b80c8b3315fe0dfdbf02cb1e46ec49fce2e6d858
3dbffb2bb666ae31dbbb9611ad68b92c6bc7da1750d5bac1c0dea372f34f39e8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "3DBFFB2BB666AE31DBBB9611AD68B92C6BC7DA1750D5BAC1C0DEA372F34F39E8"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4940
Expires: Wed, 05 Oct 2022 22:44:02 GMT
Date: Wed, 05 Oct 2022 21:21:42 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash da32fcedc22c3f8071079610e24227d2
b80c8b3315fe0dfdbf02cb1e46ec49fce2e6d858
3dbffb2bb666ae31dbbb9611ad68b92c6bc7da1750d5bac1c0dea372f34f39e8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "3DBFFB2BB666AE31DBBB9611AD68B92C6BC7DA1750D5BAC1C0DEA372F34F39E8"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4940
Expires: Wed, 05 Oct 2022 22:44:02 GMT
Date: Wed, 05 Oct 2022 21:21:42 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash da32fcedc22c3f8071079610e24227d2
b80c8b3315fe0dfdbf02cb1e46ec49fce2e6d858
3dbffb2bb666ae31dbbb9611ad68b92c6bc7da1750d5bac1c0dea372f34f39e8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "3DBFFB2BB666AE31DBBB9611AD68B92C6BC7DA1750D5BAC1C0DEA372F34F39E8"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4940
Expires: Wed, 05 Oct 2022 22:44:02 GMT
Date: Wed, 05 Oct 2022 21:21:42 GMT
Connection: keep-alive
xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
174.137.133.17302 Found 0 B URL HTTP/1.1 xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
IP 174.137.133.17:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=457657&auth=p12tC3&pubid=152420 HTTP/1.1
Host: xml.poprtb.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 05 Oct 2022 21:21:42 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: http://tsyndicate.com/api/v1/direct/d23999f3e8744c6fb2dc06e0ade80da7?extID=456954_459870
Pragma: no-cache
unseenreport.com/pxf.gif?uuid=a85b65dc-8258-475b-9f64-cf3c251f3864&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=edb8703573695076feb99cb156693613&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=a85b65dc-8258-475b-9f64-cf3c251f3864&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=edb8703573695076feb99cb156693613&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=a85b65dc-8258-475b-9f64-cf3c251f3864&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=edb8703573695076feb99cb156693613&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 05 Oct 2022 21:21:42 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 68437a3d9d16892e690be469dc14dff6
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=a85b65dc-8258-475b-9f64-cf3c251f3864&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=f06f53688194268edaf23d2b44a59e27&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=a85b65dc-8258-475b-9f64-cf3c251f3864&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=f06f53688194268edaf23d2b44a59e27&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=a85b65dc-8258-475b-9f64-cf3c251f3864&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=f06f53688194268edaf23d2b44a59e27&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 05 Oct 2022 21:21:42 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: ecf09846f086bbb995892b3f4e198781
Strict-Transport-Security: max-age=0; includeSubdomains
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg
172.64.201.2200 OK 22 kB URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg
IP 172.64.201.2:0
File type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 320x292, components 3\012- data
Hash e1f754e6014f2a7636aa19acdf37eaa7
72ded7fb65560b2702630d5208386654f294e8e9
8b9e400d61eb3c28929db8209c3136b14e2112d6eb8b4f504b74f6cca67b50fe
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/img/1.jpg HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: image/jpeg
content-length: 21845
last-modified: Wed, 03 Aug 2022 08:33:45 GMT
etag: "62ea32e9-5555"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5483824
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zBNbdsK0wViKWRGsmY1Gcqpmtdo79P7m%2BRmPtmgcA4ASsdcbo4eRuuIpUrlxHc9U5CQv%2FPskvAcjUttahtgUiiI5X5x2JJJzqlLAseg6K3h%2Fc4WncmWW%2FkADmIUnxhiyzGQ%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559356099d773df-LHR
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 359 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
File type HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text
Hash 9bb8132265466a0e8b9f73abd0664b2a
130b0ca7eada76832cc344ae02841000e82604aa
a9eddd5e8e028b7a47dc652c41a221b31546e904d365f1bad7f49b3c7ee2daff
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-08.com
Connection: keep-alive
Referer: https://interstitial-08.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 05 Oct 2022 21:21:42 GMT
access-control-allow-origin: https://interstitial-08.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: 77b337ace5a66c0bc4eaf402f03d89fb
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
139.45.197.236204 No Content 0 B URL HTTP/2 unphionetor.com/vbl?t=72747&bid=undefined&aid=undefined
IP 139.45.197.236:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
POST /vbl?t=72747&bid=undefined&aid=undefined HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://interstitial-08.com
Connection: keep-alive
Referer: https://interstitial-08.com/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Content-Length: 0
TE: trailers
HTTP/2 204 No Content
server: nginx
date: Wed, 05 Oct 2022 21:21:42 GMT
access-control-allow-origin: https://interstitial-08.com
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: b1bffaec42cc7af06f857b4b475e0b59
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 346 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash da32fcedc22c3f8071079610e24227d2
b80c8b3315fe0dfdbf02cb1e46ec49fce2e6d858
3dbffb2bb666ae31dbbb9611ad68b92c6bc7da1750d5bac1c0dea372f34f39e8
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 346
ETag: "3DBFFB2BB666AE31DBBB9611AD68B92C6BC7DA1750D5BAC1C0DEA372F34F39E8"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4940
Expires: Wed, 05 Oct 2022 22:44:02 GMT
Date: Wed, 05 Oct 2022 21:21:42 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash be4d35037496b67c8391d2f90ddd79d5
10966367e7e92c58eecab881f843376069d532b2
a5a0f29200ec609be09eee323e3611eb0dc5587daa7d094d0b2b9b544eda2612
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "A5A0F29200EC609BE09EEE323E3611EB0DC5587DAA7D094D0B2B9B544EDA2612"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=4013
Expires: Wed, 05 Oct 2022 22:28:35 GMT
Date: Wed, 05 Oct 2022 21:21:42 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash c0f04f673c6536ab56bbbb391e4673a6
0679286aa6028400af20f3a902ef2c29204af120
f4b642c518aa801ee29944c932a838ca7acf67ff3c5021a95d6b0031c8e15846
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 21:21:42 GMT
Last-Modified: Wed, 05 Oct 2022 21:06:30 GMT
Server: ECS (nyb/1D05)
X-Cache: Miss from cloudfront
Via: 1.1 a2c3c8b833b34851dca4f7753ecaae58.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: qjnWkwHzikjpeItp11Bsm0wov3adQcoeQweQ_Jb_tIh-B8RVBJ0jyg==
Age: 912
oblongseller.com/ren.gif?sid=H4sIAAAAAAAC%2F1RS32scVRi90wQs%2BKLSF0VlH3xQMJuZ2dnZXYsUY4wE06a0Sn0RvT9mNtfcmTu9d2ZnkwcJLUof1%2F9gcjZpqAZR8LVFNoU%2BBISuTwHN36CIffJBdhtc%2FWD4vjPnPJzvfPer3eKUuCjoyfJlvS2VoovNult7%2FWPPu1hbk2nRr%2FXb4adhcLFmem91wrr7Ru39iG%2FqRd%2F1XNdzvdqKNFGs%2B4sTEjI77Hj1jlsP%2FLrXDNA3%2F8e2cGCpA9E7JS9AivH8Q%2BcCJB8hTb5fjuxmrrM330sKRXNt0BMHH6WbqS5TJLMxNg7i9OBMDW0frzyATvendqF7%2FwqZHBPn0QOw9ODMJFhvb%2BqTKUQpmHgWZW%2BESI0g6Qhc34YUjwnABa6sI03uXtGmpFtPWTphx2T%2ByZ%2BQ5ZjM%2F3YBafLdkpL92nWtilzq1KIfV5D9EWR3hKw4Qr59DrI8As9vQYqfyeKTNaTJ3rpVGlKcvEbbTRY2BV9o%2B832QtBqsoVOHAYLPG5wv%2BnFjXYYTAOScgQZj6CiAah1UEw%2B6aCIHRSZg0Sc1LjneS1XcOq2O5w3RCtioXA92oo96rlhGwWf7DBAng3A1QDc7CAzO9iUA5jiJ9iNClY4sDlBT1QoI4LSEpSUoJQEZU5Q9qp9oaxvq7tC2YJ5Z90%2F641qqPPuLt3XeTdKyW52Sp6fBOecv3WIzeikRkPmsnbHb4oOa9DAawbcbTS5H7AgEp1WBCsrSHtuuua2HJOX79eRyTF55pNfwegRrDoCl8%2BBFq%2BAlsOW74JuDIO2i%2B30kIpC5QsbN2%2FWcw2hK2T5PPItZ1edkhenB2zc%2BB0RP770Gbs8%2FuPe3%2BCmQmYqfC4fEnTVneE1XZK9a7q05If1LJeJ3KaT417PaR7NffNBtFVqI1aX7eDeO3xCTMbDDyObr9FUyLRrybdLUojIrGjDI3J%2F1d6I2NXCbiwVJi2ytavvrqwmmYmslTodgcoxIY%2BOweWYnP9xf%2FpuX%2FryC0gzgikqJMUxOStIfQSe7cBmM%2F9Wz8GomYZlDsqiGhqfzX4qSaCiGaasgv0PZrN5195B17wKmt9GmlTomQo9VYGqAWwxN8wzc3zpl8a0wJQzZMo4e0wZ9fXTcK08qbUaDZeGnabXatGoxQK%2FHYeeoNQPQj8MaQO5HfO3%2F4r%2FAQAA%2F%2F8BAAD%2F%2F7t5tTqCBAAA
192.243.59.12200 OK 7 B URL HTTP/1.1 oblongseller.com/ren.gif?sid=H4sIAAAAAAAC%2F1RS32scVRi90wQs%2BKLSF0VlH3xQMJuZ2dnZXYsUY4wE06a0Sn0RvT9mNtfcmTu9d2ZnkwcJLUof1%2F9gcjZpqAZR8LVFNoU%2BBISuTwHN36CIffJBdhtc%2FWD4vjPnPJzvfPer3eKUuCjoyfJlvS2VoovNult7%2FWPPu1hbk2nRr%2FXb4adhcLFmem91wrr7Ru39iG%2FqRd%2F1XNdzvdqKNFGs%2B4sTEjI77Hj1jlsP%2FLrXDNA3%2F8e2cGCpA9E7JS9AivH8Q%2BcCJB8hTb5fjuxmrrM330sKRXNt0BMHH6WbqS5TJLMxNg7i9OBMDW0frzyATvendqF7%2FwqZHBPn0QOw9ODMJFhvb%2BqTKUQpmHgWZW%2BESI0g6Qhc34YUjwnABa6sI03uXtGmpFtPWTphx2T%2ByZ%2BQ5ZjM%2F3YBafLdkpL92nWtilzq1KIfV5D9EWR3hKw4Qr59DrI8As9vQYqfyeKTNaTJ3rpVGlKcvEbbTRY2BV9o%2B832QtBqsoVOHAYLPG5wv%2BnFjXYYTAOScgQZj6CiAah1UEw%2B6aCIHRSZg0Sc1LjneS1XcOq2O5w3RCtioXA92oo96rlhGwWf7DBAng3A1QDc7CAzO9iUA5jiJ9iNClY4sDlBT1QoI4LSEpSUoJQEZU5Q9qp9oaxvq7tC2YJ5Z90%2F641qqPPuLt3XeTdKyW52Sp6fBOecv3WIzeikRkPmsnbHb4oOa9DAawbcbTS5H7AgEp1WBCsrSHtuuua2HJOX79eRyTF55pNfwegRrDoCl8%2BBFq%2BAlsOW74JuDIO2i%2B30kIpC5QsbN2%2FWcw2hK2T5PPItZ1edkhenB2zc%2BB0RP770Gbs8%2FuPe3%2BCmQmYqfC4fEnTVneE1XZK9a7q05If1LJeJ3KaT417PaR7NffNBtFVqI1aX7eDeO3xCTMbDDyObr9FUyLRrybdLUojIrGjDI3J%2F1d6I2NXCbiwVJi2ytavvrqwmmYmslTodgcoxIY%2BOweWYnP9xf%2FpuX%2FryC0gzgikqJMUxOStIfQSe7cBmM%2F9Wz8GomYZlDsqiGhqfzX4qSaCiGaasgv0PZrN5195B17wKmt9GmlTomQo9VYGqAWwxN8wzc3zpl8a0wJQzZMo4e0wZ9fXTcK08qbUaDZeGnabXatGoxQK%2FHYeeoNQPQj8MaQO5HfO3%2F4r%2FAQAA%2F%2F8BAAD%2F%2F7t5tTqCBAAA
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /ren.gif?sid=H4sIAAAAAAAC%2F1RS32scVRi90wQs%2BKLSF0VlH3xQMJuZ2dnZXYsUY4wE06a0Sn0RvT9mNtfcmTu9d2ZnkwcJLUof1%2F9gcjZpqAZR8LVFNoU%2BBISuTwHN36CIffJBdhtc%2FWD4vjPnPJzvfPer3eKUuCjoyfJlvS2VoovNult7%2FWPPu1hbk2nRr%2FXb4adhcLFmem91wrr7Ru39iG%2FqRd%2F1XNdzvdqKNFGs%2B4sTEjI77Hj1jlsP%2FLrXDNA3%2F8e2cGCpA9E7JS9AivH8Q%2BcCJB8hTb5fjuxmrrM330sKRXNt0BMHH6WbqS5TJLMxNg7i9OBMDW0frzyATvendqF7%2FwqZHBPn0QOw9ODMJFhvb%2BqTKUQpmHgWZW%2BESI0g6Qhc34YUjwnABa6sI03uXtGmpFtPWTphx2T%2ByZ%2BQ5ZjM%2F3YBafLdkpL92nWtilzq1KIfV5D9EWR3hKw4Qr59DrI8As9vQYqfyeKTNaTJ3rpVGlKcvEbbTRY2BV9o%2B832QtBqsoVOHAYLPG5wv%2BnFjXYYTAOScgQZj6CiAah1UEw%2B6aCIHRSZg0Sc1LjneS1XcOq2O5w3RCtioXA92oo96rlhGwWf7DBAng3A1QDc7CAzO9iUA5jiJ9iNClY4sDlBT1QoI4LSEpSUoJQEZU5Q9qp9oaxvq7tC2YJ5Z90%2F641qqPPuLt3XeTdKyW52Sp6fBOecv3WIzeikRkPmsnbHb4oOa9DAawbcbTS5H7AgEp1WBCsrSHtuuua2HJOX79eRyTF55pNfwegRrDoCl8%2BBFq%2BAlsOW74JuDIO2i%2B30kIpC5QsbN2%2FWcw2hK2T5PPItZ1edkhenB2zc%2BB0RP770Gbs8%2FuPe3%2BCmQmYqfC4fEnTVneE1XZK9a7q05If1LJeJ3KaT417PaR7NffNBtFVqI1aX7eDeO3xCTMbDDyObr9FUyLRrybdLUojIrGjDI3J%2F1d6I2NXCbiwVJi2ytavvrqwmmYmslTodgcoxIY%2BOweWYnP9xf%2FpuX%2FryC0gzgikqJMUxOStIfQSe7cBmM%2F9Wz8GomYZlDsqiGhqfzX4qSaCiGaasgv0PZrN5195B17wKmt9GmlTomQo9VYGqAWwxN8wzc3zpl8a0wJQzZMo4e0wZ9fXTcK08qbUaDZeGnabXatGoxQK%2FHYeeoNQPQj8MaQO5HfO3%2F4r%2FAQAA%2F%2F8BAAD%2F%2F7t5tTqCBAAA HTTP/1.1
Host: oblongseller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Cookie: u_pl=17334956; uid_id2=a85b65dc-8258-475b-9f64-cf3c251f3864:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca6b0b8925d9b3a4154c035c24b4ed97e=[3364848]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 05 Oct 2022 21:21:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 71407465a17b7d667fb9dbd6c677bebb
Strict-Transport-Security: max-age=0; includeSubdomains
c.cachegorilla.com/cf?id=6795110118894026626&sid=B79SGewuO6N&subid=0000&fid=19128&redir=1
172.67.190.155302 Found 0 B URL HTTP/2 c.cachegorilla.com/cf?id=6795110118894026626&sid=B79SGewuO6N&subid=0000&fid=19128&redir=1
IP 172.67.190.155:0
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /cf?id=6795110118894026626&sid=B79SGewuO6N&subid=0000&fid=19128&redir=1 HTTP/1.1
Host: c.cachegorilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
date: Wed, 05 Oct 2022 21:21:42 GMT
location: http://c.srvpcn.com/click?id=ccuvapasfuhel0egak7g&e=1c16b49f-77d4-4fc1-8cc7-182d1717b8f5&px=34
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oWsaEZtqaFEMJ7jnCWT68BUclACCyMolmGHhkWLONI%2FV4b2zbNKsdilsJV0KwapeKGK%2BakpuFyyDCdppn71qUTdAtVm3ZoL3evhbnGHxHFT1Yy2s%2BE9YqsvsfhFfWeWp4yZqqi8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559355e8fee0b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
interesteddeterminedeurope.com/pixel/purst?dl=0&th=0&sc=0&rs=2943&rd=2943&fd=1029&bv=22.8.v.2&tmpl=136
192.243.61.225200 OK 0 B URL HTTP/1.1 interesteddeterminedeurope.com/pixel/purst?dl=0&th=0&sc=0&rs=2943&rd=2943&fd=1029&bv=22.8.v.2&tmpl=136
IP 192.243.61.225:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/purst?dl=0&th=0&sc=0&rs=2943&rd=2943&fd=1029&bv=22.8.v.2&tmpl=136 HTTP/1.1
Host: interesteddeterminedeurope.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.22.0
Date: Wed, 05 Oct 2022 21:21:42 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
tsyndicate.com/api/v1/direct/d23999f3e8744c6fb2dc06e0ade80da7?extID=456954_459870
136.243.46.131302 Found 0 B URL HTTP/2 tsyndicate.com/api/v1/direct/d23999f3e8744c6fb2dc06e0ade80da7?extID=456954_459870
IP 136.243.46.131:0
ASN #24940 Hetzner Online GmbH
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /api/v1/direct/d23999f3e8744c6fb2dc06e0ade80da7?extID=456954_459870 HTTP/1.1
Host: tsyndicate.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
server: nginx
date: Wed, 05 Oct 2022 21:21:42 GMT
content-length: 0
pragma: no-cache
expires: 0
vary: *
x-api-version: 2
location: https://gettlucksurvey.top/finance-survey.html?z=4297172&offer_id=2577&var=4099539&ymid=X65jdLt6gsU6E5_8RE_990naulEiXiFbcxjDWjuUQ4VGqmsZLZdPD3oIp0BmE390revALbeF7oyS5IwNyOSpwvIRiTv6mQq4AFE0_jzSABprpjFmU1rD6EBw0KE10A_gUIDRUi&campid={campaignid}
x-request-id: 76613c3e2024f476
set-cookie: ts_uid=b816e409-ebc9-40be-83b3-3e0d2d27bee4; expires=Wed, 05 Apr 2023 21:21:42 GMT; domain=.tsyndicate.com; path=/; HttpOnly; secure; SameSite=None
bfq=APeIECNCxxYZOWDIwJGwCwsRYwpuieFQRBmJMWzYqAEjR4wZCrv0URAQ; expires=Thu, 06 Oct 2022 21:21:42 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
ts_direct_tag=450691:2902890:30217:4099539:33297; expires=Sat, 05 Nov 2022 21:21:42 GMT; domain=.tsyndicate.com; path=/; secure; SameSite=None
cache-control: no-cache, no-store, no-transform, must-revalidate, no-transform
x-robots-tag: none, noindex, nofollow
report-to: { "url": "https://pxl.tsyndicate.com/api/v1/heavy-ad/report", "max_age": 86401 }
X-Firefox-Spdy: h2
ocsp.sectigo.com/
172.64.155.188200 OK 471 B IP 172.64.155.188:0
Hash 6dd2ee0a876c107474e076f8ae20478b
aebbc15b368f7a2548ac0830b2d48ad9997e26ad
21a64c03287a69edb25e834922bd87ea90d6ac212f5c2d7a5ddfc653cce2a349
POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Date: Wed, 05 Oct 2022 21:21:42 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Tue, 04 Oct 2022 16:42:41 GMT
Expires: Tue, 11 Oct 2022 16:42:40 GMT
Etag: "aebbc15b368f7a2548ac0830b2d48ad9997e26ad"
Cache-Control: max-age=501057,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb6
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 755935624823fac0-OSL
dictatepantry.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH72sCCm6sdKOgzEZQkMl783ssUowxEkyb2iq60%2FvrTa65793Hve%2FOm2QVLEiX43%2Fw8p2koVpKBbcWmRS6CAgZ3QQ0f4MiduVCZhoce%2BByzrnf7%2BJzzr1f7%2FkzEsLT05WrZkdpTZea1bDyxmdRdLmyrlI%2FqAw6rc9bjcsV23%2B726qGb1Y%2BkHzLLNXCKAyjMKqsKitjM1iailDZvW5U7YbVRq0aNRsY2Gd75wM4GkD0z8hLUGKy%2BCi4BMXHSJMHK9Jt5SZ76%2F3Ea5obi744%2FCTdSk2RIpmXsQ0Qp4fnbhh3svoQJj2Y4cL0%2FzMyNSHB44dg6eE5JFh%2Ff8bJNGQKJl5A0R9D6jEUHYObW1DihABc4NoG0uTONWMLuv1UpVN1Qhaf%2FAVVTMji75eQJveXtRpUbhrtc2VSh0FcQg3GUL0xMn%2BEfOcCVHEEnn8FJX4mS0%2FWkSb7G04bKFHOZldqDBWPoeUQ1AXw06MC%2BDiAzwIk4rTCoyhqh4LTsNPlvC7akrVEGNF2HNEobHXg%2BRRviDwbgushuN1FZnexpYaw%2Fie4zRJOBHD5hAQf7aIvShSSoHAEBSUoFEGRExT98kBoV3PlHaGdZ9F5rp3nejkyeW%2BPHpi8J1Oyl52Ri7O9%2FCEzbMnTihSs0w7rzXa91W2G7VYsWbfLWdRstbr1VlSHUyWUuzAbdUdNyMUXKTJ18lwORo%2Fg9BG4eh3UvwpajNq1EHRz1OiE2EnvC2OEy62kSZWbBMKUyPJF5NvBnj4jL8846r9qSH585Qt2dfLn3X%2FAbYnMlvhSPSLo6dujG6Yg%2BzdM4cj3G1muErVDp293M6e5XPj2Q7ldGCvWVtzw7rt8KkzLex9Ll6%2FTVKi058h3y0oIaVeN5ZL8uOY%2Bley6d5vL3qY%2BW7%2F%2B3upaklnpnDLpGFRNCHl8DK4m5PkfTmff8pXfHkDZMawvkfhjch5Q5gg824XL5vzOLMDquYdlAQpfjmyNzS%2B1ItBy3lNWwv2vZ%2FN6z91Gz74Gmt9CmpTo2xJ9XYLqIZxfGOWZPb7yS30WYDoYMW2Dfaat%2Fubpcp06rdRD0WYylm0mG81GLLlgzSYLecxZXXQ6HLmb8Hf%2Blv8CAAD%2F%2FwEAAP%2F%2FM%2FT%2Fv2EEAAA%3D
173.233.137.60200 OK 7 B URL HTTP/1.1 dictatepantry.com/impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH72sCCm6sdKOgzEZQkMl783ssUowxEkyb2iq60%2FvrTa65793Hve%2FOm2QVLEiX43%2Fw8p2koVpKBbcWmRS6CAgZ3QQ0f4MiduVCZhoce%2BByzrnf7%2BJzzr1f7%2FkzEsLT05WrZkdpTZea1bDyxmdRdLmyrlI%2FqAw6rc9bjcsV23%2B726qGb1Y%2BkHzLLNXCKAyjMKqsKitjM1iailDZvW5U7YbVRq0aNRsY2Gd75wM4GkD0z8hLUGKy%2BCi4BMXHSJMHK9Jt5SZ76%2F3Ea5obi744%2FCTdSk2RIpmXsQ0Qp4fnbhh3svoQJj2Y4cL0%2FzMyNSHB44dg6eE5JFh%2Ff8bJNGQKJl5A0R9D6jEUHYObW1DihABc4NoG0uTONWMLuv1UpVN1Qhaf%2FAVVTMji75eQJveXtRpUbhrtc2VSh0FcQg3GUL0xMn%2BEfOcCVHEEnn8FJX4mS0%2FWkSb7G04bKFHOZldqDBWPoeUQ1AXw06MC%2BDiAzwIk4rTCoyhqh4LTsNPlvC7akrVEGNF2HNEobHXg%2BRRviDwbgushuN1FZnexpYaw%2Fie4zRJOBHD5hAQf7aIvShSSoHAEBSUoFEGRExT98kBoV3PlHaGdZ9F5rp3nejkyeW%2BPHpi8J1Oyl52Ri7O9%2FCEzbMnTihSs0w7rzXa91W2G7VYsWbfLWdRstbr1VlSHUyWUuzAbdUdNyMUXKTJ18lwORo%2Fg9BG4eh3UvwpajNq1EHRz1OiE2EnvC2OEy62kSZWbBMKUyPJF5NvBnj4jL8846r9qSH585Qt2dfLn3X%2FAbYnMlvhSPSLo6dujG6Yg%2BzdM4cj3G1muErVDp293M6e5XPj2Q7ldGCvWVtzw7rt8KkzLex9Ll6%2FTVKi058h3y0oIaVeN5ZL8uOY%2Bley6d5vL3qY%2BW7%2F%2B3upaklnpnDLpGFRNCHl8DK4m5PkfTmff8pXfHkDZMawvkfhjch5Q5gg824XL5vzOLMDquYdlAQpfjmyNzS%2B1ItBy3lNWwv2vZ%2FN6z91Gz74Gmt9CmpTo2xJ9XYLqIZxfGOWZPb7yS30WYDoYMW2Dfaat%2Fubpcp06rdRD0WYylm0mG81GLLlgzSYLecxZXXQ6HLmb8Hf%2Blv8CAAD%2F%2FwEAAP%2F%2FM%2FT%2Fv2EEAAA%3D
IP 173.233.137.60:0
File type ASCII text, with no line terminators
Hash 132d6af1b46048b45cf86cdee7991d31
eb7007d03d59b65bc6da7e098c4d38fc6dfb6285
ab852e838deccd742a03ca81d4a8d75cf1a00b327db3eaf46bd7da6b6db9384c
Analyzer Verdict Alert quad9 Sinkholed
GET /impr.gif?sid=H4sIAAAAAAAC%2F1SSz2tcVRTH72sCCm6sdKOgzEZQkMl783ssUowxEkyb2iq60%2FvrTa65793Hve%2FOm2QVLEiX43%2Fw8p2koVpKBbcWmRS6CAgZ3QQ0f4MiduVCZhoce%2BByzrnf7%2BJzzr1f7%2FkzEsLT05WrZkdpTZea1bDyxmdRdLmyrlI%2FqAw6rc9bjcsV23%2B726qGb1Y%2BkHzLLNXCKAyjMKqsKitjM1iailDZvW5U7YbVRq0aNRsY2Gd75wM4GkD0z8hLUGKy%2BCi4BMXHSJMHK9Jt5SZ76%2F3Ea5obi744%2FCTdSk2RIpmXsQ0Qp4fnbhh3svoQJj2Y4cL0%2FzMyNSHB44dg6eE5JFh%2Ff8bJNGQKJl5A0R9D6jEUHYObW1DihABc4NoG0uTONWMLuv1UpVN1Qhaf%2FAVVTMji75eQJveXtRpUbhrtc2VSh0FcQg3GUL0xMn%2BEfOcCVHEEnn8FJX4mS0%2FWkSb7G04bKFHOZldqDBWPoeUQ1AXw06MC%2BDiAzwIk4rTCoyhqh4LTsNPlvC7akrVEGNF2HNEobHXg%2BRRviDwbgushuN1FZnexpYaw%2Fie4zRJOBHD5hAQf7aIvShSSoHAEBSUoFEGRExT98kBoV3PlHaGdZ9F5rp3nejkyeW%2BPHpi8J1Oyl52Ri7O9%2FCEzbMnTihSs0w7rzXa91W2G7VYsWbfLWdRstbr1VlSHUyWUuzAbdUdNyMUXKTJ18lwORo%2Fg9BG4eh3UvwpajNq1EHRz1OiE2EnvC2OEy62kSZWbBMKUyPJF5NvBnj4jL8846r9qSH585Qt2dfLn3X%2FAbYnMlvhSPSLo6dujG6Yg%2BzdM4cj3G1muErVDp293M6e5XPj2Q7ldGCvWVtzw7rt8KkzLex9Ll6%2FTVKi058h3y0oIaVeN5ZL8uOY%2Bley6d5vL3qY%2BW7%2F%2B3upaklnpnDLpGFRNCHl8DK4m5PkfTmff8pXfHkDZMawvkfhjch5Q5gg824XL5vzOLMDquYdlAQpfjmyNzS%2B1ItBy3lNWwv2vZ%2FN6z91Gz74Gmt9CmpTo2xJ9XYLqIZxfGOWZPb7yS30WYDoYMW2Dfaat%2Fubpcp06rdRD0WYylm0mG81GLLlgzSYLecxZXXQ6HLmb8Hf%2Blv8CAAD%2F%2FwEAAP%2F%2FM%2FT%2Fv2EEAAA%3D HTTP/1.1
Host: dictatepantry.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Cookie: u_pl=15754608; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; slecedb8703573695076feb99cb156693613=[3396716]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.19.5
Date: Wed, 05 Oct 2022 21:21:42 GMT
Content-Type: image/gif
Content-Length: 7
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Accept-CH: Device-Stock-UA,Sec-CH-UA-Full-Version-ListSec-CH-UA-MobileSec-CH-UA-Platform,Sec-CH-UA-Mobile,Sec-CH-UA-Platform,Sec-CH-UA-PlatformSec-CH-UA-ModelSec-CH-UA-Mobile,Sec-CH-UA-PlatformSec-CH-UA-Platform-Version,Sec-CH-UASec-CH-UA-MobileSec-CH-UA-Platform,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: 58a1758b2452eeec6a20b563fbb720eb
Strict-Transport-Security: max-age=0; includeSubdomains
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7572f9839d29913870634cd518b39b1b
5170f7a8242df236c59673176d473cd5fc694871
c88050544fdaa78c709448537387a1a0c1e7864285a1852780f531f510060b2c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C88050544FDAA78C709448537387A1A0C1E7864285A1852780F531F510060B2C"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=1056
Expires: Wed, 05 Oct 2022 21:39:19 GMT
Date: Wed, 05 Oct 2022 21:21:43 GMT
Connection: keep-alive
cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html
104.26.7.19200 OK 6.7 kB URL HTTP/2 cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html
IP 104.26.7.19:0
File type HTML document text\012- HTML document, ASCII text
Hash b50784880622a0d112059d3daa2f12b0
52c74f028216cacdc083f4dbaebe2a92ad6a1a64
0b921d092303f07019be42fd321601f47ddac7c956954904966974e27d0987bd
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: text/html
last-modified: Tue, 01 Feb 2022 10:33:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1762081
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uO2qBVCQFRRxN%2BUtHdduZ0vsR5se82akyddYIvEULHxzhNlA%2BRac4pN63RRqdn0HoapA%2BNU1xu%2FyPqMRxymA%2BU9%2FgOoBrSOeX9UzZXtc6QMlGmBP5iji59XHI9tMlw2qptFMd7M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559355f2d15b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 7572f9839d29913870634cd518b39b1b
5170f7a8242df236c59673176d473cd5fc694871
c88050544fdaa78c709448537387a1a0c1e7864285a1852780f531f510060b2c
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "C88050544FDAA78C709448537387A1A0C1E7864285A1852780F531F510060B2C"
Last-Modified: Wed, 05 Oct 2022 09:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=20854
Expires: Thu, 06 Oct 2022 03:09:17 GMT
Date: Wed, 05 Oct 2022 21:21:43 GMT
Connection: keep-alive
ocsp.sca1b.amazontrust.com/
54.230.245.110200 OK 471 B URL HTTP/1.1 ocsp.sca1b.amazontrust.com/
IP 54.230.245.110:0
Hash 8e08fc7ced012af6fdfb1268f29696e0
7774bf3d66eef5452840bbe3d423747913aea429
b4ad63b194e1b8be667d23a076c0ca59c6e41f4e3251d57108ed522ab46d1a8b
POST / HTTP/1.1
Host: ocsp.sca1b.amazontrust.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Accept-Ranges: bytes
Cache-Control: 'max-age=158059'
Date: Wed, 05 Oct 2022 21:21:43 GMT
Last-Modified: Wed, 05 Oct 2022 20:07:03 GMT
Server: ECS (dcb/7F13)
X-Cache: Miss from cloudfront
Via: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: OSL50-P1
X-Amz-Cf-Id: uo7BOTtO1uqpwfzjL0l4B3z7PXSUvyLQukZwL5YZbhFFhJH5TVG0Ng==
Age: 4480
gettlucksurvey.top/js/data/_global-config-sd.js?v=3
104.21.75.187200 OK 316 B URL HTTP/2 gettlucksurvey.top/js/data/_global-config-sd.js?v=3
IP 104.21.75.187:0
File type ASCII text, with very long lines (344), with no line terminators
Hash 36486fead9e363a7ace4aef7e75021af
9029abd62bc661cf4551dfb0bad953ce359e02f1
39115f9fe5d3a1bcb5ed1494efedc092c5bd0879fdf834eb830547266ae7dfdf
GET /js/data/_global-config-sd.js?v=3 HTTP/1.1
Host: gettlucksurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=651
etag: W/"633d6532-28b"
last-modified: Wed, 05 Oct 2022 11:06:26 GMT
cache-control: max-age=1800
cf-cache-status: HIT
age: 4010
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nEXkzdn3VIpF3NNNbbMYhWnLVvRhuSJRHCuT7ELwdTjElo4dIl5rBW7j7UpI6d7yLJNWJWKfekfRf1WQrqLiEnychAREAQNMHWGQMED6rbtRVB9UczqRgjsn%2B6eoF2ayxqWkpIw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559356479b90b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gettlucksurvey.top/js/survey-site.js
104.21.75.187200 OK 1.3 kB URL HTTP/2 gettlucksurvey.top/js/survey-site.js
IP 104.21.75.187:0
File type ASCII text, with very long lines (3805), with no line terminators
Hash 243ef55affb1fa16f38d96eef20da576
8bb1af196e037d2926b82e18ceede73daf50cb77
c4826a6fecd2f751d704cbd670f987db93d86e2640789f125e06d80497023bd8
Analyzer Verdict Alert fortinet Phishing
GET /js/survey-site.js HTTP/1.1
Host: gettlucksurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:43 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"633d6532-edd"
last-modified: Wed, 05 Oct 2022 11:06:26 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 4010
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FQ0va4cuCRpTsY0EaLmETG94aB2hFH4lnWUf31JsjrMqzcckUlS8DZUuNwTBAAczaYric4tjAlYI7Cv2U%2FisGwzfr7DxINWFGqEl5RsomO6vCQEGbuCA6HIavMtWaUm%2FxdmBwGM%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559356489c70b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
oblongseller.com/pixel/sbs?c=1
192.243.59.12200 OK 0 B URL HTTP/1.1 oblongseller.com/pixel/sbs?c=1
IP 192.243.59.12:0
ASN #39572 DataWeb Global Group B.V.
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Analyzer Verdict Alert quad9 Sinkholed
GET /pixel/sbs?c=1 HTTP/1.1
Host: oblongseller.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Cookie: u_pl=17334956; uid_id2=a85b65dc-8258-475b-9f64-cf3c251f3864:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; sleca6b0b8925d9b3a4154c035c24b4ed97e=[3364848]
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 05 Oct 2022 21:21:43 GMT
Content-Length: 0
Connection: keep-alive
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests
Access-Control-Expose-Headers: Content-Length,Content-Range
gettlucksurvey.top/css/survey.css?v=1
104.21.75.187200 OK 4.3 kB URL HTTP/2 gettlucksurvey.top/css/survey.css?v=1
IP 104.21.75.187:0
File type ASCII text, with very long lines (19833), with no line terminators
Hash 512651188e8f237602ab4164978010e1
fc639a4e30fe8b4828bbae769b464d14c0d2c509
5256719f34e5b38885639c00dc369e3212b14e3d2b75cddab42dad77093728bf
Analyzer Verdict Alert fortinet Phishing
GET /css/survey.css?v=1 HTTP/1.1
Host: gettlucksurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:43 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=19835
etag: W/"633d6532-4d7b"
last-modified: Wed, 05 Oct 2022 11:06:26 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 4010
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kW767UIK4UJYMzr1zswUys%2F8vMvfF%2BHbrxF0glYBff4X8v7RhyOuPjVh6yT4vFccSXvQ%2FVkInc%2B5%2BLIsvPxz6r4csJ9AY%2BuYT3glViQT09QBjjCx0cuxDb7fyE%2BwtO90aNzRlVE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559356479bd0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gettlucksurvey.top/js/binom-pixel.js
104.21.75.187200 OK 537 B URL HTTP/2 gettlucksurvey.top/js/binom-pixel.js
IP 104.21.75.187:0
File type ASCII text, with very long lines (1187), with no line terminators
Hash 8a01ac6e0fb34ec8b17418bfdb524ded
dbea49be52def48ba58b6db325450e9c93703154
3b18048c07c39c9f434fb0f196db27d4d44997e653d04b0dca294e647bb06beb
Analyzer Verdict Alert fortinet Phishing
GET /js/binom-pixel.js HTTP/1.1
Host: gettlucksurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:43 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"633d6532-4a3"
last-modified: Wed, 05 Oct 2022 11:06:26 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 1800
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VncRzChrET4aMg1kvvOrFciVFUFqbcdpw4n104doSLJPyNZwrz0miUkWfcT%2F4D2D6%2B7oDEC%2BnRvnXDhI0AJzXfXMIzN%2FPhD52MTraEl2o7%2FafYbEut9qaFtwon0B1VaUsNEo67Q%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559356489ca0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gettlucksurvey.top/js/config.js?v=8
104.21.75.187200 OK 22 kB URL HTTP/2 gettlucksurvey.top/js/config.js?v=8
IP 104.21.75.187:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash 17fd8e3b88963effb7232eb2aeb57cf6
1c5ea9d48765190dc4a2e10680017859249db547
41b74d48e2acfe87063cb18f945b1722f46df9976a18ec470d0888c40b931f38
Analyzer Verdict Alert fortinet Phishing
GET /js/config.js?v=8 HTTP/1.1
Host: gettlucksurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:43 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"633d6532-1085d"
last-modified: Wed, 05 Oct 2022 11:06:26 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 403
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KrC%2FztQKWOQ89dw5XX6YwIP2JkloQMZTu6vz2PlZIms3lcbVjFeFnUBv6%2BAUx9b8nYYmjsQ1zvzr2oBWtLSJd3g9cvlGDge7vxYP9U%2BZsXQMWThDOLzqn7DNgxyWXdkL%2F3RTaMU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559356479bc0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gettlucksurvey.top/js/data/rtc.js?v=1
104.21.75.187200 OK 6.3 kB URL HTTP/2 gettlucksurvey.top/js/data/rtc.js?v=1
IP 104.21.75.187:0
File type ASCII text, with very long lines (10798), with no line terminators
Hash 3626a1fb084271c817308ad7c451186b
c237a708f51180927c23236c66875af6c659db98
1e8e40e87f0d25b1fc4223e029bf20075b7e7a64fb746b008ad23d7bca96aa40
Analyzer Verdict Alert fortinet Phishing
GET /js/data/rtc.js?v=1 HTTP/1.1
Host: gettlucksurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:43 GMT
content-type: application/javascript
cf-bgj: minify
cf-polished: origSize=14949
etag: W/"633d6532-3a65"
last-modified: Wed, 05 Oct 2022 11:06:26 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 4010
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hK45AoCO6XO7ZJfsbHz086PLuTSYKXDlYP8%2FaHcFsckd45zazoS%2F%2FznCNr2gTdIFUmTTColrV04WSknTjJv4Xfcho%2BxDPRMAJWxU4%2FPAOInVhpnFoLLKm9BPS1wFhHfvln6W4Yw%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559356479ba0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
my.rtmark.net/gid.js
139.45.195.8200 OK 65 B IP 139.45.195.8:0
File type JSON data\012- , ASCII text
Hash 4bdaee49c976b7ca38cf5e38985944f4
0580d1c99ccb2260dbe59fd595278395e2da6736
d93d3ef799d6948adde7b1c02f7fdabe06cd58227907fbba2d546ce333fa4b07
GET /gid.js HTTP/1.1
Host: my.rtmark.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: application/json, text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gettlucksurvey.top
Connection: keep-alive
Cookie: ID=8cf80dae776d4d1cb594ff7a78953d18
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:43 GMT
content-type: application/json; charset=utf-8
content-length: 65
access-control-allow-origin: https://gettlucksurvey.top
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
set-cookie: ID=8cf80dae776d4d1cb594ff7a78953d18; expires=Thu, 05 Oct 2023 21:21:43 GMT; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
X-Firefox-Spdy: h2
gettlucksurvey.top/css/style.css?v=1
104.21.75.187200 OK 6.4 kB URL HTTP/2 gettlucksurvey.top/css/style.css?v=1
IP 104.21.75.187:0
File type ASCII text, with very long lines (40797), with no line terminators
Hash 2d7ea3ed4a7d5a0421834c5fdc3bd39f
9f20d8acd34cdfc547e78721a3f6f568371a92b9
9221238c01fdef761c28e6d9b947d9cd8f5f40e09ff031e60a63aa2701eada92
GET /css/style.css?v=1 HTTP/1.1
Host: gettlucksurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:43 GMT
content-type: text/css
cf-bgj: minify
cf-polished: origSize=40801
etag: W/"633d6532-9f61"
last-modified: Wed, 05 Oct 2022 11:06:26 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 4010
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ijcr51nG%2F7beezkKRU4Z3m8gZkvQA9IFM81xB9vQ2Gz%2B%2BMVf%2FujKLXxaSyvtrvCU8L2Tege54gNIFH%2BaWb%2BdLAOzaDgyrPhYmhVDS%2BK2BEyACedH2cdNX6n01XXOgbGmZWuaF8M%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559356489be0b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gettlucksurvey.top/js/survey.js?v=14
104.21.75.187200 OK 93 kB URL HTTP/2 gettlucksurvey.top/js/survey.js?v=14
IP 104.21.75.187:0
File type ASCII text, with very long lines (65536), with no line terminators
Hash c366f73a9e10d19ecaf02d6802d17031
1c7795e3b9f2147b39f6e2d29be8685d2b00abe4
ed7d986531b7b58f06be591367852863e8c0508e79f853b9f4dbc391af449d6a
Analyzer Verdict Alert fortinet Phishing
GET /js/survey.js?v=14 HTTP/1.1
Host: gettlucksurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:43 GMT
content-type: application/javascript
cf-bgj: minify
etag: W/"633d6532-4a591"
last-modified: Wed, 05 Oct 2022 11:06:26 GMT
vary: Accept-Encoding
cache-control: max-age=1800
cf-cache-status: HIT
age: 403
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MGJH43avAq3uk4pIq32MCnsKu5DJAYCqf3BMEUoE3oT77KmakJve3R89RupblB3%2B8m0nnVVwWamgbtgJtkHza8mwA78bWvylR7DhS1Ket9JwNQ1NLZv1WJqKRpmohX8W1TatsHs%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559356489c80b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
142.250.74.162200 OK 54 kB URL HTTP/2 pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
IP 142.250.74.162:0
File type ASCII text, with very long lines (2910)
Hash 188314c160769686f799677c399b729e
82476716d0f1e59d59d1dd1e490f314cc766bcd3
9ad947ff197c935b4ba4b491151bb9ad1f51409a6b55519a6e550d2236dc85fe
GET /pagead/js/adsbygoogle.js HTTP/1.1
Host: pagead2.googlesyndication.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding, Origin
date: Wed, 05 Oct 2022 21:21:43 GMT
expires: Wed, 05 Oct 2022 21:21:43 GMT
cache-control: private, max-age=3600
content-type: text/javascript; charset=UTF-8
etag: 6886087527613720716
x-content-type-options: nosniff
content-disposition: attachment; filename="f.txt"
content-encoding: br
server: cafe
content-length: 54528
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=94478433
190.115.19.71200 OK 494 B URL HTTP/2 hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=94478433
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash 790024ba1617efc6c2057ef283608248
661eeae1a21197d56d79d936abf5fc3a1745fb32
fb18ca0a3e16aa4e6bf1cc146c66dfe4a14a8e2799860458f981ebc1250e40c5
GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=94478433 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=259229259205265273269254264234225276194271217271255&autoplay=none&hash_from=afd56fe43c75ac2d9c7decc24819fcb6
Cookie: uid=3sOmnQqtTP0Kd_1vHm8v2e63Z6gk2xdm; dom3ic8zudi28v8lr6fgphwffqoz0j6c=a85b65dc-8258-475b-9f64-cf3c251f3864%3A1%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=oblongseller.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=okXpMa2qROYEymm2LnZx; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:43 GMT
date: Wed, 05 Oct 2022 21:21:43 GMT
content-type: application/json
access-control-allow-origin: *
x-inferno-location: banner
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
googleads.g.doubleclick.net/pagead/html/r20220928/r20190131/zrt_lookup.html
142.250.74.130200 OK 4.4 kB URL HTTP/2 googleads.g.doubleclick.net/pagead/html/r20220928/r20190131/zrt_lookup.html
IP 142.250.74.130:0
File type HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (1731)
Hash 682bf699cccbc0ff817e1fcb7b95262a
11ad3edf0008f52b733c2d6d7199e1f052318d58
bd42f773d589f85cf6884d7893746d5d4e0c082f78e1c80511cf3aefa1c69a0f
GET /pagead/html/r20220928/r20190131/zrt_lookup.html HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin: *
cross-origin-resource-policy: cross-origin
vary: Accept-Encoding
x-content-type-options: nosniff
content-encoding: gzip
server: cafe
content-length: 4420
x-xss-protection: 0
date: Wed, 05 Oct 2022 13:35:27 GMT
expires: Wed, 19 Oct 2022 13:35:27 GMT
cache-control: public, max-age=1209600
age: 27977
etag: 9671129459699598864
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fgettlucksurvey.top%2Ffinance-survey.html%3Fz%3D4297172%26offer_id%3D2577%26var%3D4099539%26ymid%3DX65jdLt6gsU6E5_8RE_990naulEiXiFbcxjDWjuUQ4VGqmsZLZdPD3oIp0BmE390revALbeF7oyS5IwNyOSpwvIRiTv6mQq4AFE0_jzSABprpjFmU1rD6EBw0KE10A_gUIDRUi%26campid%3D%257Bcampaignid%257D%26utm_campaign%3D4099539%26utm_medium%3D4297172%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A795478327360%3Ahid%3A377173945%3Az%3A0%3Ai%3A20221005212143%3Aet%3A1665004904%3Arn%3A120481991%3Arqn%3A1%3Au%3A1665004904481581609%3Aw%3A1920x1080%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C257%2C0%2C%2C%2C%2C370%3Ans%3A1665004903216%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665004904%3At%3A%24%24%24%20Online%20Test&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
87.250.251.119302 Found 59 kB URL HTTP/2 mc.yandex.ru/watch/66423859?wmode=7&page-url=https%3A%2F%2Fgettlucksurvey.top%2Ffinance-survey.html%3Fz%3D4297172%26offer_id%3D2577%26var%3D4099539%26ymid%3DX65jdLt6gsU6E5_8RE_990naulEiXiFbcxjDWjuUQ4VGqmsZLZdPD3oIp0BmE390revALbeF7oyS5IwNyOSpwvIRiTv6mQq4AFE0_jzSABprpjFmU1rD6EBw0KE10A_gUIDRUi%26campid%3D%257Bcampaignid%257D%26utm_campaign%3D4099539%26utm_medium%3D4297172%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A795478327360%3Ahid%3A377173945%3Az%3A0%3Ai%3A20221005212143%3Aet%3A1665004904%3Arn%3A120481991%3Arqn%3A1%3Au%3A1665004904481581609%3Aw%3A1920x1080%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C257%2C0%2C%2C%2C%2C370%3Ans%3A1665004903216%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665004904%3At%3A%24%24%24%20Online%20Test&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2)
IP 87.250.251.119:0
File type JPEG image data, JFIF standard 1.02, resolution (DPI), density 72x72, segment length 16, progressive, precision 8, 1280x720, components 3\012- data
Hash e51b8ef24170d9f59b23361235e1ce61
fb2b4426d6aca099012e777382b434113a0c955e
0b82bb676b233a0c43870ed931389e1520f34361b7db7eb5ad9276593dbd6b9c
GET /watch/66423859?wmode=7&page-url=https%3A%2F%2Fgettlucksurvey.top%2Ffinance-survey.html%3Fz%3D4297172%26offer_id%3D2577%26var%3D4099539%26ymid%3DX65jdLt6gsU6E5_8RE_990naulEiXiFbcxjDWjuUQ4VGqmsZLZdPD3oIp0BmE390revALbeF7oyS5IwNyOSpwvIRiTv6mQq4AFE0_jzSABprpjFmU1rD6EBw0KE10A_gUIDRUi%26campid%3D%257Bcampaignid%257D%26utm_campaign%3D4099539%26utm_medium%3D4297172%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A795478327360%3Ahid%3A377173945%3Az%3A0%3Ai%3A20221005212143%3Aet%3A1665004904%3Arn%3A120481991%3Arqn%3A1%3Au%3A1665004904481581609%3Aw%3A1920x1080%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C257%2C0%2C%2C%2C%2C370%3Ans%3A1665004903216%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665004904%3At%3A%24%24%24%20Online%20Test&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://gettlucksurvey.top
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/66423859/1?wmode=7&page-url=https%3A%2F%2Fgettlucksurvey.top%2Ffinance-survey.html%3Fz%3D4297172%26offer_id%3D2577%26var%3D4099539%26ymid%3DX65jdLt6gsU6E5_8RE_990naulEiXiFbcxjDWjuUQ4VGqmsZLZdPD3oIp0BmE390revALbeF7oyS5IwNyOSpwvIRiTv6mQq4AFE0_jzSABprpjFmU1rD6EBw0KE10A_gUIDRUi%26campid%3D%257Bcampaignid%257D%26utm_campaign%3D4099539%26utm_medium%3D4297172%26utm_content%3Dzd_public_v2&charset=utf-8&site-info=%7B%7D&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A1%3Adp%3A0%3Als%3A795478327360%3Ahid%3A377173945%3Az%3A0%3Ai%3A20221005212143%3Aet%3A1665004904%3Arn%3A120481991%3Arqn%3A1%3Au%3A1665004904481581609%3Aw%3A1920x1080%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C%2C0%2C%2C257%2C0%2C%2C%2C%2C370%3Ans%3A1665004903216%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665004904%3At%3A%24%24%24%20Online%20Test&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29fip%281%29rqnl%281%29ti%282%29
date: Wed, 05 Oct 2022 21:21:43 GMT
access-control-allow-origin: https://gettlucksurvey.top
set-cookie: yandexuid=6918791881665004903; Expires=Thu, 05-Oct-2023 21:21:43 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=6918791881665004903; Expires=Thu, 05-Oct-2023 21:21:43 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=452904891665004903; Path=/; SameSite=None; Secure
i=GX+mQJhKr2ZJJaG2fthTTHgmV2NdKLAJ4Rk67wiqclkCtKM9U/ddYrp6dJI6XrF46TIeZ7zoiUDSpcVEkJuWxTvf6cI=; Expires=Sat, 02-Oct-2032 21:21:37 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696540903.yrts.1665004903#1696540903.yrtsi.1665004903; Expires=Thu, 05-Oct-2023 21:21:43 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 05-Oct-2022 21:21:43 GMT
last-modified: Wed, 05-Oct-2022 21:21:43 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
unseenreport.com/pxf.gif?uuid=a85b65dc-8258-475b-9f64-cf3c251f3864&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=a85b65dc-8258-475b-9f64-cf3c251f3864&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=a85b65dc-8258-475b-9f64-cf3c251f3864&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=0a6e9a96058c7f39edbf4999920d05a3&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 05 Oct 2022 21:21:44 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: e71123e4fa92291f8bbb29bedcb811ef
Strict-Transport-Security: max-age=0; includeSubdomains
unseenreport.com/pxf.gif?uuid=a85b65dc-8258-475b-9f64-cf3c251f3864&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
192.243.59.13200 OK 1 B URL HTTP/1.1 unseenreport.com/pxf.gif?uuid=a85b65dc-8258-475b-9f64-cf3c251f3864&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21
IP 192.243.59.13:0
ASN #39572 DataWeb Global Group B.V.
File type very short file (no magic)
Hash 93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d
Analyzer Verdict Alert quad9 Sinkholed
GET /pxf.gif?uuid=a85b65dc-8258-475b-9f64-cf3c251f3864&eb=72d67910a8ee07737c08ec4a7ef2f980&te=b0143518e841b2470af84d86e1b09d3b&ua=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64%3B%20rv%3A96.0)%20Gecko%2F20100101%20Firefox%2F96.0&dev=r&res=14.31&b_frame=1&pk=a6b0b8925d9b3a4154c035c24b4ed97e&bl=en-US&sr=1002x1280&sz=1024x1280&hjs=21 HTTP/1.1
Host: unseenreport.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/1.1 200 OK
Server: nginx/1.17.6
Date: Wed, 05 Oct 2022 21:21:44 GMT
Content-Type: image/gif
Content-Length: 1
Connection: keep-alive
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Access-Control-Allow-Origin: *
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
X-Request-ID: f8c2603e57dda56fd6cd8f46f378212f
Strict-Transport-Security: max-age=0; includeSubdomains
xml.revrtb.net/redirect?feed=389295&auth=ANAKRj&pubid=150077
174.137.133.16302 Found 0 B URL HTTP/1.1 xml.revrtb.net/redirect?feed=389295&auth=ANAKRj&pubid=150077
IP 174.137.133.16:0
ASN #27257 WEBAIR-INTERNET
Hash d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
GET /redirect?feed=389295&auth=ANAKRj&pubid=150077 HTTP/1.1
Host: xml.revrtb.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxperts.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/1.1 302 Found
Server: nginx
Date: Wed, 05 Oct 2022 21:21:44 GMT
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store
Age: 0
Location: https://cngcpy.com/cuhdl?wh=MS9RKSYOsDOD7jbbc39Ni1Cy&si1=464772
Pragma: no-cache
e1.o.lencr.org/
23.36.76.226200 OK 345 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash 852b055ae3582ba1dfdcc5bdd252d3e0
175606396159cd25a65a0934eee83be4c200ab74
8781401e12c398f609eb65434567ca5dc3e91c7b96d2bfb66b77efba4564460e
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8781401E12C398F609EB65434567CA5DC3E91C7B96D2BFB66B77EFBA4564460E"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6155
Expires: Wed, 05 Oct 2022 23:04:19 GMT
Date: Wed, 05 Oct 2022 21:21:44 GMT
Connection: keep-alive
e1.o.lencr.org/
23.36.76.226200 OK 662 B IP 23.36.76.226:0
ASN #20940 Akamai International B.V.
Hash f26d92be089f4c5d2c24563df7bfc41a
93abad9b0ead711e0d942dc21fac2807d3d0ea51
f6ad5673caa996715c011f047352d93ca8f29cff7f86f55650ca37800d62d392
POST / HTTP/1.1
Host: e1.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 345
ETag: "8781401E12C398F609EB65434567CA5DC3E91C7B96D2BFB66B77EFBA4564460E"
Last-Modified: Tue, 04 Oct 2022 00:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=6155
Expires: Wed, 05 Oct 2022 23:04:19 GMT
Date: Wed, 05 Oct 2022 21:21:44 GMT
Connection: keep-alive
r3.o.lencr.org/
23.36.77.32200 OK 503 B IP 23.36.77.32:0
ASN #20940 Akamai International B.V.
Hash c39d657df7eee03eb0908805deaaf664
dc557bc92c25455667725fb7718ab66383e5cc79
af05451f9dd3b5e4215960516661c4537c4a27a81ea426fda8f83de48ad70871
POST / HTTP/1.1
Host: r3.o.lencr.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 85
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: nginx
Content-Type: application/ocsp-response
Content-Length: 503
ETag: "AF05451F9DD3B5E4215960516661C4537C4A27A81EA426FDA8F83DE48AD70871"
Last-Modified: Wed, 05 Oct 2022 14:00:00 UTC
Cache-Control: public, no-transform, must-revalidate, max-age=9978
Expires: Thu, 06 Oct 2022 00:08:03 GMT
Date: Wed, 05 Oct 2022 21:21:45 GMT
Connection: keep-alive
mc.yandex.ru/watch/54046198?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fplayer%2Fembed_player.php%3Fvid%3D259229259205265273269254264234225276194271217271255%26autoplay%3Dnone%26hash_from%3Dafd56fe43c75ac2d9c7decc24819fcb6&page-ref=https%3A%2F%2Fgaypornhdfree.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A801%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A914169328716%3Ahid%3A128805785%3Az%3A0%3Ai%3A20221005212145%3Aet%3A1665004906%3Arn%3A284611%3Arqn%3A1%3Au%3A1665004901354468012%3Aw%3A734x413%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C2%2C0%2C%2C671%2C1%2C4354%2C4354%2C6%2C1041%3Aeu%3A1%3Ans%3A1665004899449%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665004906%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)ecs(1)fip(1)rqnl(1)ti(2)
87.250.251.119302 Found 419 B URL HTTP/2 mc.yandex.ru/watch/54046198?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fplayer%2Fembed_player.php%3Fvid%3D259229259205265273269254264234225276194271217271255%26autoplay%3Dnone%26hash_from%3Dafd56fe43c75ac2d9c7decc24819fcb6&page-ref=https%3A%2F%2Fgaypornhdfree.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A801%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A914169328716%3Ahid%3A128805785%3Az%3A0%3Ai%3A20221005212145%3Aet%3A1665004906%3Arn%3A284611%3Arqn%3A1%3Au%3A1665004901354468012%3Aw%3A734x413%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C2%2C0%2C%2C671%2C1%2C4354%2C4354%2C6%2C1041%3Aeu%3A1%3Ans%3A1665004899449%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665004906%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)ecs(1)fip(1)rqnl(1)ti(2)
IP 87.250.251.119:0
File type JSON data\012- , ASCII text, with very long lines (419), with no line terminators
Hash 3fe2ce0d615423ccb9cb56618c68da4e
50d58a79ea680f6bb76bc0dee6edf4ef52c7177c
90d8a5f4c636cd00b82bb48f45e1033d215d957c9d0eb16afe956156c85c7a15
GET /watch/54046198?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fplayer%2Fembed_player.php%3Fvid%3D259229259205265273269254264234225276194271217271255%26autoplay%3Dnone%26hash_from%3Dafd56fe43c75ac2d9c7decc24819fcb6&page-ref=https%3A%2F%2Fgaypornhdfree.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A801%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A914169328716%3Ahid%3A128805785%3Az%3A0%3Ai%3A20221005212145%3Aet%3A1665004906%3Arn%3A284611%3Arqn%3A1%3Au%3A1665004901354468012%3Aw%3A734x413%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C2%2C0%2C%2C671%2C1%2C4354%2C4354%2C6%2C1041%3Aeu%3A1%3Ans%3A1665004899449%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665004906%3At%3AVideo%20player&t=gdpr(14)clc(0-0-0)aw(1)rqnt(1)ecs(1)fip(1)rqnl(1)ti(2) HTTP/1.1
Host: mc.yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 302 Found
location: /watch/54046198/1?wmode=7&page-url=https%3A%2F%2Fhqq.to%2Fplayer%2Fembed_player.php%3Fvid%3D259229259205265273269254264234225276194271217271255%26autoplay%3Dnone%26hash_from%3Dafd56fe43c75ac2d9c7decc24819fcb6&page-ref=https%3A%2F%2Fgaypornhdfree.com%2F&charset=utf-8&browser-info=pv%3A1%3Agdpr%3A14%3Avf%3Aat6op7b9z7b01ildsv2t4%3Afp%3A801%3Afu%3A0%3Aen%3Autf-8%3Ala%3Aen-US%3Av%3A904%3Acn%3A2%3Adp%3A0%3Als%3A914169328716%3Ahid%3A128805785%3Az%3A0%3Ai%3A20221005212145%3Aet%3A1665004906%3Arn%3A284611%3Arqn%3A1%3Au%3A1665004901354468012%3Aw%3A734x413%3As%3A1280x1024x24%3Ask%3A1%3Aifr%3A1%3Awv%3A2%3Ads%3A0%2C0%2C0%2C%2C2%2C0%2C%2C671%2C1%2C4354%2C4354%2C6%2C1041%3Aeu%3A1%3Ans%3A1665004899449%3Aadb%3A2%3Afip%3Aa81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-a81f3b9bcdd80a361c14af38dc09b309-4bd84c89c35a312599d807af285e7b5f-4335742423629acc806791d3e9f585f3-5b56a9f28e63b1a76c5f94a136cc484e-61b9878bbce18de73aafc8582a198c0c-e9c964637c807fcca817e718cc2d1338-a81f3b9bcdd80a361c14af38dc09b309-5cbccea2ed3dd5c7a75380ef1cbfadf6-2facd2c41a0047c68391f933b930bc3a%3Arqnl%3A1%3Ast%3A1665004906%3At%3AVideo%20player&t=gdpr%2814%29clc%280-0-0%29aw%281%29rqnt%281%29ecs%281%29fip%281%29rqnl%281%29ti%282%29
date: Wed, 05 Oct 2022 21:21:45 GMT
access-control-allow-origin: https://hqq.to
set-cookie: yandexuid=3328495921665004905; Expires=Thu, 05-Oct-2023 21:21:45 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yuidss=3328495921665004905; Expires=Thu, 05-Oct-2023 21:21:45 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
yabs-sid=2103950391665004905; Path=/; SameSite=None; Secure
i=WnbC0nvt9O3nYzHe2EN0DM4YXjBIAbVo2Eojx2un6+RgCEkMG4AIPhmaHH2MtSGQTIg/SgFH4xmLTdTjHZMe4qQmnBo=; Expires=Sat, 02-Oct-2032 21:21:44 GMT; Domain=.yandex.ru; Path=/; Secure; HttpOnly; SameSite=None
ymex=1696540905.yrts.1665004905#1696540905.yrtsi.1665004905; Expires=Thu, 05-Oct-2023 21:21:45 GMT; Domain=.yandex.ru; Path=/; SameSite=None; Secure
access-control-allow-credentials: true
pragma: no-cache
x-xss-protection: 1; mode=block
expires: Wed, 05-Oct-2022 21:21:45 GMT
last-modified: Wed, 05-Oct-2022 21:21:45 GMT
cache-control: private, no-cache, no-store, must-revalidate, max-age=0
strict-transport-security: max-age=31536000
X-Firefox-Spdy: h2
hqq.to/js/video.counters.2.js?117
190.115.19.71200 OK 484 B URL HTTP/2 hqq.to/js/video.counters.2.js?117
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
Hash c2c1cc7ec47758ab1257a45b16234b61
1012db47f0faa9ef9eea3e8b4621ba85452b9a9c
1f1c31f6cbc8fbf20bbe8f68cd49f7fe1bd504abb901d834ab53e52487080eb9
GET /js/video.counters.2.js?117 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=259229259205265273269254264234225276194271217271255&autoplay=none&hash_from=afd56fe43c75ac2d9c7decc24819fcb6
Cookie: uid=3sOmnQqtTP0Kd_1vHm8v2e63Z6gk2xdm; dom3ic8zudi28v8lr6fgphwffqoz0j6c=a85b65dc-8258-475b-9f64-cf3c251f3864%3A1%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=oblongseller.com
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=YneJvCKaVjpeZAb6eZ6X; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:45 GMT
date: Wed, 05 Oct 2022 21:21:44 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 06 Feb 2022 19:35:56 GMT
etag: W/"6200231c-2b8"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
cngcpy.com/cuhdl?wh=MS9RKSYOsDOD7jbbc39Ni1Cy&si1=464772
104.21.38.243302 Found 175 B URL HTTP/2 cngcpy.com/cuhdl?wh=MS9RKSYOsDOD7jbbc39Ni1Cy&si1=464772
IP 104.21.38.243:0
File type HTML document text\012- HTML document text\012- HTML document, ASCII text, with no line terminators
Hash 90e91933a3657aa3ed8bd1afd15c8b1f
e6f98e9c43ebadf587e711f75a857ee81ab5b637
77fc2600678c61392104b1d1822b50a535403448d3d39ad4ba2a89c3073e4916
GET /cuhdl?wh=MS9RKSYOsDOD7jbbc39Ni1Cy&si1=464772 HTTP/1.1
Host: cngcpy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxperts.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 05 Oct 2022 21:21:44 GMT
content-type: text/html; charset=utf-8
location: https://media.bigbasketshop.com/track?q=gvOY2LoKdfEvB
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P9u2KimvQxEuDRPaWFkUO4OCu6PRGpgqBmqK4fP%2Fii10nkRIvvCoK4X16sYMs8GXqVIDKm0etdyRvyPVCEh0j5SRDJPR8cRHobB%2FHrxaX%2FtWIbUZ2LDO%2B%2FmtMS2%2F"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559356ceab3fab8-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
ocsp.godaddy.com/
192.124.249.24200 OK 1.8 kB IP 192.124.249.24:0
Hash 493de05f917ea3bcb1723878c50010b8
29b04c95e53dfdcf93279b5e15f844c8d4338449
9446b03340938de34b15295decfe71224e53377856eec69d25017c08a4ddf382
POST / HTTP/1.1
Host: ocsp.godaddy.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 75
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 200 OK
Server: Sucuri/Cloudproxy
Date: Wed, 05 Oct 2022 21:21:46 GMT
Content-Type: application/ocsp-response
Content-Length: 1777
Connection: keep-alive
X-Sucuri-ID: 19024
Content-Transfer-Encoding: Binary
Cache-Control: public, no-transform, must-revalidate
Last-Modified: Tue, 04 Oct 2022 23:58:48 GMT
Expires: Wed, 05 Oct 2022 23:58:48 GMT
ETag: "29b04c95e53dfdcf93279b5e15f844c8d4338449"
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/js/script.js
172.64.201.2200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/js/script.js
IP 172.64.201.2:0
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/js/script.js HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: application/javascript
last-modified: Tue, 17 Aug 2021 13:04:06 GMT
etag: W/"611bb3c6-182"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5483418
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2B3tmG8LimJL3j0pjNmvQ6zN%2BEdqf8RZp5fKV6V4ksXgKb7ZYyXYqVy4irk8Lnif3xnPwBYuR2B5JSmKrJNUkGbix2dbfaY3ztwxkBzoaoLUcxyzobOVnhCM5N1PCFh5k70%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75593560799f73df-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=51685739
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=51685739
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /ad/banner/_adsense_/_adserver/_adview_.ad.json?adzone=top&adsize=300x250&advid=51685739 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=259229259205265273269254264234225276194271217271255&autoplay=none&hash_from=afd56fe43c75ac2d9c7decc24819fcb6
Cookie: uid=3sOmnQqtTP0Kd_1vHm8v2e63Z6gk2xdm; dom3ic8zudi28v8lr6fgphwffqoz0j6c=a85b65dc-8258-475b-9f64-cf3c251f3864%3A1%3A1; sb_main_a6b0b8925d9b3a4154c035c24b4ed97e=1; sb_count_a6b0b8925d9b3a4154c035c24b4ed97e=1; pbpr0tpuw4isk85t8yg3jb2lj5vqf=oblongseller.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=r7YeBHofsuoENySpIJPD; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:43 GMT
date: Wed, 05 Oct 2022 21:21:43 GMT
content-type: application/json
access-control-allow-origin: *
x-inferno-location: banner
content-encoding: gzip
vary: Accept-Encoding
X-Firefox-Spdy: h2
jaygay.to/player/hash.php?hash=259229259205265273269254264234225276194271217271255
104.21.7.180200 OK 0 B URL HTTP/2 jaygay.to/player/hash.php?hash=259229259205265273269254264234225276194271217271255
IP 104.21.7.180:0
GET /player/hash.php?hash=259229259205265273269254264234225276194271217271255 HTTP/1.1
Host: jaygay.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
pragma: cache
x-origin-location: player
cache-control: max-age=7200
x-cache-status-inferno: HIT
x-inferno-location: player
x-inferno-limit-req: PASSED
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UOBw8SZgzg%2B60ouZtWBXXgcoPngGVniUaq27WeIm%2BARg%2F1uiDcWdoYMjnk2b9uPrcNEvIrR2UD3y628ZYveYc4n3VLxVsYv1VLGwWXvKhnZmak%2FBasepz3JszD8%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75593548c9d2b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hqq.to/js/adv/fuckadblock.js?2
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/js/adv/fuckadblock.js?2
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /js/adv/fuckadblock.js?2 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=259229259205265273269254264234225276194271217271255&autoplay=none&hash_from=afd56fe43c75ac2d9c7decc24819fcb6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=WlafM3wfqntMAlVOTSvS; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:40 GMT
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 27 Aug 2019 17:39:04 GMT
etag: W/"5d656ab8-369e"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
cagothie.net/5/4824176/?oo=1&aab=1
139.45.197.238200 OK 0 B URL HTTP/2 cagothie.net/5/4824176/?oo=1&aab=1
IP 139.45.197.238:0
GET /5/4824176/?oo=1&aab=1 HTTP/1.1
Host: cagothie.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: application/json
x-trace-id: 041969e199153e94bbea520bdeb26ecc
link: <https://my.rtmark.net>; rel="preconnect dns-prefetch",<https://propeller-tracking.com>; rel="preconnect dns-prefetch",<https://diromalxx.com>; rel="preconnect dns-prefetch"
access-control-allow-origin: https://dood.so
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
timing-allow-origin: *
set-cookie: OAID=8cf80dae776d4d1cb594ff7a78953d18; expires=Thu, 05 Oct 2023 21:21:40 GMT; path=/; secure; SameSite=None
oaidts=1665004900; expires=Thu, 05 Oct 2023 21:21:40 GMT; path=/; secure; SameSite=None
syncedCookie=; expires=Tue, 10 Nov 2009 23:00:00 GMT
pragma: no-cache, no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT
content-encoding: gzip
X-Firefox-Spdy: h2
unphionetor.com/fv.js?t=72747&cb=1741252440
139.45.197.236200 OK 0 B URL HTTP/2 unphionetor.com/fv.js?t=72747&cb=1741252440
IP 139.45.197.236:0
Analyzer Verdict Alert quad9 Sinkholed
GET /fv.js?t=72747&cb=1741252440 HTTP/1.1
Host: unphionetor.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-08.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: text/javascript; charset=utf8
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token
access-control-expose-headers: Authorization
access-control-allow-credentials: true
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
x-trace-id: ac9f8cd8c8c95ce5cb9ae3b3aa7f81e0
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
dozubatan.com/500/4245378?excludes=&oaid=8cf80dae776d4d1cb594ff7a78953d18&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=2&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&drf=https%3A%2F%2Fgaypornhdfree.com%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/500/4245378?excludes=&oaid=8cf80dae776d4d1cb594ff7a78953d18&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=2&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&drf=https%3A%2F%2Fgaypornhdfree.com%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false
IP 139.45.197.237:0
GET /500/4245378?excludes=&oaid=8cf80dae776d4d1cb594ff7a78953d18&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=2&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&drf=https%3A%2F%2Fgaypornhdfree.com%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Cookie: OAID=8cf80dae776d4d1cb594ff7a78953d18
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: application/javascript
x-trace-id: abb9e9601e85b8591089a3733d2c675c
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://dood.so
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=8cf80dae776d4d1cb594ff7a78953d18; expires=Thu, 05 Oct 2023 21:21:42 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
unpkg.com/jquery@2.2.4/dist/jquery.min.js
104.16.126.175200 OK 0 B URL HTTP/2 unpkg.com/jquery@2.2.4/dist/jquery.min.js
IP 104.16.126.175:0
GET /jquery@2.2.4/dist/jquery.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Fri, 20 May 2016 17:24:42 GMT
etag: W/"14e4a-abtp4lyn1e8JNTF1hOYVPz/ZqIw"
via: 1.1 fly.io
fly-request-id: 01G754SVY4BFC19MXYRYRMED91-fra
cf-cache-status: HIT
age: 8048401
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 755935528de21bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
addresseepaper.com/sfp.js
172.64.192.5200 OK 0 B URL HTTP/2 addresseepaper.com/sfp.js
IP 172.64.192.5:0
GET /sfp.js HTTP/1.1
Host: addresseepaper.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: application/javascript; charset=utf-8
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
access-control-allow-origin: *
expires: Thu, 01 Jan 1970 00:00:01 GMT
cache-control: max-age=14400
x-request-id: eb81df2ade226302134a15aca159c17c
strict-transport-security: max-age=0; includeSubdomains
cf-cache-status: EXPIRED
last-modified: Wed, 05 Oct 2022 21:21:40 GMT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1dPYmlfdmyIYxc1ZrrX9rby3i8pFt%2BcrdlP76jhmY1kGAb2rbsVYfDL%2Bi8MDFtDQGcxFhJilJnUJTWcosK79Hrnoixj0Xz%2BONMnsS%2BDR2A64FH3x4tYBaLL3umqzzRHNwwlEtjA%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 755935551ab37314-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D3499257240%26z%3D3203051%26b%3D5363098%26c%3D2752952%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3Dut4xjdI1uz2MAuJxPs4ZPrWJwJuX_0yn1kMVg26FmD7q2LLDmDofJrh7o-Wo5FyiqSPPYDlrVpp1SPVBAYSUWduvOWwkLb9cHA7DhMi9ACrjw7y7T-z0slsInKRpkvAiRC70MP2J5pneUNhUcwkNY7ilQJsjjhiQGyQVY5WlysapgiKBae9_duC780Ivp6KwQn7GTsMrG3ENqhzlevt_6iFxTaXyAx6mkwKkFruINfUPuukge1oNBmHupcNA1KZmHKJ9YODxOxUTiF9ap2vSbYF88wrEFVWVq0D7SPfZyy34JNvUu6WrLg%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D400b9f3f-4db2-4c79-bfc8-a2686e539879%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fdood.so%252Fe%252Feeyxdpnnlt5vylnu90ziykyc4zadvv2%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D734%26wiw%3D734%26wih%3D413%26wfc%3D4%26sah%3D1002%26drf%3Dhttps%253A%252F%252Fgaypornhdfree.com%252F%26hil%3D1%26ist%3D0%26tbc%3D0
139.45.197.151200 OK 0 B URL HTTP/2 interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D3499257240%26z%3D3203051%26b%3D5363098%26c%3D2752952%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3Dut4xjdI1uz2MAuJxPs4ZPrWJwJuX_0yn1kMVg26FmD7q2LLDmDofJrh7o-Wo5FyiqSPPYDlrVpp1SPVBAYSUWduvOWwkLb9cHA7DhMi9ACrjw7y7T-z0slsInKRpkvAiRC70MP2J5pneUNhUcwkNY7ilQJsjjhiQGyQVY5WlysapgiKBae9_duC780Ivp6KwQn7GTsMrG3ENqhzlevt_6iFxTaXyAx6mkwKkFruINfUPuukge1oNBmHupcNA1KZmHKJ9YODxOxUTiF9ap2vSbYF88wrEFVWVq0D7SPfZyy34JNvUu6WrLg%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D400b9f3f-4db2-4c79-bfc8-a2686e539879%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fdood.so%252Fe%252Feeyxdpnnlt5vylnu90ziykyc4zadvv2%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D734%26wiw%3D734%26wih%3D413%26wfc%3D4%26sah%3D1002%26drf%3Dhttps%253A%252F%252Fgaypornhdfree.com%252F%26hil%3D1%26ist%3D0%26tbc%3D0
IP 139.45.197.151:0
Analyzer Verdict Alert quad9 Sinkholed
GET /?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Ftovanillitechan.com%2F12%3Frnd%3D3499257240%26z%3D3203051%26b%3D5363098%26c%3D2752952%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3Dut4xjdI1uz2MAuJxPs4ZPrWJwJuX_0yn1kMVg26FmD7q2LLDmDofJrh7o-Wo5FyiqSPPYDlrVpp1SPVBAYSUWduvOWwkLb9cHA7DhMi9ACrjw7y7T-z0slsInKRpkvAiRC70MP2J5pneUNhUcwkNY7ilQJsjjhiQGyQVY5WlysapgiKBae9_duC780Ivp6KwQn7GTsMrG3ENqhzlevt_6iFxTaXyAx6mkwKkFruINfUPuukge1oNBmHupcNA1KZmHKJ9YODxOxUTiF9ap2vSbYF88wrEFVWVq0D7SPfZyy34JNvUu6WrLg%3D%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3D400b9f3f-4db2-4c79-bfc8-a2686e539879%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fdood.so%252Fe%252Feeyxdpnnlt5vylnu90ziykyc4zadvv2%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D734%26wiw%3D734%26wih%3D413%26wfc%3D4%26sah%3D1002%26drf%3Dhttps%253A%252F%252Fgaypornhdfree.com%252F%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-08.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:41 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.27
set-cookie: reverse=GNti1_yeeOrbO4ZKEhnxuxLIsm2JiWkDnqCd4u6CgaQ; expires=Wed, 05-Oct-2022 22:21:41 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2
gaypornhdfree.com/mochi-mochi-mochimochisosweet/
104.21.89.7200 OK 0 B URL HTTP/2 gaypornhdfree.com/mochi-mochi-mochimochisosweet/
IP 104.21.89.7:0
GET /mochi-mochi-mochimochisosweet/ HTTP/1.1
Host: gaypornhdfree.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:38 GMT
content-type: text/html; charset=UTF-8
x-pingback: https://gaypornhdfree.com/xmlrpc.php
link: <https://gaypornhdfree.com/wp-json/>; rel="https://api.w.org/", <https://gaypornhdfree.com/wp-json/wp/v2/posts/188325>; rel="alternate"; type="application/json", <https://gaypornhdfree.com/?p=188325>; rel=shortlink
x-litespeed-cache: hit
vary: Accept-Encoding
x-turbo-charged-by: LiteSpeed
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dNGB17v47oXs8y9aa9B%2Bie8VEFJzVE57Ekh%2FNFeGbUqv%2FvbBpORkIT2552uDTrbydkKUD%2FHZr31USYE4aNvhZAWpaJV%2BXIe3kuwbH5d4siMCYEYges0JUM4aNp%2BrKQzqKEclFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75593545eda71c02-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
jaygay.to/player/script.php?width=720&height=450
104.21.7.180200 OK 0 B URL HTTP/2 jaygay.to/player/script.php?width=720&height=450
IP 104.21.7.180:0
GET /player/script.php?width=720&height=450 HTTP/1.1
Host: jaygay.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:38 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
pragma: cache
x-origin-location: player
cache-control: max-age=21600
x-cache-status-inferno: HIT
x-inferno-location: player
x-inferno-limit-req: PASSED
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lrxW0FDqu%2F72E0lBjCWE5MbFUgI6cxt7oDaKyCNAw%2FWs9x9Ym7kDoXDqCI2h7bSmKrzqOeP5F946Zey9T4DlmQByKcw%2F9lqu83iqgGPOTLz1i%2F2DsAq8%2FWXGeyY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75593548c9e2b503-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
hqq.to/ad/api/popunder.js
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/ad/api/popunder.js
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /ad/api/popunder.js HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=259229259205265273269254264234225276194271217271255&autoplay=none&hash_from=afd56fe43c75ac2d9c7decc24819fcb6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=CL1U1atdWQo51Qxv7iij; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:40 GMT
date: Fri, 15 Jul 2022 10:51:32 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Wed, 15 Sep 2021 14:06:22 GMT
etag: W/"6141fdde-15"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
x-cache-status-inferno-s: HIT
x-inferno-location: static
accept-ranges: bytes
age: 7122661
ddg-cache-status: HIT,HIT
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
hqq.to/js/d_check.js?34
190.115.19.71200 OK 0 B IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /js/d_check.js?34 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=259229259205265273269254264234225276194271217271255&autoplay=none&hash_from=afd56fe43c75ac2d9c7decc24819fcb6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=7rSXfptfnXrGUqkZn9hL; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:40 GMT
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 27 Feb 2020 14:57:53 GMT
etag: W/"5e57d8f1-d8a"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
gphd-cdn.com/wp-content/uploads/2022/10/RUY584849.jpg
104.21.1.154200 OK 0 B URL HTTP/2 gphd-cdn.com/wp-content/uploads/2022/10/RUY584849.jpg
IP 104.21.1.154:0
GET /wp-content/uploads/2022/10/RUY584849.jpg HTTP/1.1
Host: gphd-cdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:38 GMT
content-type: image/jpeg
content-length: 82127
cache-control: public, max-age=604800
expires: Wed, 12 Oct 2022 01:39:14 GMT
last-modified: Tue, 04 Oct 2022 22:29:32 GMT
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
x-turbo-charged-by: LiteSpeed
cf-cache-status: HIT
age: 70944
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1ovUe4LYaH4DeAt9nvbTTkw%2FzJiUTpP93qDmeOLt8%2Fg32zyy1ezeDBYHvnSJk%2FTPRWFAhX6cSMwiPKzG1y7NYvKvvsrtWObsyRPnQDVA44iRyUPY3unO1YUEaMp0y7c%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 75593548c8b0b4f7-OSL
X-Firefox-Spdy: h2
unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js
104.16.126.175200 OK 0 B URL HTTP/2 unpkg.com/jquery.cookie@1.4.1/jquery.cookie.js
IP 104.16.126.175:0
GET /jquery.cookie@1.4.1/jquery.cookie.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sun, 27 Apr 2014 20:04:54 GMT
etag: W/"c31-MeG8xM+AWiwv7iH0je0eWY9koqg"
via: 1.1 fly.io
fly-request-id: 01G75513388K1MR4R8RW1AYXTV-fra
cf-cache-status: HIT
age: 8048401
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 755935527dd51bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
tzegilo.com/stattag.js
104.21.84.149200 OK 0 B IP 104.21.84.149:0
GET /stattag.js HTTP/1.1
Host: tzegilo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:41 GMT
content-type: application/javascript
last-modified: Thu, 04 Aug 2022 15:18:11 GMT
etag: W/"62ebe333-8007"
link: <https://flerap.com/>; rel=preconnect; crossorigin, <https://fleraprt.com/>; rel=preconnect; crossorigin
cache-control: max-age=14400
cf-cache-status: HIT
age: 5052
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NQGX%2F42B35vBjydfTAYHupGqDHROnK5ZQFLwMyLHMYXllGGxEIlRO2crpPtXABPpiwuYjXLYicK5326CLb3l17B60OMHdKOs0SGcdcS%2BemMGDm1KkvJvB8KLdzUj3w%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559355bef06b511-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
dozubatan.com/400/4245378?oo=1&oaid=8cf80dae776d4d1cb594ff7a78953d18
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/400/4245378?oo=1&oaid=8cf80dae776d4d1cb594ff7a78953d18
IP 139.45.197.237:0
GET /400/4245378?oo=1&oaid=8cf80dae776d4d1cb594ff7a78953d18 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Cookie: OAID=d5a24673c611459ea1c558bddf681aa9
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:41 GMT
content-type: application/json
x-trace-id: 8381b5f62a6a41a7a9a8d3be21620a9b
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: https://dood.so
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=8cf80dae776d4d1cb594ff7a78953d18; expires=Thu, 05 Oct 2023 21:21:41 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
media.bigbasketshop.com/track?q=gvOY2LoKdfEvB
104.21.86.113200 OK 0 B URL HTTP/2 media.bigbasketshop.com/track?q=gvOY2LoKdfEvB
IP 104.21.86.113:0
GET /track?q=gvOY2LoKdfEvB HTTP/1.1
Host: media.bigbasketshop.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://popxperts.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:44 GMT
content-type: text/html
referrer-policy: origin
via: 1.1 google
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f7nTkZsy7Ih2MrDt45mc1uKMPCaP51bCTTfInWoGgSXwK4YQQRRb1sXLo1kIo9aFsbtX2aI%2BcKrOkd1LmUNqcgAPCwragG%2F2eby3RJx%2FldGQQQ9lO37GuRHf%2Bcq4u802APcPiUm62hk05Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559356dfbf2b527-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
c.trackmytarget.com/?a=qmxgz9&i=qk72su&click_id=2210051a815f8aa0c096d1&r=https%3A%2F%2Fwww.stormberg.com%2Fno
34.255.242.12301 Moved Permanently 0 B URL HTTP/2 c.trackmytarget.com/?a=qmxgz9&i=qk72su&click_id=2210051a815f8aa0c096d1&r=https%3A%2F%2Fwww.stormberg.com%2Fno
IP 34.255.242.12:0
GET /?a=qmxgz9&i=qk72su&click_id=2210051a815f8aa0c096d1&r=https%3A%2F%2Fwww.stormberg.com%2Fno HTTP/1.1
Host: c.trackmytarget.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.bigbasketshop.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 301 Moved Permanently
date: Wed, 05 Oct 2022 21:21:46 GMT
content-type: text/html; charset=UTF-8
location: https://www.stormberg.com/no?utm_source=circlewise&utm_medium=affiliate&utm_campaign=brandreward.com&tmt_data=cbd1d0bb-178f-468f-992e-bff75ad8abe1&tmt_ufp=ba3f5bfa74ae995bacd66c4613d7d3b330abbcfdc6980b84b5df0e21727a0537
server: nginx
set-cookie: mwjbho=qmxgz9-qk72su_cbd1d0bb-178f-468f-992e-bff75ad8abe1_1665004906; expires=Fri, 04-Nov-2022 21:21:46 GMT; Max-Age=2592000; path=/; domain=.trackmytarget.com; secure; HttpOnly; SameSite=None
ufp=ba3f5bfa74ae995bacd66c4613d7d3b330abbcfdc6980b84b5df0e21727a0537; expires=Sat, 02-Oct-2032 21:21:46 GMT; Max-Age=315360000; path=/; domain=.trackmytarget.com; secure; HttpOnly; SameSite=None
cache-control: private, max-age=0, must-revalidate
X-Firefox-Spdy: h2
hqq.to/js/video.jquery_plugs/modernizr.js?12
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/js/video.jquery_plugs/modernizr.js?12
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /js/video.jquery_plugs/modernizr.js?12 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=259229259205265273269254264234225276194271217271255&autoplay=none&hash_from=afd56fe43c75ac2d9c7decc24819fcb6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=U9nkPR0aZtZKIYVrVNV8; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:40 GMT
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Sun, 03 Jun 2018 17:19:35 GMT
etag: W/"5b142327-4cb"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
hqq.to/styles/global/embed_player.3.css?130
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/styles/global/embed_player.3.css?130
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /styles/global/embed_player.3.css?130 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=259229259205265273269254264234225276194271217271255&autoplay=none&hash_from=afd56fe43c75ac2d9c7decc24819fcb6
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=eenh8zRf5UqovVMtwGiw; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:40 GMT
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: text/css; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 09 Dec 2020 22:16:37 GMT
etag: W/"5fd14cc5-1701"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 0
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js
104.16.126.175200 OK 0 B URL HTTP/2 unpkg.com/progressbar.js@1.1.0/dist/progressbar.min.js
IP 104.16.126.175:0
GET /progressbar.js@1.1.0/dist/progressbar.min.js HTTP/1.1
Host: unpkg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
etag: W/"7315-VGu3QlAvqjb4wruVTC8CgYdmBAQ"
via: 1.1 fly.io
fly-request-id: 01F3YGTHVETVB9B7TG2TW5GR8F
cf-cache-status: HIT
age: 14315664
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
cf-ray: 755935527dd71bfa-OSL
content-encoding: br
X-Firefox-Spdy: h2
hqq.to/player/get_player_image.php
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/player/get_player_image.php
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
POST /player/get_player_image.php HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/json
X-Requested-With: XMLHttpRequest
Content-Length: 73
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=259229259205265273269254264234225276194271217271255&autoplay=none&hash_from=afd56fe43c75ac2d9c7decc24819fcb6
Cookie: uid=3sOmnQqtTP0Kd_1vHm8v2e63Z6gk2xdm
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=5Gxsh22UWCCVXNqQHXVF; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:40 GMT
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: application/json
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
pragma: no-cache
x-file-located: temp, filename:../files/temp/video_images/k/p/1649519909gb0pk-1.jpg
x-clickarr-add-e: 1
x-image-size: 58898
x-img-cr: j
x-origin-location: get_image
cache-control: no-store, no-cache, must-revalidate, max-age=0
content-encoding: gzip
x-inferno-location: player
x-inferno-limit-req: PASSED
X-Firefox-Spdy: h2
cagothie.net/?rb=2mewnKr098T18VTDyKYQedGDsNf-2GWK4N2l9regdckUx2sfbR9n0UswBZTYqy41uYus0orE0xVYZhou19nhlm26xTRUhxl5EdG73oF9Sfzub1x8W8KHr6ukjMhpK4AlojCRq4YfgvdfIGvSBEsSndal_H15Y0swo9CnJCKTFfnUL5QsFX4QaN8R_4U_TSEVDJdA8Mgn9tEf8X-w&request_ab2=0&zoneid=4824176&js_build=iclick-v1.433.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=2&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&drf=https%3A%2F%2Fgaypornhdfree.com%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&js_build=iclick-v1.433.0&bs=d71a4af5-1013-487f-a919-9984ca7adfc9&userId=8cf80dae776d4d1cb594ff7a78953d18&m=link
139.45.197.238200 OK 0 B URL HTTP/2 cagothie.net/?rb=2mewnKr098T18VTDyKYQedGDsNf-2GWK4N2l9regdckUx2sfbR9n0UswBZTYqy41uYus0orE0xVYZhou19nhlm26xTRUhxl5EdG73oF9Sfzub1x8W8KHr6ukjMhpK4AlojCRq4YfgvdfIGvSBEsSndal_H15Y0swo9CnJCKTFfnUL5QsFX4QaN8R_4U_TSEVDJdA8Mgn9tEf8X-w&request_ab2=0&zoneid=4824176&js_build=iclick-v1.433.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=2&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&drf=https%3A%2F%2Fgaypornhdfree.com%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&js_build=iclick-v1.433.0&bs=d71a4af5-1013-487f-a919-9984ca7adfc9&userId=8cf80dae776d4d1cb594ff7a78953d18&m=link
IP 139.45.197.238:0
GET /?rb=2mewnKr098T18VTDyKYQedGDsNf-2GWK4N2l9regdckUx2sfbR9n0UswBZTYqy41uYus0orE0xVYZhou19nhlm26xTRUhxl5EdG73oF9Sfzub1x8W8KHr6ukjMhpK4AlojCRq4YfgvdfIGvSBEsSndal_H15Y0swo9CnJCKTFfnUL5QsFX4QaN8R_4U_TSEVDJdA8Mgn9tEf8X-w&request_ab2=0&zoneid=4824176&js_build=iclick-v1.433.0&fs=0&cf=0&sw=1280&sh=1024&sah=1002&wx=0&wy=0&ww=1280&wh=1024&cw=734&wiw=734&wih=413&wfc=2&pl=https%3A%2F%2Fdood.so%2Fe%2Feeyxdpnnlt5vylnu90ziykyc4zadvv2&drf=https%3A%2F%2Fgaypornhdfree.com%2F&np=0&pt=0&nb=1&ng=1&ix=1&nw=1&tb=false&js_build=iclick-v1.433.0&bs=d71a4af5-1013-487f-a919-9984ca7adfc9&userId=8cf80dae776d4d1cb594ff7a78953d18&m=link HTTP/1.1
Host: cagothie.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://dood.so/
Origin: https://dood.so
Connection: keep-alive
Cookie: OAID=8cf80dae776d4d1cb594ff7a78953d18; oaidts=1665004900
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:41 GMT
content-type: application/json
x-trace-id: 3c15ae3b523005230bdc2dbd7840c918
access-control-allow-origin: https://dood.so
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding
access-control-max-age: 86400
pragma: no-cache
cache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0
expires: Tue, 11 Jan 1994 10:00:00 GMT
set-cookie: OAID=8cf80dae776d4d1cb594ff7a78953d18; expires=Thu, 05 Oct 2023 21:21:41 GMT; path=/; secure; SameSite=None
oaidts=1665004901; expires=Thu, 05 Oct 2023 21:21:41 GMT; path=/; secure; SameSite=None
syncedCookie=true; expires=Wed, 12 Oct 2022 21:21:41 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/index.html
104.26.7.19200 OK 0 B URL HTTP/2 cdn.yourwebbars.com/sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/index.html
IP 104.26.7.19:0
GET /sb/notifications/utility/default/us/blog/Progamerage/simple_bubbleicon/15/index.html HTTP/1.1
Host: cdn.yourwebbars.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://hqq.to
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: text/html
last-modified: Wed, 09 Feb 2022 14:12:53 GMT
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 1766611
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yWhaPb8j8VdcBsahvqrN8xgeTUrgxUPFyL0grqg%2BcMVJTZU%2BOhjiRu57ISVJ%2BtpnXdXlrMLN2TgEBLqj%2FQ08hPuweTa61gh2Y5n9HnKBfjqE8V5ES2W9ILMBWvSOdBo1%2F5lTTJE%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 755935616fb6b521-OSL
content-encoding: br
X-Firefox-Spdy: h2
hqq.to/player/embed_player.php?vid=259229259205265273269254264234225276194271217271255&autoplay=none&hash_from=afd56fe43c75ac2d9c7decc24819fcb6
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/player/embed_player.php?vid=259229259205265273269254264234225276194271217271255&autoplay=none&hash_from=afd56fe43c75ac2d9c7decc24819fcb6
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /player/embed_player.php?vid=259229259205265273269254264234225276194271217271255&autoplay=none&hash_from=afd56fe43c75ac2d9c7decc24819fcb6 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=GwGnAzpDCd6Ud7PMGfxq; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:39 GMT
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
x-robots-tag: 'none, noindex, nofollow, noarchive, nosnippet, noodp, notranslate, noimageindex'
x-content-type-options: nosniff
x-xss-protection: 1; mode=block;
p3p: policyref="http://www.example.com/w3c/p3p.xml", CP="CURa ADMa DEVa CONo HISa OUR IND DSP ALL COR"
link: <//hqq.to>; rel=preconnect; crossorigin, <//global.stun.twilio.com>; rel=dns-prefetch; crossorigin, <//counter.yadro.ru>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//stun2.l.google.com>; rel=dns-prefetch; crossorigin, <//unpkg.com>; rel=preconnect; crossorigin, <//mc.yandex.ru>; rel=preconnect; crossorigin, <//cdn.jsdelivr.net>; rel=preconnect; crossorigin, <//signal.netu.tv>; rel=dns-prefetch; crossorigin,<//wss.commentsengine.com>; rel=dns-prefetch; crossorigin, <//www.gstatic.com>; rel=preconnect; crossorigin, <//imasdk.googleapis.com>; rel=preconnect; crossorigin, <//storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin,<//deliver.vkcdnservice.com>; rel=preconnect; crossorigin, <//deliver.vkcdnservice.com>; rel=preconnect; crossorigin,<//vkcdnservice.appspot.com.storage.googleapis.com>; rel=preconnect; crossorigin, <//www.google.com>; rel=preconnect; crossorigin, <//www.recaptcha.net>; rel=preconnect; crossorigin, <//cdnjs.cloudflare.com>; rel=preconnect; crossorigin
x-origin-location: player
cache-control: public, stale-if-error=30, max-age=30
content-encoding: gzip
x-cache-status-inferno: MISS
x-inferno-location: player
x-inferno-limit-req: PASSED
X-Firefox-Spdy: h2
testingmetriksbre.ru/netu.php
104.26.0.119200 OK 0 B URL HTTP/2 testingmetriksbre.ru/netu.php
IP 104.26.0.119:0
GET /netu.php HTTP/1.1
Host: testingmetriksbre.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: application/javascript
x-powered-by: PHP/7.1.33
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=14YGmGEcZ0IzLB%2BfOjCZ9x2IN7EkwXh5LiHsPAI19chjEMGsiMYKd2fAfYq8SI6wbWejfF6xvZq%2F170ajU0bIcCpIuYi3218HL6bY7%2Ft89BrU2FrAPhblXI9fRXuTtFmaF5xEFgU"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75593552beeab521-OSL
content-encoding: br
X-Firefox-Spdy: h2
c.adsco.re/
104.17.166.186200 OK 0 B IP 104.17.166.186:0
GET / HTTP/1.1
Host: c.adsco.re
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: text/html
cache-control: public, max-age=2678400
accept-ch: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR
permissions-policy: ch-ua=(self "https://adsco.re"),ch-ua-mobile=(self "https://adsco.re"),ch-ua-full-version=(self "https://adsco.re"),ch-ua-platform=(self "https://adsco.re"),ch-ua-platform-version=(self "https://adsco.re"),ch-ua-arch=(self "https://adsco.re"),ch-ua-model=(self "https://adsco.re"),ch-device-memory=(self "https://adsco.re"),ch-downlink=(self "https://adsco.re"),ch-ect=(self "https://adsco.re"),ch-rtt=(self "https://adsco.re"),ch-width=(self "https://adsco.re"),ch-viewport-width=(self "https://adsco.re"),ch-dpr=(self "https://adsco.re")
link: <//6.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//4.adsco.re/>;rel=prefetch;crossorigin;as=fetch,<//adsco.re/>;rel=preconnect
expires: Sat, 05 Nov 2022 21:21:40 GMT
etag: W/"11BCsVfRLqCHC9ZZvH4GUw=="
cf-cache-status: HIT
age: 1725412
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559355628690b69-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
tovanillitechan.com/27/450b06a884c3c0c41762684f20f35afe
139.45.197.239200 OK 0 B URL HTTP/2 tovanillitechan.com/27/450b06a884c3c0c41762684f20f35afe
IP 139.45.197.239:0
Analyzer Verdict Alert quad9 Sinkholed
GET /27/450b06a884c3c0c41762684f20f35afe HTTP/1.1
Host: tovanillitechan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Cookie: scm=1; OAID=1892729f2daf4a7ea0ad8c66b57c5aa3; oaidts=1665004900
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:41 GMT
content-type: application/javascript
access-control-allow-credentials: true
access-control-allow-origin:
access-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE
access-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, X-Sc, CVERSION, VERSION
cache-control: max-age:290304000, public
last-modified: Wed, 05 Oct 2022 03:09:39 GMT
expires: Wed, 04 Nov 2082 03:09:39 GMT
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *
content-encoding: gzip
X-Firefox-Spdy: h2
cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css
172.64.201.2200 OK 0 B URL HTTP/2 cdn.sb4you1.com/sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css
IP 172.64.201.2:0
GET /sb/notifications/utility/default/us/blog/Progamerage/message_redcircle2/3/css/style.css HTTP/1.1
Host: cdn.sb4you1.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: text/css
last-modified: Mon, 31 Jan 2022 15:54:46 GMT
etag: W/"61f80646-e35"
expires: Thu, 31 Dec 2037 23:55:55 GMT
cache-control: public, max-age=315360000
access-control-allow-origin: *
access-control-expose-headers: Date
cf-cache-status: HIT
age: 5483418
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zUEvgenIbQPBauRCQ%2ByJLOCt%2BEKIPh2aEpdbHb%2BYoco1qwyKr%2F1Yy3UCkUUrzJF9FmSvshHn629DUA37cJRzU%2BzDjAMHRTZmiA5UVCDVDEZDDEePZrng6jElkDEz0zPtG54%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559356089ab73df-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
q.cachegorilla.com/r?fid=B79SGewuO6N
172.67.190.155302 Found 0 B URL HTTP/2 q.cachegorilla.com/r?fid=B79SGewuO6N
IP 172.67.190.155:0
GET /r?fid=B79SGewuO6N HTTP/1.1
Host: q.cachegorilla.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 05 Oct 2022 21:21:42 GMT
location: http://c.cachegorilla.com/cf?id=6795110118894026626&sid=B79SGewuO6N&subid=0000&fid=19128&redir=1
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UyzsPRwdOu8lVFkNpvp8i9rh%2BPXMQ4rrJ0790vizTlV2Tp5Z8JK4srv6DPfn%2BHT9maYtE%2Fy0rzzoHSKswr%2B5w%2BdKxgmD5tgbmdjW89z2YOIDKUbCL39AkpaYqChQOP9NOSm1PFU%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559355b6c0d0b45-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
gettlucksurvey.top/finance-survey.html?z=4297172&offer_id=2577&var=4099539&ymid=X65jdLt6gsU6E5_8RE_990naulEiXiFbcxjDWjuUQ4VGqmsZLZdPD3oIp0BmE390revALbeF7oyS5IwNyOSpwvIRiTv6mQq4AFE0_jzSABprpjFmU1rD6EBw0KE10A_gUIDRUi&campid={campaignid}
104.21.75.187200 OK 0 B URL HTTP/2 gettlucksurvey.top/finance-survey.html?z=4297172&offer_id=2577&var=4099539&ymid=X65jdLt6gsU6E5_8RE_990naulEiXiFbcxjDWjuUQ4VGqmsZLZdPD3oIp0BmE390revALbeF7oyS5IwNyOSpwvIRiTv6mQq4AFE0_jzSABprpjFmU1rD6EBw0KE10A_gUIDRUi&campid={campaignid}
IP 104.21.75.187:0
GET /finance-survey.html?z=4297172&offer_id=2577&var=4099539&ymid=X65jdLt6gsU6E5_8RE_990naulEiXiFbcxjDWjuUQ4VGqmsZLZdPD3oIp0BmE390revALbeF7oyS5IwNyOSpwvIRiTv6mQq4AFE0_jzSABprpjFmU1rD6EBw0KE10A_gUIDRUi&campid={campaignid} HTTP/1.1
Host: gettlucksurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:43 GMT
content-type: text/html
last-modified: Wed, 05 Oct 2022 11:06:26 GMT
vary: Accept-Encoding
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oSeBtXRJeB2f1tldLsUuad1ZbgJiOExXxfq03mTNk0vKMFKed%2BZFimEvJhWswI%2BpIKbUq8n34qWK7Agq%2BBvtKaMnwN9w3TzuGYQw7pxH7ZjZipU%2FcD9WK2kRntNzhSaN0fQys5E%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 75593563d9010b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
www.stormberg.com/no?utm_source=circlewise&utm_medium=affiliate&utm_campaign=brandreward.com&tmt_data=cbd1d0bb-178f-468f-992e-bff75ad8abe1&tmt_ufp=ba3f5bfa74ae995bacd66c4613d7d3b330abbcfdc6980b84b5df0e21727a0537
172.64.151.217200 OK 0 B URL HTTP/2 www.stormberg.com/no?utm_source=circlewise&utm_medium=affiliate&utm_campaign=brandreward.com&tmt_data=cbd1d0bb-178f-468f-992e-bff75ad8abe1&tmt_ufp=ba3f5bfa74ae995bacd66c4613d7d3b330abbcfdc6980b84b5df0e21727a0537
IP 172.64.151.217:0
GET /no?utm_source=circlewise&utm_medium=affiliate&utm_campaign=brandreward.com&tmt_data=cbd1d0bb-178f-468f-992e-bff75ad8abe1&tmt_ufp=ba3f5bfa74ae995bacd66c4613d7d3b330abbcfdc6980b84b5df0e21727a0537 HTTP/1.1
Host: www.stormberg.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://media.bigbasketshop.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:46 GMT
content-type: text/html; charset=utf-8
access-control-expose-headers: Request-Context
cache-control: no-cache, no-store, must-revalidate
content-encoding: gzip
expires: -1
pragma: no-cache
set-cookie: .ASPXANONYMOUS=Zb4CSALH02uDUsU03KOZDFVzGk4wPS4wt-gIBp4jXUKTkWCl97yIW7sv0JHgjydpJynLEquus3Yqada2-GfkJyTj-jRX4v2JIUUyP0HdkJv2CA4fh-rf7-wU1HH_0oaioFf_Bks9JdQxVG50hHA5qA2; expires=Wed, 14-Dec-2022 08:01:46 GMT; path=/; HttpOnly
Culture=nb-NO; expires=Mon, 05-Oct-2037 21:21:46 GMT; path=/; secure; HttpOnly
EPi:StateMarker=true; path=/
EPi:StartUrlKey=https://www.stormberg.com/no?utm_source=circlewise&utm_medium=affiliate&utm_campaign=brandreward.com&tmt_data=cbd1d0bb-178f-468f-992e-bff75ad8abe1&tmt_ufp=ba3f5bfa74ae995bacd66c4613d7d3b330abbcfdc6980b84b5df0e21727a0537; path=/
EPi:UrlReferrerKey=https://media.bigbasketshop.com/; path=/
ContentIndexSessionId=01880b74b9ff4454994365d3e41bccf9; path=/; secure; HttpOnly
PricesInclVat=True; expires=Mon, 05-Oct-2037 21:21:46 GMT; path=/; secure; HttpOnly
vary: Accept-Encoding
x-instance-id: dd81fbc7632446f38a232a36d6006f40a3e92e6fd8c757117c80ee775fb6bd13
x-actual-url: %2fno%3futm_source%3dcirclewise%26utm_medium%3daffiliate%26utm_campaign%3dbrandreward.com%26tmt_data%3dcbd1d0bb-178f-468f-992e-bff75ad8abe1%26tmt_ufp%3dba3f5bfa74ae995bacd66c4613d7d3b330abbcfdc6980b84b5df0e21727a0537
x-server-version: 3.7.13
request-context: appId=cid-v1:805906a9-2edc-44d0-9f82-0e22e3368a1f
x-frame-options: SAMEORIGIN
arr-disable-session-affinity: true
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 75593578cb140b3d-OSL
X-Firefox-Spdy: h2
dood.so/e/eeyxdpnnlt5vylnu90ziykyc4zadvv2
190.115.31.133200 OK 0 B URL HTTP/2 dood.so/e/eeyxdpnnlt5vylnu90ziykyc4zadvv2
IP 190.115.31.133:0
ASN #262254 DDOS-GUARD CORP.
GET /e/eeyxdpnnlt5vylnu90ziykyc4zadvv2 HTTP/1.1
Host: dood.so
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://gaypornhdfree.com/
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: ddos-guard
content-security-policy: upgrade-insecure-requests;
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: text/html; charset=UTF-8
expires: Tue, 04 Oct 2022 21:21:39 GMT
set-cookie: __ddg1_=RdjIWb8KI2pASeJ7p1fC; Domain=.dood.so; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:39 GMT
lang=1; domain=.dood.so; path=/; HttpOnly
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
hqq.to/cdn-cgi/trace
190.115.19.71404 Not Found 0 B IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /cdn-cgi/trace HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=259229259205265273269254264234225276194271217271255&autoplay=none&hash_from=afd56fe43c75ac2d9c7decc24819fcb6
Cookie: uid=3sOmnQqtTP0Kd_1vHm8v2e63Z6gk2xdm
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 404 Not Found
server: ddos-guard
set-cookie: __ddg1_=L1Hw3aEExQpZ3VTYrUVL; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:40 GMT
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: text/html; charset=UTF-8
x-origin-location: /
x-cache-status-inferno: MISS
x-inferno-location: /
content-encoding: br
vary: Accept-Encoding
X-Firefox-Spdy: h2
www.blockadsnot.com/jsoneditor.min.js
185.76.9.19200 OK 0 B URL HTTP/2 www.blockadsnot.com/jsoneditor.min.js
IP 185.76.9.19:0
ASN #60068 Datacamp Limited
GET /jsoneditor.min.js HTTP/1.1
Host: www.blockadsnot.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://dood.so
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: application/x-javascript
alt-svc: quic="185.76.9.13:443"; ma=2592000; v="44,43,39"
expires: Fri, 07 Oct 2022 20:34:09 GMT
access-control-allow-origin: *
link: <https://blockadsnot.com/>;rel=preconnect,<https://c.adsco.re/>;rel=preconnect,<https://adsco.re/>;rel=preconnect
cache-control: public, max-age=604800
x-accel-expires: @1665174849
server: CDN77-Turbo
x-77-nzt: AblMCQ0e5Z7/o6IGAA
x-77-nzt-ray: o+NMARIkztU
x-cache: HIT
x-age: 434851
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D4096787972%26z%3D5030496%26b%3D5363098%26c%3D2752952%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3D5QosdL3Os7cF22iapaxdgIyWwYW47vLdPhiwLY8bGdmltlKSwwhR9kuhykc4OyVrA0sRPoyIdB7MIeTOcKzY5t4sT_WGdjtUoYSz1zR2_SXvoyb0dbM38xoadbMI1BCMr9dNr-EATRIDDP21dZD9JeU5J0rtubDGq1BCs86iq4kRPWh87tcoNvOsn4_C7gRW26xwrjCk0J4xZqqzRFMQBh2Mw1ujws5mktf08IWMtoKyJlATzwjeXyFMggoq6CB6gbk6L1rZ5E9K230sJs3zyxLHia4RLXeJiXUXvPI9AeM%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Daebb340f-941e-46d0-856f-e945d0856cd2%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fdood.so%252Fe%252Feeyxdpnnlt5vylnu90ziykyc4zadvv2%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D734%26wiw%3D734%26wih%3D413%26wfc%3D3%26sah%3D1002%26drf%3Dhttps%253A%252F%252Fgaypornhdfree.com%252F%26hil%3D1%26ist%3D0%26tbc%3D0
139.45.197.151200 OK 0 B URL HTTP/2 interstitial-08.com/?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D4096787972%26z%3D5030496%26b%3D5363098%26c%3D2752952%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3D5QosdL3Os7cF22iapaxdgIyWwYW47vLdPhiwLY8bGdmltlKSwwhR9kuhykc4OyVrA0sRPoyIdB7MIeTOcKzY5t4sT_WGdjtUoYSz1zR2_SXvoyb0dbM38xoadbMI1BCMr9dNr-EATRIDDP21dZD9JeU5J0rtubDGq1BCs86iq4kRPWh87tcoNvOsn4_C7gRW26xwrjCk0J4xZqqzRFMQBh2Mw1ujws5mktf08IWMtoKyJlATzwjeXyFMggoq6CB6gbk6L1rZ5E9K230sJs3zyxLHia4RLXeJiXUXvPI9AeM%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Daebb340f-941e-46d0-856f-e945d0856cd2%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fdood.so%252Fe%252Feeyxdpnnlt5vylnu90ziykyc4zadvv2%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D734%26wiw%3D734%26wih%3D413%26wfc%3D3%26sah%3D1002%26drf%3Dhttps%253A%252F%252Fgaypornhdfree.com%252F%26hil%3D1%26ist%3D0%26tbc%3D0
IP 139.45.197.151:0
Analyzer Verdict Alert quad9 Sinkholed
GET /?l=9PjAqTQETOzNIxm&cd_meta_crid=21588&trkintimp&target_url=https%3A%2F%2Fupgulpinon.com%2F12%3Frnd%3D4096787972%26z%3D5030496%26b%3D5363098%26c%3D2752952%26var%3D%26d%3Dhttps%253A%252F%252Fnaigristoa.com%252F%253Fb%253D%257Bbannerid%257D%2526ba%253D1%2526campid%253D%257Bcampaignid%257D%2526did%253D%257Bdeviceid%257D%2526dm%253D0%2526ep%253D1%2526fp%253D0%2526g%253D%257Bgeo%257D%2526i18db%253D1%2526l%253DEf3r9LOIFX3llkF%2526oaid%253D%257Boaid%257D%2526pshr%253D0%2526s%253D%2524%257BSUBID%257D%2526ssk%253D%257Btimestamp_key%257D%2526svar%253D%257Btimestamp%257D%2526vi%253D1%2526vo%253D1%2526z%253D%257Bzoneid%257D%2526tr%253Ddefault%26cln%3D1%26btp%3D7%26rb%3D5QosdL3Os7cF22iapaxdgIyWwYW47vLdPhiwLY8bGdmltlKSwwhR9kuhykc4OyVrA0sRPoyIdB7MIeTOcKzY5t4sT_WGdjtUoYSz1zR2_SXvoyb0dbM38xoadbMI1BCMr9dNr-EATRIDDP21dZD9JeU5J0rtubDGq1BCs86iq4kRPWh87tcoNvOsn4_C7gRW26xwrjCk0J4xZqqzRFMQBh2Mw1ujws5mktf08IWMtoKyJlATzwjeXyFMggoq6CB6gbk6L1rZ5E9K230sJs3zyxLHia4RLXeJiXUXvPI9AeM%3D%26bag%3DydU9kaAfa6I%3D%26ruid%3Daebb340f-941e-46d0-856f-e945d0856cd2%26ng%3D1%26ix%3D1%26pt%3D0%26np%3D1%26gp%3D-1%26bp%3D-1%26nw%3D1%26nb%3D1%26sw%3D1280%26sh%3D1024%26pl%3Dhttps%253A%252F%252Fdood.so%252Fe%252Feeyxdpnnlt5vylnu90ziykyc4zadvv2%26wy%3D0%26wx%3D0%26ww%3D1280%26wh%3D1024%26cw%3D734%26wiw%3D734%26wih%3D413%26wfc%3D3%26sah%3D1002%26drf%3Dhttps%253A%252F%252Fgaypornhdfree.com%252F%26hil%3D1%26ist%3D0%26tbc%3D0 HTTP/1.1
Host: interstitial-08.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
x-powered-by: PHP/7.4.26
set-cookie: reverse=hHWU2-jEVWBPCnplYJVH0jkq-LhNzFufnDiF4cFQ6xw; expires=Wed, 05-Oct-2022 22:21:42 GMT; Max-Age=3600; path=/
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
content-encoding: gzip
X-Firefox-Spdy: h2
littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/css/style.css?v=1518177503492
172.67.10.98200 OK 0 B URL HTTP/2 littlecdn.com/interstital/templates/inapp/Players/_gen-carousel-3d/css/style.css?v=1518177503492
IP 172.67.10.98:0
GET /interstital/templates/inapp/Players/_gen-carousel-3d/css/style.css?v=1518177503492 HTTP/1.1
Host: littlecdn.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://interstitial-08.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:42 GMT
content-type: text/css
last-modified: Wed, 05 Oct 2022 16:07:13 GMT
vary: Accept-Encoding
etag: W/"633dabb1-30c9"
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
access-control-expose-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range
cache-control: max-age=3600
cf-cache-status: HIT
age: 6107
server: cloudflare
cf-ray: 7559355e2bebb521-OSL
content-encoding: br
X-Firefox-Spdy: h2
gettlucksurvey.top/img/icon-survey.svg
104.21.75.187200 OK 0 B URL HTTP/2 gettlucksurvey.top/img/icon-survey.svg
IP 104.21.75.187:0
Analyzer Verdict Alert fortinet Phishing
GET /img/icon-survey.svg HTTP/1.1
Host: gettlucksurvey.top
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:43 GMT
content-type: image/svg+xml
last-modified: Wed, 05 Oct 2022 11:06:26 GMT
etag: W/"633d6532-c26"
cache-control: max-age=1800
cf-cache-status: HIT
age: 4010
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ho8orc2yQaMQQkEwN%2FoLrk45tidb6CKLvqBX2jmPGLqFy7iBUZy1zERwIw5kZsggJoXJMbCeyiftahTkLQg4HxmVgdYHhsU17N3yxSpe6CzXW5C6Dqs7JlP8QOiKQhmlnUKwcZ0%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 7559356489c50b4d-OSL
content-encoding: br
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
zap.buzz/Jr1zAzZ
104.21.53.136302 Found 0 B IP 104.21.53.136:0
GET /Jr1zAzZ HTTP/1.1
Host: zap.buzz
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
HTTP/2 302 Found
date: Wed, 05 Oct 2022 21:21:41 GMT
content-type: text/html; charset=utf-8
location: https://xml.poprtb.com/redirect?feed=457657&auth=p12tC3&pubid=152420
vary: Cookie
set-cookie: session=eyJfcGVybWFuZW50Ijp0cnVlfQ.Yz31ZQ.ibkDv-YlxvXB5FitGrhfM81RRzA; Expires=Wed, 05 Oct 2022 21:51:41 GMT; HttpOnly; Path=/
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J%2FEfl6ujo%2BAMn280O6S6F0VUoB%2BnAGZvQ9jGu33ohMyAySQlu1JsrxRwmDpWbD2TTbPY5VS7%2FeJvsaJ1SVt%2FcqNeQE%2Fvljna%2BZgGxbZaiLDPeu%2Fn4Z4oJQbv3g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 7559355b1f931bfa-OSL
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
X-Firefox-Spdy: h2
fonts.googleapis.com/css?family=Roboto+Condensed%7CRoboto%7CSource+Sans+Pro&subset=latin%2Cvietnamese%2Ccyrillic-ext%2Clatin-ext%2Ccyrillic%2Cgreek-ext%2Cgreek&ver=6.0.2
142.250.74.10200 OK 0 B URL HTTP/2 fonts.googleapis.com/css?family=Roboto+Condensed%7CRoboto%7CSource+Sans+Pro&subset=latin%2Cvietnamese%2Ccyrillic-ext%2Clatin-ext%2Ccyrillic%2Cgreek-ext%2Cgreek&ver=6.0.2
IP 142.250.74.10:0
GET /css?family=Roboto+Condensed%7CRoboto%7CSource+Sans+Pro&subset=latin%2Cvietnamese%2Ccyrillic-ext%2Clatin-ext%2Ccyrillic%2Cgreek-ext%2Cgreek&ver=6.0.2 HTTP/1.1
Host: fonts.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
content-type: text/css; charset=utf-8
access-control-allow-origin: *
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
strict-transport-security: max-age=31536000
expires: Wed, 05 Oct 2022 21:21:38 GMT
date: Wed, 05 Oct 2022 21:21:38 GMT
cache-control: private, max-age=86400
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin-allow-popups
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
X-Firefox-Spdy: h2
hqq.to/js/embed.205.js?736
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/js/embed.205.js?736
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /js/embed.205.js?736 HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=259229259205265273269254264234225276194271217271255&autoplay=none&hash_from=afd56fe43c75ac2d9c7decc24819fcb6
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=hmo66suwn2Njgf8BIogv; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:40 GMT
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Thu, 04 Aug 2022 18:07:34 GMT
etag: W/"62ec0ae6-298ce"
access-control-allow-origin: *
access-control-allow-credentials: true
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
s3t3d2y8.afcdn.net/images/close-icon.svg
185.76.9.21200 OK 0 B URL HTTP/2 s3t3d2y8.afcdn.net/images/close-icon.svg
IP 185.76.9.21:0
ASN #60068 Datacamp Limited
GET /images/close-icon.svg HTTP/1.1
Host: s3t3d2y8.afcdn.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://gaypornhdfree.com/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
TE: trailers
HTTP/2 200 OK
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: image/svg+xml
last-modified: Wed, 29 Jun 2022 13:13:10 GMT
etag: W/"62bc4fe6-109"
expires: Fri, 30 Jun 2023 18:46:40 GMT
cache-control: max-age=31536000
access-control-allow-origin: *
x-cache-op: HIT
x-accel-expires: @1688195204
server: CDN77-Turbo
x-77-nzt: AblMCRSE5Bz/YFh/AA
x-77-nzt-ray: 0pBvTGa3VR4
x-cache: HIT
x-age: 8345696
x-77-pop: stockholmSE
x-77-cache: HIT
content-encoding: br
X-Firefox-Spdy: h2
hqq.to/js/script-2.12.5.js
190.115.19.71200 OK 0 B URL HTTP/2 hqq.to/js/script-2.12.5.js
IP 190.115.19.71:0
ASN #262254 DDOS-GUARD CORP.
GET /js/script-2.12.5.js HTTP/1.1
Host: hqq.to
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://hqq.to/player/embed_player.php?vid=259229259205265273269254264234225276194271217271255&autoplay=none&hash_from=afd56fe43c75ac2d9c7decc24819fcb6
Cookie: uid=3sOmnQqtTP0Kd_1vHm8v2e63Z6gk2xdm
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
TE: trailers
HTTP/2 200 OK
server: ddos-guard
set-cookie: __ddg1_=OZnf3GDRBJGOQt1lohj0; Domain=.hqq.to; HttpOnly; Path=/; Expires=Thu, 05-Oct-2023 21:21:40 GMT
date: Wed, 05 Oct 2022 21:21:39 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 01 Dec 2020 19:28:37 GMT
etag: W/"5fc69965-4cb8"
access-control-allow-origin: *
accessing-static: 1
cache-control: public, max-age=31536000, stale-while-revalidate=30, stale-if-error=30
pragma: cache
content-encoding: br
x-cache-status-inferno-s: HIT
x-inferno-location: static
age: 1
ddg-cache-status: MISS,MISS
X-Firefox-Spdy: h2
dozubatan.com/400/4245378
139.45.197.237200 OK 0 B URL HTTP/2 dozubatan.com/400/4245378
IP 139.45.197.237:0
GET /400/4245378 HTTP/1.1
Host: dozubatan.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Referer: https://dood.so/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
HTTP/2 200 OK
server: nginx
date: Wed, 05 Oct 2022 21:21:40 GMT
content-type: application/javascript
x-trace-id: 34ba99350884e9da73887693b30d9018
expires: Tue, 11 Jan 1994 10:00:00 GMT
cache-control: no-cache, no-store, no-transform, must-revalidate, private, max-age=0
pragma: no-cache
vary: Origin
access-control-allow-origin: *
access-control-expose-headers: Link
access-control-allow-credentials: true
set-cookie: OAID=d5a24673c611459ea1c558bddf681aa9; expires=Thu, 05 Oct 2023 21:21:40 GMT; path=/; secure; SameSite=None
strict-transport-security: max-age=1
x-content-type-options: nosniff
timing-allow-origin: *, *
content-encoding: gzip
X-Firefox-Spdy: h2